KVM: SEV: define VM types for SEV and SEV-ES (26c44aa9) · Commits · git / linux-net

Documentation/virt/kvm/api.rst

+2 −0

Original line number	Diff line number	Diff line
		@@ -8819,6 +8819,8 @@ means the VM type with value @n is supported. Possible values of @n are::

		#define KVM_X86_DEFAULT_VM 0
		#define KVM_X86_SW_PROTECTED_VM 1
		#define KVM_X86_SEV_VM 2
		#define KVM_X86_SEV_ES_VM 3

		Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing.
		Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in

arch/x86/include/uapi/asm/kvm.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -861,5 +861,7 @@ struct kvm_hyperv_eventfd {

		#define KVM_X86_DEFAULT_VM 0
		#define KVM_X86_SW_PROTECTED_VM 1
		#define KVM_X86_SEV_VM 2
		#define KVM_X86_SEV_ES_VM 3

		#endif /* _ASM_X86_KVM_H */

arch/x86/kvm/svm/sev.c

+13 −3

Original line number	Diff line number	Diff line
		@@ -251,6 +251,9 @@ static int sev_guest_init(struct kvm kvm, struct kvm_sev_cmd argp)
		if (kvm->created_vcpus)
		return -EINVAL;

		if (kvm->arch.vm_type != KVM_X86_DEFAULT_VM)
		return -EINVAL;

		if (unlikely(sev->active))
		return -EINVAL;

		@@ -272,6 +275,7 @@ static int sev_guest_init(struct kvm kvm, struct kvm_sev_cmd argp)

		INIT_LIST_HEAD(&sev->regions_list);
		INIT_LIST_HEAD(&sev->mirror_vms);
		sev->need_init = false;

		kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);

		@@ -1808,7 +1812,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
		if (ret)
		goto out_fput;

		if (sev_guest(kvm) \|\| !sev_guest(source_kvm)) {
		if (kvm->arch.vm_type != source_kvm->arch.vm_type \|\|
		sev_guest(kvm) \|\| !sev_guest(source_kvm)) {
		ret = -EINVAL;
		goto out_unlock;
		}
		@@ -2132,6 +2137,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
		mirror_sev->asid = source_sev->asid;
		mirror_sev->fd = source_sev->fd;
		mirror_sev->es_active = source_sev->es_active;
		mirror_sev->need_init = false;
		mirror_sev->handle = source_sev->handle;
		INIT_LIST_HEAD(&mirror_sev->regions_list);
		INIT_LIST_HEAD(&mirror_sev->mirror_vms);
		@@ -2197,10 +2203,14 @@ void sev_vm_destroy(struct kvm *kvm)

		void __init sev_set_cpu_caps(void)
		{
		if (sev_enabled)
		if (sev_enabled) {
		kvm_cpu_cap_set(X86_FEATURE_SEV);
		if (sev_es_enabled)
		kvm_caps.supported_vm_types \|= BIT(KVM_X86_SEV_VM);
		}
		if (sev_es_enabled) {
		kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
		kvm_caps.supported_vm_types \|= BIT(KVM_X86_SEV_ES_VM);
		}
		}

		void __init sev_hardware_setup(void)

arch/x86/kvm/svm/svm.c

+11 −0

Original line number	Diff line number	Diff line
		@@ -4086,6 +4086,9 @@ static void svm_cancel_injection(struct kvm_vcpu *vcpu)

		static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
		{
		if (to_kvm_sev_info(vcpu->kvm)->need_init)
		return -EINVAL;

		return 1;
		}

		@@ -4891,6 +4894,14 @@ static void svm_vm_destroy(struct kvm *kvm)

		static int svm_vm_init(struct kvm *kvm)
		{
		int type = kvm->arch.vm_type;

		if (type != KVM_X86_DEFAULT_VM &&
		type != KVM_X86_SW_PROTECTED_VM) {
		kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);
		to_kvm_sev_info(kvm)->need_init = true;
		}

		if (!pause_filter_count \|\| !pause_filter_thresh)
		kvm->arch.pause_in_guest = true;

arch/x86/kvm/svm/svm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -79,6 +79,7 @@ enum {
		struct kvm_sev_info {
		bool active; /* SEV enabled guest */
		bool es_active; /* SEV-ES enabled guest */
		bool need_init; /* waiting for SEV_INIT2 */
		unsigned int asid; /* ASID used for this guest */
		unsigned int handle; /* SEV firmware handle */
		int fd; /* SEV device fd */