From: Sean Christopherson <seanjc@google.com>
To: "Jörg Rödel" <joro@8bytes.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
x86@kernel.org, Tom Lendacky <thomas.lendacky@amd.com>,
Michael Roth <michael.roth@amd.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
coconut-svsm@lists.linux.dev,
Joerg Roedel <joerg.roedel@amd.com>
Subject: Re: [PATCH 3/4] kvm: svm: Support guest-provided VMSA for launching
Date: Tue, 23 Jun 2026 14:07:59 -0700 [thread overview]
Message-ID: <ajr1r-PAiXMnZ7x1@google.com> (raw)
In-Reply-To: <20260611123528.572255-4-joro@8bytes.org>
On Thu, Jun 11, 2026, Jörg Rödel wrote:
> From: Joerg Roedel <joerg.roedel@amd.com>
>
> Introduce a way to provide a guest GPA as the initial BSP VMSA and
> avoid allocating KVM-managed VMSAs in this case. Only one
> guest-provided VMSA is supported at the moment as IGVM also only
No. Design uAPI that makes sense for KVM and is extensible. If it turns out
that allowing exactly one VMSA is the simplest, most logical approach, then so
be it. But "thing X only needs Y" isn't sufficient justification.
But I'm not remotely convinced that hacking in BSP-only support like this is
the way to go. This entire approach is convoluted, as is the code. E.g. the
below iterates over all vCPUs, but then only actually does anything for vcpu_idx=0.
And the ioctl is VM-scoped, but really operates on a vCPU.
At a (very rough) glance, I don't see any reason we can't have a vCPU-scoped
ioctl to effectively mimic SVM_VMGEXIT_AP_CREATE.
> supports to set a single VMSA.
>
> Signed-off-by: Joerg Roedel <joerg.roedel@amd.com>
> ---
> arch/x86/kvm/svm/sev.c | 62 ++++++++++++++++++++++++++++++------------
> arch/x86/kvm/svm/svm.h | 1 +
> 2 files changed, 45 insertions(+), 18 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 350bb97c32c0..88db83b3ff8e 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -726,6 +726,7 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp,
>
> INIT_LIST_HEAD(&sev->regions_list);
> INIT_LIST_HEAD(&sev->mirror_vms);
> + sev->initial_vmsa_gpa = INVALID_PAGE;
> sev->need_init = false;
>
> kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV);
> @@ -2680,6 +2681,46 @@ static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp)
> return 0;
> }
>
> +static int snp_init_guest_vmsa(struct kvm_vcpu *vcpu, gpa_t vmsa_gpa)
> +{
> + /* Only one initial guest VMSA can exist (per IGVM) - so it belongs to the BSP */
> + if (vcpu->vcpu_idx != 0)
> + return 0;
> +
> + /* VMSA already private and encrypted via LAUNCH_UPDATE */
> + sev_es_set_guest_vmsa(vcpu, vmsa_gpa);
> +
> + return 0;
> +}
> +
> +static int snp_init_kvm_vmsa(struct kvm_vcpu *vcpu,
> + struct sev_data_snp_launch_update *data,
> + struct kvm_sev_cmd *argp)
> +{
> + struct vcpu_svm *svm = to_svm(vcpu);
> + int ret;
> + void *vmsa;
> +
> + ret = sev_es_sync_vmsa(svm);
> + if (ret)
> + return ret;
> +
> + vmsa = sev_es_vmsa_ref(vcpu);
> +
> + ret = sev_es_vcpu_vmsa_make_private(vcpu);
> + if (ret)
> + return ret;
> +
> + /* Issue the SNP command to encrypt the VMSA */
> + data->address = __sme_pa(vmsa);
> + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE,
> + data, &argp->error);
> + if (ret)
> + sev_snp_vcpu_reclaim_vmsa(vcpu);
> +
> + return ret;
Separate code movement from new functi0onality.
> +}
> +
> static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
> {
> struct kvm_sev_info *sev = to_kvm_sev_info(kvm);
> @@ -2700,28 +2741,13 @@ static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp)
>
> kvm_for_each_vcpu(i, vcpu, kvm) {
> struct vcpu_svm *svm = to_svm(vcpu);
> - void *vmsa;
>
> - ret = sev_es_sync_vmsa(svm);
> + ret = VALID_PAGE(sev->initial_vmsa_gpa) ?
