On 2/14/19 11:31 AM, Jim Mattson wrote: ... >>> >> >> For now I am inclined to go with what we have. Will submit v2 >> with fixes. >> >> Theoretically we can use the single stepping with CR4.SMAP=0. > > SEV allows the hypervisor to override the guest OS's CR4.SMAP > setting?!? That seems counter-intuitive, given SEV's intended use. > Doesn't this potentially give a ring-3 agent in the guest an avenue to > privilege escalation through collusion with the hypervisor? > The guest register state is protected with the SEV-ES feature. The SEV-ES feature is supported in current HW but its not supported in KVM yet. We are actively working to add this feature very soon. -Brijesh
