[svsm-devel] SVSM Host Kernel KVM Update Required
Gupta, Pankaj
pankaj.gupta at amd.com
Wed Mar 12 10:36:17 CET 2025
Hi Joerg,
Thanks for the headsup!
> Hi everyone,
>
> As some of you already noticed there is a regression with the current
> SVSM tree, as it does not boot the SVSM-kernel anymore on KVM with
> SEV-SNP hardware. The problem was in our host kernel, for which I just
> merged a fix. So please update your host environments with the updated
> kernel if you experience this problem.
>
> The reason for the breakage was a PR to unconditionally compile in the
> shadow-stack code in all builds and do detection at runtime.
Would you mind sharing the #PR? Now, I am wondering why I did not notice
any no boot scenario at all.
Thanks,
Pankaj
> Unfortunately this broke on KVM because our SVSM Linux kernel tree does
> still intercept all shadow-stack MSRs. So when COCONUT accesses these
> MSRs it will cause a #VC exception and the kernel panics.
>
> My fix disables the intercepts of the shadow-stack MSRs in our host
> kernel. This is safe because Linux does only implement user
> shadow-stacks so far and that state is switched via the FPU load/unload
> path.
>
> Regards,
>
> Joerg
More information about the Svsm-devel
mailing list