KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU

sean-jc · sean-jc · commit a1176ef5c92a · 2024-02-22T17:07:06.000-08:00
Advertise and support software-protected VMs if and only if the TDP MMU is enabled, i.e. disallow KVM_SW_PROTECTED_VM if TDP is enabled for KVM's legacy/shadow MMU. TDP support for the shadow MMU is maintenance-only, e.g. support for TDX and SNP will also be restricted to the TDP MMU. Fixes: 89ea60c ("KVM: x86: Add support for "protected VMs" that can utilize private memory") Link: https://lore.kernel.org/r/20240222190612.2942589-4-seanjc@google.com Signed-off-by: Sean Christopherson <seanjc@google.com>
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
@@ -4580,7 +4580,7 @@ static bool kvm_is_vm_type_supported(unsigned long type)
 {
 	return type == KVM_X86_DEFAULT_VM ||
 	       (type == KVM_X86_SW_PROTECTED_VM &&
-		IS_ENABLED(CONFIG_KVM_SW_PROTECTED_VM) && tdp_enabled);
+		IS_ENABLED(CONFIG_KVM_SW_PROTECTED_VM) && tdp_mmu_enabled);
 }
 
 int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)

Original file line number	Diff line number	Diff line change
`@@ -4580,7 +4580,7 @@ static bool kvm_is_vm_type_supported(unsigned long type)`
`4580`	`4580`	`{`
`4581`	`4581`	`return type == KVM_X86_DEFAULT_VM \|\|`
`4582`	`4582`	`(type == KVM_X86_SW_PROTECTED_VM &&`
`4583`		`- IS_ENABLED(CONFIG_KVM_SW_PROTECTED_VM) && tdp_enabled);`
	`4583`	`+ IS_ENABLED(CONFIG_KVM_SW_PROTECTED_VM) && tdp_mmu_enabled);`
`4584`	`4584`	`}`
`4585`	`4585`
`4586`	`4586`	`int kvm_vm_ioctl_check_extension(struct kvm *kvm, long ext)`