| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABgObfYpkzNO-4XoCpEdoWGx_a9GiBpg=YjE0Y48T6OpvtPVrA@mail.gmail.com> Date: Tue, 30 Sep 2025 19:35:24 +0200 From: Paolo Bonzini <pbonzini@...hat.com> To: Sean Christopherson <seanjc@...gle.com> Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [GIT PULL] KVM: x86: SVM changes for 6.18 On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@...gle.com> wrote: > > The headliner here is to enable AVIC by deafult for Zen4+ if x2AVIC is > supported. The other highlight is support for Secure TSC (support for > CiphertextHiding is coming in a separate pull request). > > The "lowlight" is a bug fix for an issue where KVM could clobber TSC_AUX if an > SEV-ES+ vCPU runs on the same pCPU as a non-SEV-ES CPU. > > Regarding enabling AVIC by default, despite there still being at least one > known wart (the IRQ window inhibit mess), I think AVIC is stable enough to > enable by default. More importantly, I think that getting it enabled in 6.18 > in particular, i.e. in the next LTS, will be a net positive in the sense that > we'll hopefully get more "free" testing, and thus help fix any lurking bugs > for the folks that are explicitly enabling AVIC. > > The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9: > > Linux 6.17-rc2 (2025-08-17 15:22:10 -0700) Pulled, thanks. Paolo > are available in the Git repository at: > > https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.18 > > for you to fetch changes up to ca2967de5a5b098b43c5ad665672945ce7e7d4f7: > > KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support (2025-09-23 08:56:49 -0700) > > ---------------------------------------------------------------- > KVM SVM changes for 6.18 > > - Require a minimum GHCB version of 2 when starting SEV-SNP guests via > KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors > instead of latent guest failures. > > - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted > host from tampering with the guest's TSC frequency, while still allowing the > the VMM to configure the guest's TSC frequency prior to launch. > > - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by > wrapping all accesses via READ_ONCE(). > > - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a > bogous XCR0 value in KVM's software model. > > - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to > avoid leaving behind stale state (thankfully not consumed in KVM). > > - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE > instead of subtly relying on guest_memfd to do the "heavy" lifting. > > - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's > desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's > TSC_AUX due to hardware not matching the value cached in the user-return MSR > infrastructure. > > - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported, > and clean up the AVIC initialization code along the way. > > ---------------------------------------------------------------- > Hou Wenlong (2): > KVM: x86: Add helper to retrieve current value of user return MSR > KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest > > Naveen N Rao (1): > KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support > > Nikunj A Dadhania (4): > KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it > KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests > x86/cpufeatures: Add SNP Secure TSC > KVM: SVM: Enable Secure TSC for SNP guests > > Sean Christopherson (15): > KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create() helper > KVM: SEV: Move init of SNP guest state into sev_init_vmcb() > KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb() > KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create() > KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds > KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code() > KVM: SEV: Read save fields from GHCB exactly once > KVM: SEV: Validate XCR0 provided by guest in GHCB > KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE > KVM: SVM: Make svm_x86_ops globally visible, clean up on-HyperV usage > KVM: SVM: Move x2AVIC MSR interception helper to avic.c > KVM: SVM: Update "APICv in x2APIC without x2AVIC" in avic.c, not svm.c > KVM: SVM: Always print "AVIC enabled" separately, even when force enabled > KVM: SVM: Don't advise the user to do force_avic=y (when x2AVIC is detected) > KVM: SVM: Move global "avic" variable to avic.c > > Thorsten Blum (1): > KVM: nSVM: Replace kzalloc() + copy_from_user() with memdup_user() > > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/include/asm/kvm_host.h | 2 + > arch/x86/include/asm/svm.h | 1 + > arch/x86/kvm/svm/avic.c | 151 ++++++++++++++++++++++++++++------ > arch/x86/kvm/svm/nested.c | 18 ++--- > arch/x86/kvm/svm/sev.c | 160 +++++++++++++++++++++++++------------ > arch/x86/kvm/svm/svm.c | 126 +++++------------------------ > arch/x86/kvm/svm/svm.h | 40 ++++++---- > arch/x86/kvm/svm/svm_onhyperv.c | 28 ++++++- > arch/x86/kvm/svm/svm_onhyperv.h | 31 +------ > arch/x86/kvm/x86.c | 9 ++- > virt/kvm/guest_memfd.c | 3 +- > 12 files changed, 323 insertions(+), 247 deletions(-) >
Powered by blists - more mailing lists