On 09/04/20 14:51, Uros Bizjak wrote:
>
> --cut here--
> config KVM_AMD_SEV
> def_bool y
> bool "AMD Secure Encrypted Virtualization (SEV) support"
> depends on KVM_AMD && X86_64
> depends on CRYPTO_DEV_SP_PSP && !(KVM_AMD=y && CRYPTO_DEV_CCP_DD=m)
> ---help---
> Provides support for launching Encrypted VMs on AMD processors.
> --cut here--
>
> which doesn't disable the compilation of sev.o. The missing functions
> are actually in ccp.o *module*, called from built-in functions of
> sev.o
Yes, that's also what I was thinking but I confused SP_PSP with CCP_DD.
> Enabling CRYPTO_DEV_CCP_DD=y as a built-in instead of a module fixes the build.
What about this:
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 0e3fc311d7da..364ffe32139c 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1117,7 +1117,7 @@ int __init sev_hardware_setup(void)
/* Maximum number of encrypted guests supported simultaneously */
max_sev_asid = cpuid_ecx(0x8000001F);
- if (!max_sev_asid)
+ if (!svm_sev_enabled())
return 1;
/* Minimum ASID value that should be used for SEV guest */
@@ -1156,6 +1156,9 @@ int __init sev_hardware_setup(void)
void sev_hardware_teardown(void)
{
+ if (!svm_sev_enabled())
+ return;
+
bitmap_free(sev_asid_bitmap);
bitmap_free(sev_reclaim_asid_bitmap);
They should be the only places that call those functions and are not already
culled by svm_sev_enabled(), either directly or indirectly (most of sev.c
functions are static and the entry points reduce to just a return).
The two symbols go away for me with this change.
Paolo
