www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Brijesh Singh <brijesh.singh@amd.com>
	Wed, 1 May 2024 08:51:54 +0000 (03:51 -0500)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Sun, 12 May 2024 08:09:28 +0000 (04:09 -0400)
commit	1dfe571c12cf99244b933208fb77f29471ded677
tree	84e45353f5140b4fdc49cb2dce34c75dc2cade6c	tree
parent	a8e31983335554193c2cb373161d08880230abfd	commit \| diff

KVM: SEV: Add initial SEV-SNP support

SEV-SNP builds upon existing SEV and SEV-ES functionality while adding
new hardware-based security protection. SEV-SNP adds strong memory
encryption and integrity protection to help prevent malicious
hypervisor-based attacks such as data replay, memory re-mapping, and
more, to create an isolated execution environment.

Define a new KVM_X86_SNP_VM type which makes use of these capabilities
and extend the KVM_SEV_INIT2 ioctl to support it. Also add a basic
helper to check whether SNP is enabled and set PFERR_PRIVATE_ACCESS for
private #NPFs so they are handled appropriately by KVM MMU.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Co-developed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240501085210.2213060-5-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

arch/x86/include/asm/svm.h		diff \| blob \| history
arch/x86/include/uapi/asm/kvm.h		diff \| blob \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| history
arch/x86/kvm/svm/svm.c		diff \| blob \| history
arch/x86/kvm/svm/svm.h		diff \| blob \| history