On Fri, Aug 22, 2025, Tom Lendacky wrote:
> Define the set of policy bits that KVM currently knows as not requiring
> any implementation support within KVM. Provide this value to userspace
> via the KVM_GET_DEVICE_ATTR ioctl.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> ---
> arch/x86/include/uapi/asm/kvm.h | 1 +
> arch/x86/kvm/svm/sev.c | 11 ++++++++++-
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/include/uapi/asm/kvm.h b/arch/x86/include/uapi/asm/kvm.h
> index 0f15d683817d..90e9c4551fa6 100644
> --- a/arch/x86/include/uapi/asm/kvm.h
> +++ b/arch/x86/include/uapi/asm/kvm.h
> @@ -468,6 +468,7 @@ struct kvm_sync_regs {
> /* vendor-specific groups and attributes for system fd */
> #define KVM_X86_GRP_SEV 1
> # define KVM_X86_SEV_VMSA_FEATURES 0
> +# define KVM_X86_SNP_POLICY_BITS 1
>
> struct kvm_vmx_nested_state_data {
> __u8 vmcs12[KVM_STATE_NESTED_VMX_VMCS_SIZE];
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 2fbdebf79fbb..7e6ce092628a 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -78,6 +78,8 @@ static u64 sev_supported_vmsa_features;
> SNP_POLICY_MASK_DEBUG | \
> SNP_POLICY_MASK_SINGLE_SOCKET)
>
> +static u64 snp_supported_policy_bits;
This can be __ro_after_init. Hmm, off topic, but I bet we can give most of the
variables confifugred by sev_hardware_setup() the same treatment. And really
off topic, I have a patch somewhere to convert a bunch of KVM variables from
__read_mostly to __ro_after_init...
