[svsm-devel] SVSM Host Kernel KVM Update Required
Jörg Rödel
joro at 8bytes.org
Wed Mar 12 10:21:14 CET 2025
Hi everyone,
As some of you already noticed there is a regression with the current
SVSM tree, as it does not boot the SVSM-kernel anymore on KVM with
SEV-SNP hardware. The problem was in our host kernel, for which I just
merged a fix. So please update your host environments with the updated
kernel if you experience this problem.
The reason for the breakage was a PR to unconditionally compile in the
shadow-stack code in all builds and do detection at runtime.
Unfortunately this broke on KVM because our SVSM Linux kernel tree does
still intercept all shadow-stack MSRs. So when COCONUT accesses these
MSRs it will cause a #VC exception and the kernel panics.
My fix disables the intercepts of the shadow-stack MSRs in our host
kernel. This is safe because Linux does only implement user
shadow-stacks so far and that state is switched via the FPU load/unload
path.
Regards,
Joerg
More information about the Svsm-devel
mailing list