From: Sean Christopherson <seanjc@google.com>
To: Tycho Andersen <tycho@kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@kernel.org>, Ingo Molnar <mingo@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Shuah Khan <shuah@kernel.org>,
Kim Phillips <kim.phillips@amd.com>,
Alexey Kardashevskiy <aik@amd.com>,
Nikunj A Dadhania <nikunj@amd.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-kselftest@vger.kernel.org
Subject: Re: [PATCH 0/5] Revoke supported SEV VM types
Date: Thu, 12 Mar 2026 13:04:51 -0700 [thread overview]
Message-ID: <abMcYw1wMin6cqY8@google.com> (raw)
In-Reply-To: <20260303191509.1565629-1-tycho@kernel.org>
On Tue, Mar 03, 2026, Tycho Andersen wrote:
> From: "Tycho Andersen (AMD)" <tycho@kernel.org>
>
> Recent SEV firmware [1] does not support SEV-ES VMs when SNP is enabled.
> Sean suggested [2] adding an API so that userspace can check for this
> condition, so do that. Also introduce and use SNP_VERIFY_MITIGATION to
> determine whether it is present or not.
>
> [1]: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3023.html
> [2]: https://lore.kernel.org/all/aZyLIWtffvEnmtYh@google.com/
>
> Tycho Andersen (AMD) (5):
> kvm/sev: don't expose unusable VM types
> crypto/ccp: introduce SNP_VERIFY_MITIGATION
> crypto/ccp: export firmware supported vm types
> kvm/sev: mask off firmware unsupported vm types
> selftests/kvm: teach sev_*_test about revoking VM types
>
> arch/x86/kvm/svm/sev.c | 16 +++-
> drivers/crypto/ccp/sev-dev.c | 84 +++++++++++++++++++
> include/linux/psp-sev.h | 56 +++++++++++++
> .../selftests/kvm/x86/sev_init2_tests.c | 14 ++--
> .../selftests/kvm/x86/sev_migrate_tests.c | 2 +-
> .../selftests/kvm/x86/sev_smoke_test.c | 4 +-
> 6 files changed, 162 insertions(+), 14 deletions(-)
Other than a few nits, this LGTM. Even though the sev-dev.c changes are far more
extensive, I would prefer to take the KVM changes through kvm-x86 due to the
effective change in KVM's ABI. I'd be happy to carry the whole thing, or use a
stable topic branch as a base (patch 1 can easily become patch 3).
prev parent reply other threads:[~2026-03-12 20:04 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-03 19:15 [PATCH 0/5] Revoke supported SEV VM types Tycho Andersen
2026-03-03 19:15 ` [PATCH 1/5] kvm/sev: don't expose unusable " Tycho Andersen
2026-03-12 19:55 ` Sean Christopherson
2026-03-03 19:15 ` [PATCH 2/5] crypto/ccp: introduce SNP_VERIFY_MITIGATION Tycho Andersen
2026-03-03 19:15 ` [PATCH 3/5] crypto/ccp: export firmware supported vm types Tycho Andersen
2026-03-03 23:05 ` Tycho Andersen
2026-03-03 19:15 ` [PATCH 4/5] kvm/sev: mask off firmware unsupported " Tycho Andersen
2026-03-12 19:57 ` Sean Christopherson
2026-03-03 19:15 ` [PATCH 5/5] selftests/kvm: teach sev_*_test about revoking VM types Tycho Andersen
2026-03-12 20:00 ` Sean Christopherson
2026-03-12 20:04 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=abMcYw1wMin6cqY8@google.com \
--to=seanjc@google.com \
--cc=aik@amd.com \
--cc=ashish.kalra@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kim.phillips@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nikunj@amd.com \
--cc=pbonzini@redhat.com \
--cc=shuah@kernel.org \
--cc=tglx@kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=tycho@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.