Does SEV-ES indicate that SEV-ES guests are supported, or that the
current (v)CPU is running with SEV-ES enabled, or both?
On Fri, Nov 22, 2019 at 5:01 AM Brijesh Singh <brijesh.singh@xxxxxxx> wrote:
>
>
> On 11/21/19 2:33 PM, Peter Gonda wrote:
> > Only pass through guest relevant CPUID information: Cbit location and
> > SEV bit. The kernel does not support nested SEV guests so the other data
> > in this CPUID leaf is unneeded by the guest.
> >
> > Suggested-by: Jim Mattson <jmattson@xxxxxxxxxx>
> > Signed-off-by: Peter Gonda <pgonda@xxxxxxxxxx>
> > Reviewed-by: Jim Mattson <jmattson@xxxxxxxxxx>
> > ---
> > arch/x86/kvm/cpuid.c | 8 +++++++-
> > 1 file changed, 7 insertions(+), 1 deletion(-)
> >
> > diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c
> > index 946fa9cb9dd6..6439fb1dbe76 100644
> > --- a/arch/x86/kvm/cpuid.c
> > +++ b/arch/x86/kvm/cpuid.c
> > @@ -780,8 +780,14 @@ static inline int __do_cpuid_func(struct kvm_cpuid_entry2 *entry, u32 function,
> > break;
> > /* Support memory encryption cpuid if host supports it */
> > case 0x8000001F:
> > - if (!boot_cpu_has(X86_FEATURE_SEV))
> > + if (boot_cpu_has(X86_FEATURE_SEV)) {
> > + /* Expose only SEV bit and CBit location */
> > + entry->eax &= F(SEV);
>
>
> I know SEV-ES patches are not accepted yet, but can I ask to pass the
> SEV-ES bit in eax?
>
>
> > + entry->ebx &= GENMASK(5, 0);
> > + entry->edx = entry->ecx = 0;
> > + } else {
> > entry->eax = entry->ebx = entry->ecx = entry->edx = 0;
> > + }
> > break;
> > /*Add support for Centaur's CPUID instruction*/
> > case 0xC0000000:
