From nobody Thu Apr 9 17:57:48 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C2B937269C; Tue, 3 Mar 2026 19:15:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565346; cv=none; b=PUkbJblF01n2vWtHjOH8S6AjaUnlcoyA0kG4y5NWbzTmh61xm7/nPQD7Sp6OVWTMg/3kdjZaXV7hboH6eNZB1/gda7xVCx2Yl9i84ZPwDUO1ckyglGoliigEDSZCZCT24sVdIQ1G5mPj4uf6wpoS/fsR6RKg91cTv0bbGwMvfZM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565346; c=relaxed/simple; bh=2LwWEStgOMpN1MCabVmn8AN8B0Vf8KplhNGDz2nMxr4=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=dJohaut1Xyl76go2rpqrH5qslis5wmLuYIpttJn2jTTPGcTaN0P6r2H2Zy5pFiMEo/Ftu2rvOxESkyut6Yh0K3DoW3XzbkxwnRJzCWGPNDprgbXPoiqFiaYnc8Bq9Rbv14TI+beQnVyzXv5seaPDd5LtSgGMjNe9givWnRXdgi8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PR0p3cqr; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PR0p3cqr" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF0ECC2BC87; Tue, 3 Mar 2026 19:15:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772565346; bh=2LwWEStgOMpN1MCabVmn8AN8B0Vf8KplhNGDz2nMxr4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PR0p3cqrs8H4syyLUz9TAnt44RBhpcUahDlqSfBAaF/npZH9RoXbxByWgbBurVVAO Uknz2s4SERnt8TxpsquEYv1HLzngNu/6Ift+TIVCBL1xEO2Y7QbG8KFYPAWPXpkgqX +5YRj9Nj78PuxXAc+4qooVr6zln7rgl3TGkq/Fv1sMdjWnTXdrKDYImZqH9YwnYHZl /da/ZSatmZLjSHOis43TUiBObU8Cco/Yxh2MqsOygzeChXRzbXpXB33hcnlUgNnWeZ 6HaoWT4AhN1YN0AAQUcFh8wZNzF9Kvi86nl71N5I1vjmiGpccVatbRxGUm03Z/Hqvb uvOA1r+qYQHEA== From: Tycho Andersen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Shuah Khan Cc: Kim Phillips , Alexey Kardashevskiy , Nikunj A Dadhania , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH 1/5] kvm/sev: don't expose unusable VM types Date: Tue, 3 Mar 2026 12:15:05 -0700 Message-ID: <20260303191509.1565629-2-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org> References: <20260303191509.1565629-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Commit 0aa6b90ef9d7 ("KVM: SVM: Add support for allowing zero SEV ASIDs") made it possible to make it impossible to use SEV VMs by not allocating them any ASIDs. Commit 6c7c620585c6 ("KVM: SEV: Add SEV-SNP CipherTextHiding support") did the same thing for SEV-ES. Do not export KVM_X86_SEV(_ES)_VM as exported types if in either of these situations, so that userspace can use them to determine what is actually supported by the current kernel configuration. Also move the buildup to a local variable so it is easier to add additional masking in future patches. Link: https://lore.kernel.org/all/aZyLIWtffvEnmtYh@google.com/ Suggested-by: Sean Christopherson Signed-off-by: Tycho Andersen (AMD) --- arch/x86/kvm/svm/sev.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3f9c1aa39a0a..f941d48626d3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2957,18 +2957,26 @@ void sev_vm_destroy(struct kvm *kvm) =20 void __init sev_set_cpu_caps(void) { + int supported_vm_types =3D 0; + if (sev_enabled) { kvm_cpu_cap_set(X86_FEATURE_SEV); - kvm_caps.supported_vm_types |=3D BIT(KVM_X86_SEV_VM); + + if (min_sev_asid <=3D max_sev_asid) + supported_vm_types |=3D BIT(KVM_X86_SEV_VM); } if (sev_es_enabled) { kvm_cpu_cap_set(X86_FEATURE_SEV_ES); - kvm_caps.supported_vm_types |=3D BIT(KVM_X86_SEV_ES_VM); + + if (min_sev_es_asid <=3D max_sev_es_asid) + supported_vm_types |=3D BIT(KVM_X86_SEV_ES_VM); } if (sev_snp_enabled) { kvm_cpu_cap_set(X86_FEATURE_SEV_SNP); - kvm_caps.supported_vm_types |=3D BIT(KVM_X86_SNP_VM); + supported_vm_types |=3D BIT(KVM_X86_SNP_VM); } + + kvm_caps.supported_vm_types |=3D supported_vm_types; } =20 static bool is_sev_snp_initialized(void) --=20 2.53.0 From nobody Thu Apr 9 17:57:48 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DFBEA4921A8; Tue, 3 Mar 2026 19:15:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565349; cv=none; b=UrcUOrs68Vza6N9EXGF3hlhujJekuMCdNb9h5oHdE/9aBWgkXwvCrX47ZqduNiaEpTkJblTdMOdoXiNRlWhS3HVH5oJKqrWVd2Ew3vZYn/NHYvQQjJyYa2slI2ncUNi9aCyn0qHcAq3V205O61FI5uuYQREZQ/LHXMisP25TlVo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565349; c=relaxed/simple; bh=USzS+j/HlJJOM6USKME2ZBBT3FdqAKbYlWY6kgwo66k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=OvpzketLejSJAoiH6dG9cnDWNLP4pe3CyQ6zjrET1ybLqdmQuBIrHdssR9dr38NRrocYFsjNV4kLG+C0Wh0zkkcm4Ss596SnVwNohLyoVmszsuFQNCTX1W8CS0vRsqEsKOJD+m7A1vK7V1KapdBI5SE/bugRi+kpWjUwnjcDUc8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lJb1MoIV; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lJb1MoIV" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 50862C116C6; Tue, 3 Mar 2026 19:15:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772565348; bh=USzS+j/HlJJOM6USKME2ZBBT3FdqAKbYlWY6kgwo66k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lJb1MoIVL7hZ3fnmLtklcOX/QmD/rsBl2XVsnafFu7vD3Nwq66c5KEe33FXU1iq2O ScbHJeC5UtyU2l2ihTMjloA36Rm/tVOwHc/ejVG3dO12jGrlLfrdoPM3aGGd+ggxhD 6naSAPgDbSn6HCNr9KwjsuukrM4pMqNOhd/lBT7GT3wpbFgt4m1UCg+zjUmtWNC7xj Pwc240ozooHHWZN3GoWqWTvIkIi4OM44d15wNUpHpF3nCWbeXtTuIWRaaQbbBgjXO1 8U//hj02Dn/a6KifmV7Ke9a/RfX+/toL8Z5SzlpZv1imQGOCIjnmkzTZe3aWlZo7fn APyvRqMyqwnOQ== From: Tycho Andersen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Shuah Khan Cc: Kim Phillips , Alexey Kardashevskiy , Nikunj A Dadhania , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org, "Pratik R. Sampat" Subject: [PATCH 2/5] crypto/ccp: introduce SNP_VERIFY_MITIGATION Date: Tue, 3 Mar 2026 12:15:06 -0700 Message-ID: <20260303191509.1565629-3-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org> References: <20260303191509.1565629-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" These are all documented in the SEV FW document ID 56860. These are based on the previous patch in the link, though moved out of uapi. Link: https://lore.kernel.org/linux-crypto/20250630202319.56331-2-prsampat@= amd.com/ Signed-off-by: Tycho Andersen (AMD) CC: "Pratik R. Sampat" --- drivers/crypto/ccp/sev-dev.c | 1 + include/linux/psp-sev.h | 47 ++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 096f993974d1..9eba3fe1a27f 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -222,6 +222,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status); case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg); case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg); + case SEV_CMD_SNP_VERIFY_MITIGATION: return sizeof(struct sev_data_snp_ver= ify_mitigation); case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start); case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update= _data); case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update= _vmsa); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 