lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b3d83827-a4d8-78e0-a09a-41f4ec895a5a@amd.com>
Date: Tue, 23 Sep 2025 10:16:33 -0500
From: Tom Lendacky <thomas.lendacky@....com>
To: Neeraj Upadhyay <Neeraj.Upadhyay@....com>, kvm@...r.kernel.org,
 seanjc@...gle.com, pbonzini@...hat.com
Cc: linux-kernel@...r.kernel.org, nikunj@....com, Santosh.Shukla@....com,
 Vasant.Hegde@....com, Suravee.Suthikulpanit@....com, bp@...en8.de,
 David.Kaplan@....com, huibo.wang@....com, naveen.rao@....com,
 tiala@...rosoft.com
Subject: Re: [RFC PATCH v2 10/17] KVM: SVM: Set VGIF in VMSA area for Secure
 AVIC guests

On 9/23/25 00:03, Neeraj Upadhyay wrote:
> From: Kishon Vijay Abraham I <kvijayab@....com>
> 
> Unlike standard SVM which uses the V_GIF (Virtual Global Interrupt Flag)
> bit in the VMCB, Secure AVIC ignores this field.
> 
> Instead, the hardware requires an equivalent V_GIF bit to be set within
> the vintr_ctrl field of the VMSA (Virtual Machine Save Area). Failure
> to set this bit will cause the hardware to block all interrupt delivery,
> rendering the guest non-functional.
> 
> To enable interrupts for Secure AVIC guests, modify sev_es_sync_vmsa()
> to unconditionally set the V_GIF_MASK in the VMSA's vintr_ctrl field
> whenever Secure AVIC is active. This ensures the hardware correctly
> identifies the guest as interruptible.
> 
> Signed-off-by: Kishon Vijay Abraham I <kvijayab@....com>
> Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@....com>
> ---
>  arch/x86/kvm/svm/sev.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 837ab55a3330..2dee210efb37 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -884,6 +884,9 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm)
>  
>  	save->sev_features = sev->vmsa_features;
>  
> +	if (sev_savic_active(vcpu->kvm))
> +		save->vintr_ctrl |= V_GIF_MASK;

A comment above this would be good.

Thanks,
Tom

> +
>  	/*
>  	 * Skip FPU and AVX setup with KVM_SEV_ES_INIT to avoid
>  	 * breaking older measurements.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