KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent

As documented in APM[1], LBR Virtualization must be enabled for SEV-ES
guests. So, prevent SEV-ES guests when LBRV support is missing.

[1]: AMD64 Architecture Programmer's Manual Pub. 40332, Rev. 4.07 - June
     2023, Vol 2, 15.35.2 Enabling SEV-ES.
     https://bugzilla.kernel.org/attachment.cgi?id=304653

Fixes: 376c6d285017 ("KVM: SVM: Provide support for SEV-ES vCPU creation/loading")
Signed-off-by: Ravi Bangoria <ravi.bangoria@amd.com>
Message-ID: <20240531044644.768-3-ravi.bangoria@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 0623cfaa7bb0ee9f9ca3ec142e99feb41254533b..8b52bbba02c0fcebc4ef318372bc5a1c473af413 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2406,6 +2406,12 @@ void __init sev_hardware_setup(void)
        if (!boot_cpu_has(X86_FEATURE_SEV_ES))
                goto out;
 
+       if (!lbrv) {
+               WARN_ONCE(!boot_cpu_has(X86_FEATURE_LBRV),
+                         "LBRV must be present for SEV-ES support");
+               goto out;
+       }
+
        /* Has the system been allocated ASIDs for SEV-ES? */
        if (min_sev_asid == 1)
                goto out;

diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c
index f265361f4518bdc4f1d346df77ddb35f813e70b0..223a551bf44e45781621e49ee7d973f24885c872 100644 (file)
--- a/arch/x86/kvm/svm/svm.c
+++ b/arch/x86/kvm/svm/svm.c
@@ -215,7 +215,7 @@ int vgif = true;
 module_param(vgif, int, 0444);
 
 /* enable/disable LBR virtualization */
-static int lbrv = true;
+int lbrv = true;
 module_param(lbrv, int, 0444);
 
 static int tsc_scaling = true;
@@ -5294,6 +5294,12 @@ static __init int svm_hardware_setup(void)
 
        nrips = nrips && boot_cpu_has(X86_FEATURE_NRIPS);
 
+       if (lbrv) {
+               if (!boot_cpu_has(X86_FEATURE_LBRV))
+                       lbrv = false;
+               else
+                       pr_info("LBR virtualization supported\n");
+       }
        /*
         * Note, SEV setup consumes npt_enabled and enable_mmio_caching (which
         * may be modified by svm_adjust_mmio_mask()), as well as nrips.
@@ -5347,14 +5353,6 @@ static __init int svm_hardware_setup(void)
                svm_x86_ops.set_vnmi_pending = NULL;
        }
 
-
-       if (lbrv) {
-               if (!boot_cpu_has(X86_FEATURE_LBRV))
-                       lbrv = false;
-               else
-                       pr_info("LBR virtualization supported\n");
-       }
-
        if (!enable_pmu)
                pr_info("PMU virtualization is disabled\n");
 

diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
index be57213cd295935f055bf46d3856393944108061..59bbb8122b7509ba043cbc4a5fa4d71bf42c182f 100644 (file)
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@ -39,6 +39,7 @@ extern int vgif;
 extern bool intercept_smi;
 extern bool x2avic_enabled;
 extern bool vnmi;
+extern int lbrv;
 
 /*
  * Clean bits in VMCB.