From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 30 Sep 2025 17:34:12 +0000 (-0400)
Subject: Merge tag 'kvm-x86-svm-6.18' of https://github.com/kvm-x86/linux into HEAD
X-Git-Tag: v6.18-rc1~55^2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a104e0a3052d5e5d764e3e057c42ebaed17b53bd;p=thirdparty%2Flinux.git

Merge tag 'kvm-x86-svm-6.18' of https://github.com/kvm-x86/linux into HEAD

KVM SVM changes for 6.18

 - Require a minimum GHCB version of 2 when starting SEV-SNP guests via
   KVM_SEV_INIT2 so that invalid GHCB versions result in immediate errors
   instead of latent guest failures.

 - Add support for Secure TSC for SEV-SNP guests, which prevents the untrusted
   host from tampering with the guest's TSC frequency, while still allowing the
   the VMM to configure the guest's TSC frequency prior to launch.

 - Mitigate the potential for TOCTOU bugs when accessing GHCB fields by
   wrapping all accesses via READ_ONCE().

 - Validate the XCR0 provided by the guest (via the GHCB) to avoid tracking a
   bogous XCR0 value in KVM's software model.

 - Save an SEV guest's policy if and only if LAUNCH_START fully succeeds to
   avoid leaving behind stale state (thankfully not consumed in KVM).

 - Explicitly reject non-positive effective lengths during SNP's LAUNCH_UPDATE
   instead of subtly relying on guest_memfd to do the "heavy" lifting.

 - Reload the pre-VMRUN TSC_AUX on #VMEXIT for SEV-ES guests, not the host's
   desired TSC_AUX, to fix a bug where KVM could clobber a different vCPU's
   TSC_AUX due to hardware not matching the value cached in the user-return MSR
   infrastructure.

 - Enable AVIC by default for Zen4+ if x2AVIC (and other prereqs) is supported,
   and clean up the AVIC initialization code along the way.
---

a104e0a3052d5e5d764e3e057c42ebaed17b53bd
diff --cc arch/x86/kvm/svm/svm.h
index 70df7c6413cf9,739f4f52f46d7..9526bb112b29c
--- a/arch/x86/kvm/svm/svm.h
+++ b/arch/x86/kvm/svm/svm.h
@@@ -863,10 -865,9 +865,9 @@@ int sev_cpu_init(struct svm_cpu_data *s
  int sev_dev_get_attr(u32 group, u64 attr, u64 *val);
  extern unsigned int max_sev_asid;
  void sev_handle_rmp_fault(struct kvm_vcpu *vcpu, gpa_t gpa, u64 error_code);
- void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu);
  int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order);
  void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end);
 -int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn);
 +int sev_gmem_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn, bool is_private);
  struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vcpu *vcpu);
  void sev_free_decrypted_vmsa(struct kvm_vcpu *vcpu, struct vmcb_save_area *vmsa);
  #else