Forum | Documentation | Website | Blog

Skip to content
Snippets Groups Projects
Commit 27bd5fdc authored by Nikunj A Dadhania's avatar Nikunj A Dadhania Committed by Paolo Bonzini
Browse files

KVM: SEV-ES: Prevent MSR access post VMSA encryption 


KVM currently allows userspace to read/write MSRs even after the VMSA is
encrypted. This can cause unintentional issues if MSR access has side-
effects. For ex, while migrating a guest, userspace could attempt to
migrate MSR_IA32_DEBUGCTLMSR and end up unintentionally disabling LBRV on
the target. Fix this by preventing access to those MSRs which are context
switched via the VMSA, once the VMSA is encrypted.

Suggested-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarNikunj A Dadhania <nikunj@amd.com>
Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@amd.com>
Message-ID: <20240531044644.768-2-ravi.bangoria@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent b4bd5564
Hide whitespace changes
Inline Side-by-side
Showing
with 18 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Open hardware computers for makers, educators and professionals