Re: [PATCH 00/21] Fixes and lock cleanup+hardening

Next message: Jacob Pan: "[PATCH V2 07/11] vfio: Update noiommu device detection logic for cdev"
Previous message: Bitterblue Smith: "Re: [PATCH] wifi: rtl8xxxu: Enable AP mode for RTL8188EU"
In reply to: Jethro Beekman: "Re: [PATCH 00/21] Fixes and lock cleanup+hardening"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Thu Mar 12 2026 - 12:03:25 EST

On Wed, Mar 11, 2026, Jethro Beekman wrote:
> On 2026-03-11 00:48, Sean Christopherson wrote:
> > Fix several fatal SEV bugs, then clean up the SEV+ APIs to either document
> > that they are safe to query outside of kvm->lock, or to use lockdep-protected
> > version. The sev_mem_enc_register_region() goof is at least the second bug
> > we've had related to checking for an SEV guest outside of kvm->lock, and in
> > general it's nearly impossible to just "eyeball" the safety of KVM's usage.
> >
> > I included Carlos' guard() cleanups here to avoid annoying conflicts (well,
> > to solve them now instead of when applying).
>
> I wrote a bunch of tests (see below) to check the kernel can properly handle bad userspace flows. I haven't had the chance to test them with your patch set.
>
> test_vcpu_hotplug() triggers dump_vmcb()

FWIW, this is a non-issue, especially since SEV-ES+ guests can effectively fuzz
the VMSA at will.