From nobody Tue Dec 16 20:14:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C5BEEE49A0 for ; Fri, 25 Aug 2023 02:24:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236796AbjHYCYP (ORCPT ); Thu, 24 Aug 2023 22:24:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58416 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232361AbjHYCYF (ORCPT ); Thu, 24 Aug 2023 22:24:05 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C71081BE5 for ; Thu, 24 Aug 2023 19:24:03 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id 41be03b00d2f7-56f8c8fd8e7so320017a12.1 for ; Thu, 24 Aug 2023 19:24:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1692930243; x=1693535043; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=oVtCByE4fDO3d4y8kIYOOEOORwXrAjMG9bL5RaKJEvo=; b=ur6VpWRHVFba2UbZYv3uMwXPvqeBZqy5oCA5fJjgrGUUBOyYN2oleq4keewpDQ+mxs P8kpbCDHKLDGTRsSFbyu4ZUDbKQTxpnzSRHTSdsuQa5eys8Gz8s4vCcnRi+5QORbXeNI ziPChPP/73BRcKbpEZLOQhEjmPwdtLpXfrJBfsiTG3n5fNBFXQ1SGfoULSTV9igNAFw/ hic7Y1EbDaXCPCAQdrPpxCZuMImeMGhYoq0tsYCiBEuo5yzLeG/PUhTF0PrGOHOICFjz gqxh/pN++mdXmJyyD06AZfRCsoFkxr1CD+/DfGXd47yt2yUwJOjrQzwTxXESyENUY5ig rosw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692930243; x=1693535043; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oVtCByE4fDO3d4y8kIYOOEOORwXrAjMG9bL5RaKJEvo=; b=grN9MipXDJURzqSa4jBjp7QBy+3wtRyQi433PpzJICCGmYBxNFDaxbxYKvLgPkkGeC pSeAeIpJgE1tfWTraS3wCoPGA2c1mQEGQeNP14GZFG15II9Dh1Z2X5OwaQopuQT29Hsk EDRX5PqR6+iRyH1E/UAMgd7NB7vupsMhfL4Hh1NUTpd3pSE+quLffjc9oLx+f7yFf6VU nWe7p3Prg5wpsR4F4MyeHb32IaefYPHixnsPrOwUEkXhXLsxhbZfVmXy5Xupj4Y3Q35x 5EpybKph0sClYiOpLQHNip4xNFoi4maR8CRScGSEPmHUsoacHQPgavJ7vWv8KC9T+Ff1 hE0w== X-Gm-Message-State: AOJu0YwG+DzbMMU+cQNsoHgZkmAmpr4b6zsAjzKk06NfMN/72xL5KnTN i8T94C0QIeBYJ4VdcRJm84GHpopj3wo= X-Google-Smtp-Source: AGHT+IF4TG4sBB/OOSznvFnGrC/wmig/Of5xf2wy3XzoLJK2Grrjw7w1nIisXmoqH4AKiH2Jo7cmip6vg1Y= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a63:be49:0:b0:569:3810:dda3 with SMTP id g9-20020a63be49000000b005693810dda3mr3190445pgo.9.1692930243268; Thu, 24 Aug 2023 19:24:03 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 24 Aug 2023 19:23:56 -0700 In-Reply-To: <20230825022357.2852133-1-seanjc@google.com> Mime-Version: 1.0 References: <20230825022357.2852133-1-seanjc@google.com> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog Message-ID: <20230825022357.2852133-2-seanjc@google.com> Subject: [PATCH 1/2] KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Peter Gonda Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Fix a goof where KVM tries to grab source vCPUs from the destination VM when doing intrahost migration. Grabbing the wrong vCPU not only hoses the guest, it also crashes the host due to the VMSA pointer being left NULL. BUG: unable to handle page fault for address: ffffe38687000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 39 PID: 17143 Comm: sev_migrate_tes Tainted: GO 6.5.0-smp--fff= 2e47e6c3b-next #151 Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.28.0 07/= 10/2023 RIP: 0010:__free_pages+0x15/0xd0 RSP: 0018:ffff923fcf6e3c78 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffe38687000000 RCX: 0000000000000100 RDX: 0000000000000100 RSI: 0000000000000000 RDI: ffffe38687000000 RBP: ffff923fcf6e3c88 R08: ffff923fcafb0000 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff83619b90 R12: ffff923fa9540000 R13: 0000000000080007 R14: ffff923f6d35d000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff929d0d7c0000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffe38687000000 CR3: 0000005224c34005 CR4: 0000000000770ee0 PKRU: 55555554 Call Trace: sev_free_vcpu+0xcb/0x110 [kvm_amd] svm_vcpu_free+0x75/0xf0 [kvm_amd] kvm_arch_vcpu_destroy+0x36/0x140 [kvm] kvm_destroy_vcpus+0x67/0x100 [kvm] kvm_arch_destroy_vm+0x161/0x1d0 [kvm] kvm_put_kvm+0x276/0x560 [kvm] kvm_vm_release+0x25/0x30 [kvm] __fput+0x106/0x280 ____fput+0x12/0x20 task_work_run+0x86/0xb0 