Require a minimum GHCB version of 2 when starting SEV-SNP guests through KVM_SEV_INIT2. When a VMM attempts to start an SEV-SNP guest with an incompatible GHCB version (less than 2), reject the request early rather than allowing the guest to start with an incorrect protocol version and fail later.
Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version") Cc: Thomas Lendacky thomas.lendacky@amd.com Cc: Sean Christopherson seanjc@google.com Cc: Michael Roth michael.roth@amd.com Cc: stable@vger.kernel.org Signed-off-by: Nikunj A Dadhania nikunj@amd.com --- arch/x86/kvm/svm/sev.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a12e78b67466..91d06fb91ba2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -435,6 +435,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, if (unlikely(sev->active)) return -EINVAL;
+ if (snp_active && data->ghcb_version && data->ghcb_version < 2) + return -EINVAL; + sev->active = true; sev->es_active = es_active; sev->vmsa_features = data->vmsa_features;