Skip to content

Commit 26c44aa

Browse files
committed
KVM: SEV: define VM types for SEV and SEV-ES
Signed-off-by: Paolo Bonzini <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
1 parent 4ebb105 commit 26c44aa

File tree

5 files changed

+29
-3
lines changed

5 files changed

+29
-3
lines changed

Documentation/virt/kvm/api.rst

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8819,6 +8819,8 @@ means the VM type with value @n is supported. Possible values of @n are::
88198819

88208820
#define KVM_X86_DEFAULT_VM 0
88218821
#define KVM_X86_SW_PROTECTED_VM 1
8822+
#define KVM_X86_SEV_VM 2
8823+
#define KVM_X86_SEV_ES_VM 3
88228824

88238825
Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing.
88248826
Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in

arch/x86/include/uapi/asm/kvm.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -861,5 +861,7 @@ struct kvm_hyperv_eventfd {
861861

862862
#define KVM_X86_DEFAULT_VM 0
863863
#define KVM_X86_SW_PROTECTED_VM 1
864+
#define KVM_X86_SEV_VM 2
865+
#define KVM_X86_SEV_ES_VM 3
864866

865867
#endif /* _ASM_X86_KVM_H */

arch/x86/kvm/svm/sev.c

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -251,6 +251,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
251251
if (kvm->created_vcpus)
252252
return -EINVAL;
253253

254+
if (kvm->arch.vm_type != KVM_X86_DEFAULT_VM)
255+
return -EINVAL;
256+
254257
if (unlikely(sev->active))
255258
return -EINVAL;
256259

@@ -272,6 +275,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
272275

273276
INIT_LIST_HEAD(&sev->regions_list);
274277
INIT_LIST_HEAD(&sev->mirror_vms);
278+
sev->need_init = false;
275279

276280
kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);
277281

@@ -1808,7 +1812,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
18081812
if (ret)
18091813
goto out_fput;
18101814

1811-
if (sev_guest(kvm) || !sev_guest(source_kvm)) {
1815+
if (kvm->arch.vm_type != source_kvm->arch.vm_type ||
1816+
sev_guest(kvm) || !sev_guest(source_kvm)) {
18121817
ret = -EINVAL;
18131818
goto out_unlock;
18141819
}
@@ -2132,6 +2137,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
21322137
mirror_sev->asid = source_sev->asid;
21332138
mirror_sev->fd = source_sev->fd;
21342139
mirror_sev->es_active = source_sev->es_active;
2140+
mirror_sev->need_init = false;
21352141
mirror_sev->handle = source_sev->handle;
21362142
INIT_LIST_HEAD(&mirror_sev->regions_list);
21372143
INIT_LIST_HEAD(&mirror_sev->mirror_vms);
@@ -2197,10 +2203,14 @@ void sev_vm_destroy(struct kvm *kvm)
21972203

21982204
void __init sev_set_cpu_caps(void)
21992205
{
2200-
if (sev_enabled)
2206+
if (sev_enabled) {
22012207
kvm_cpu_cap_set(X86_FEATURE_SEV);
2202-
if (sev_es_enabled)
2208+
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_VM);
2209+
}
2210+
if (sev_es_enabled) {
22032211
kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
2212+
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
2213+
}
22042214
}
22052215

22062216
void __init sev_hardware_setup(void)

arch/x86/kvm/svm/svm.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4086,6 +4086,9 @@ static void svm_cancel_injection(struct kvm_vcpu *vcpu)
40864086

40874087
static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
40884088
{
4089+
if (to_kvm_sev_info(vcpu->kvm)->need_init)
4090+
return -EINVAL;
4091+
40894092
return 1;
40904093
}
40914094

@@ -4891,6 +4894,14 @@ static void svm_vm_destroy(struct kvm *kvm)
48914894

48924895
static int svm_vm_init(struct kvm *kvm)
48934896
{
4897+
int type = kvm->arch.vm_type;
4898+
4899+
if (type != KVM_X86_DEFAULT_VM &&
4900+
type != KVM_X86_SW_PROTECTED_VM) {
4901+
kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);
4902+
to_kvm_sev_info(kvm)->need_init = true;
4903+
}
4904+
48944905
if (!pause_filter_count || !pause_filter_thresh)
48954906
kvm->arch.pause_in_guest = true;
48964907

arch/x86/kvm/svm/svm.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@ enum {
7979
struct kvm_sev_info {
8080
bool active; /* SEV enabled guest */
8181
bool es_active; /* SEV-ES enabled guest */
82+
bool need_init; /* waiting for SEV_INIT2 */
8283
unsigned int asid; /* ASID used for this guest */
8384
unsigned int handle; /* SEV firmware handle */
8485
int fd; /* SEV device fd */

0 commit comments

Comments
 (0)