]> Git Repo - linux.git/commit
projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4bd556) | patch
KVM: SEV-ES: Prevent MSR access post VMSA encryption
authorNikunj A Dadhania <[email protected]>
Fri, 31 May 2024 04:46:42 +0000 (04:46 +0000)
committerPaolo Bonzini <[email protected]>
Mon, 3 Jun 2024 17:06:48 +0000 (13:06 -0400)
commit27bd5fdc24c0d5d1306f968ef24105c4577242b0
treedb4b43259cfb6ee57fbdaf6feaa0151437b7f4c8tree | snapshot
parentb4bd556467477420ee3a91fbcba73c579669edc6commit | diff
KVM: SEV-ES: Prevent MSR access post VMSA encryption

KVM currently allows userspace to read/write MSRs even after the VMSA is
encrypted. This can cause unintentional issues if MSR access has side-
effects. For ex, while migrating a guest, userspace could attempt to
migrate MSR_IA32_DEBUGCTLMSR and end up unintentionally disabling LBRV on
the target. Fix this by preventing access to those MSRs which are context
switched via the VMSA, once the VMSA is encrypted.

Suggested-by: Sean Christopherson <[email protected]>
Signed-off-by: Nikunj A Dadhania <[email protected]>
Signed-off-by: Ravi Bangoria <[email protected]>
Message-ID: <20240531044644[email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>
arch/x86/kvm/svm/svm.c diff | blob | blame | history
Empty description
This page took 0.06541 seconds and 4 git commands to generate.