69ffa4b4d1fa..2b4b56632b4e 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -129,6 +129,7 @@ enum sev_cmd { SEV_CMD_SNP_LAUNCH_FINISH =3D 0x0A2, SEV_CMD_SNP_DBG_DECRYPT =3D 0x0B0, SEV_CMD_SNP_DBG_ENCRYPT =3D 0x0B1, + SEV_CMD_SNP_VERIFY_MITIGATION =3D 0x0B2, SEV_CMD_SNP_PAGE_SWAP_OUT =3D 0x0C0, SEV_CMD_SNP_PAGE_SWAP_IN =3D 0x0C1, SEV_CMD_SNP_PAGE_MOVE =3D 0x0C2, @@ -578,6 +579,51 @@ struct sev_data_dbg { u32 len; /* In */ } __packed; =20 +/** + * struct sev_data_snp_verify_mitigation - SNP_VERIFY_MITIGATION command p= arams + * + * @length: Length of the command buffer read by the PSP + * @subcommand: Mitigation sub-command for the firmware to execute. + * @rsvd: Reserved + * @vector: Bit specifying the vulnerability mitigation to process + * @dst_paddr_en: Destination paddr enabled + * @src_paddr_en: Source paddr enabled + * @rsvd1: Reserved + * @rsvd2: Reserved + * @src_paddr: Source address for optional input data + * @dst_paddr: Destination address to write the result + * @rsvd3: Reserved + */ +struct sev_data_snp_verify_mitigation { + u32 length; + u16 subcommand; + u16 rsvd; + u64 vector; + u32 dst_paddr_en : 1, + src_paddr_en : 1, + rsvd1 : 30; + u8 rsvd2[4]; + u64 src_paddr; + u64 dst_paddr; + u8 rsvd3[24]; +} __packed; + +#define SNP_MIT_SUBCMD_REQ_STATUS 0x0 +#define SNP_MIT_SUBCMD_REQ_VERIFY 0x1 + +/** + * struct snp_verify_mitigation_dst - mitigation result vectors + * + * @mit_verified_vector: Bit vector of vulnerability mitigations verified + * @mit_supported_vector: Bit vector of vulnerability mitigations supported + * @mit_failure_status: Status of the verification operation + */ +struct snp_verify_mitigation_dst { + u64 mit_verified_vector; /* OUT */ + u64 mit_supported_vector; /* OUT */ + u32 mit_failure_status; /* OUT */ +} __packed; + /** * struct sev_data_attestation_report - SEV_ATTESTATION_REPORT command par= ameters * @@ -895,6 +941,7 @@ struct snp_feature_info { #define SNP_CIPHER_TEXT_HIDING_SUPPORTED BIT(3) #define SNP_AES_256_XTS_POLICY_SUPPORTED BIT(4) #define SNP_CXL_ALLOW_POLICY_SUPPORTED BIT(5) +#define SNP_VERIFY_MITIGATION_SUPPORTED BIT(13) =20 /* Feature bits in EBX */ #define SNP_SEV_TIO_SUPPORTED BIT(1) --=20 2.53.0 From nobody Thu Apr 9 17:57:48 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 154C33890E8; Tue, 3 Mar 2026 19:15:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565351; cv=none; b=EgD9D6lPAZLwsVky+M9RMxc23lBJB6JIRva0xbeKKJsHlGfzmNKb9nJJFIA1xr+iKlidpwLJQXapjxE74oUkEIBNIoz+9tnohHbfk4WzHbInyXapPr53kS6ULT0Q2kUDXLd4YodpCL8Ujwe94nqt7m8EtYjnB7QcVRuxdmqQ6s4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565351; c=relaxed/simple; bh=h+RZPHkDN7k2bCi8/CQHjPnj5cNqgA18MTBWMKUgzrQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=W8B2JPtnWaxyBaF+rXgwLsvtZh3XDW7LUTHkMaN9OqFDRks0pCxv73bL9DrAwD/kz8mCnpxd5YrvmK+i/T5XSEddPPZf3TuDvP2b3Xo9rTgns+LiAag5bjlWDt6aSa5k6IbWO6YgPx790I8wwIkFMlqVvEykJhw2bcpZSqlGbXo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AGp0y7xq; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AGp0y7xq" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CC3DBC4AF09; Tue, 3 Mar 2026 19:15:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772565351; bh=h+RZPHkDN7k2bCi8/CQHjPnj5cNqgA18MTBWMKUgzrQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AGp0y7xqmKtbR6KPfudBrXxzAEYolr8mefnGTNoNDJUU/KtcG9CitE8zmRaotLrge N0Xc+DdVXEhPq4kILBlPdcsOPRhWw/0m2VcJqDfdDvJgMXrlyd67ShFSyNRv5/DtA6 DhHQstOLwUOOcPIF0GZgFVMWw/qpNjGLiAvKavSAhJ7rnFJYJY7b8ik3M3vPFLJ7sw 6xCSUwf5V/oXz5SAo6SU+HhERGP3l3FODqoZ9GU6hYFHcP98fIcRQxnmWm9bf0YV2O vAoubkIM63IJCVnJs0UFiCoZ9bH2vdETeRidTP8URPcdBr4bvXTy4Oz8PYfgG8LG9T newJMMV9Ab+GA== From: Tycho Andersen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Shuah Khan Cc: Kim Phillips , Alexey Kardashevskiy , Nikunj A Dadhania , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH 3/5] crypto/ccp: export firmware supported vm types Date: Tue, 3 Mar 2026 12:15:07 -0700 Message-ID: <20260303191509.1565629-4-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org> References: <20260303191509.1565629-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" In some configurations, the firmware does not support all VM types. Do an SNP_VERIFY_MITIGATION to determine if the mitigation for CVE-2025-48514 is active, and if so, turn off the SEV_ES bit. Signed-off-by: Tycho Andersen (AMD) --- drivers/crypto/ccp/sev-dev.c | 83 ++++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 9 ++++ 2 files changed, 92 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9eba3fe1a27f..79610617a38d 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -2930,3 +2930,86 @@ void sev_pci_exit(void) =20 sev_firmware_shutdown(sev); } + +static int snp_verify_mitigation(struct sev_device *sev, u64 vector, u64 *= verified) +{ + struct sev_data_snp_verify_mitigation data =3D {0}; + struct snp_verify_mitigation_dst *dst; + struct page *p; + int rc, error =3D 0; + + if (!sev->snp_plat_status.feature_info || + !(sev->snp_feat_info_0.ecx & SNP_VERIFY_MITIGATION_SUPPORTED)) { + return -EOPNOTSUPP; + } + + p =3D __snp_alloc_firmware_pages(GFP_KERNEL, 0, true); + if (!p) + return -ENOMEM; + dst =3D page_address(p); + + data.length =3D sizeof(data); + data.subcommand =3D SNP_MIT_SUBCMD_REQ_VERIFY; + data.vector =3D vector; + data.dst_paddr_en =3D 1; + data.dst_paddr =3D __psp_pa(dst); + + rc =3D sev_do_cmd(SEV_CMD_SNP_VERIFY_MITIGATION, &data, &error); + if (rc < 0) { + if (error) + dev_err(sev->dev, "VERIFY_MITIGATION error %d\n", error); + goto reclaim_pages; + } + + rc =3D -EIO; + if (dst->mit_failure_status) { + dev_err(sev->dev, "VERIFY_MITIGATION failure status %d\n", dst->mit_fail= ure_status); + goto reclaim_pages; + } + + *verified =3D dst->mit_verified_vector; + rc =3D 0; + +reclaim_pages: + __snp_free_firmware_pages(p, 0, true); + return rc; +} + +int sev_firmware_supported_vm_types(void) +{ + int rc, supported_vm_types =3D 0; + struct sev_device *sev; + u64 verified =3D 0; + + if (!psp_master || !psp_master->sev_data) + return supported_vm_types; + sev =3D psp_master->sev_data; + + supported_vm_types |=3D BIT(KVM_X86_SEV_VM); + supported_vm_types |=3D BIT(KVM_X86_SEV_ES_VM); + + if (!sev->snp_initialized) + return supported_vm_types; + + supported_vm_types |=3D BIT(KVM_X86_SNP_VM); + + rc =3D