1. Patchew
  2. linux
  3. [PATCH 0/2] KVM: SVM: Drop SEV-ES DebugSwap module param
  4. View patch

[PATCH 2/2] KVM: SVM: Tag sev_supported_vmsa_features as read-only after init

Sean Christopherson posted 2 patches 1 month ago
[PATCH 2/2] KVM: SVM: Tag sev_supported_vmsa_features as read-only after init
Posted by Sean Christopherson 1 month ago 
Tag sev_supported_vmsa_features with __ro_after_init as it's configured by
sev_hardware_setup() and never written after initial configuration (and if
it were, that'd be a blatant bug).

Opportunistically relocate the variable out of the module params area now
that sev_es_debug_swap_enabled is gone (which largely motivated its
original location).

Signed-off-by: Sean Christopherson <seanjc@google.com>
---
 arch/x86/kvm/svm/sev.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 9b92f0cccfe6..28150506b18c 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -53,8 +53,6 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444);
 static bool sev_snp_enabled = true;
 module_param_named(sev_snp, sev_snp_enabled, bool, 0444);
 
-static u64 sev_supported_vmsa_features;
-
 static unsigned int nr_ciphertext_hiding_asids;
 module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 0444);
 
@@ -81,6 +79,8 @@ module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 04
 
 static u64 snp_supported_policy_bits __ro_after_init;
 
+static u64 sev_supported_vmsa_features __ro_after_init;
+
 #define INITIAL_VMSA_GPA 0xFFFFFFFFF000
 
 static u8 sev_enc_bit;
-- 
2.52.0.457.g6b5491de43-goog
Re: [PATCH 2/2] KVM: SVM: Tag sev_supported_vmsa_features as read-only after init
Posted by Tom Lendacky 4 weeks ago 
On 1/8/26 21:31, Sean Christopherson wrote:
> Tag sev_supported_vmsa_features with __ro_after_init as it's configured by
> sev_hardware_setup() and never written after initial configuration (and if
> it were, that'd be a blatant bug).
> 
> Opportunistically relocate the variable out of the module params area now
> that sev_es_debug_swap_enabled is gone (which largely motivated its
> original location).
> 
> Signed-off-by: Sean Christopherson <seanjc@google.com>

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>  arch/x86/kvm/svm/sev.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 9b92f0cccfe6..28150506b18c 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -53,8 +53,6 @@ module_param_named(sev_es, sev_es_enabled, bool, 0444);
>  static bool sev_snp_enabled = true;
>  module_param_named(sev_snp, sev_snp_enabled, bool, 0444);
>  
> -static u64 sev_supported_vmsa_features;
> -
>  static unsigned int nr_ciphertext_hiding_asids;
>  module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 0444);
>  
> @@ -81,6 +79,8 @@ module_param_named(ciphertext_hiding_asids, nr_ciphertext_hiding_asids, uint, 04
>  
>  static u64 snp_supported_policy_bits __ro_after_init;
>  
> +static u64 sev_supported_vmsa_features __ro_after_init;
> +
>  #define INITIAL_VMSA_GPA 0xFFFFFFFFF000
>  
>  static u8 sev_enc_bit;

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.