On Thu, Apr 18, 2024 at 9:42 PM Michael Roth <michael.roth@xxxxxxx> wrote:
> +/* As defined by SEV-SNP Firmware ABI, under "Guest Policy". */
> +#define SNP_POLICY_MASK_API_MAJOR GENMASK_ULL(15, 8)
> +#define SNP_POLICY_MASK_API_MINOR GENMASK_ULL(7, 0)
> +
> +#define SNP_POLICY_MASK_VALID (SNP_POLICY_MASK_SMT | \
> + SNP_POLICY_MASK_RSVD_MBO | \
> + SNP_POLICY_MASK_DEBUG | \
> + SNP_POLICY_MASK_SINGLE_SOCKET | \
> + SNP_POLICY_MASK_API_MAJOR | \
> + SNP_POLICY_MASK_API_MINOR)
> +
> +/* KVM's SNP support is compatible with 1.51 of the SEV-SNP Firmware ABI. */
> +#define SNP_POLICY_API_MAJOR 1
> +#define SNP_POLICY_API_MINOR 51
> +static inline bool sev_version_greater_or_equal(u8 major, u8 minor)
> +{
> + if (major < SNP_POLICY_API_MAJOR)
> + return true;
Should it perhaps refuse version 0.x? With something like a
#define SNP_POLICY_API_MAJOR_MIN 1
to make it a bit more future proof (and testable).
> + major = (params.policy & SNP_POLICY_MASK_API_MAJOR);
This should be >> 8. Do the QEMU patches not set the API version? :)
Paolo
