Commit 4b8e1b32 authored by Paolo Bonzini's avatar Paolo Bonzini
Browse files

KVM: allow compiling out SMM support 



Some users of KVM implement the UEFI variable store through a paravirtual device
that does not require the "SMM lockbox" component of edk2; allow them to
compile out system management mode, which is not a full implementation
especially in how it interacts with nested virtualization.

Suggested-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
Reviewed-by: default avatarMaxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20220929172016.319443-6-pbonzini@redhat.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent 1d0da94c

arch/x86/kvm/Kconfig

+11 −0
Original line number Diff line number Diff line
@@ -118,6 +118,17 @@ config KVM_AMD_SEV 
	  Provides support for launching Encrypted VMs (SEV) and Encrypted VMs

	  with Encrypted State (SEV-ES) on AMD processors.



config KVM_SMM

	bool "System Management Mode emulation"

	default y

	depends on KVM

	help

	  Provides support for KVM to emulate System Management Mode (SMM)

	  in virtual machines.  This can be used by the virtual machine

	  firmware to implement UEFI secure boot.



	  If unsure, say Y.



config KVM_XEN

	bool "Support for Xen hypercall interface"

	depends on KVM

arch/x86/kvm/Makefile

+1 −1
Original line number Diff line number Diff line
@@ -20,7 +20,7 @@ endif 


kvm-$(CONFIG_X86_64) += mmu/tdp_iter.o mmu/tdp_mmu.o

kvm-$(CONFIG_KVM_XEN)	+= xen.o

kvm-y			+= smm.o

kvm-$(CONFIG_KVM_SMM)	+= smm.o



kvm-intel-y		+= vmx/vmx.o vmx/vmenter.o vmx/pmu_intel.o vmx/vmcs12.o \

			   vmx/evmcs.o vmx/nested.o vmx/posted_intr.o

arch/x86/kvm/smm.h

+12 −0
Original line number Diff line number Diff line
@@ -8,6 +8,7 @@ 
#define PUT_SMSTATE(type, buf, offset, val)                      \

	*(type *)((buf) + (offset) - 0x7e00) = val



#ifdef CONFIG_KVM_SMM

static inline int kvm_inject_smi(struct kvm_vcpu *vcpu)

{

	kvm_make_request(KVM_REQ_SMI, vcpu);
@@ -23,5 +24,16 @@ void kvm_smm_changed(struct kvm_vcpu *vcpu, bool in_smm); 
void enter_smm(struct kvm_vcpu *vcpu);

int emulator_leave_smm(struct x86_emulate_ctxt *ctxt);

void process_smi(struct kvm_vcpu *vcpu);

#else

static inline int kvm_inject_smi(struct kvm_vcpu *vcpu) { return -ENOTTY; }

static inline bool is_smm(struct kvm_vcpu *vcpu) { return false; }

static inline void enter_smm(struct kvm_vcpu *vcpu) { WARN_ON_ONCE(1); }

static inline void process_smi(struct kvm_vcpu *vcpu) { WARN_ON_ONCE(1); }



/*

 * emulator_leave_smm is used as a function pointer, so the

 * stub is defined in x86.c.

 */

#endif



#endif

arch/x86/kvm/svm/svm.c

+2 −0
Original line number Diff line number Diff line
@@ -4115,6 +4115,8 @@ static bool svm_has_emulated_msr(struct kvm *kvm, u32 index) 
	case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:

		return false;

	case MSR_IA32_SMBASE:

		if (!IS_ENABLED(CONFIG_KVM_SMM))

			return false;

		/* SEV-ES guests do not support SMM, so report false */

		if (kvm && sev_es_guest(kvm))

			return false;

arch/x86/kvm/vmx/vmx.c

+2 −0
Original line number Diff line number Diff line
@@ -6842,6 +6842,8 @@ static bool vmx_has_emulated_msr(struct kvm *kvm, u32 index) 
{

	switch (index) {

	case MSR_IA32_SMBASE:

		if (!IS_ENABLED(CONFIG_KVM_SMM))

			return false;

		/*

		 * We cannot do SMM unless we can run the guest in big

		 * real mode.