diff options
| author | Sean Christopherson <seanjc@google.com> | 2025-02-26 17:25:33 -0800 | 
|---|---|---|
| committer | Sean Christopherson <seanjc@google.com> | 2025-03-03 07:26:39 -0800 | 
| commit | 807cb9ce2ed9a1b6e79e70fb2cdb7860f1517dcc (patch) | |
| tree | f2382123f4e0b9fe08d3d9ec65b7599b5d471667 /security/selinux/include/security.h | |
| parent | b2653cd3b75f62f29b72df4070e20357acb52bc4 (diff) | |
KVM: SVM: Don't rely on DebugSwap to restore host DR0..DR3
Never rely on the CPU to restore/load host DR0..DR3 values, even if the
CPU supports DebugSwap, as there are no guarantees that SNP guests will
actually enable DebugSwap on APs.  E.g. if KVM were to rely on the CPU to
load DR0..DR3 and skipped them during hw_breakpoint_restore(), KVM would
run with clobbered-to-zero DRs if an SNP guest created APs without
DebugSwap enabled.
Update the comment to explain the dangers, and hopefully prevent breaking
KVM in the future.
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20250227012541.3234589-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>
Diffstat (limited to 'security/selinux/include/security.h')
0 files changed, 0 insertions, 0 deletions
