Re: [PATCH v13 08/26] KVM: SEV: Add initial SEV-SNP support
From: Paolo Bonzini
Date: Fri Apr 19 2024 - 07:58:40 EST
On Thu, Apr 18, 2024 at 9:51 PM Michael Roth <michael.roth@xxxxxxx> wrote:
> diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
> index 535018f152a3..d31404953bf1 100644
> --- a/arch/x86/kvm/svm/svm.c
> +++ b/arch/x86/kvm/svm/svm.c
> @@ -4899,7 +4899,8 @@ static int svm_vm_init(struct kvm *kvm)
>
> if (type != KVM_X86_DEFAULT_VM &&
> type != KVM_X86_SW_PROTECTED_VM) {
> - kvm->arch.has_protected_state = (type == KVM_X86_SEV_ES_VM);
> + kvm->arch.has_protected_state =
> + (type == KVM_X86_SEV_ES_VM || type == KVM_X86_SNP_VM);
I'd rather set has_private_mem here too, rather than in x86.c
Also this patch is the place to have
diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index d31404953bf1..6209f70ab11a 100644
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -2056,6 +2056,9 @@ static int npf_interception(struct kvm_vcpu *vcpu)
if (WARN_ON_ONCE(error_code & PFERR_SYNTHETIC_MASK))
error_code &= ~PFERR_SYNTHETIC_MASK;
+ if (sev_snp_guest(vcpu) && (error_code & PFERR_GUEST_ENC_MASK))
+ error_code |= PFERR_PRIVATE_ACCESS;
+
trace_kvm_page_fault(vcpu, fault_address, error_code);
return kvm_mmu_page_fault(vcpu, fault_address, error_code,
static_cpu_has(X86_FEATURE_DECODEASSISTS) ?
for the final shape of the MMU changes.
Paolo
> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 83b8260443a3..9923921904a2 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -12598,7 +12598,7 @@ int kvm_arch_init_vm(struct kvm *kvm, unsigned long type)
>
> kvm->arch.vm_type = type;
> kvm->arch.has_private_mem =
> - (type == KVM_X86_SW_PROTECTED_VM);
> + (type == KVM_X86_SW_PROTECTED_VM || type == KVM_X86_SNP_VM);
>
> ret = kvm_page_track_init(kvm);
> if (ret)
> --
> 2.25.1
>