git.kernel.dk Git - linux-block.git/commit

author	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 4 Apr 2024 12:13:22 +0000 (08:13 -0400)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Thu, 11 Apr 2024 17:08:25 +0000 (13:08 -0400)
commit	4f5defae708992dd2658a45c8d09e57517432e5a
tree	397a1e42b15108d6560457d80daaf2f0144fa743	tree \| snapshot
parent	eb4441864e03dab04754f0b5c7ebbc98ceee099c	commit \| diff

KVM: SEV: introduce KVM_SEV_INIT2 operation

The idea that no parameter would ever be necessary when enabling SEV or
SEV-ES for a VM was decidedly optimistic.  In fact, in some sense it's
already a parameter whether SEV or SEV-ES is desired.  Another possible
source of variability is the desired set of VMSA features, as that affects
the measurement of the VM's initial state and cannot be changed
arbitrarily by the hypervisor.

Create a new sub-operation for KVM_MEMORY_ENCRYPT_OP that can take a struct,
and put the new op to work by including the VMSA features as a field of the
struct.  The existing KVM_SEV_INIT and KVM_SEV_ES_INIT use the full set of
supported VMSA features for backwards compatibility.

The struct also includes the usual bells and whistles for future
extensibility: a flags field that must be zero for now, and some padding
at the end.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20240404121327.3107131-13-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Documentation/virt/kvm/x86/amd-memory-encryption.rst		diff \| blob \| blame \| history
arch/x86/include/uapi/asm/kvm.h		diff \| blob \| blame \| history
arch/x86/kvm/svm/sev.c		diff \| blob \| blame \| history