| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cover.1748553480.git.thomas.lendacky@amd.com> Date: Thu, 29 May 2025 16:17:58 -0500 From: Tom Lendacky <thomas.lendacky@....com> To: <kvm@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <x86@...nel.org> CC: Paolo Bonzini <pbonzini@...hat.com>, Sean Christopherson <seanjc@...gle.com>, Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, Ingo Molnar <mingo@...hat.com>, "Thomas Gleixner" <tglx@...utronix.de>, Michael Roth <michael.roth@....com> Subject: [PATCH 0/2] Remove some hardcoded SEV-SNP guest policy checks during guest launch This series removes some guest policy checks that can be better controlled by the SEV firmware. - Remove the check for the SMT policy bit. Currently, a check is made to ensure the SMT policy bit is set to 1. However, there is no reason for KVM to do this. The SMT policy bit, when 0, is used to ensure that SMT has been disabled *in the BIOS.* As this does not require any special support within KVM, the check can be safely removed to allow the SEV firmware to determine whether the system meets the policy. - Remove the check for the SINGLE_SOCKET policy bit. Currently, a check is made to ensure the SINGLE_SOCKET policy bit is set to 0. However, there is no reason for KVM to do this. The SINGLE_SOCKET policy bit, when 1, is used to ensure that an SNP guest is only run on a single socket. When the system only consists of a single socket, the SEV firmware allows guest activation to succeed. However, if the system has more than one socket, the SEV firmware will fail guest activation when the SNP_ACTIVATE command is used (which is the activation command used by KVM). The SMT policy patch should not be controversial. The SINGLE_SOCKET policy patch could be a bit controversial, since, when you have the SINGLE_SOCKET policy bit set, you can have a guest that can run without issue on a single socket system, but suddenly fail when attempted to be started on a system with more than one socket. But, as this is opt-in behavior from userspace, this could be viewed as providing the protection that the guest owner desires. In order to support use of the SINGLE_SOCKET policy bit on a system with more than one socket, the SNP_ACTIVATE_EX command must be used and proper scheduling support performed. The series is based off of: https://github.com/kvm-x86/linux.git next Tom Lendacky (2): KVM: SVM: Allow SNP guest policy disallow running with SMT enabled KVM: SVM: Allow SNP guest policy to specify SINGLE_SOCKET arch/x86/kvm/svm/sev.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) base-commit: 3f7b307757ecffc1c18ede9ee3cf9ce8101f3cc9 -- 2.46.2
Powered by blists - more mailing lists