Commit d9220562 authored by Ravi Bangoria's avatar Ravi Bangoria Committed by Paolo Bonzini

KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent

As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
guests. So, prevent SEV-ES guests when LBRV support is missing.

[1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
     2023, Vol 2, 15.35.2 Enabling SEV-ES.
     https://bugzilla.kernel.org/attachment.cgi?id=304653

Fixes: 376c6d28 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
Signed-off-by: default avatarRavi Bangoria <ravi.bangoria@amd.com>
Message-ID: <20240531044644.768-3-ravi.bangoria@amd.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 27bd5fdc
...@@ -2406,6 +2406,12 @@ void __init sev_hardware_setup(void) ...@@ -2406,6 +2406,12 @@ void __init sev_hardware_setup(void)
if (!boot_cpu_has(X86_FEATURE_SEV_ES)) if (!boot_cpu_has(X86_FEATURE_SEV_ES))
goto out; goto out;
if (!lbrv) {
WARN_ONCE(!boot_cpu_has(X86_FEATURE_LBRV),
"LBRV must be present for SEV-ES support");
goto out;
}
/* Has the system been allocated ASIDs for SEV-ES? */ /* Has the system been allocated ASIDs for SEV-ES? */
if (min_sev_asid == 1) if (min_sev_asid == 1)
goto out; goto out;
......
...@@ -215,7 +215,7 @@ int vgif = true; ...@@ -215,7 +215,7 @@ int vgif = true;
module_param(vgif, int, 0444); module_param(vgif, int, 0444);
/* enable/disable LBR virtualization */ /* enable/disable LBR virtualization */
static int lbrv = true; int lbrv = true;
module_param(lbrv, int, 0444); module_param(lbrv, int, 0444);
static int tsc_scaling = true; static int tsc_scaling = true;
...@@ -5294,6 +5294,12 @@ static __init int svm_hardware_setup(void) ...@@ -5294,6 +5294,12 @@ static __init int svm_hardware_setup(void)
nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS); nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS);
if (lbrv) {
if (!boot_cpu_has(X86_FEATURE_LBRV))
lbrv = false;
else
pr_info("LBR virtualization supported\n");
}
/* /*
* Note, SEV setup consumes npt_enabled and enable_mmio_caching (which * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
* may be modified by svm_adjust_mmio_mask()), as well as nrips. * may be modified by svm_adjust_mmio_mask()), as well as nrips.
...@@ -5347,14 +5353,6 @@ static __init int svm_hardware_setup(void) ...@@ -5347,14 +5353,6 @@ static __init int svm_hardware_setup(void)
svm_x86_ops.set_vnmi_pending = NULL; svm_x86_ops.set_vnmi_pending = NULL;
} }
if (lbrv) {
if (!boot_cpu_has(X86_FEATURE_LBRV))
lbrv = false;
else
pr_info("LBR virtualization supported\n");
}
if (!enable_pmu) if (!enable_pmu)
pr_info("PMU virtualization is disabled\n"); pr_info("PMU virtualization is disabled\n");
......
...@@ -39,6 +39,7 @@ extern int vgif; ...@@ -39,6 +39,7 @@ extern int vgif;
extern bool intercept_smi; extern bool intercept_smi;
extern bool x2avic_enabled; extern bool x2avic_enabled;
extern bool vnmi; extern bool vnmi;
extern int lbrv;
/* /*
* Clean bits in VMCB. * Clean bits in VMCB.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment