From nobody Wed Apr 8 04:39:43 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C67933DD529 for ; Tue, 10 Mar 2026 23:48:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; cv=none; b=kF9nW9Jskb2MU4NmzI/7zsTixwa0dvZLGfiqcexkhlif2cmVyntI1W00YWfxkeWuPFu+JmfK+2+JA/7yS4N0RE4uNr2ft2rfsbb9an/9BNM0IuKvd738GSIvwTvWK1dfYhUVJd+choCkCG4GuyBRRWiVQPgQXNZr3s+F2MGhd74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; c=relaxed/simple; bh=EAXd6U23TOM0TNLsWbdxjSjEvAZh9Ps8RAlEBkf+Mr8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WMPWoSeJhGwgnTNMNeeduPZzWWyi06VE07wrlOzek+fs6MV158nbl5NnjLsUV/dgXTxZ03lbs8MLkfYTkFYBFip/qxM2t/KqUqua2LUtQAHYJ/eru9DkAawH0hx2AaEpjzHBIfIQ2hHPyLRkybl0gLw5oxmomEOZ3jmrvM4gU1c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=olR06XDV; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="olR06XDV" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2adc527eaf5so82417735ad.0 for ; Tue, 10 Mar 2026 16:48:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186531; x=1773791331; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EuE4VxLPE3eeqbVSDrv7j4XL4cakaBn+k4JWu7FqMLU=; b=olR06XDV8Ybj6d0sp9Rrjz+WsTQf6puOSrVKGVxWLz/ADazuC1pOF93aOtmj770EOQ G7MqFtoPCwDpRuUeTDiQWJSqXSyjXKkIUQky56t9mOc+iggsCXOCZJBtMXsKJJoThZ6U taduqY1GMx2A1heVCB94/yxAfMVXxcoOPa0KQyX4zk793XpRf9OxzI9ztYzJe++0erlT OnAl/n6wYUMzEB5xY2sty7uCvkFqMsd9v0fx6bSvphal9/hRv2QVUdOnSrEpK+RsnbC8 SyZwN0G7dQ9/quih2wEcRsrjnWnw++o8pAfY9SJsRanIeLaqTT0SUbYHeZg7/PWU/Ej/ ijRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186531; x=1773791331; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EuE4VxLPE3eeqbVSDrv7j4XL4cakaBn+k4JWu7FqMLU=; b=focgGFUVSDZVn/VJHA3YQsTxnaFb00mjWWx1JbUfThkRMihvUu8Weo3Ms3/wJjWnzl 2wWXSYzT/ddISqGjV1LcnQ3B9rhrGF8zfzt3iK6aADJGQmcHECgchlNbCdovuAQFqGR7 8Zfp0bopimjzk99KxfSjcc48Xe5l5GtkQboFT/5tdcnMZ15zmAXY37pYqsKFadlWLP8V 1ZsK7CmyvPJ/tZsQwCI4IncxOaV94SUmPG7W7EnrGshRSYY9n8CfZuiegeNcePTvpq8B z4Qv6KMX8klEY9TO9tsTKoB6xPnK4gcmvhSxTO11OLsBVClan9TYhxhIIbwBpFpeyvwF BCtg== X-Forwarded-Encrypted: i=1; AJvYcCUNuq7BN4CRfTGSvP98bFu+wgh+dEwUs0ClvEDnhMWcJVRCqOkrCjbmDXI2oOt+g9U/w4XSUFdKbOJEsiY=@vger.kernel.org X-Gm-Message-State: AOJu0Ywc476NA875xEfjYqaVbTwm8T8TR944CCGUGu6b2Xj/5GFU0euv N5saWTiNwLmPjYUeBRHMd6kclf9iVhC2l4RV5wSXfZBTiSn0YN0DjX4gNb+QAzEuLfPD4lZT8gQ JLpXBxQ== X-Received: from plbkm15.prod.google.com ([2002:a17:903:27cf:b0:2ae:4e8d:56b4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:238d:b0:2ae:4911:4a52 with SMTP id d9443c01a7336-2aeae763046mr3121315ad.5.1773186530965; Tue, 10 Mar 2026 16:48:50 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:17 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-10-seanjc@google.com> Subject: [PATCH 09/21] KVM: SEV: Document the SEV-ES check when querying SMM support as "safe" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use the "unsafe" API to check for an SEV-ES+ guest when determining whether or not SMBASE is a supported MSR, i.e. whether or not emulated SMM is supported. This will eventually allow adding lockdep assertings to the APIs for detecting SEV+ VMs without triggering "real" false positives. While svm_has_emulated_msr() doesn't hold kvm->lock, i.e. can get both false positives *and* false negatives, both are completely fine, as the only time the result isn't stable is when userspace is the sole consumer of the result. I.e. userspace can confuse itself, but that's it. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0a1acc21b133..bd0c497c6040 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4487,9 +4487,17 @@ static bool svm_has_emulated_msr(struct kvm *kvm, u3= 2 index) case MSR_IA32_SMBASE: if (!IS_ENABLED(CONFIG_KVM_SMM)) return false; - /* SEV-ES guests do not support SMM, so report false */ - if (kvm && sev_es_guest(kvm)) + +#ifdef CONFIG_KVM_AMD_SEV + /* + * KVM can't access register state to emulate SMM for SEV-ES + * guests. Conusming stale data here is "fine", as KVM only + * checks for MSR_IA32_SMBASE support without a vCPU when + * userspace is querying KVM_CAP_X86_SMM. + */ + if (kvm && ____sev_es_guest(kvm)) return false; +#endif break; default: break; --=20 2.53.0.473.g4a7958ca14-goog