lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250819234833.3080255-1-seanjc@google.com>
Date: Tue, 19 Aug 2025 16:48:25 -0700
From: Sean Christopherson <seanjc@...gle.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, 
	Thomas Lendacky <thomas.lendacky@....com>, Michael Roth <michael.roth@....com>, 
	Nikunj A Dadhania <nikunj@....com>, Borislav Petkov <bp@...en8.de>, 
	Vaishali Thakkar <vaishali.thakkar@...e.com>, Ketan Chaturvedi <Ketan.Chaturvedi@....com>, 
	Kai Huang <kai.huang@...el.com>
Subject: [PATCH v11 0/8] KVM: SVM: Enable Secure TSC for SEV-SNP

This is a combination of Nikunk's series to enable secure TSC support and to
fix the GHCB version issues, along with some code refactorings to move SEV+
setup code into sev.c (we've managed to grow something like 4 flows that all
do more or less the same thing).

Note, I haven't tested SNP functionality in any way.

v11:
 - Shuffle code around so that snp_is_secure_tsc_enabled() doesn't need to
   be exposed outside of sev.c.
 - Explicitly modify the intercept for MSR_AMD64_GUEST_TSC_FREQ (paranoia is
   cheap in this case).
 - Trim the changelog for the GHCB version enforcement patch.
 - Continue on with snp_launch_start() if default_tsc_khz is '0'.  AFAICT,
   continuing on doesn't put the host at (any moer) risk. [Kai]

v10: https://lore.kernel.org/all/20250804103751.7760-1-nikunj@amd.com

v3 (GHCB): https://lore.kernel.org/all/20250804090945.267199-1-nikunj@amd.com

Nikunj A Dadhania (4):
  KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
  KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests
  x86/cpufeatures: Add SNP Secure TSC
  KVM: SVM: Enable Secure TSC for SNP guests

Sean Christopherson (4):
  KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create()
    helper
  KVM: SEV: Move init of SNP guest state into sev_init_vmcb()
  KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb()
  KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create()

 arch/x86/include/asm/cpufeatures.h |   1 +
 arch/x86/include/asm/svm.h         |   1 +
 arch/x86/kvm/svm/sev.c             | 108 ++++++++++++++++++++---------
 arch/x86/kvm/svm/svm.c             |  37 +++-------
 arch/x86/kvm/svm/svm.h             |   7 +-
 5 files changed, 92 insertions(+), 62 deletions(-)


base-commit: c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9
-- 
2.51.0.rc1.167.g924127e9c0-goog

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