]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 0f68fe4 ca2967d)
Merge tag 'kvm-x86-svm-6.18' of https://github.com/kvm-x86/linux into HEAD
authorPaolo Bonzini <pbonzini@redhat.com>
Tue, 30 Sep 2025 17:34:12 +0000 (13:34 -0400)
committerPaolo Bonzini <pbonzini@redhat.com>
Tue, 30 Sep 2025 17:34:12 +0000 (13:34 -0400)
KVM SVM changes for 6.18

 - Require a minimum GHCB version of 2 when starting SEV-SNP guests via
   KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors
   instead of latent guest failures.

 - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted
   host from tampering with the guest's TSC frequency, while still allowing the
   the VMM to configure the guest's TSC frequency prior to launch.

 - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by
   wrapping all accesses via READ_ONCE().

 - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a
   bogous XCR0 value in KVM's software model.

 - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to
   avoid leaving behind stale state (thankfully not consumed in KVM).

 - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE
   instead of subtly relying on guest_memfd to do the "heavy" lifting.

 - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's
   desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's
   TSC_AUX due to hardware not matching the value cached in the user-return MSR
   infrastructure.

 - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported,
   and clean up the AVIC initialization code along the way.

1  2 
arch/x86/include/asm/cpufeatures.h patch | diff1 | diff2 | blob | history
arch/x86/include/asm/kvm_host.h patch | diff1 | diff2 | blob | history
arch/x86/kvm/svm/sev.c patch | diff1 | diff2 | blob | history
arch/x86/kvm/svm/svm.c patch | diff1 | diff2 | blob | history
arch/x86/kvm/svm/svm.h patch | diff1 | diff2 | blob | history
arch/x86/kvm/x86.c patch | diff1 | diff2 | blob | history
virt/kvm/guest_memfd.c patch | diff1 | diff2 | blob | history

diff --cc arch/x86/include/asm/cpufeatures.h
Simple merge
diff --cc arch/x86/include/asm/kvm_host.h
Simple merge
diff --cc arch/x86/kvm/svm/sev.c
Simple merge
diff --cc arch/x86/kvm/svm/svm.c
Simple merge
diff --cc arch/x86/kvm/svm/svm.h
index 70df7c6413cf9b671ee31f86e0aad142dfb7d31a,739f4f52f46d77784e3df59a63ddd36dfe9fe8b0..9526bb112b29c0b0a21a265738fd67c637466d26
--- 1/arch/x86/kvm/svm/svm.h
--- 2/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@@ -863,10 -865,9 +865,9 @@@ int sev_cpu_init(struct svm_cpu_data *s
  int sev_dev_get_attr(u32 group, u64 attr, u64 *val);
  extern unsigned int max_sev_asid;
  void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code);
- void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu);
  int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order);
  void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end);
 -int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn);
 +int sev_gmem_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, bool is_private);
  struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vcpu *vcpu);
  void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct vmcb_save_area *vmsa);
  #else
diff --cc arch/x86/kvm/x86.c
Simple merge
diff --cc virt/kvm/guest_memfd.c
Simple merge
A mirror of Linus' kernel repository