git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Sean Christopherson <seanjc@google.com>
	Tue, 10 Mar 2026 23:48:15 +0000 (16:48 -0700)
committer	Sean Christopherson <seanjc@google.com>
	Wed, 8 Apr 2026 23:04:24 +0000 (16:04 -0700)
commit	5bf92e475311b22598770caa151dea697b63c0cf
tree	f2ba848ce0301a39c90903aaa40a892212f6dba4	tree \| snapshot
parent	8075360f3b9648abe58bcedcb7a27d83d9bf210d	commit \| diff

KVM: SEV: Provide vCPU-scoped accessors for detecting SEV+ guests

Provide vCPU-scoped accessors for detecting if the vCPU belongs to an SEV,
SEV-ES, or SEV-SNP VM, partly to dedup a small amount of code, but mostly
to better document which usages are "safe". Generally speaking, using the
VM-scoped sev_guest() and friends outside of kvm->lock is unsafe, as they
can get both false positives and false negatives.

But for vCPUs, the accessors are guaranteed to provide a stable result as
KVM disallows initialization SEV+ state after vCPUs are created. I.e.
operating on a vCPU guarantees the VM can't "become" an SEV+ VM, and that
it can't revert back to a "normal" VM.

This will also allow dropping the stubs for the VM-scoped accessors, as
it's relatively easy to eliminate usage of the accessors from common SVM
once the vCPU-scoped checks are out of the way.

No functional change intended.

Link: https://patch.msgid.link/20260310234829.2608037-8-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

arch/x86/kvm/svm/sev.c		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.c		diff \| blob \| blame \| history
arch/x86/kvm/svm/svm.h		diff \| blob \| blame \| history