[RFC PATCH v1 17/28] KVM: SVM: Enable SEV by setting the SEV_ENABLE cpu feature

From: Brijesh Singh
Date: Mon Aug 22 2016 - 19:42:13 EST

Next message: Brijesh Singh: "[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command"
Previous message: Sebastian Reichel: "Re: [RFC PATCH 0/3] UART slave device bus"
In reply to: Herbert Xu: "Re: [RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver"
Next in thread: Brijesh Singh: "[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tom Lendacky <thomas.lendacky@xxxxxxx>

Modify the SVM cpuid update function to indicate if Secure Encrypted
Virtualization (SEV) is active by setting the SEV KVM cpu features bit
if SEV is active. SEV is active if Secure Memory Encryption is active
in the host and the SEV_ENABLE bit of the VMCB is set.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
arch/x86/kvm/cpuid.c | 4 +++-
arch/x86/kvm/svm.c | 18 ++++++++++++++++++
2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
index 3235e0f..d34faea 100644
--- a/arch/x86/kvm/cpuid.c
+++ b/arch/x86/kvm/cpuid.c
@@ -583,7 +583,7 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
entry->edx = 0;
break;
case 0x80000000:
- entry->eax = min(entry->eax, 0x8000001a);
+ entry->eax = min(entry->eax, 0x8000001f);
break;
case 0x80000001:
entry->edx &= kvm_cpuid_8000_0001_edx_x86_features;
@@ -616,6 +616,8 @@ static inline int __do_cpuid_ent(struct kvm_cpuid_entry2 *entry, u32 function,
break;
case 0x8000001d:
break;
+ case 0x8000001f:
+ break;
/*Add support for Centaur's CPUID instruction*/
case 0xC0000000:
/*Just support up to 0xC0000004 now*/
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
index 9b59260..211be94 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@ -43,6 +43,7 @@
#include <asm/kvm_para.h>

#include <asm/virtext.h>
+#include <asm/mem_encrypt.h>
#include "trace.h"

#define __ex(x) __kvm_handle_fault_on_reboot(x)
@@ -4677,10 +4678,27 @@ static void svm_cpuid_update(struct kvm_vcpu *vcpu)
{
struct vcpu_svm *svm = to_svm(vcpu);
struct kvm_cpuid_entry2 *entry;
+ struct vmcb_control_area *ca = &svm->vmcb->control;
+ struct kvm_cpuid_entry2 *features, *sev_info;

/* Update nrips enabled cache */
svm->nrips_enabled = !!guest_cpuid_has_nrips(&svm->vcpu);

+ /* Check for Secure Encrypted Virtualization support */
+ features = kvm_find_cpuid_entry(vcpu, KVM_CPUID_FEATURES, 0);
+ if (!features)
+ return;
+
+ sev_info = kvm_find_cpuid_entry(vcpu, 0x8000001f, 0);
+ if (!sev_info)
+ return;
+
+ if (ca->nested_ctl & SVM_NESTED_CTL_SEV_ENABLE) {
+ features->eax |= (1 << KVM_FEATURE_SEV);
+ cpuid(0x8000001f, &sev_info->eax, &sev_info->ebx,
+ &sev_info->ecx, &sev_info->edx);
+ }
+
if (!kvm_vcpu_apicv_active(vcpu))
return;

Next message: Brijesh Singh: "[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command"
Previous message: Sebastian Reichel: "Re: [RFC PATCH 0/3] UART slave device bus"
In reply to: Herbert Xu: "Re: [RFC PATCH v1 18/28] crypto: add AMD Platform Security Processor driver"
Next in thread: Brijesh Singh: "[RFC PATCH v1 22/28] KVM: SVM: add SEV launch start command"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]