]> git.dujemihanovic.xyz Git - linux.git/commit
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4bd556) | patch
KVM: SEV-ES: Prevent MSR access post VMSA encryption
authorNikunj A Dadhania <nikunj@amd.com>
Fri, 31 May 2024 04:46:42 +0000 (04:46 +0000)
committerPaolo Bonzini <pbonzini@redhat.com>
Mon, 3 Jun 2024 17:06:48 +0000 (13:06 -0400)
commit27bd5fdc24c0d5d1306f968ef24105c4577242b0
treedb4b43259cfb6ee57fbdaf6feaa0151437b7f4c8tree | snapshot
parentb4bd556467477420ee3a91fbcba73c579669edc6commit | diff
KVM: SEV-ES: Prevent MSR access post VMSA encryption

KVM currently allows userspace to read/write MSRs even after the VMSA is
encrypted. This can cause unintentional issues if MSR access has side-
effects. For ex, while migrating a guest, userspace could attempt to
migrate MSR_IA32_DEBUGCTLMSR and end up unintentionally disabling LBRV on
the target. Fix this by preventing access to those MSRs which are context
switched via the VMSA, once the VMSA is encrypted.

Suggested-by: Sean Christopherson <seanjc@google.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Message-ID: <20240531044644.768-2-ravi.bangoria@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
arch/x86/kvm/svm/svm.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.