Re: [PATCH 0/3] KVM: SVM: SEV{-ES} bug fixes

From: Paolo Bonzini
Date: Wed Mar 31 2021 - 05:38:45 EST

Next message: Paolo Bonzini: "Re: [PATCH 2/2] KVM: x86: Account a variety of miscellaneous allocations"
Previous message: Paolo Bonzini: "Re: [PATCH 0/2] KVM: x86/mmu: TDP MMU fixes/cleanups"
In reply to: Sean Christopherson: "[PATCH 3/3] KVM: SVM: Do not allow SEV/SEV-ES initialization after vCPUs are created"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 31/03/21 05:19, Sean Christopherson wrote:

Misc bug fixes in SEV/SEV-ES to protect against a malicious userspace.
All found by inspection, I didn't actually crash the host to to prove that
userspace could hose the kernel in any of these cases. Boot tested an SEV
guest, though the SEV-ES side of patch 2 is essentially untested as I
don't have an SEV-ES setup at this time.

Sean Christopherson (3):
KVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs
KVM: SVM: Do not set sev->es_active until KVM_SEV_ES_INIT completes
KVM: SVM: Do not allow SEV/SEV-ES initialization after vCPUs are
created

arch/x86/kvm/svm/sev.c | 37 ++++++++++++++++++-------------------
1 file changed, 18 insertions(+), 19 deletions(-)

Queued, thanks.

Paolo

Next message: Paolo Bonzini: "Re: [PATCH 2/2] KVM: x86: Account a variety of miscellaneous allocations"
Previous message: Paolo Bonzini: "Re: [PATCH 0/2] KVM: x86/mmu: TDP MMU fixes/cleanups"
In reply to: Sean Christopherson: "[PATCH 3/3] KVM: SVM: Do not allow SEV/SEV-ES initialization after vCPUs are created"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]