Merge tag 'kvm-x86-ciphertext-6.18' of https://github.com/kvm-x86/linux into HEAD

KVM SEV-SNP CipherText Hiding support for 6.18

Add support for SEV-SNP's CipherText Hiding, an opt-in feature that prevents
unauthorized CPU accesses from reading the ciphertext of SNP guest private
memory, e.g. to attempt an offline attack.  Instead of ciphertext, the CPU
will always read back all FFs when CipherText Hiding is enabled.

Add new module parameter to the KVM module to enable CipherText Hiding and
control the number of ASIDs that can be used for VMs with CipherText Hiding,
which is in effect the number of SNP VMs.  When CipherText Hiding is enabled,
the shared SEV-ES/SEV-SNP ASID space is split into separate ranges for SEV-ES
and SEV-SNP guests, i.e. ASIDs that can be used for CipherText Hiding cannot
be used to run SEV-ES guests.

diff --cc Documentation/admin-guide/kernel-parameters.txt
Simple merge

diff --cc arch/x86/kvm/svm/sev.c
index 81ee31481eaa724ea56c58b3cdcbb72b2e865683,01345b73f879699325612ba766fc9a6c0543c8be..aacfbffa3af5b7a20023ab38ea1d94b9d8087a58
--- 1/arch/x86/kvm/svm/sev.c
--- 2/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@@ -451,10 -450,18 +472,10 @@@ static int __sev_guest_init(struct kvm 
        sev->vmsa_features = data->vmsa_features;
        sev->ghcb_version = data->ghcb_version;
  
 -      /*
 -       * Currently KVM supports the full range of mandatory features defined
 -       * by version 2 of the GHCB protocol, so default to that for SEV-ES
 -       * guests created via KVM_SEV_INIT2.
 -       */
 -      if (sev->es_active && !sev->ghcb_version)
 -              sev->ghcb_version = GHCB_VERSION_DEFAULT;
 -
 -      if (vm_type == KVM_X86_SNP_VM)
 +      if (snp_active)
                sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE;
  
-       ret = sev_asid_new(sev);
+       ret = sev_asid_new(sev, vm_type);
        if (ret)
                goto e_no_asid;
  

diff --cc drivers/crypto/ccp/sev-dev.c
Simple merge