KVM: SVM: Do not activate AVIC for SEV-enabled guest

ssuthiku-amd · bonzini · commit c538dc792ff7 · 2022-04-11T13:28:56.000-04:00
Since current AVIC implementation cannot support encrypted memory,
inhibit AVIC for SEV-enabled guest.

Signed-off-by: Suravee Suthikulpanit &lt;suravee.suthikulpanit@amd.com&gt;
Message-Id: &lt;20220408133710.54275-1-suravee.suthikulpanit@amd.com&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h
@@ -1052,6 +1052,7 @@ enum kvm_apicv_inhibit {
 	APICV_INHIBIT_REASON_X2APIC,
 	APICV_INHIBIT_REASON_BLOCKIRQ,
 	APICV_INHIBIT_REASON_ABSENT,
+	APICV_INHIBIT_REASON_SEV,
 };
 
 struct kvm_arch {
diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
@@ -837,7 +837,8 @@ bool avic_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason)
 			  BIT(APICV_INHIBIT_REASON_IRQWIN) |
 			  BIT(APICV_INHIBIT_REASON_PIT_REINJ) |
 			  BIT(APICV_INHIBIT_REASON_X2APIC) |
-			  BIT(APICV_INHIBIT_REASON_BLOCKIRQ);
+			  BIT(APICV_INHIBIT_REASON_BLOCKIRQ) |
+			  BIT(APICV_INHIBIT_REASON_SEV);
 
 	return supported & BIT(reason);
 }
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
@@ -260,6 +260,8 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
 	INIT_LIST_HEAD(&sev->regions_list);
 	INIT_LIST_HEAD(&sev->mirror_vms);
 
+	kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);
+
 	return 0;
 
 e_free:

Original file line number	Diff line number	Diff line change
`@@ -837,7 +837,8 @@ bool avic_check_apicv_inhibit_reasons(enum kvm_apicv_inhibit reason)`
`837`	`837`	`BIT(APICV_INHIBIT_REASON_IRQWIN) \|`
`838`	`838`	`BIT(APICV_INHIBIT_REASON_PIT_REINJ) \|`
`839`	`839`	`BIT(APICV_INHIBIT_REASON_X2APIC) \|`
`840`		`- BIT(APICV_INHIBIT_REASON_BLOCKIRQ);`
	`840`	`+ BIT(APICV_INHIBIT_REASON_BLOCKIRQ) \|`
	`841`	`+ BIT(APICV_INHIBIT_REASON_SEV);`
`841`	`842`
`842`	`843`	`return supported & BIT(reason);`
`843`	`844`	`}`