[PATCH 00/21] Fixes and lock cleanup+hardening

[Sean Christopherson]

Fix several fatal SEV bugs, then clean up the SEV+ APIs to either document
that they are safe to query outside of kvm->lock, or to use lockdep-protected
version.  The sev_mem_enc_register_region() goof is at least the second bug
we've had related to checking for an SEV guest outside of kvm->lock, and in
general it's nearly impossible to just "eyeball" the safety of KVM's usage.

I included Carlos' guard() cleanups here to avoid annoying conflicts (well,
to solve them now instead of when applying).

Carlos López (5):
  KVM: SEV: use mutex guard in snp_launch_update()
  KVM: SEV: use mutex guard in sev_mem_enc_ioctl()
  KVM: SEV: use mutex guard in sev_mem_enc_unregister_region()
  KVM: SEV: use mutex guard in snp_handle_guest_req()
  KVM: SVM: Move lock-protected allocation of SEV ASID into a separate
    helper

Sean Christopherson (16):
  KVM: selftests: Remove duplicate LAUNCH_UPDATE_VMSA call in SEV-ES
    migrate test
  KVM: SEV: Reject attempts to sync VMSA of an
    already-launched/encrypted vCPU
  KVM: SEV: Protect *all* of sev_mem_enc_register_region() with
    kvm->lock
  KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created
  KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish
  KVM: SEV: Lock all vCPUs for the duration of SEV-ES VMSA
    synchronization
  KVM: SEV: Provide vCPU-scoped accessors for detecting SEV+ guests
  KVM: SEV: Add quad-underscore version of VM-scoped APIs to detect SEV+
    guests
  KVM: SEV: Document the SEV-ES check when querying SMM support as
    "safe"
  KVM: SEV: Move standard VM-scoped helpers to detect SEV+ guests to
    sev.c
  KVM: SEV: Move SEV-specific VM initialization to sev.c
  KVM: SEV: WARN on unhandled VM type when initializing VM
  KVM: SEV: Hide "struct kvm_sev_info" behind CONFIG_KVM_AMD_SEV=y
  KVM: SEV: Document that checking for SEV+ guests when reclaiming
    memory is "safe"
  KVM: SEV: Assert that kvm->lock is held when querying SEV+ support
  KVM: SEV: Goto an existing error label if charging misc_cg for an ASID
    fails

 arch/x86/kvm/svm/sev.c                        | 315 +++++++++++-------
 arch/x86/kvm/svm/svm.c                        | 106 +++---
 arch/x86/kvm/svm/svm.h                        |  36 +-
 include/linux/kvm_host.h                      |   7 +
 .../selftests/kvm/x86/sev_migrate_tests.c     |   2 -
 5 files changed, 275 insertions(+), 191 deletions(-)


base-commit: 11439c4635edd669ae435eec308f4ab8a0804808
-- 
2.53.0.473.g4a7958ca14-goog