From: Tom Lendacky <thomas.lendacky@amd.com>
To: <kvm@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
	<x86@kernel.org>, <linux-crypto@vger.kernel.org>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
	Sean Christopherson <seanjc@google.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	Ingo Molnar <mingo@redhat.com>,
	"Thomas Gleixner" <tglx@linutronix.de>,
	Michael Roth <michael.roth@amd.com>,
	"Ashish Kalra" <ashish.kalra@amd.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David Miller" <davem@davemloft.net>
Subject: [PATCH v3 0/4] SEV-SNP guest policy bit support updates
Date: Wed, 22 Oct 2025 12:37:20 -0500	[thread overview]
Message-ID: <cover.1761154644.git.thomas.lendacky@amd.com> (raw)
This series aims to allow more flexibility in specifying SEV-SNP policy
bits by improving discoverability of supported policy bits from userspace
and enabling support for newer policy bits.
- The first patch adds a new KVM_X86_GRP_SEV attribute group,
  KVM_X86_SNP_POLICY_BITS, that can be used to return the supported
  SEV-SNP policy bits. The initial support for this attribute will return
  the current KVM supported policy bitmask.
- The next 3 patches provide for adding to the known SEV-SNP policy
  bits. Since some policy bits are dependent on specific levels of SEV
  firmware support, the CCP driver is updated to provide an API to return
  the supported policy bits.
  The supported policy bits bitmask used by KVM is generated by taking the
  policy bitmask returned by the CCP driver and ANDing it with the KVM
  supported policy bits. KVM supported policy bits are policy bits that
  do not require any specific implementation support from KVM to allow.
The series is based off of:
  git://git.kernel.org/pub/scm/virt/kvm/kvm.git master
---
Changes for v3:
  - Remove RFC tag.
Changes for v2:
  - Marked the KVM supported policy bits as read-only after init.
Tom Lendacky (4):
  KVM: SEV: Publish supported SEV-SNP policy bits
  KVM: SEV: Consolidate the SEV policy bits in a single header file
  crypto: ccp - Add an API to return the supported SEV-SNP policy bits
  KVM: SEV: Add known supported SEV-SNP policy bits
 arch/x86/include/uapi/asm/kvm.h |  1 +
 arch/x86/kvm/svm/sev.c          | 45 ++++++++++++++++++++-------------
 arch/x86/kvm/svm/svm.h          |  3 ---
 drivers/crypto/ccp/sev-dev.c    | 37 +++++++++++++++++++++++++++
 include/linux/psp-sev.h         | 39 ++++++++++++++++++++++++++++
 5 files changed, 105 insertions(+), 20 deletions(-)
base-commit: 4361f5aa8bfcecbab3fc8db987482b9e08115a6a
-- 
2.51.1
next             reply	other threads:[~2025-10-22 17:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-10-22 17:37 Tom Lendacky [this message]
2025-10-22 17:37 ` [PATCH v3 1/4] KVM: SEV: Publish supported SEV-SNP policy bits Tom Lendacky
2025-10-22 17:37 ` [PATCH v3 2/4] KVM: SEV: Consolidate the SEV policy bits in a single header file Tom Lendacky
2025-10-22 17:37 ` [PATCH v3 3/4] crypto: ccp - Add an API to return the supported SEV-SNP policy bits Tom Lendacky
2025-10-23 16:37   ` Sean Christopherson
2025-10-23 17:36     ` Tom Lendacky
2025-10-22 17:37 ` [PATCH v3 4/4] KVM: SEV: Add known " Tom Lendacky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox
  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):
  git send-email \
    --in-reply-to=cover.1761154644.git.thomas.lendacky@amd.com \
    --to=thomas.lendacky@amd.com \
    --cc=ashish.kalra@amd.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=kvm@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=seanjc@google.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY
  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
  Be sure your reply has a Subject: header at the top and a blank line
  before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).