KVM: SEV: Publish supported SEV-SNP policy bits

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Define the set of policy bits that KVM currently knows as not requiring
any implementation support within KVM. Provide this value to userspace
via the KVM_GET_DEVICE_ATTR ioctl.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://patch.msgid.link/c596f7529518f3f826a57970029451d9385949e5.1761593632.git.thomas.lendacky@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

authored by

Tom Lendacky and committed by

Sean Christopherson 4 months ago 7a61d613 c9434e64

+12 -2

2 changed files

expand all

arch

x86

include

uapi

asm

kvm.h

kvm

svm

sev.c

arch/x86/include/uapi/asm/kvm.h

··· 502 502 /* vendor-specific groups and attributes for system fd */ 503 503 #define KVM_X86_GRP_SEV 1 504 504 # define KVM_X86_SEV_VMSA_FEATURES 0 505 + # define KVM_X86_SNP_POLICY_BITS 1 505 506 506 507 struct kvm_vmx_nested_state_data { 507 508 __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];

+11 -2

arch/x86/kvm/svm/sev.c

··· 72 72 SNP_POLICY_MASK_DEBUG | \ 73 73 SNP_POLICY_MASK_SINGLE_SOCKET) 74 74 75 + static u64 snp_supported_policy_bits __ro_after_init; 76 + 75 77 #define INITIAL_VMSA_GPA 0xFFFFFFFFF000 76 78 77 79 static u8 sev_enc_bit; ··· 2137 2135 *val = sev_supported_vmsa_features; 2138 2136 return 0; 2139 2137 2138 + case KVM_X86_SNP_POLICY_BITS: 2139 + *val = snp_supported_policy_bits; 2140 + return 0; 2141 + 2140 2142 default: 2141 2143 return -ENXIO; 2142 2144 } ··· 2205 2199 if (params.flags) 2206 2200 return -EINVAL; 2207 2201 2208 - if (params.policy & ~KVM_SNP_POLICY_MASK_VALID) 2202 + if (params.policy & ~snp_supported_policy_bits) 2209 2203 return -EINVAL; 2210 2204 2211 2205 /* Check for policy bits that must be set */ ··· 3098 3092 else if (sev_snp_supported) 3099 3093 sev_snp_supported = is_sev_snp_initialized(); 3100 3094 3101 - if (sev_snp_supported) 3095 + if (sev_snp_supported) { 3096 + snp_supported_policy_bits = sev_get_snp_policy_bits() & 3097 + KVM_SNP_POLICY_MASK_VALID; 3102 3098 nr_ciphertext_hiding_asids = init_args.max_snp_asid; 3099 + } 3103 3100 3104 3101 /* 3105 3102 * If ciphertext hiding is enabled, the joint SEV-ES/SEV-SNP