snp_verify_mitigation(sev, SNP_MIT_VEC_CVE_2025_48514, &verified); + if (rc < 0) { + /* + * Older firmware that doesn't support VERIFY_MITIGATION won't + * have the mitigation for this CVE, so all types are supported. + */ + if (rc =3D=3D -EOPNOTSUPP) + return supported_vm_types; + dev_err(sev->dev, "Unable to determine supported vm types: %d\n", rc); + return supported_vm_types; + } + + /* This mitigation disables SEV-ES guests when present */ + if (verified & SNP_MIT_VEC_CVE_2025_48514) + supported_vm_types &=3D ~BIT(KVM_X86_SEV_ES_VM); + + return supported_vm_types; + +} +EXPORT_SYMBOL_FOR_MODULES(sev_firmware_supported_vm_types, "kvm-amd"); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 2b4b56632b4e..07ce49b31ba2 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -611,6 +611,12 @@ struct sev_data_snp_verify_mitigation { #define SNP_MIT_SUBCMD_REQ_STATUS 0x0 #define SNP_MIT_SUBCMD_REQ_VERIFY 0x1 =20 +/* + * For CVE-2025-48514 defined in AMD-SB-3023 + * https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3023.= html + */ +#define SNP_MIT_VEC_CVE_2025_48514 BIT(3) + /** * struct snp_verify_mitigation_dst - mitigation result vectors * @@ -1092,6 +1098,7 @@ void snp_free_firmware_page(void *addr); void sev_platform_shutdown(void); bool sev_is_snp_ciphertext_hiding_supported(void); u64 sev_get_snp_policy_bits(void); +int sev_firmware_supported_vm_types(void); =20 #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ =20 @@ -1135,6 +1142,8 @@ static inline void sev_platform_shutdown(void) { } =20 static inline bool sev_is_snp_ciphertext_hiding_supported(void) { return f= alse; } =20 +static inline int sev_firmware_supported_vm_types(void) { return 0; } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ =20 #endif /* __PSP_SEV_H__ */ --=20 2.53.0 From nobody Thu Apr 9 17:57:48 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CCF6F389116; Tue, 3 Mar 2026 19:15:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565353; cv=none; b=kUT9lIZzIBifnIllOQZAhawOjSKrCs943va2vcjVrLRsbTufio3z7gb8zttnclXTS//HGFcwsDKbtu0tauXr0dHrHsvTO+VJXXJskqrERixMscdTaZDObPM6FdOjGPucmZ8iZwtJ7ddnrpMQTIODVvDRUpFIYHQa+Xx6Yowpu9A= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565353; c=relaxed/simple; bh=kveI5NdoYoIPiQcLw4KGZAcgSTGkk3UJZOxqHb0xznI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=WsadcVwS2efrtEsJz489yljzAe/g2BiKu08zd3OwlX54bUU2OiZraqLaUN7qH9YT4AQ4FDp46QTCGlDvvLpcqEd2jL1t3BLo0ApnAWfjONcCYUcD+ufNO5T/3EyNG+uj6ykwNBFQ1QsRHnyn2wVe7WLZdxOB001LCBhaLR8fF1E= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=g0sXClsp; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="g0sXClsp" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 3D902C2BC87; Tue, 3 Mar 2026 19:15:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772565353; bh=kveI5NdoYoIPiQcLw4KGZAcgSTGkk3UJZOxqHb0xznI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=g0sXClspFtHY3XbFdqQrUUCHWxpbkkh2dvqIz+IwyRrZsfIyVB5Meb3fZhlvLekdd zWqLceVOwjhYcCYdWSWGWxYqF4Li+dDCfXdg6/KOElpVI3NhKO6fXbAqQ5wy3YgyM0 Y/3oXio5DHunahkRExUl+u0r6MXNDABpw29r1EiV2jedB+Ie2TtRnhnuNTsuAP99ie cKaJkn5OeS8DZ5xEENTw/BfWqx79cxP8J+MOjVyf1pIfyORKRpZrwhRJKyFwmSXSN6 I493ITnNim3fGebXVSp055CztwuyxaA3fcaIU6TrEJLHhbbHFnPgrlRubSw78nHFLO 