[RFC PATCH 6/7] KVM: SVM: Support launching an SVSM with Restricted Injection set

[Tom Lendacky <thomas.lendacky@xxxxxxx>]

Allow Restricted Injection to be set in SEV_FEATURES. When set,
attempts to inject any interrupts other than #HV will make VMRUN fail.
This is done to further reduce the security exposure within the SVSM.

Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
---
 arch/x86/kvm/svm/sev.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 4324a72d35ea..3aa9489786ee 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3078,6 +3078,7 @@ void __init sev_hardware_setup(void)
 		sev_es_debug_swap_enabled = false;
 
 	sev_supported_vmsa_features = 0;
+	sev_supported_vmsa_features |= SVM_SEV_FEAT_RESTRICTED_INJECTION;
 	if (sev_es_debug_swap_enabled)
 		sev_supported_vmsa_features |= SVM_SEV_FEAT_DEBUG_SWAP;
 }
-- 
2.43.2