| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250819234833.3080255-2-seanjc@google.com> Date: Tue, 19 Aug 2025 16:48:26 -0700 From: Sean Christopherson <seanjc@...gle.com> To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini <pbonzini@...hat.com> Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, Thomas Lendacky <thomas.lendacky@....com>, Michael Roth <michael.roth@....com>, Nikunj A Dadhania <nikunj@....com>, Borislav Petkov <bp@...en8.de>, Vaishali Thakkar <vaishali.thakkar@...e.com>, Ketan Chaturvedi <Ketan.Chaturvedi@....com>, Kai Huang <kai.huang@...el.com> Subject: [PATCH v11 1/8] KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it From: Nikunj A Dadhania <nikunj@....com> Remove the GHCB_VERSION_DEFAULT macro and open code it with '2'. The macro is used conditionally and is not a true default. KVM ABI does not advertise/emumerates the default GHCB version. Any future change to this macro would silently alter the ABI and potentially break existing deployments that rely on the current behavior. Additionally, move the GHCB version assignment earlier in the code flow and update the comment to clarify that KVM_SEV_INIT2 defaults to version 2, while KVM_SEV_INIT forces version 1. No functional change intended. Cc: Thomas Lendacky <thomas.lendacky@....com> Cc: Michael Roth <michael.roth@....com> Suggested-by: Sean Christopherson <seanjc@...gle.com> Signed-off-by: Nikunj A Dadhania <nikunj@....com> Signed-off-by: Sean Christopherson <seanjc@...gle.com> --- arch/x86/kvm/svm/sev.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2fbdebf79fbb..212f790eedd4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -37,7 +37,6 @@ #include "trace.h" #define GHCB_VERSION_MAX 2ULL -#define GHCB_VERSION_DEFAULT 2ULL #define GHCB_VERSION_MIN 1ULL #define GHCB_HV_FT_SUPPORTED (GHCB_HV_FT_SNP | GHCB_HV_FT_SNP_AP_CREATION) @@ -421,6 +420,14 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, if (data->ghcb_version > GHCB_VERSION_MAX || (!es_active && data->ghcb_version)) return -EINVAL; + /* + * KVM supports the full range of mandatory features defined by version + * 2 of the GHCB protocol, so default to that for SEV-ES guests created + * via KVM_SEV_INIT2 (KVM_SEV_INIT forces version 1). + */ + if (es_active && !data->ghcb_version) + data->ghcb_version = 2; + if (unlikely(sev->active)) return -EINVAL; @@ -429,14 +436,6 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, sev->vmsa_features = data->vmsa_features; sev->ghcb_version = data->ghcb_version; - /* - * Currently KVM supports the full range of mandatory features defined - * by version 2 of the GHCB protocol, so default to that for SEV-ES - * guests created via KVM_SEV_INIT2. - */ - if (sev->es_active && !sev->ghcb_version) - sev->ghcb_version = GHCB_VERSION_DEFAULT; - if (vm_type == KVM_X86_SNP_VM) sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE; -- 2.51.0.rc1.167.g924127e9c0-goog
Powered by blists - more mailing lists