On Wed, 26 Feb 2025 17:25:31 -0800, Sean Christopherson wrote:
> Try to address the worst of the issues that arise with guest controlled SEV
> features (thanks AP creation)[1]. The most pressing issue is with DebugSwap,
> as a misbehaving guest could clobber host DR masks (which should be relatively
> benign?).
>
> The other notable issue is that KVM doesn't guard against userspace manually
> making a vCPU RUNNABLE after it has been DESTROYED (or after a failed CREATE).
> This shouldn't be super problematic, as VMRUN is supposed to "only" fail if
> the VMSA page is invalid, but passing a known bad PA to hardware isn't exactly
> desirable.
>
> [...]
Thanks for the reviews and testing!
Applied:
[01/10] KVM: SVM: Save host DR masks on CPUs with DebugSwap
https://github.com/kvm-x86/linux/commit/b2653cd3b75f
[02/10] KVM: SVM: Don't rely on DebugSwap to restore host DR0..DR3
https://github.com/kvm-x86/linux/commit/807cb9ce2ed9
to kvm-x86 fixes, and:
[3/10] KVM: SVM: Refuse to attempt VRMUN if an SEV-ES+ guest has an invalid VMSA
https://github.com/kvm-x86/linux/commit/72d12715edcd
[4/10] KVM: SVM: Don't change target vCPU state on AP Creation VMGEXIT error
https://github.com/kvm-x86/linux/commit/d26638bfcdfc
[5/10] KVM: SVM: Require AP's "requested" SEV_FEATURES to match KVM's view
https://github.com/kvm-x86/linux/commit/745ff82199b1
[6/10] KVM: SVM: Simplify request+kick logic in SNP AP Creation handling
https://github.com/kvm-x86/linux/commit/c6e129fb2ad2
[7/10] KVM: SVM: Use guard(mutex) to simplify SNP AP Creation error handling
https://github.com/kvm-x86/linux/commit/46332437e1c5
[8/10] KVM: SVM: Mark VMCB dirty before processing incoming snp_vmsa_gpa
https://github.com/kvm-x86/linux/commit/e268beee4a25
[9/10] KVM: SVM: Use guard(mutex) to simplify SNP vCPU state updates
https://github.com/kvm-x86/linux/commit/5279d6f7e43d
[10/10] KVM: SVM: Invalidate "next" SNP VMSA GPA even on failure
https://github.com/kvm-x86/linux/commit/4e96f010afb2
to kvm-x86 svm.
--
https://github.com/kvm-x86/linux/tree/next
