mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-06 10:57:46 +00:00
Code Issues Releases Wiki Activity
linux-stable/arch
History
Ravi Bangoria 834aa2c34b KVM: SEV-ES: Delegate LBR virtualization to the processor 
[ Upstream commit b7e4be0a22 ]

As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
guests. Although KVM currently enforces LBRV for SEV-ES guests, there
are multiple issues with it:

o MSR_IA32_DEBUGCTLMSR is still intercepted. Since MSR_IA32_DEBUGCTLMSR
  interception is used to dynamically toggle LBRV for performance reasons,
  this can be fatal for SEV-ES guests. For ex SEV-ES guest on Zen3:

  [guest ~]# wrmsr 0x1d9 0x4
  KVM: entry failed, hardware error 0xffffffff
  EAX=00000004 EBX=00000000 ECX=000001d9 EDX=00000000

  Fix this by never intercepting MSR_IA32_DEBUGCTLMSR for SEV-ES guests.
  No additional save/restore logic is required since MSR_IA32_DEBUGCTLMSR
  is of swap type A.

o KVM will disable LBRV if userspace sets MSR_IA32_DEBUGCTLMSR before the
  VMSA is encrypted. Fix this by moving LBRV enablement code post VMSA
  encryption.

[1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
     2023, Vol 2, 15.35.2 Enabling SEV-ES.
     https://bugzilla.kernel.org/attachment.cgi?id=304653

Fixes: 376c6d2850 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
Co-developed-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Message-ID: <20240531044644.768-4-ravi.bangoria@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-21 14:38:15 +02:00
..
alpha rtc: Add support for configuring the UIP timeout for RTC reads 2024-01-31 16:18:56 -08:00
arc ARC: [plat-hsdk]: Remove misplaced interrupt-cells property 2024-05-02 16:32:33 +02:00
arm ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat 2024-06-16 13:47:45 +02:00
arm64 KVM: arm64: AArch32: Fix spurious trapping of conditional instructions 2024-06-16 13:47:38 +02:00
csky work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
hexagon hexagon: vmlinux.lds.S: handle attributes section 2024-04-03 15:28:55 +02:00
ia64
loongarch LoongArch: Override higher address bits in JUMP_VIRT_ADDR 2024-06-16 13:47:39 +02:00
m68k m68k: mac: Fix reboot hang on Mac IIci 2024-06-12 11:11:51 +02:00
microblaze microblaze: Remove early printk call from cpuinfo-static.c 2024-06-12 11:12:23 +02:00
mips MIPS: scall: Save thread_info.syscall unconditionally on entry 2024-05-17 12:02:15 +02:00
nios2 mm: Introduce flush_cache_vmap_early() 2024-02-16 19:10:52 +01:00
openrisc openrisc: traps: Don't send signals to kernel mode threads 2024-06-12 11:11:42 +02:00
parisc parisc: Define sigset_t in parisc uapi header 2024-06-16 13:47:45 +02:00
powerpc powerpc/bpf: enforce full ordering for ATOMIC operations with BPF_FETCH 2024-06-16 13:47:48 +02:00
riscv RISC-V: KVM: Fix incorrect reg_subtype labels in kvm_riscv_vcpu_set_reg_isa_ext function 2024-06-21 14:38:14 +02:00
s390 s390/cpacf: Make use of invalid opcode produce a link error 2024-06-16 13:47:46 +02:00
sh Revert "sh: Handle calling csum_partial with misaligned data" 2024-06-12 11:11:48 +02:00
sparc sparc: move struct termio to asm/termios.h 2024-06-16 13:47:44 +02:00
um um: Fix the declaration of kasan_map_memory 2024-06-12 11:12:42 +02:00
x86 KVM: SEV-ES: Delegate LBR virtualization to the processor 2024-06-21 14:38:15 +02:00
xtensa xtensa: fix MAKE_PC_FROM_RA second argument 2024-05-17 12:02:32 +02:00
.gitignore
Kconfig cpu: Re-enable CPU mitigations by default for !X86 architectures 2024-05-02 16:32:44 +02:00