Skip to content

Commit 7a61d61

Browse files
tlendackysean-jc
tlendacky
authored and
sean-jc
committed
KVM: SEV: Publish supported SEV-SNP policy bits
Define the set of policy bits that KVM currently knows as not requiring any implementation support within KVM. Provide this value to userspace via the KVM_GET_DEVICE_ATTR ioctl. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Link: https://patch.msgid.link/c596f7529518f3f826a57970029451d9385949e5.1761593632.git.thomas.lendacky@amd.com Signed-off-by: Sean Christopherson <seanjc@google.com>
1 parent c9434e6 commit 7a61d61

File tree

2 files changed

+12
-2
lines changed

2 files changed

+12
-2
lines changed

arch/x86/include/uapi/asm/kvm.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -502,6 +502,7 @@ struct kvm_sync_regs {
502502
/* vendor-specific groups and attributes for system fd */
503503
#define KVM_X86_GRP_SEV 1
504504
# define KVM_X86_SEV_VMSA_FEATURES 0
505+
# define KVM_X86_SNP_POLICY_BITS 1
505506

506507
struct kvm_vmx_nested_state_data {
507508
__u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];

arch/x86/kvm/svm/sev.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,8 @@ module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 04
7272
SNP_POLICY_MASK_DEBUG | \
7373
SNP_POLICY_MASK_SINGLE_SOCKET)
7474

75+
static u64 snp_supported_policy_bits __ro_after_init;
76+
7577
#define INITIAL_VMSA_GPA 0xFFFFFFFFF000
7678

7779
static u8 sev_enc_bit;
@@ -2135,6 +2137,10 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val)
21352137
*val = sev_supported_vmsa_features;
21362138
return 0;
21372139

2140+
case KVM_X86_SNP_POLICY_BITS:
2141+
*val = snp_supported_policy_bits;
2142+
return 0;
2143+
21382144
default:
21392145
return -ENXIO;
21402146
}
@@ -2199,7 +2205,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
21992205
if (params.flags)
22002206
return -EINVAL;
22012207

2202-
if (params.policy & ~KVM_SNP_POLICY_MASK_VALID)
2208+
if (params.policy & ~snp_supported_policy_bits)
22032209
return -EINVAL;
22042210

22052211
/* Check for policy bits that must be set */
@@ -3092,8 +3098,11 @@ void __init sev_hardware_setup(void)
30923098
else if (sev_snp_supported)
30933099
sev_snp_supported = is_sev_snp_initialized();
30943100

3095-
if (sev_snp_supported)
3101+
if (sev_snp_supported) {
3102+
snp_supported_policy_bits = sev_get_snp_policy_bits() &
3103+
KVM_SNP_POLICY_MASK_VALID;
30963104
nr_ciphertext_hiding_asids = init_args.max_snp_asid;
3105+
}
30973106

30983107
/*
30993108
* If ciphertext hiding is enabled, the joint SEV-ES/SEV-SNP

0 commit comments

Comments
 (0)