On 9/17/24 15:16, Ashish Kalra wrote: > From: Ashish Kalra <ashish.kalra@xxxxxxx> > > Ciphertext hiding prevents host accesses from reading the ciphertext of > SNP guest private memory. Instead of reading ciphertext, the host reads > will see constant default values (0xff). > > Ciphertext hiding separates the ASID space into SNP guest ASIDs and host > ASIDs. All SNP active guests must have an ASID less than or equal to > MAX_SNP_ASID provided to the SNP_INIT_EX command. All SEV-legacy guests > (SEV and SEV-ES) must be greater than MAX_SNP_ASID. > > This patch-set adds a new module parameter to the CCP driver defined as > max_snp_asid which is a user configurable MAX_SNP_ASID to define the > system-wide maximum SNP ASID value. If this value is not set, then the > ASID space is equally divided between SEV-SNP and SEV-ES guests. > > Ciphertext hiding needs to be enabled on SNP_INIT_EX and therefore this > new module parameter has to added to the CCP driver. > > Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx> > --- > arch/x86/kvm/svm/sev.c | 26 ++++++++++++++---- > drivers/crypto/ccp/sev-dev.c | 52 ++++++++++++++++++++++++++++++++++++ > include/linux/psp-sev.h | 12 +++++++-- > 3 files changed, 83 insertions(+), 7 deletions(-) I missed this on initial review. This change goes across multiple maintainers trees, so you should split this patch to do the CCP updates first and then the KVM updates. Thanks, Tom >