Skip to content
This repository was archived by the owner on Nov 8, 2023. It is now read-only.

Commit d922056

Browse files
Ravi Bangoriabonzini
Ravi Bangoria
authored and
bonzini
committed
KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent
As documented in APM[1], LBR Virtualization must be enabled for SEV-ES guests. So, prevent SEV-ES guests when LBRV support is missing. [1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June 2023, Vol 2, 15.35.2 Enabling SEV-ES. https://bugzilla.kernel.org/attachment.cgi?id=304653 Fixes: 376c6d2 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading") Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com> Message-ID: <20240531044644.768-3-ravi.bangoria@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
1 parent 27bd5fd commit d922056

File tree

3 files changed

+14
-9
lines changed

3 files changed

+14
-9
lines changed

arch/x86/kvm/svm/sev.c

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2406,6 +2406,12 @@ void __init sev_hardware_setup(void)
24062406
if (!boot_cpu_has(X86_FEATURE_SEV_ES))
24072407
goto out;
24082408

2409+
if (!lbrv) {
2410+
WARN_ONCE(!boot_cpu_has(X86_FEATURE_LBRV),
2411+
"LBRV must be present for SEV-ES support");
2412+
goto out;
2413+
}
2414+
24092415
/* Has the system been allocated ASIDs for SEV-ES? */
24102416
if (min_sev_asid == 1)
24112417
goto out;

arch/x86/kvm/svm/svm.c

Lines changed: 7 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -215,7 +215,7 @@ int vgif = true;
215215
module_param(vgif, int, 0444);
216216

217217
/* enable/disable LBR virtualization */
218-
static int lbrv = true;
218+
int lbrv = true;
219219
module_param(lbrv, int, 0444);
220220

221221
static int tsc_scaling = true;
@@ -5294,6 +5294,12 @@ static __init int svm_hardware_setup(void)
52945294

52955295
nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS);
52965296

5297+
if (lbrv) {
5298+
if (!boot_cpu_has(X86_FEATURE_LBRV))
5299+
lbrv = false;
5300+
else
5301+
pr_info("LBR virtualization supported\n");
5302+
}
52975303
/*
52985304
* Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
52995305
* may be modified by svm_adjust_mmio_mask()), as well as nrips.
@@ -5347,14 +5353,6 @@ static __init int svm_hardware_setup(void)
53475353
svm_x86_ops.set_vnmi_pending = NULL;
53485354
}
53495355

5350-
5351-
if (lbrv) {
5352-
if (!boot_cpu_has(X86_FEATURE_LBRV))
5353-
lbrv = false;
5354-
else
5355-
pr_info("LBR virtualization supported\n");
5356-
}
5357-
53585356
if (!enable_pmu)
53595357
pr_info("PMU virtualization is disabled\n");
53605358

arch/x86/kvm/svm/svm.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ extern int vgif;
3939
extern bool intercept_smi;
4040
extern bool x2avic_enabled;
4141
extern bool vnmi;
42+
extern int lbrv;
4243

4344
/*
4445
* Clean bits in VMCB.

0 commit comments

Comments
 (0)