KVM: SVM: Allow SNP guest policy disallow running with SMT enabled

KVM currently returns -EINVAL when it attempts to create an SNP guest if
the SMT guest policy bit is not set. However, there is no reason to check
this, as there is no specific support in KVM that is required to support
this. The SEV firmware will determine if SMT has been enabled or disabled
in the BIOS and process the policy in the proper way:

 - SMT enabled in BIOS
   - Guest policy SMT == 0 ==> SNP_LAUNCH_START fails with POLICY_FAILURE
   - Guest policy SMT == 1 ==> SNP_LAUNCH_START succeeds

 - SMT disabled in BIOS
   - Guest policy SMT == 0 ==> SNP_LAUNCH_START succeeds
   - Guest policy SMT == 1 ==> SNP_LAUNCH_START succeeds

Remove the check for the SMT policy bit from snp_launch_start() and allow
the firmware to perform the proper checking.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/71043abdd9ef23b6f98fffa9c5c6045ac3a50187.1748553480.git.thomas.lendacky@amd.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 459c3b791fd4325a9ac7a22efee8e90f495b76ec..9a6dd285dfff0c0adc30b68cc96ba8d64c49e6a5 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2131,8 +2131,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
                return -EINVAL;
 
        /* Check for policy bits that must be set */
-       if (!(params.policy & SNP_POLICY_MASK_RSVD_MBO) ||
-           !(params.policy & SNP_POLICY_MASK_SMT))
+       if (!(params.policy & SNP_POLICY_MASK_RSVD_MBO))
                return -EINVAL;
 
        if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET)