Re: [GIT PULL] KVM: x86: SEV changes for 7.2

[Paolo Bonzini]

On Fri, Jun 12, 2026 at 2:48 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
>
> Teach KVM not to advertise VM types that the system can't actually support,
> rewrite the {de,en}crypt memory code, and fix two pre-existing bugs found by
> Sashiko.
>
> The following changes since commit b7fbe9a1bf9ee6c967ef77d366ca58c35fcf1887:
>
>   Merge branch 'kvm-apx-prepare' into HEAD (2026-05-13 12:38:31 -0400)
>
> are available in the Git repository at:
>
>   https://github.com/kvm-x86/linux.git tags/kvm-x86-sev-7.2
>
> for you to fetch changes up to 97cd21d57e9bd2da79845178d9250cfd19289cd4:
>
>   KVM: SEV: Mark source page dirty when writing back CPUID data on failure (2026-05-26 09:56:36 -0700)

Pulled, thanks.

Paolo

> ----------------------------------------------------------------
> KVM SEV changes for 7.2
>
>  - Don't advertise support for unusuable VM types, and account for VM types
>    that are disabled by firmware, e.g. to mitigate security vulnerabilities.
>
>  - Rewrite the SEV {en,de}crypt debug ioctls as they were riddle with bugs and
>    unnecessarily complicated, and add comprehensive tests.
>
>  - Clean up and deduplicate the SEV page pinning code.
>
>  - Fix minor goofs related to writing back CPUID information after firmware
>    rejects a CPUID page for an SNP vCPU.
>
> ----------------------------------------------------------------
> Ackerley Tng (2):
>       KVM: SEV: Unmap local kmaps in LIFO order, per highmem requirements
>       KVM: SEV: Mark source page dirty when writing back CPUID data on failure
>
> Ashutosh Desai (1):
>       KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path
>
> Sean Christopherson (9):
>       KVM: SEV: Set supported SEV+ VM types during sev_hardware_setup()
>       KVM: SEV: Consolidate logic for printing state of SEV{,-ES,-SNP} enabling
>       KVM: SEV: Don't advertise support for unusable VM types
>       KVM: selftests: Add a test to verify SEV {en,de}crypt debug ioctls
>       KVM: SEV: Explicitly validate the dst buffer for debug operations
>       KVM: SEV: Add helper function to pin/unpin a single page
>       KVM: SEV: Rewrite logic to {de,en}crypt memory for debug
>       KVM: SEV: Allocate only as many bytes as needed for temp crypt buffers
>       KVM: SEV: Pin source page for write when adding CPUID data for SNP guest
>
> Tycho Andersen (4):
>       crypto/ccp: hoist kernel part of SNP_PLATFORM_STATUS
>       crypto/ccp: export firmware supported vm types
>       KVM: SEV: Don't advertise VM types that are disabled by firmware
>       KVM: selftests: Teach sev_*_test about revoking VM types
>
>  arch/x86/kvm/svm/sev.c                             | 469 ++++++++++-----------
>  arch/x86/kvm/vmx/tdx.c                             |   2 +-
>  drivers/crypto/ccp/sev-dev.c                       | 101 ++++-
>  include/linux/kvm_host.h                           |   3 +-
>  include/linux/psp-sev.h                            |  37 ++
>  tools/testing/selftests/kvm/Makefile.kvm           |   1 +
>  tools/testing/selftests/kvm/include/x86/sev.h      |  24 ++
>  tools/testing/selftests/kvm/x86/sev_dbg_test.c     | 118 ++++++
>  tools/testing/selftests/kvm/x86/sev_init2_tests.c  |  14 +-
>  .../testing/selftests/kvm/x86/sev_migrate_tests.c  |   2 +-
>  tools/testing/selftests/kvm/x86/sev_smoke_test.c   |   4 +-
>  virt/kvm/guest_memfd.c                             |   6 +-
>  12 files changed, 521 insertions(+), 260 deletions(-)
>  create mode 100644 tools/testing/selftests/kvm/x86/sev_dbg_test.c
>