[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CABgObfYpkzNO-4XoCpEdoWGx_a9GiBpg=YjE0Y48T6OpvtPVrA@mail.gmail.com>
Date: Tue, 30 Sep 2025 19:35:24 +0200
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sean Christopherson <seanjc@...gle.com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] KVM: x86: SVM changes for 6.18
On Sat, Sep 27, 2025 at 8:09 AM Sean Christopherson <seanjc@...gle.com> wrote:
>
> The headliner here is to enable AVIC by deafult for Zen4+ if x2AVIC is
> supported. The other highlight is support for Secure TSC (support for
> CiphertextHiding is coming in a separate pull request).
>
> The "lowlight" is a bug fix for an issue where KVM could clobber TSC_AUX if an
> SEV-ES+ vCPU runs on the same pCPU as a non-SEV-ES CPU.
>
> Regarding enabling AVIC by default, despite there still being at least one
> known wart (the IRQ window inhibit mess), I think AVIC is stable enough to
> enable by default. More importantly, I think that getting it enabled in 6.18
> in particular, i.e. in the next LTS, will be a net positive in the sense that
> we'll hopefully get more "free" testing, and thus help fix any lurking bugs
> for the folks that are explicitly enabling AVIC.
>
> The following changes since commit c17b750b3ad9f45f2b6f7e6f7f4679844244f0b9:
>
> Linux 6.17-rc2 (2025-08-17 15:22:10 -0700)
Pulled, thanks.
Paolo
> are available in the Git repository at:
>
> https://github.com/kvm-x86/linux.git tags/kvm-x86-svm-6.18
>
> for you to fetch changes up to ca2967de5a5b098b43c5ad665672945ce7e7d4f7:
>
> KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support (2025-09-23 08:56:49 -0700)
>
> ----------------------------------------------------------------
> KVM SVM changes for 6.18
>
> - Require a minimum GHCB version of 2 when starting SEV-SNP guests via
> KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors
> instead of latent guest failures.
>
> - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted
> host from tampering with the guest's TSC frequency, while still allowing the
> the VMM to configure the guest's TSC frequency prior to launch.
>
> - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by
> wrapping all accesses via READ_ONCE().
>
> - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a
> bogous XCR0 value in KVM's software model.
>
> - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to
> avoid leaving behind stale state (thankfully not consumed in KVM).
>
> - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE
> instead of subtly relying on guest_memfd to do the "heavy" lifting.
>
> - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's
> desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's
> TSC_AUX due to hardware not matching the value cached in the user-return MSR
> infrastructure.
>
> - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported,
> and clean up the AVIC initialization code along the way.
>
> ----------------------------------------------------------------
> Hou Wenlong (2):
> KVM: x86: Add helper to retrieve current value of user return MSR
> KVM: SVM: Re-load current, not host, TSC_AUX on #VMEXIT from SEV-ES guest
>
> Naveen N Rao (1):
> KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support
>
> Nikunj A Dadhania (4):
> KVM: SEV: Drop GHCB_VERSION_DEFAULT and open code it
> KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests
> x86/cpufeatures: Add SNP Secure TSC
> KVM: SVM: Enable Secure TSC for SNP guests
>
> Sean Christopherson (15):
> KVM: SVM: Move SEV-ES VMSA allocation to a dedicated sev_vcpu_create() helper
> KVM: SEV: Move init of SNP guest state into sev_init_vmcb()
> KVM: SEV: Set RESET GHCB MSR value during sev_es_init_vmcb()
> KVM: SEV: Fold sev_es_vcpu_reset() into sev_vcpu_create()
> KVM: SEV: Save the SEV policy if and only if LAUNCH_START succeeds
> KVM: SEV: Rename kvm_ghcb_get_sw_exit_code() to kvm_get_cached_sw_exit_code()
> KVM: SEV: Read save fields from GHCB exactly once
> KVM: SEV: Validate XCR0 provided by guest in GHCB
> KVM: SEV: Reject non-positive effective lengths during LAUNCH_UPDATE
> KVM: SVM: Make svm_x86_ops globally visible, clean up on-HyperV usage
> KVM: SVM: Move x2AVIC MSR interception helper to avic.c
> KVM: SVM: Update "APICv in x2APIC without x2AVIC" in avic.c, not svm.c
> KVM: SVM: Always print "AVIC enabled" separately, even when force enabled
> KVM: SVM: Don't advise the user to do force_avic=y (when x2AVIC is detected)
> KVM: SVM: Move global "avic" variable to avic.c
>
> Thorsten Blum (1):
> KVM: nSVM: Replace kzalloc() + copy_from_user() with memdup_user()
>
> arch/x86/include/asm/cpufeatures.h | 1 +
> arch/x86/include/asm/kvm_host.h | 2 +
> arch/x86/include/asm/svm.h | 1 +
> arch/x86/kvm/svm/avic.c | 151 ++++++++++++++++++++++++++++------
> arch/x86/kvm/svm/nested.c | 18 ++---
> arch/x86/kvm/svm/sev.c | 160 +++++++++++++++++++++++++------------
> arch/x86/kvm/svm/svm.c | 126 +++++------------------------
> arch/x86/kvm/svm/svm.h | 40 ++++++----
> arch/x86/kvm/svm/svm_onhyperv.c | 28 ++++++-
> arch/x86/kvm/svm/svm_onhyperv.h | 31 +------
> arch/x86/kvm/x86.c | 9 ++-
> virt/kvm/guest_memfd.c | 3 +-
> 12 files changed, 323 insertions(+), 247 deletions(-)
>
Powered by blists - more mailing lists