KVM: x86: support CONFIG_KVM_AMD=y with CONFIG_CRYPTO_DEV_CCP_DD=m

bonzini · bonzini · commit 853c110982ea · 2018-10-09T18:38:42.000+02:00
SEV requires access to the AMD cryptographic device APIs, and this
does not work when KVM is builtin and the crypto driver is a module.
Actually the Kconfig conditions for CONFIG_KVM_AMD_SEV try to disable
SEV in that case, but it does not work because the actual crypto
calls are not culled, only sev_hardware_setup() is.

This patch adds two CONFIG_KVM_AMD_SEV checks that gate all the remaining
SEV code; it fixes this particular configuration, and drops 5 KiB of
code when CONFIG_KVM_AMD_SEV=n.

Reported-by: Guenter Roeck &lt;linux@roeck-us.net&gt;
Signed-off-by: Paolo Bonzini &lt;pbonzini@redhat.com&gt;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
@@ -436,14 +436,18 @@ static inline struct kvm_svm *to_kvm_svm(struct kvm *kvm)
 
 static inline bool svm_sev_enabled(void)
 {
-	return max_sev_asid;
+	return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0;
 }
 
 static inline bool sev_guest(struct kvm *kvm)
 {
+#ifdef CONFIG_KVM_AMD_SEV
 	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
 
 	return sev->active;
+#else
+	return false;
+#endif
 }
 
 static inline int sev_get_asid(struct kvm *kvm)

Original file line number	Diff line number	Diff line change
`@@ -436,14 +436,18 @@ static inline struct kvm_svm to_kvm_svm(struct kvm kvm)`
`436`	`436`
`437`	`437`	`static inline bool svm_sev_enabled(void)`
`438`	`438`	`{`
`439`		`- return max_sev_asid;`
	`439`	`+ return IS_ENABLED(CONFIG_KVM_AMD_SEV) ? max_sev_asid : 0;`
`440`	`440`	`}`
`441`	`441`
`442`	`442`	`static inline bool sev_guest(struct kvm *kvm)`
`443`	`443`	`{`
	`444`	`+#ifdef CONFIG_KVM_AMD_SEV`
`444`	`445`	`struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;`
`445`	`446`
`446`	`447`	`return sev->active;`
	`448`	`+#else`
	`449`	`+ return false;`
	`450`	`+#endif`
`447`	`451`	`}`
`448`	`452`
`449`	`453`	`static inline int sev_get_asid(struct kvm *kvm)`