KVM: SEV: Publish supported SEV-SNP policy bits (7a61d613) · Commits · git / linux-net

arch/x86/include/uapi/asm/kvm.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -502,6 +502,7 @@ struct kvm_sync_regs {
		/* vendor-specific groups and attributes for system fd */
		#define KVM_X86_GRP_SEV 1
		# define KVM_X86_SEV_VMSA_FEATURES 0
		# define KVM_X86_SNP_POLICY_BITS 1

		struct kvm_vmx_nested_state_data {
		__u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];

+11 −2

Original line number	Diff line number	Diff line
		@@ -72,6 +72,8 @@ module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 04
		SNP_POLICY_MASK_DEBUG \| \
		SNP_POLICY_MASK_SINGLE_SOCKET)

		static u64 snp_supported_policy_bits __ro_after_init;

		#define INITIAL_VMSA_GPA 0xFFFFFFFFF000

		static u8 sev_enc_bit;
		@@ -2135,6 +2137,10 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val)
		*val = sev_supported_vmsa_features;
		return 0;

		case KVM_X86_SNP_POLICY_BITS:
		*val = snp_supported_policy_bits;
		return 0;

		default:
		return -ENXIO;
		}
		@@ -2199,7 +2205,7 @@ static int snp_launch_start(struct kvm kvm, struct kvm_sev_cmd argp)
		if (params.flags)
		return -EINVAL;

		if (params.policy & ~KVM_SNP_POLICY_MASK_VALID)
		if (params.policy & ~snp_supported_policy_bits)
		return -EINVAL;

		/* Check for policy bits that must be set */
		@@ -3092,8 +3098,11 @@ void __init sev_hardware_setup(void)
		else if (sev_snp_supported)
		sev_snp_supported = is_sev_snp_initialized();

		if (sev_snp_supported)
		if (sev_snp_supported) {
		snp_supported_policy_bits = sev_get_snp_policy_bits() &
		KVM_SNP_POLICY_MASK_VALID;
		nr_ciphertext_hiding_asids = init_args.max_snp_asid;
		}

		/*
		* If ciphertext hiding is enabled, the joint SEV-ES/SEV-SNP