1. Patchew
  2. linux
  3. [RFC PATCH v2 00/17] AMD: Add Secure AVIC KVM Support
  4. View patch

[RFC PATCH v2 17/17] KVM: SVM: Advertise Secure AVIC support for SNP guests

Neeraj Upadhyay posted 17 patches 1 week, 1 day ago
[RFC PATCH v2 17/17] KVM: SVM: Advertise Secure AVIC support for SNP guests
Posted by Neeraj Upadhyay 1 week, 1 day ago 
The preceding patches have implemented all the necessary KVM
infrastructure to support the Secure AVIC feature for SEV-SNP guests,
including interrupt/NMI injection, IPI virtualization, and EOI handling.

Despite the backend support being complete, KVM does not yet advertise
this capability. As a result, userspace tools cannot create VMs that
utilize this feature.

To enable the feature, add the SVM_SEV_FEAT_SECURE_AVIC flag to the
sev_supported_vmsa_features bitmask. This bitmask communicates
KVM's supported VMSA features to userspace.

This is the final enabling patch in the series, allowing the creation
of Secure AVIC-enabled virtual machines.

Signed-off-by: Neeraj Upadhyay <Neeraj.Upadhyay@amd.com>
---
 arch/x86/kvm/svm/sev.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 3f6cf8d5068a..fe3d65c50afd 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3092,6 +3092,9 @@ void __init sev_hardware_setup(void)
 	sev_supported_vmsa_features = 0;
 	if (sev_es_debug_swap_enabled)
 		sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP;
+
+	if (sev_snp_savic_enabled)
+		sev_supported_vmsa_features |= SVM_SEV_FEAT_SECURE_AVIC;
 }
 
 void sev_hardware_unsetup(void)
-- 
2.34.1

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.