rhakobyan · Talador12 · Mar 11, 2026 · Apr 7, 2026 · Apr 7, 2026 · Apr 7, 2026
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -64,6 +64,9 @@ jobs:
       - name: Build (sev_snp)
         run: cargo build --locked --bin cloud-hypervisor --no-default-features --features "sev_snp"
 
+      - name: Build (kvm + sev_snp)
+        run: cargo build --locked --bin cloud-hypervisor --no-default-features --features "kvm,igvm,sev_snp,fw_cfg"
+
       - name: Build (igvm)
         run: cargo build --locked --bin cloud-hypervisor --no-default-features --features "igvm"
 

diff --git a/.github/workflows/quality.yaml b/.github/workflows/quality.yaml
@@ -157,6 +157,36 @@ jobs:
           target: ${{ matrix.target }}
           args: --locked --all --all-targets --no-default-features --tests --examples --features "tdx,kvm" -- -D warnings
 
+      - name: Clippy (kvm + sev_snp + igvm + fw_cfg)
+        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }}
+        uses: houseabsolute/actions-rust-cross@v1
+        with:
+          command: clippy
+          cross-version: 3e0957637b49b1bbced23ad909170650c5b70635
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          args: --locked --all --all-targets --no-default-features --tests --examples --features "kvm,sev_snp,igvm,fw_cfg" -- -D warnings
+
+      - name: Clippy (mshv + kvm + igvm)
+        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }}
+        uses: houseabsolute/actions-rust-cross@v1
+        with:
+          command: clippy
+          cross-version: 3e0957637b49b1bbced23ad909170650c5b70635
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          args: --locked --all --all-targets --no-default-features --tests --examples --features "mshv,kvm,igvm" -- -D warnings
+
+      - name: Clippy (default features + sev_snp + igvm + fw_cfg)
+        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }}
+        uses: houseabsolute/actions-rust-cross@v1
+        with:
+          command: clippy
+          cross-version: 3e0957637b49b1bbced23ad909170650c5b70635
+          toolchain: ${{ matrix.rust }}
+          target: ${{ matrix.target }}
+          args: --locked --all --all-targets --tests --examples --features "sev_snp,igvm,fw_cfg" -- -D warnings
+
       - name: Check build did not modify any files
         run: test -z "$(git status --porcelain)"
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/arch/src/x86_64/mod.rs b/arch/src/x86_64/mod.rs
@@ -819,6 +819,7 @@ pub fn configure_vcpu(
     cpu_vendor: CpuVendor,
     topology: (u16, u16, u16, u16),
     nested: bool,
+    setup_registers: bool,
 ) -> super::Result<()> {
     let x2apic_id = get_x2apic_id(id, Some(topology));
 
@@ -891,7 +892,9 @@ pub fn configure_vcpu(
     }
 
     regs::setup_msrs(vcpu).map_err(Error::MsrsConfiguration)?;
-    if let Some((kernel_entry_point, guest_memory)) = boot_setup {
+    if let Some((kernel_entry_point, guest_memory)) = boot_setup
+        && setup_registers
+    {
         regs::setup_regs(vcpu, kernel_entry_point).map_err(Error::RegsConfiguration)?;
         regs::setup_fpu(vcpu).map_err(Error::FpuConfiguration)?;
 

diff --git a/devices/src/legacy/fw_cfg.rs b/devices/src/legacy/fw_cfg.rs
@@ -649,6 +649,16 @@ impl FwCfg {
         let kernel_start = bp.text_offset;
         #[cfg(target_arch = "x86_64")]
         let kernel_start = (bp.hdr.setup_sects as usize + 1) * 512;
+        if kernel_start <= buffer.len() {
+            buffer.truncate(kernel_start);
+        } else {
+            buffer.resize(kernel_start, 0);
+            file.read_exact_at(
+                &mut buffer[size_of::<boot_params>()..],
+                size_of::<boot_params>() as u64,
+            )?;
+        }
+
         self.known_items[FW_CFG_SETUP_SIZE as usize] = FwCfgContent::U32(buffer.len() as u32);
         self.known_items[FW_CFG_SETUP_DATA as usize] = FwCfgContent::Bytes(buffer);
         self.known_items[FW_CFG_KERNEL_SIZE as usize] =

diff --git a/hypervisor/Cargo.toml b/hypervisor/Cargo.toml
@@ -16,6 +16,7 @@ tdx = []
 [dependencies]
 anyhow = { workspace = true }
 arc-swap = "1.9.0"
+bitfield = "0.16.1"
 bitfield-struct = "0.12.0"
 byteorder = { workspace = true }
 cfg-if = { workspace = true }

diff --git a/hypervisor/src/cpu.rs b/hypervisor/src/cpu.rs
@@ -587,10 +587,15 @@ pub trait Vcpu: Send + Sync {
     ) -> Result<[u32; 4]> {
         unimplemented!()
     }
-    #[cfg(feature = "mshv")]
-    fn set_sev_control_register(&self, _reg: u64) -> Result<()> {
+    #[cfg(feature = "sev_snp")]
+    fn set_sev_control_register(&self, _vmsa_pfn: u64) -> Result<()> {
+        unimplemented!()
+    }
+    #[cfg(feature = "sev_snp")]
+    fn setup_sev_snp_regs(&self, _vmsa: igvm::snp_defs::SevVmsa) -> Result<()> {
         unimplemented!()
     }
+
     ///
     /// Sets the value of GIC redistributor address
     ///

diff --git a/hypervisor/src/hypervisor.rs b/hypervisor/src/hypervisor.rs
@@ -96,6 +96,11 @@ pub enum HypervisorError {
     #[cfg(target_arch = "x86_64")]
     #[error("Failed to enable AMX tile state components")]
     CouldNotEnableAmxStateComponents(#[source] crate::arch::x86::AmxGuestSupportError),
+    ///
+    /// Failed to retrieve SEV-SNP capabilities
+    ///
+    #[error("Failed to retrieve SEV-SNP capabilities:{0}")]
+    SevSnpCapabilities(#[source] anyhow::Error),
 }
 
 ///