KVM: SEV: Add initial SEV-SNP support

#define AVIC_HPA_MASK	~((0xFFFULL << 52) | 0xFFF)

#define SVM_SEV_FEAT_SNP_ACTIVE				BIT(0)

#define SVM_SEV_FEAT_DEBUG_SWAP				BIT(5)

struct vmcb_seg {

#define KVM_X86_SW_PROTECTED_VM	1

#define KVM_X86_SEV_VM		2

#define KVM_X86_SEV_ES_VM	3

#define KVM_X86_SNP_VM		4

#endif /* _ASM_X86_KVM_H */

static bool sev_es_enabled = true;

module_param_named(sev_es, sev_es_enabled, bool, 0444);

/* enable/disable SEV-SNP support */

static bool sev_snp_enabled;

/* enable/disable SEV-ES DebugSwap support */

static bool sev_es_debug_swap_enabled = true;

module_param_named(debug_swap, sev_es_debug_swap_enabled, bool, 0444);

	if (sev->es_active && !sev->ghcb_version)

		sev->ghcb_version = GHCB_VERSION_DEFAULT;

	if (vm_type == KVM_X86_SNP_VM)

		sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;

	ret = sev_asid_new(sev);

	if (ret)

		goto e_no_asid;

		return -EINVAL;

	if (kvm->arch.vm_type != KVM_X86_SEV_VM &&

	    kvm->arch.vm_type != KVM_X86_SEV_ES_VM)

	    kvm->arch.vm_type != KVM_X86_SEV_ES_VM &&

	    kvm->arch.vm_type != KVM_X86_SNP_VM)

		return -EINVAL;

	if (copy_from_user(&data, u64_to_user_ptr(argp->data), sizeof(data)))

		kvm_cpu_cap_set(X86_FEATURE_SEV_ES);

		kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);

	}

	if (sev_snp_enabled) {

		kvm_cpu_cap_set(X86_FEATURE_SEV_SNP);

		kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM);

	}

}

void __init sev_hardware_setup(void)

{

	unsigned int eax, ebx, ecx, edx, sev_asid_count, sev_es_asid_count;

	bool sev_snp_supported = false;

	bool sev_es_supported = false;

	bool sev_supported = false;

	sev_es_asid_count = min_sev_asid - 1;

	WARN_ON_ONCE(misc_cg_set_capacity(MISC_CG_RES_SEV_ES, sev_es_asid_count));

	sev_es_supported = true;

	sev_snp_supported = sev_snp_enabled && cc_platform_has(CC_ATTR_HOST_SEV_SNP);

out:

	if (boot_cpu_has(X86_FEATURE_SEV))

		pr_info("SEV-ES %s (ASIDs %u - %u)\n",

			sev_es_supported ? "enabled" : "disabled",

			min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);

	if (boot_cpu_has(X86_FEATURE_SEV_SNP))

		pr_info("SEV-SNP %s (ASIDs %u - %u)\n",

			sev_snp_supported ? "enabled" : "disabled",

			min_sev_asid > 1 ? 1 : 0, min_sev_asid - 1);

	sev_enabled = sev_supported;

	sev_es_enabled = sev_es_supported;

	sev_snp_enabled = sev_snp_supported;

	if (!sev_es_enabled || !cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) ||

	    !cpu_feature_enabled(X86_FEATURE_NO_NESTED_DATA_BP))

		sev_es_debug_swap_enabled = false;

	if (WARN_ON_ONCE(error_code & PFERR_SYNTHETIC_MASK))

		error_code &= ~PFERR_SYNTHETIC_MASK;

	if (sev_snp_guest(vcpu->kvm) && (error_code & PFERR_GUEST_ENC_MASK))

		error_code |= PFERR_PRIVATE_ACCESS;

	trace_kvm_page_fault(vcpu, fault_address, error_code);

	return kvm_mmu_page_fault(vcpu, fault_address, error_code,

			static_cpu_has(X86_FEATURE_DECODEASSISTS) ?

	if (type != KVM_X86_DEFAULT_VM &&

	    type != KVM_X86_SW_PROTECTED_VM) {

		kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);

		kvm->arch.has_protected_state =

			(type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM);

		to_kvm_sev_info(kvm)->need_init = true;

		kvm->arch.has_private_mem = (type == KVM_X86_SNP_VM);

	}

	if (!pause_filter_count || !pause_filter_thresh)

#endif

}

static __always_inline bool sev_snp_guest(struct kvm *kvm)

{

#ifdef CONFIG_KVM_AMD_SEV

	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;

	return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) &&

	       !WARN_ON_ONCE(!sev_es_guest(kvm));

#else

	return false;

#endif

}

static inline void vmcb_mark_all_dirty(struct vmcb *vmcb)

{

	vmcb->control.clean = 0;