On Mon, Feb 23, 2026, Tycho Andersen wrote: > On Mon, Feb 23, 2026 at 09:15:13AM -0800, Sean Christopherson wrote: > > On Mon, Feb 23, 2026, Tycho Andersen wrote: > > > > > + /* > > > > > + * In some cases when SEV-SNP is enabled, firmware disallows > > > > > starting > > > > > + * an SEV-ES VM. When SEV-SNP is enabled try to launch an > > > > > SEV-ES, and > > > > > + * check the underlying firmware error for this case. > > > > > + */ > > > > > + vm = vm_sev_create_with_one_vcpu(KVM_X86_SEV_ES_VM, > > > > > guest_sev_es_code, > > > > > + &vcpu); > > > > > > > > If there's a legimate reason why an SEV-ES VM can't be created, then > > > > that needs > > > > to be explicitly enumerated in some way by the kernel. E.g. is this > > > > due to lack > > > > of ASIDs due to CipherTextHiding or something? > > > > > > Newer firmware that fixes CVE-2025-48514 won't allow SEV-ES VMs to be > > > started with SNP enabled, there is a footnote (2) about it here: > > > > > > https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3023.html > > > > > > Probably should have included this in the patch, sorry. > > > > > > > Throwing a noodle to see if it sticks is not an option. > > > > > > Sure, we could do some firmware version test to see if it's fixed > > > instead? Or do this same test in the kernel and export that as an > > > ioctl? > > > > Uh, no idea what would be ideal, but there absolutely needs to be some way > > to > > communicate lack of effective SEV-ES support to userspace, and in a way that > > doesn't break userspace. > > Just to clarify, by "doesn't break userspace" here you mean that we > shouldn't revoke the SEV_ES bit from the list of supported VM types > once we've exposed it? Or you mean preserving the current behavior of > CPU supports it => bit is set?
I didn't have concrete concerns, I just want to make sure we don't do something that would confuse userspace and e.g. prevent using KVM for SNP or something. Hmm, I like the idea of clearing supported_vm_types. The wrinkle is that "legacy" deployments that use KVM_SEV_INIT instead of KVM_SEV_INIT2 will use KVM_X86_DEFAULT_VM, and probably won't check for SEV and SEV_ES VM types. Alternatively, or in addition to, we could clear X86_FEATURE_SEV_ES. But clearing SEV_ES while leaving X86_FEATURE_SEV_SNP makes me nervous. KVM doesn't *currently* check for any of those in kvm_cpu_caps, but that could change in the future. And it's somewhat misleading, e.g. because sev_snp_guest() expects sev_es_guest() to be true. Given that it doesn't make sense for KVM to actively prevent the admin from upgrading the firmware, I think it's ok if KVM can't "gracefully" handle *every* case. E.g. even if KVM clears X86_FEATURE_SEV_ES, userspace could have cached that information at system boot. > > Hrm, I think we also neglected to communicate when SEV and SEV-ES are > > effectively > > unusable, e.g. due to CipherTextHiding, so maybe we can kill two birds with > > one > > stone? IIRC, we didn't bother enumerating the limitation with > > CipherTextHiding > > because making SEV-ES unusable would require a deliberate act from the > > admin. > > We know these parameters at module load time so we could unset the > supported bit, but... > > > "Update firmware" is also an deliberate act, but the side effect of SEV-ES > > being > > disabled, not so much. > > since this could be a runtime thing via DOWNLOAD_FIRMWARE_EX at some > point, I guess we need a new RUNTIME_STATUS ioctl or similar. Then the > question is: does it live in /dev/sev, or /dev/kvm? Ugh. Yeah, updating supported_vm_types definitely seems like the least-awful option.
