[GIT PULL] KVM: x86: SEV changes for 7.2

[Sean Christopherson]

Teach KVM not to advertise VM types that the system can't actually support,
rewrite the {de,en}crypt memory code, and fix two pre-existing bugs found by
Sashiko.

The following changes since commit b7fbe9a1bf9ee6c967ef77d366ca58c35fcf1887:

  Merge branch 'kvm-apx-prepare' into HEAD (2026-05-13 12:38:31 -0400)

are available in the Git repository at:

  https://github.com/kvm-x86/linux.git tags/kvm-x86-sev-7.2

for you to fetch changes up to 97cd21d57e9bd2da79845178d9250cfd19289cd4:

  KVM: SEV: Mark source page dirty when writing back CPUID data on failure (2026-05-26 09:56:36 -0700)

----------------------------------------------------------------
KVM SEV changes for 7.2

 - Don't advertise support for unusuable VM types, and account for VM types
   that are disabled by firmware, e.g. to mitigate security vulnerabilities.

 - Rewrite the SEV {en,de}crypt debug ioctls as they were riddle with bugs and
   unnecessarily complicated, and add comprehensive tests.

 - Clean up and deduplicate the SEV page pinning code.

 - Fix minor goofs related to writing back CPUID information after firmware
   rejects a CPUID page for an SNP vCPU.

----------------------------------------------------------------
Ackerley Tng (2):
      KVM: SEV: Unmap local kmaps in LIFO order, per highmem requirements
      KVM: SEV: Mark source page dirty when writing back CPUID data on failure

Ashutosh Desai (1):
      KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path

Sean Christopherson (9):
      KVM: SEV: Set supported SEV+ VM types during sev_hardware_setup()
      KVM: SEV: Consolidate logic for printing state of SEV{,-ES,-SNP} enabling
      KVM: SEV: Don't advertise support for unusable VM types
      KVM: selftests: Add a test to verify SEV {en,de}crypt debug ioctls
      KVM: SEV: Explicitly validate the dst buffer for debug operations
      KVM: SEV: Add helper function to pin/unpin a single page
      KVM: SEV: Rewrite logic to {de,en}crypt memory for debug
      KVM: SEV: Allocate only as many bytes as needed for temp crypt buffers
      KVM: SEV: Pin source page for write when adding CPUID data for SNP guest

Tycho Andersen (4):
      crypto/ccp: hoist kernel part of SNP_PLATFORM_STATUS
      crypto/ccp: export firmware supported vm types
      KVM: SEV: Don't advertise VM types that are disabled by firmware
      KVM: selftests: Teach sev_*_test about revoking VM types

 arch/x86/kvm/svm/sev.c                             | 469 ++++++++++-----------
 arch/x86/kvm/vmx/tdx.c                             |   2 +-
 drivers/crypto/ccp/sev-dev.c                       | 101 ++++-
 include/linux/kvm_host.h                           |   3 +-
 include/linux/psp-sev.h                            |  37 ++
 tools/testing/selftests/kvm/Makefile.kvm           |   1 +
 tools/testing/selftests/kvm/include/x86/sev.h      |  24 ++
 tools/testing/selftests/kvm/x86/sev_dbg_test.c     | 118 ++++++
 tools/testing/selftests/kvm/x86/sev_init2_tests.c  |  14 +-
 .../testing/selftests/kvm/x86/sev_migrate_tests.c  |   2 +-
 tools/testing/selftests/kvm/x86/sev_smoke_test.c   |   4 +-
 virt/kvm/guest_memfd.c                             |   6 +-
 12 files changed, 521 insertions(+), 260 deletions(-)
 create mode 100644 tools/testing/selftests/kvm/x86/sev_dbg_test.c