> + snp_init_guest_vmsa(vcpu, sev->initial_vmsa_gpa) :
> + snp_init_kvm_vmsa(vcpu, &data, argp);
> if (ret)
> goto out;
>
> - vmsa = sev_es_vmsa_ref(vcpu);
> -
> - ret = sev_es_vcpu_vmsa_make_private(vcpu);
> - if (ret)
> - goto out;
> -
> - /* Issue the SNP command to encrypt the VMSA */
> - data.address = __sme_pa(vmsa);
> - ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_UPDATE,
> - &data, &argp->error);
> - if (ret) {
> - sev_snp_vcpu_reclaim_vmsa(vcpu);
> -
> - goto out;
> - }
> -
> svm->vcpu.arch.guest_state_protected = true;
>
> /* VMSA encrypted - put it into the VMCB */
> diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h
> index 3d4799f09b23..cc7e84c230bb 100644
> --- a/arch/x86/kvm/svm/svm.h
> +++ b/arch/x86/kvm/svm/svm.h
> @@ -117,6 +117,7 @@ struct kvm_sev_info {
> struct mutex guest_req_mutex; /* Must acquire before using bounce buffers */
> cpumask_var_t have_run_cpus; /* CPUs that have done VMRUN for this VM. */
> bool snp_certs_enabled; /* SNP certificate-fetching support. */
> + gpa_t initial_vmsa_gpa; /* Optinal GPA of BSP VMSA - SEV-SNP only */
> };
> #endif
>
> --
> 2.53.0
>
next prev parent reply other threads:[~2026-06-23 21:08 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-11 12:35 [PATCH 0/4] KVM: SEV: Support direct setting of VMSA for SEV-SNP guests Jörg Rödel
2026-06-11 12:35 ` [PATCH 1/4] kvm: svm: Streamline VMSA setting for VCPUs Jörg Rödel
2026-06-16 20:52 ` Tom Lendacky
2026-06-23 10:55 ` Jörg Rödel
2026-06-23 20:18 ` Sean Christopherson
2026-06-11 12:35 ` [PATCH 2/4] kvm: svm: Defer VMSA allocation to LAUNCH_FINISH stage Jörg Rödel
2026-06-16 21:33 ` Tom Lendacky
2026-06-23 11:26 ` Jörg Rödel
2026-06-11 12:35 ` [PATCH 3/4] kvm: svm: Support guest-provided VMSA for launching Jörg Rödel
2026-06-16 21:48 ` Tom Lendacky
2026-06-23 11:36 ` Jörg Rödel
2026-06-23 21:07 ` Sean Christopherson [this message]
2026-06-11 12:35 ` [PATCH 4/4] kvm: svm: Support KVM_SEV_SNP_PAGE_TYPE_VMSA at SNP_LAUNCH_UPDATE Jörg Rödel
2026-06-11 12:43 ` Sean Christopherson
2026-06-11 13:23 ` Jörg Rödel
2026-06-16 17:55 ` Sean Christopherson
2026-06-17 6:45 ` Jörg Rödel
2026-06-17 13:00 ` Sean Christopherson
2026-06-17 13:25 ` Jörg Rödel
2026-06-17 13:37 ` Sean Christopherson
2026-06-17 14:44 ` Jörg Rödel
2026-06-23 13:40 ` Sean Christopherson
2026-06-23 14:44 ` Jörg Rödel
2026-06-23 14:51 ` [EXTERNAL] " Jon Lange
2026-06-23 20:23 ` Sean Christopherson
2026-06-23 20:43 ` Jethro Beekman
2026-06-23 21:43 ` Sean Christopherson
2026-06-23 21:47 ` Jethro Beekman
2026-06-23 22:02 ` Sean Christopherson
2026-06-23 22:35 ` Jethro Beekman
2026-06-23 22:55 ` Sean Christopherson
2026-06-23 23:08 ` Jethro Beekman
2026-06-23 23:43 ` Sean Christopherson
2026-06-17 13:18 ` James Bottomley
2026-06-17 13:28 ` Jörg Rödel
2026-06-17 13:45 ` James Bottomley
2026-06-17 14:53 ` Jörg Rödel
2026-06-16 22:11 ` Tom Lendacky
2026-06-23 11:48 ` Jörg Rödel
2026-06-23 21:29 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajr1r-PAiXMnZ7x1@google.com \
--to=seanjc@google.com \
--cc=coconut-svsm@lists.linux.dev \
--cc=joerg.roedel@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox