ACK: [SRU][v2][PATCH 0/2][j/gcp][k] sev-guest vulnerability fix + follow-up
Philip Cox
philip.cox at canonical.com
Thu May 11 13:13:54 UTC 2023
On Thu, May 11, 2023 at 3:25 AM Khalid Elmously <
khalid.elmously at canonical.com> wrote:
>
> BugLink: https://bugs.launchpad.net/bugs/2013198
>
> "virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from
> upstream 5.19 and
> it fixes a vulnerability in SEV-SNP but it also introduced its own problem
> which was
> fixed in "virt/coco/sev-guest: Add throttling awareness" which was merged
> upstream in 6.3
>
> Neither patch is present in the Jammmy (5.15) kernels - however, out of
> the 5.15 kernels they are only needed in j/gcp as this is the only 5.15
> kernel that has SEV-SNP support.
>
> The first patch ("virt/sev-guest: Prevent IV reuse in the SNP guest
> driver") is already present in the Kinetic (5.19) kernel - so only the
> follow-up fix is needed there
>
> Lunar (6.2) kernels already contain both patches (the first is from 5.19,
> the second came from linux-stable)
>
>
> Testing: Boot tested the patches in a SEV-SNP environment.
>
>
> v2:
> - Include fixes for Kinetic (5.19) kernels
> - Update 'backport' section with more detail
>
>
> Dionna Glaze (1):
> virt/coco/sev-guest: Add throttling awareness
>
> Peter Gonda (1):
> virt/sev-guest: Prevent IV reuse in the SNP guest driver
>
> arch/x86/include/asm/sev-common.h | 3 +-
> arch/x86/kernel/sev.c | 4 +-
> drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----
> 3 files changed, 83 insertions(+), 19 deletions(-)
>
> --
> 2.34.1
>
>
Acked-by: Philip Cox <philip.cox at canonical.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230511/3515fc11/attachment.html>
More information about the kernel-team
mailing list