1wcMmZsaIwGBw== From: Tycho Andersen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Shuah Khan Cc: Kim Phillips , Alexey Kardashevskiy , Nikunj A Dadhania , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH 4/5] kvm/sev: mask off firmware unsupported vm types Date: Tue, 3 Mar 2026 12:15:08 -0700 Message-ID: <20260303191509.1565629-5-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org> References: <20260303191509.1565629-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" In some configurations not all VM types are supported by the firmware. Reflect this information in the supported_vm_types that KVM exports. Link: https://lore.kernel.org/all/aZyLIWtffvEnmtYh@google.com/ Suggested-by: Sean Christopherson Signed-off-by: Tycho Andersen (AMD) --- arch/x86/kvm/svm/sev.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f941d48626d3..eeae39af63a9 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2976,6 +2976,8 @@ void __init sev_set_cpu_caps(void) supported_vm_types |=3D BIT(KVM_X86_SNP_VM); } =20 + supported_vm_types &=3D sev_firmware_supported_vm_types(); + kvm_caps.supported_vm_types |=3D supported_vm_types; } =20 --=20 2.53.0 From nobody Thu Apr 9 17:57:48 2026 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E15A5384231; Tue, 3 Mar 2026 19:15:55 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565356; cv=none; b=jBe+fqBlgdu7vOE7DcbmF52MEdBndmIANcJngcZPDQzNUT4jTVeeHSN3X/W7w2ZbEBoNy3yeU+WSpS5humkuIaUnFvo7GLn9sbSBiETea952wLtvPBjgUmOAjF3ypMNcmwqBrQ5I5DDG+ELiwV7sBNvJXpXSzoLnlZSd16wTVRc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1772565356; c=relaxed/simple; bh=tgcMP1DjiSuWdQdTXNizhC+/un3ZdmwWd5CjtmNWK04=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DjB0Rb/Jt5DZtAJUwuDT5IuZvTdNUrTnUA9blxoTV+FvLmc3HvAKjlWSBij2Eh2zOJaE/0EB5rBLPG/CY2jGe6S7JH3ulKShIWz6MgsVqe29g4Wl7Hq+bZeDKHLmJNFZGbOI7Uk3SJpMDfyG/Sp7oiIwHQ0J5NrFXmRaRTCUtFw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=Zs4O+trg; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="Zs4O+trg" Received: by smtp.kernel.org (Postfix) with ESMTPSA id A3EF6C2BCB0; Tue, 3 Mar 2026 19:15:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1772565355; bh=tgcMP1DjiSuWdQdTXNizhC+/un3ZdmwWd5CjtmNWK04=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Zs4O+trggAO5+VjU3bcSHqykfHaMlyCqdUz0t73lLf9fwJPz1P4BCRJSm69JxTKoZ T4HmVXGvhklGqZGsH/mzdXFwZNNONIyy9wP86jEPs5W/XQfnPR7O7i3QwsP+2uyjlV 1dtrxai1mgldJh+oCfw8PaO8EcIAGfqhyHRqoD1EXUZ19P8K+HM5VJVaim8zrWCSvq uR4y6B961iZf4HGl3Zygib4nL17QQyl1pde4XLO4e0O7sb2dl+tRlEIoO/tsIxLBon TqH7J51oND/UuWR6ohmGBd0Puh4Dhx7epJ+ry/XT4LJBarTnEov7oUk+0bT7eW2p16 FKd1pH6H3gokQ== From: Tycho Andersen To: Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Shuah Khan Cc: Kim Phillips , Alexey Kardashevskiy , Nikunj A Dadhania , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org Subject: [PATCH 5/5] selftests/kvm: teach sev_*_test about revoking VM types Date: Tue, 3 Mar 2026 12:15:09 -0700 Message-ID: <20260303191509.1565629-6-tycho@kernel.org> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org> References: <20260303191509.1565629-1-tycho@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: "Tycho Andersen (AMD)" Instead of using CPUID, use the VM type