Require a minimum GHCB version of 2 when starting SEV-SNP guests through KVM_SEV_INIT2. When a VMM attempts to start an SEV-SNP guest with an incompatible GHCB version (less than 2), reject the request early rather than allowing the guest to start with an incorrect protocol version and fail later.
Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version") Cc: Thomas Lendacky thomas.lendacky@amd.com Cc: Sean Christopherson seanjc@google.com Cc: Michael Roth michael.roth@amd.com Cc: stable@vger.kernel.org Signed-off-by: Nikunj A Dadhania nikunj@amd.com --- arch/x86/kvm/svm/sev.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index a12e78b67466..91d06fb91ba2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -435,6 +435,9 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, if (unlikely(sev->active)) return -EINVAL;
+ if (snp_active && data->ghcb_version && data->ghcb_version < 2) + return -EINVAL; + sev->active = true; sev->es_active = es_active; sev->vmsa_features = data->vmsa_features;
On Fri, Jul 11, 2025, Nikunj A Dadhania wrote:
Require a minimum GHCB version of 2 when starting SEV-SNP guests through KVM_SEV_INIT2. When a VMM attempts to start an SEV-SNP guest with an incompatible GHCB version (less than 2), reject the request early rather than allowing the guest to start with an incorrect protocol version and fail later.
What happens with ghcb_version==1? I.e. what failure occurs, and when?
Hi Nikunj,
kernel test robot noticed the following build errors:
[auto build test ERROR on kvm/queue] [also build test ERROR on kvm/next linus/master v6.16-rc5 next-20250711] [cannot apply to kvm/linux-next] [If your patch is applied to the wrong git tree, kindly drop us a note. And when submitting patch, we suggest to use '--base' as documented in https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Nikunj-A-Dadhania/KVM-SEV-Enf... base: https://git.kernel.org/pub/scm/virt/kvm/kvm.git queue patch link: https://lore.kernel.org/r/20250711045408.95129-1-nikunj%40amd.com patch subject: [PATCH] KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests config: x86_64-rhel-9.4-rust (https://download.01.org/0day-ci/archive/20250712/202507120551.iDEiTBBN-lkp@i...) compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261) rustc: rustc 1.88.0 (6b00bc388 2025-06-23) reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20250712/202507120551.iDEiTBBN-lkp@i...)
If you fix the issue in a separate patch/commit (i.e. not just a new version of the same patch/commit), kindly add following tags | Reported-by: kernel test robot lkp@intel.com | Closes: https://lore.kernel.org/oe-kbuild-all/202507120551.iDEiTBBN-lkp@intel.com/
All errors (new ones prefixed by >>):
arch/x86/kvm/svm/sev.c:426:6: error: use of undeclared identifier 'snp_active'
426 | if (snp_active && data->ghcb_version && data->ghcb_version < 2) | ^ 1 error generated.
vim +/snp_active +426 arch/x86/kvm/svm/sev.c
400 401 static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, 402 struct kvm_sev_init *data, 403 unsigned long vm_type) 404 { 405 struct kvm_sev_info *sev = to_kvm_sev_info(kvm); 406 struct sev_platform_init_args init_args = {0}; 407 bool es_active = vm_type != KVM_X86_SEV_VM; 408 u64 valid_vmsa_features = es_active ? sev_supported_vmsa_features : 0; 409 int ret; 410 411 if (kvm->created_vcpus) 412 return -EINVAL; 413 414 if (data->flags) 415 return -EINVAL; 416 417 if (data->vmsa_features & ~valid_vmsa_features) 418 return -EINVAL; 419 420 if (data->ghcb_version > GHCB_VERSION_MAX || (!es_active && data->ghcb_version)) 421 return -EINVAL; 422 423 if (unlikely(sev->active)) 424 return -EINVAL; 425
426 if (snp_active && data->ghcb_version && data->ghcb_version < 2)
427 return -EINVAL; 428 429 sev->active = true; 430 sev->es_active = es_active; 431 sev->vmsa_features = data->vmsa_features; 432 sev->ghcb_version = data->ghcb_version; 433 434 /* 435 * Currently KVM supports the full range of mandatory features defined 436 * by version 2 of the GHCB protocol, so default to that for SEV-ES 437 * guests created via KVM_SEV_INIT2. 438 */ 439 if (sev->es_active && !sev->ghcb_version) 440 sev->ghcb_version = GHCB_VERSION_DEFAULT; 441 442 if (vm_type == KVM_X86_SNP_VM) 443 sev->vmsa_features |= SVM_SEV_FEAT_SNP_ACTIVE; 444 445 ret = sev_asid_new(sev); 446 if (ret) 447 goto e_no_asid; 448 449 init_args.probe = false; 450 ret = sev_platform_init(&init_args); 451 if (ret) 452 goto e_free; 453 454 /* This needs to happen after SEV/SNP firmware initialization. */ 455 if (vm_type == KVM_X86_SNP_VM) { 456 ret = snp_guest_req_init(kvm); 457 if (ret) 458 goto e_free; 459 } 460 461 INIT_LIST_HEAD(&sev->regions_list); 462 INIT_LIST_HEAD(&sev->mirror_vms); 463 sev->need_init = false; 464 465 kvm_set_apicv_inhibit(kvm, APICV_INHIBIT_REASON_SEV); 466 467 return 0; 468 469 e_free: 470 argp->error = init_args.error; 471 sev_asid_free(sev); 472 sev->asid = 0; 473 e_no_asid: 474 sev->vmsa_features = 0; 475 sev->es_active = false; 476 sev->active = false; 477 return ret; 478 } 479
linux-stable-mirror@lists.linaro.org
-
kernel test robot -
Nikunj A Dadhania -
Sean Christopherson