mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 21:21:41 +00:00
KVM: SEV: define VM types for SEV and SEV-ES
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-ID: <20240404121327.3107131-11-pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
parent
4ebb105e6c
commit
26c44aa9e0
@ -8819,6 +8819,8 @@ means the VM type with value @n is supported. Possible values of @n are::
|
|||||||
|
|
||||||
#define KVM_X86_DEFAULT_VM 0
|
#define KVM_X86_DEFAULT_VM 0
|
||||||
#define KVM_X86_SW_PROTECTED_VM 1
|
#define KVM_X86_SW_PROTECTED_VM 1
|
||||||
|
#define KVM_X86_SEV_VM 2
|
||||||
|
#define KVM_X86_SEV_ES_VM 3
|
||||||
|
|
||||||
Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing.
|
Note, KVM_X86_SW_PROTECTED_VM is currently only for development and testing.
|
||||||
Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in
|
Do not use KVM_X86_SW_PROTECTED_VM for "real" VMs, and especially not in
|
||||||
|
@ -861,5 +861,7 @@ struct kvm_hyperv_eventfd {
|
|||||||
|
|
||||||
#define KVM_X86_DEFAULT_VM 0
|
#define KVM_X86_DEFAULT_VM 0
|
||||||
#define KVM_X86_SW_PROTECTED_VM 1
|
#define KVM_X86_SW_PROTECTED_VM 1
|
||||||
|
#define KVM_X86_SEV_VM 2
|
||||||
|
#define KVM_X86_SEV_ES_VM 3
|
||||||
|
|
||||||
#endif /* _ASM_X86_KVM_H */
|
#endif /* _ASM_X86_KVM_H */
|
||||||
|
@ -251,6 +251,9 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
|
|||||||
if (kvm->created_vcpus)
|
if (kvm->created_vcpus)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
|
if (kvm->arch.vm_type != KVM_X86_DEFAULT_VM)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
if (unlikely(sev->active))
|
if (unlikely(sev->active))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
@ -272,6 +275,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
|
|||||||
|
|
||||||
INIT_LIST_HEAD(&sev->regions_list);
|
INIT_LIST_HEAD(&sev->regions_list);
|
||||||
INIT_LIST_HEAD(&sev->mirror_vms);
|
INIT_LIST_HEAD(&sev->mirror_vms);
|
||||||
|
sev->need_init = false;
|
||||||
|
|
||||||
kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);
|
kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);
|
||||||
|
|
||||||
@ -1808,7 +1812,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
|
|||||||
if (ret)
|
if (ret)
|
||||||
goto out_fput;
|
goto out_fput;
|
||||||
|
|
||||||
if (sev_guest(kvm) || !sev_guest(source_kvm)) {
|
if (kvm->arch.vm_type != source_kvm->arch.vm_type ||
|
||||||
|
sev_guest(kvm) || !sev_guest(source_kvm)) {
|
||||||
ret = -EINVAL;
|
ret = -EINVAL;
|
||||||
goto out_unlock;
|
goto out_unlock;
|
||||||
}
|
}
|
||||||
@ -2132,6 +2137,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
|
|||||||
mirror_sev->asid = source_sev->asid;
|
mirror_sev->asid = source_sev->asid;
|
||||||
mirror_sev->fd = source_sev->fd;
|
mirror_sev->fd = source_sev->fd;
|
||||||
mirror_sev->es_active = source_sev->es_active;
|
mirror_sev->es_active = source_sev->es_active;
|
||||||
|
mirror_sev->need_init = false;
|
||||||
mirror_sev->handle = source_sev->handle;
|
mirror_sev->handle = source_sev->handle;
|
||||||
INIT_LIST_HEAD(&mirror_sev->regions_list);
|
INIT_LIST_HEAD(&mirror_sev->regions_list);
|
||||||
INIT_LIST_HEAD(&mirror_sev->mirror_vms);
|
INIT_LIST_HEAD(&mirror_sev->mirror_vms);
|
||||||
@ -2197,10 +2203,14 @@ void sev_vm_destroy(struct kvm *kvm)
|
|||||||
|
|
||||||
void __init sev_set_cpu_caps(void)
|
void __init sev_set_cpu_caps(void)
|
||||||
{
|
{
|
||||||
if (sev_enabled)
|
if (sev_enabled) {
|
||||||
kvm_cpu_cap_set(X86_FEATURE_SEV);
|
kvm_cpu_cap_set(X86_FEATURE_SEV);
|
||||||
if (sev_es_enabled)
|
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_VM);
|
||||||
|
}
|
||||||
|
if (sev_es_enabled) {
|
||||||
kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
|
kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
|
||||||
|
kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void __init sev_hardware_setup(void)
|
void __init sev_hardware_setup(void)
|
||||||
|
@ -4086,6 +4086,9 @@ static void svm_cancel_injection(struct kvm_vcpu *vcpu)
|
|||||||
|
|
||||||
static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
|
static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu)
|
||||||
{
|
{
|
||||||
|
if (to_kvm_sev_info(vcpu->kvm)->need_init)
|
||||||
|
return -EINVAL;
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4891,6 +4894,14 @@ static void svm_vm_destroy(struct kvm *kvm)
|
|||||||
|
|
||||||
static int svm_vm_init(struct kvm *kvm)
|
static int svm_vm_init(struct kvm *kvm)
|
||||||
{
|
{
|
||||||
|
int type = kvm->arch.vm_type;
|
||||||
|
|
||||||
|
if (type != KVM_X86_DEFAULT_VM &&
|
||||||
|
type != KVM_X86_SW_PROTECTED_VM) {
|
||||||
|
kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);
|
||||||
|
to_kvm_sev_info(kvm)->need_init = true;
|
||||||
|
}
|
||||||
|
|
||||||
if (!pause_filter_count || !pause_filter_thresh)
|
if (!pause_filter_count || !pause_filter_thresh)
|
||||||
kvm->arch.pause_in_guest = true;
|
kvm->arch.pause_in_guest = true;
|
||||||
|
|
||||||
|
@ -79,6 +79,7 @@ enum {
|
|||||||
struct kvm_sev_info {
|
struct kvm_sev_info {
|
||||||
bool active; /* SEV enabled guest */
|
bool active; /* SEV enabled guest */
|
||||||
bool es_active; /* SEV-ES enabled guest */
|
bool es_active; /* SEV-ES enabled guest */
|
||||||
|
bool need_init; /* waiting for SEV_INIT2 */
|
||||||
unsigned int asid; /* ASID used for this guest */
|
unsigned int asid; /* ASID used for this guest */
|
||||||
unsigned int handle; /* SEV firmware handle */
|
unsigned int handle; /* SEV firmware handle */
|
||||||
int fd; /* SEV device fd */
|
int fd; /* SEV device fd */
|
||||||
|
Loading…
Reference in New Issue
Block a user