On Sun, Apr 21, 2024, Michael Roth wrote: > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 6e31cb408dd8..1d2264e93afe 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -33,9 +33,11 @@ > #include "cpuid.h" > #include "trace.h" > > -#define GHCB_VERSION_MAX 1ULL > +#define GHCB_VERSION_MAX 2ULL > #define GHCB_VERSION_MIN 1ULL This needs a userspace control. Being unable to limit the GHCB version advertised to the guest is going to break live migration of SEV-ES VMs, e.g. if a pool of hosts has some kernels running this flavor of KVM, and some hosts running an older KVM that doesn't support v2.
