ACK: [SRU][v2][PATCH 0/2][j/gcp][k] sev-guest vulnerability fix + follow-up

[Tim Gardner]

On 5/11/23 1:23 AM, Khalid Elmously wrote:
> 
> BugLink: https://bugs.launchpad.net/bugs/2013198
> 
> "virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from upstream 5.19 and
> it fixes a vulnerability in SEV-SNP but it also introduced its own problem which was
> fixed in "virt/coco/sev-guest: Add throttling awareness" which was merged upstream in 6.3
> 
> Neither patch is present in the Jammmy (5.15) kernels - however, out of the 5.15 kernels they are only needed in j/gcp as this is the only 5.15 kernel that has SEV-SNP support.
> 
> The first patch ("virt/sev-guest: Prevent IV reuse in the SNP guest driver") is already present in the Kinetic (5.19) kernel - so only the follow-up fix is needed there
> 
> Lunar (6.2) kernels already contain both patches (the first is from 5.19, the second came from linux-stable)
> 
> 
> Testing: Boot tested the patches in a SEV-SNP environment.
> 
> 
> v2:
>   - Include fixes for Kinetic (5.19) kernels
>   - Update 'backport' section with more detail
> 
> 
> Dionna Glaze (1):
>    virt/coco/sev-guest: Add throttling awareness
> 
> Peter Gonda (1):
>    virt/sev-guest: Prevent IV reuse in the SNP guest driver
> 
>   arch/x86/include/asm/sev-common.h     |  3 +-
>   arch/x86/kernel/sev.c                 |  4 +-
>   drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----
>   3 files changed, 83 insertions(+), 19 deletions(-)
> 
Acked-by: Tim Gardner <tim.gardner at canonical.com>
-- 
-----------
Tim Gardner
Canonical, Inc