Merge branch 'sev-v9-p2' of https://github.com/codomania/kvm

This part of Secure Encrypted Virtualization (SEV) patch series focuses on KVM
changes required to create and manage SEV guests.

SEV is an extension to the AMD-V architecture which supports running encrypted
virtual machine (VMs) under the control of a hypervisor. Encrypted VMs have their
pages (code and data) secured such that only the guest itself has access to
unencrypted version. Each encrypted VM is associated with a unique encryption key;
if its data is accessed to a different entity using a different key the encrypted
guest's data will be incorrectly decrypted, leading to unintelligible data.
This security model ensures that hypervisor will no longer able to inspect or
alter any guest code or data.

The key management of this feature is handled by a separate processor known as
the AMD Secure Processor (AMD-SP) which is present on AMD SOCs. The SEV Key
Management Specification (see below) provides a set of commands which can be
used by hypervisor to load virtual machine keys through the AMD-SP driver.

The patch series adds a new ioctl in KVM driver (KVM_MEMORY_ENCRYPT_OP). The
ioctl will be used by qemu to issue SEV guest-specific commands defined in Key
Management Specification.

The following links provide additional details:

AMD Memory Encryption white paper:
http://amd-dev.wpengine.netdna-cdn.com/wordpress/media/2013/12/AMD_Memory_Encryption_Whitepaper_v7-Public.pdf

AMD64 Architecture Programmer's Manual:
    http://support.amd.com/TechDocs/24593.pdf
    SME is section 7.10
    SEV is section 15.34

SEV Key Management:
http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf

KVM Forum Presentation:
http://www.linux-kvm.org/images/7/74/02x08A-Thomas_Lendacky-AMDs_Virtualizatoin_Memory_Encryption_Technology.pdf

SEV Guest BIOS support:
  SEV support has been add to EDKII/OVMF BIOS
  https://github.com/tianocore/edk2

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --cc Documentation/virtual/kvm/api.txt
Simple merge

diff --cc arch/x86/include/asm/cpufeatures.h
Simple merge

diff --cc arch/x86/include/asm/kvm_host.h
Simple merge

diff --cc arch/x86/kernel/cpu/amd.c
Simple merge

diff --cc arch/x86/kvm/cpuid.c
Simple merge

diff --cc arch/x86/kvm/mmu.c
Simple merge

diff --cc arch/x86/kvm/svm.c
index 14cca8c601a912a6155511f775f397a3c84d6ddc,ec5df575299525fe6ce587e42daae714248e3fd7..5d83f0474020c5f669273179c2f191fccb405ee7
--- 1/arch/x86/kvm/svm.c
--- 2/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
@@@ -284,8 -291,12 +291,12 @@@ module_param(vls, int, 0444)
  static int vgif = true;
  module_param(vgif, int, 0444);
  
+ /* enable/disable SEV support */
+ static int sev = IS_ENABLED(CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT);
+ module_param(sev, int, 0444);
+ 
  static void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long cr0);
 -static void svm_flush_tlb(struct kvm_vcpu *vcpu);
 +static void svm_flush_tlb(struct kvm_vcpu *vcpu, bool invalidate_gpa);
  static void svm_complete_interrupts(struct vcpu_svm *svm);
  
  static int nested_svm_exit_handled(struct vcpu_svm *svm);

diff --cc arch/x86/kvm/x86.c
Simple merge

diff --cc include/uapi/linux/kvm.h
Simple merge