[1/2] x86/cpufeatures: Add "Allowed SEV Features" Feature

Message ID	20240802015732.3192877-2-kim.phillips@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM04-BN8-obe.outbound.protection.outlook.com (mail-bn8nam04on2058.outbound.protection.outlook.com [40.107.100.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC430B67E; Fri, 2 Aug 2024 01:58:40 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Kim Phillips <kim.phillips@amd.com> To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org> CC: Tom Lendacky <thomas.lendacky@amd.com>, Michael Roth <michael.roth@amd.com>, Ashish Kalra <ashish.kalra@amd.com>, "Nikunj A Dadhania" <nikunj@amd.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen <dave.hansen@linux.intel.com>, Sean Christopherson <seanjc@google.com>, "Paolo Bonzini" <pbonzini@redhat.com>, Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, "Kishon Vijay Abraham I" <kvijayab@amd.com>, Kim Phillips <kim.phillips@amd.com> Subject: [PATCH 1/2] x86/cpufeatures: Add "Allowed SEV Features" Feature Date: Thu, 1 Aug 2024 20:57:31 -0500 Message-ID: <20240802015732.3192877-2-kim.phillips@amd.com> In-Reply-To: <20240802015732.3192877-1-kim.phillips@amd.com> References: <20240802015732.3192877-1-kim.phillips@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	KVM: SEV: Add support for the ALLOWED_SEV_FEATURES feature \| expand [0/2] KVM: SEV: Add support for the ALLOWED_SEV_FEATURES feature [1/2] x86/cpufeatures: Add "Allowed SEV Features" Feature [2/2] KVM: SEV: Configure "ALLOWED_SEV_FEATURES" VMCB Field

Message ID

20240802015732.3192877-2-kim.phillips@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Kim Phillips <kim.phillips@amd.com>
To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <x86@kernel.org>
CC: Tom Lendacky <thomas.lendacky@amd.com>, Michael Roth
	<michael.roth@amd.com>, Ashish Kalra <ashish.kalra@amd.com>, "Nikunj A
 Dadhania" <nikunj@amd.com>, Borislav Petkov <bp@alien8.de>, Dave Hansen
	<dave.hansen@linux.intel.com>, Sean Christopherson <seanjc@google.com>,
	"Paolo Bonzini" <pbonzini@redhat.com>, Ingo Molnar <mingo@redhat.com>, "H.
 Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, "Kishon
 Vijay Abraham I" <kvijayab@amd.com>, Kim Phillips <kim.phillips@amd.com>
Subject: [PATCH 1/2] x86/cpufeatures: Add "Allowed SEV Features" Feature
Date: Thu, 1 Aug 2024 20:57:31 -0500
Message-ID: <20240802015732.3192877-2-kim.phillips@amd.com>
In-Reply-To: <20240802015732.3192877-1-kim.phillips@amd.com>
References: <20240802015732.3192877-1-kim.phillips@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2024 01:58:36.9904
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 ab30985c-0758-44e5-a52c-08dcb2969f8d
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BN3PEPF0000B371.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7900

Series

KVM: SEV: Add support for the ALLOWED_SEV_FEATURES feature | expand

Commit Message

Kim Phillips Aug. 2, 2024, 1:57 a.m. UTC

From: Kishon Vijay Abraham I <kvijayab@amd.com>

Add CPU feature detection for "Allowed SEV Features" to allow the
Hypervisor to enforce that SEV-ES and SEV-SNP guest VMs cannot
enable features (via SEV_FEATURES) that the Hypervisor does not
support or wish to be enabled.

Signed-off-by: Kishon Vijay Abraham I <kvijayab@amd.com>
Signed-off-by: Kim Phillips <kim.phillips@amd.com>
---
 arch/x86/include/asm/cpufeatures.h | 1 +
 1 file changed, 1 insertion(+)

Comments

Thomas Gleixner Aug. 7, 2024, 4:06 p.m. UTC | #1

On Thu, Aug 01 2024 at 20:57, Kim Phillips wrote:
> From: Kishon Vijay Abraham I <kvijayab@amd.com>
>
> Add CPU feature detection for "Allowed SEV Features" to allow the
> Hypervisor to enforce that SEV-ES and SEV-SNP guest VMs cannot
> enable features (via SEV_FEATURES) that the Hypervisor does not
> support or wish to be enabled.

Can you please add this new feature bit to the CPUID database

    https://gitlab.com/x86-cpuid.org/x86-cpuid-db

Thanks,

        tglx

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index dd4682857c12..0c73da91a041 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -447,6 +447,7 @@ 
 #define X86_FEATURE_V_TSC_AUX		(19*32+ 9) /* Virtual TSC_AUX */
 #define X86_FEATURE_SME_COHERENT	(19*32+10) /* AMD hardware-enforced cache coherency */
 #define X86_FEATURE_DEBUG_SWAP		(19*32+14) /* "debug_swap" AMD SEV-ES full debug state swap support */
+#define X86_FEATURE_ALLOWED_SEV_FEATURES (19*32+27) /* AMD Allowed SEV Features */
 #define X86_FEATURE_SVSM		(19*32+28) /* "svsm" SVSM present */
 
 /* AMD-defined Extended Feature 2 EAX, CPUID level 0x80000021 (EAX), word 20 */

[1/2] x86/cpufeatures: Add "Allowed SEV Features" Feature

Commit Message

Comments

Patch