bit to determine support, since those now reflect the correct status of support by the kernel and firmware configurations. Suggested-by: Sean Christopherson Signed-off-by: Tycho Andersen (AMD) --- tools/testing/selftests/kvm/x86/sev_init2_tests.c | 14 ++++++-------- .../testing/selftests/kvm/x86/sev_migrate_tests.c | 2 +- tools/testing/selftests/kvm/x86/sev_smoke_test.c | 4 ++-- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/sev_init2_tests.c b/tools/test= ing/selftests/kvm/x86/sev_init2_tests.c index b238615196ad..97bd036b4f1c 100644 --- a/tools/testing/selftests/kvm/x86/sev_init2_tests.c +++ b/tools/testing/selftests/kvm/x86/sev_init2_tests.c @@ -136,16 +136,14 @@ int main(int argc, char *argv[]) kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_VM); =20 TEST_REQUIRE(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_VM)); - have_sev_es =3D kvm_cpu_has(X86_FEATURE_SEV_ES); + have_sev_es =3D kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM); =20 - TEST_ASSERT(have_sev_es =3D=3D !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(K= VM_X86_SEV_ES_VM)), - "sev-es: KVM_CAP_VM_TYPES (%x) does not match cpuid (checking %x)", - kvm_check_cap(KVM_CAP_VM_TYPES), 1 << KVM_X86_SEV_ES_VM); + TEST_ASSERT(!have_sev_es || kvm_cpu_has(X86_FEATURE_SEV_ES), + "sev-es: SEV_ES_VM supported without SEV_ES in CPUID"); =20 - have_snp =3D kvm_cpu_has(X86_FEATURE_SEV_SNP); - TEST_ASSERT(have_snp =3D=3D !!(kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_= X86_SNP_VM)), - "sev-snp: KVM_CAP_VM_TYPES (%x) indicates SNP support (bit %d), but = CPUID does not", - kvm_check_cap(KVM_CAP_VM_TYPES), KVM_X86_SNP_VM); + have_snp =3D kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM); + TEST_ASSERT(!have_snp || kvm_cpu_has(X86_FEATURE_SEV_SNP), + "sev-snp: SNP_VM supported without SEV_SNP in CPUID"); =20 test_vm_types(); =20 diff --git a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c b/tools/te= sting/selftests/kvm/x86/sev_migrate_tests.c index 0a6dfba3905b..3f2c3b00e3bc 100644 --- a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86/sev_migrate_tests.c @@ -376,7 +376,7 @@ int main(int argc, char *argv[]) =20 TEST_REQUIRE(kvm_cpu_has(X86_FEATURE_SEV)); =20 - have_sev_es =3D kvm_cpu_has(X86_FEATURE_SEV_ES); + have_sev_es =3D kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM); =20 if (kvm_has_cap(KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM)) { test_sev_migrate_from(/* es=3D */ false); diff --git a/tools/testing/selftests/kvm/x86/sev_smoke_test.c b/tools/testi= ng/selftests/kvm/x86/sev_smoke_test.c index 86ad1c7d068f..16ec940de5ac 100644 --- a/tools/testing/selftests/kvm/x86/sev_smoke_test.c +++ b/tools/testing/selftests/kvm/x86/sev_smoke_test.c @@ -219,10 +219,10 @@ int main(int argc, char *argv[]) =20 test_sev_smoke(guest_sev_code, KVM_X86_SEV_VM, 0); =20 - if (kvm_cpu_has(X86_FEATURE_SEV_ES)) + if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SEV_ES_VM)) test_sev_smoke(guest_sev_es_code, KVM_X86_SEV_ES_VM, SEV_POLICY_ES); =20 - if (kvm_cpu_has(X86_FEATURE_SEV_SNP)) + if (kvm_check_cap(KVM_CAP_VM_TYPES) & BIT(KVM_X86_SNP_VM)) test_sev_smoke(guest_snp_code, KVM_X86_SNP_VM, snp_default_policy()); =20 return 0; --=20 2.53.0