On 09/03/2017 15:07, Borislav Petkov wrote: > + /* Check if running under a hypervisor */ > + eax = 0x40000000; > + ecx = 0; > + native_cpuid(&eax, &ebx, &ecx, &edx); This is not how you check if running under a hypervisor; you should check the HYPERVISOR bit, i.e. bit 31 of cpuid(1).ecx. This in turn tells you if leaf 0x40000000 is valid. That said, the main issue with this function is that it hardcodes the behavior for KVM. It is possible that another hypervisor defines its 0x40000001 leaf in such a way that KVM_FEATURE_SEV has a different meaning. Instead, AMD should define a "well-known" bit in its own space (i.e. 0x800000xx) that is only used by hypervisors that support SEV. This is similar to how Intel defined one bit in leaf 1 to say "is leaf 0x40000000 valid". Thanks, Paolo > + if (eax > 0x40000000) { > + eax = 0x40000001; > + ecx = 0; > + native_cpuid(&eax, &ebx, &ecx, &edx); > + if (!(eax & BIT(KVM_FEATURE_SEV))) > + goto out; > + > + eax = 0x8000001f; > + ecx = 0; > + native_cpuid(&eax, &ebx, &ecx, &edx); > + if (!(eax & 1)) > + goto out; > + > + sme_me_mask = 1UL << (ebx & 0x3f); > + sev_enabled = 1; > + > + goto out; > + } > + _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel