| Message ID | 20240223104009.632194-7-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | KVM: SEV: allow customizing VMSA features | expand |
On Fri, Feb 23, 2024, Paolo Bonzini wrote: > Disable all VMSA features in KVM_SEV_INIT and KVM_SEV_ES_INIT. They are > not actually supported by SEV (a SEV guest does not have a VMSA to which > you can apply features) and they cause unexpected changes in measurement > for SEV-ES. Sorry :-( I've done my best to avoid having to deal with attestation, so it's a bit of a blind spot for me.
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b0e97f9617e3..06e03a6fe7e4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -267,7 +267,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp) sev->active = true; sev->es_active = argp->id == KVM_SEV_ES_INIT; - sev->vmsa_features = sev_supported_vmsa_features; + sev->vmsa_features = 0; asid = sev_asid_new(sev); if (asid < 0)
Disable all VMSA features in KVM_SEV_INIT and KVM_SEV_ES_INIT. They are not actually supported by SEV (a SEV guest does not have a VMSA to which you can apply features) and they cause unexpected changes in measurement for SEV-ES. Going on, the way to enable them will be to use a new initialization ioctl that takes the VMSA features as a parameter. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)