lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aRYpWLUn5IABs1Vx@google.com>
Date: Thu, 13 Nov 2025 10:54:16 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Tom Lendacky <thomas.lendacky@....com>
Cc: kvm@...r.kernel.org, linux-kernel@...r.kernel.org, x86@...nel.org, 
	linux-crypto@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>, 
	Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>, 
	Ingo Molnar <mingo@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, 
	Michael Roth <michael.roth@....com>, Ashish Kalra <ashish.kalra@....com>, 
	Herbert Xu <herbert@...dor.apana.org.au>, David Miller <davem@...emloft.net>
Subject: Re: [PATCH v4 0/4] SEV-SNP guest policy bit support updates

On Mon, Oct 27, 2025, Tom Lendacky wrote:
> This series aims to allow more flexibility in specifying SEV-SNP policy
> bits by improving discoverability of supported policy bits from userspace
> and enabling support for newer policy bits.

...

> Tom Lendacky (4):
>   KVM: SEV: Consolidate the SEV policy bits in a single header file
>   crypto: ccp - Add an API to return the supported SEV-SNP policy bits
>   KVM: SEV: Publish supported SEV-SNP policy bits
>   KVM: SEV: Add known supported SEV-SNP policy bits
> 
>  arch/x86/include/uapi/asm/kvm.h |  1 +
>  arch/x86/kvm/svm/sev.c          | 45 ++++++++++++++++++++-------------
>  arch/x86/kvm/svm/svm.h          |  3 ---
>  drivers/crypto/ccp/sev-dev.c    | 37 +++++++++++++++++++++++++++
>  include/linux/psp-sev.h         | 39 ++++++++++++++++++++++++++++
>  5 files changed, 105 insertions(+), 20 deletions(-)

Looks good overall, just the one minor nit.  Given that this adds new KVM uAPI,
and the CCP changes are fairly minor in the grand scheme, my preference would be
to take the entire series through kvm-x86 (with Acks as appropriate).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