Re: [PATCH 1/5] kvm/sev: don't expose unusable VM types

[Sean Christopherson]

KVM: SEV:

On Tue, Mar 03, 2026, Tycho Andersen wrote:
> From: "Tycho Andersen (AMD)" <tycho@xxxxxxxxxx>
> 
> Commit 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs")
> made it possible to make it impossible to use SEV VMs by not allocating
> them any ASIDs.
> 
> Commit 6c7c620585c6 ("KVM: SEV: Add SEV-SNP CipherTextHiding support") did
> the same thing for SEV-ES.
> 
> Do not export KVM_X86_SEV(_ES)_VM as exported types if in either of these
                                       ^^^^^^^^
                                       supported

> situations, so that userspace can use them to determine what is actually
> supported by the current kernel configuration.
> 
> Also move the buildup to a local variable so it is easier to add additional
> masking in future patches.
> 
> Link: https://lore.kernel.org/all/aZyLIWtffvEnmtYh@xxxxxxxxxx/
> Suggested-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> Signed-off-by: Tycho Andersen (AMD) <tycho@xxxxxxxxxx>
> ---
>  arch/x86/kvm/svm/sev.c | 14 +++++++++++---
>  1 file changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 3f9c1aa39a0a..f941d48626d3 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2957,18 +2957,26 @@ void sev_vm_destroy(struct kvm *kvm)
>  
>  void __init sev_set_cpu_caps(void)
>  {
> +	int supported_vm_types = 0;

This should be a u32.

> +
>  	if (sev_enabled) {
>  		kvm_cpu_cap_set(X86_FEATURE_SEV);
> -		kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_VM);
> +
> +		if (min_sev_asid <= max_sev_asid)
> +			supported_vm_types |= BIT(KVM_X86_SEV_VM);
>  	}
>  	if (sev_es_enabled) {
>  		kvm_cpu_cap_set(X86_FEATURE_SEV_ES);
> -		kvm_caps.supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
> +
> +		if (min_sev_es_asid <= max_sev_es_asid)
> +			supported_vm_types |= BIT(KVM_X86_SEV_ES_VM);
>  	}
>  	if (sev_snp_enabled) {
>  		kvm_cpu_cap_set(X86_FEATURE_SEV_SNP);
> -		kvm_caps.supported_vm_types |= BIT(KVM_X86_SNP_VM);
> +		supported_vm_types |= BIT(KVM_X86_SNP_VM);
>  	}
> +
> +	kvm_caps.supported_vm_types |= supported_vm_types;
>  }
>  
>  static bool is_sev_snp_initialized(void)
> -- 
> 2.53.0
>