<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, May 11, 2023 at 3:25 AM Khalid Elmously <<a href="mailto:khalid.elmously@canonical.com">khalid.elmously@canonical.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
BugLink: <a href="https://bugs.launchpad.net/bugs/2013198" rel="noreferrer" target="_blank">https://bugs.launchpad.net/bugs/2013198</a><br>
<br>
"virt/sev-guest: Prevent IV reuse in the SNP guest driver" is from upstream 5.19 and<br>
it fixes a vulnerability in SEV-SNP but it also introduced its own problem which was<br>
fixed in "virt/coco/sev-guest: Add throttling awareness" which was merged upstream in 6.3<br>
<br>
Neither patch is present in the Jammmy (5.15) kernels - however, out of the 5.15 kernels they are only needed in j/gcp as this is the only 5.15 kernel that has SEV-SNP support.<br>
<br>
The first patch ("virt/sev-guest: Prevent IV reuse in the SNP guest driver") is already present in the Kinetic (5.19) kernel - so only the follow-up fix is needed there<br>
<br>
Lunar (6.2) kernels already contain both patches (the first is from 5.19, the second came from linux-stable)<br>
<br>
<br>
Testing: Boot tested the patches in a SEV-SNP environment.<br>
<br>
<br>
v2:<br>
- Include fixes for Kinetic (5.19) kernels<br>
- Update 'backport' section with more detail<br>
<br>
<br>
Dionna Glaze (1):<br>
virt/coco/sev-guest: Add throttling awareness<br>
<br>
Peter Gonda (1):<br>
virt/sev-guest: Prevent IV reuse in the SNP guest driver<br>
<br>
arch/x86/include/asm/sev-common.h | 3 +-<br>
arch/x86/kernel/sev.c | 4 +-<br>
drivers/virt/coco/sevguest/sevguest.c | 95 ++++++++++++++++++++++-----<br>
3 files changed, 83 insertions(+), 19 deletions(-)<br>
<br>
-- <br>
2.34.1<br><br></blockquote><div><br></div><div> Acked-by: Philip Cox <<a href="mailto:philip.cox@canonical.com">philip.cox@canonical.com</a>><br></div><div><br></div><div> </div></div></div>