On 9/18/25 05:27, Naveen N Rao (AMD) wrote:
> Currently, check_sev_features() is called in multiple places when
> processing IGVM files: both when processing the initial VMSA SEV
> features from IGVM, as well as when validating the full contents of the
> VMSA. Move this to a single point in sev_common_kvm_init() to simplify
> the flow, as well as to re-use this function when VMSA SEV features are
> being set without using IGVM files.
>
> Signed-off-by: Naveen N Rao (AMD) <nav...@kernel.org>
Looks reasonable.
Reviewed-by: Tom Lendacky <thomas.lenda...@amd.com>
> ---
> target/i386/sev.c | 10 ++++------
> 1 file changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/target/i386/sev.c b/target/i386/sev.c
> index c4011a6f2ef7..7c4cd1146b9a 100644
> --- a/target/i386/sev.c
> +++ b/target/i386/sev.c
> @@ -595,9 +595,6 @@ static int check_vmsa_supported(SevCommonState
> *sev_common, hwaddr gpa,
> vmsa_check.x87_fcw = 0;
> vmsa_check.mxcsr = 0;
>
> - if (check_sev_features(sev_common, vmsa_check.sev_features, errp) < 0) {
> - return -1;
> - }
> vmsa_check.sev_features = 0;
>
> if (!buffer_is_zero(&vmsa_check, sizeof(vmsa_check))) {
> @@ -1913,6 +1910,10 @@ static int
> sev_common_kvm_init(ConfidentialGuestSupport *cgs, Error **errp)
> }
> }
>
> + if (check_sev_features(sev_common, sev_common->sev_features, errp) <
> 0) {
> + return -1;
> + }
> +
> /*
> * KVM maintains a bitmask of allowed sev_features. This does not
> * include SVM_SEV_FEAT_SNP_ACTIVE which is set accordingly by KVM
> @@ -2532,9 +2533,6 @@ static int cgs_set_guest_state(hwaddr gpa, uint8_t
> *ptr, uint64_t len,
> __func__);
> return -1;
> }
> - if (check_sev_features(sev_common, sa->sev_features, errp) < 0) {
> - return -1;
> - }
> sev_common->sev_features = sa->sev_features;
> }
> return 0;