do_exit+0x2e3/0x9c0 do_group_exit+0xb1/0xc0 __x64_sys_exit_group+0x1b/0x20 do_syscall_64+0x41/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd CR2: ffffe38687000000 Fixes: 6defa24d3b12 ("KVM: SEV: Init target VMCBs in sev_migrate_from") Cc: stable@vger.kernel.org Cc: Peter Gonda Signed-off-by: Sean Christopherson Reviewed-by: Pankaj Gupta Reviewed-by: Peter Gonda --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 2cd15783dfb9..acc700bcb299 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1739,7 +1739,7 @@ static void sev_migrate_from(struct kvm *dst_kvm, str= uct kvm *src_kvm) * Note, the source is not required to have the same number of * vCPUs as the destination when migrating a vanilla SEV VM. */ - src_vcpu =3D kvm_get_vcpu(dst_kvm, i); + src_vcpu =3D kvm_get_vcpu(src_kvm, i); src_svm =3D to_svm(src_vcpu); =20 /* --=20 2.42.0.rc2.253.gd59a3bf2b4-goog From nobody Tue Dec 16 20:14:54 2025 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91B41EE49A6 for ; Fri, 25 Aug 2023 02:24:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237208AbjHYCYQ (ORCPT ); Thu, 24 Aug 2023 22:24:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58432 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232787AbjHYCYH (ORCPT ); Thu, 24 Aug 2023 22:24:07 -0400 Received: from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com [IPv6:2607:f8b0:4864:20::b4a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A32FDCCB for ; Thu, 24 Aug 2023 19:24:05 -0700 (PDT) Received: by mail-yb1-xb4a.google.com with SMTP id 3f1490d57ef6-d72f3290e6eso539374276.3 for ; Thu, 24 Aug 2023 19:24:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1692930245; x=1693535045; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=GjBTHZffictDqC7SXUKAVMLWKYcOQkz6MY9f+b7B5hg=; b=mCR4QFTFn5Jcy7nVzhsR24Gy5QiLBgy+rUHCssS/UWljXUqPZ/9kTgEm20It7zc9dL yCbzxb76WoVG4xjUDLV6nnEc8FEc9VFBkgECVKIAz8FyiOxtfDSu5sFaejwwjpBuKAuM cer3fi5dlDKmlpwgT0KZRlQfcUXN4pQtWOmQK1Dp1kM3MvWkTL+V6AhzIbXE/dtBnNj7 Al9zPJfQQ8QyvEpJgPd8jEVOAhRh8pMCz4wV9McbG5K9BDrFUGqWjr9G7IFihwncm83Q 6PsJhJJCoxmgyiLX8u5+EFnT95D/21rP+JFMQRc05j2boYfptlVs3WR8u08yqJ2IRoWC ro1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692930245; x=1693535045; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GjBTHZffictDqC7SXUKAVMLWKYcOQkz6MY9f+b7B5hg=; b=l1fdbfx4P+e9jtCHwnRb2HSvxYsVUJgJWEEtheLfmsO8N8THwlX+jtYD5nfJoHLIGe Ot80biYVDUx3ChZx9yHgzMipIMT/rJPGgX+Tg66qR1ggf5zH6BG40rcX6fU1/CGVBuYb uTeXTwtVLFR+Ya4RKOfWxxt4in9PgCQR7dh2jRBECIkiZs9gKE8ZtJED/vM6iyTjyPXO HBDKPCmDgJ9AvQXAwXxJn5zJ5HoQJ4wrIg4pAcWR5syCdyGnl93/O6+xEulZIPmSDaOX F5DpplEuvjlzDUCgy/I5ZlOcKv70Lfib30l2h/RSb5Rk/b8E7ryS1vpc3iu1YoKr6neE loKg== X-Gm-Message-State: AOJu0Yxc64li/LS8izZxsmHEhlqB+2xMbvpe21rLLQMTAzr5XzMw2FnI JuiIohi6oQDGesP+DiEmQnGsxUl9cSw= X-Google-Smtp-Source: AGHT+IHA5Eyi8VPBlQpGEpV3E3TFwf1qKhES69a23NWfw66yifQWct5N7aW51NAyG07iqC1K9Y5sJF5pnB8= X-Received: from zagreus.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:5c37]) (user=seanjc job=sendgmr) by 2002:a25:aba2:0:b0:d77:f6f9:159 with SMTP id v31-20020a25aba2000000b00d77f6f90159mr161317ybi.9.1692930245006; Thu, 24 Aug 2023 19:24:05 -0700 (PDT) Reply-To: Sean Christopherson Date: Thu, 24 Aug 2023 19:23:57 -0700 In-Reply-To: <20230825022357.2852133-1-seanjc@google.com> Mime-Version: 1.0 References: <20230825022357.2852133-1-seanjc@google.com> X-Mailer: git-send-email 2.42.0.rc2.253.gd59a3bf2b4-goog Message-ID: <20230825022357.2852133-3-seanjc@google.com> Subject: [PATCH 2/2] KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Peter Gonda Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Skip initializing the VMSA physical address in the VMCB if the VMSA is NULL, which occurs during intrahost migration as KVM initializes the VMCB before copying over state from the source to the destination (including the VMSA and its physical address). In normal builds, __pa() is just math, so the bug isn't fatal, but with CONFIG_DEBUG_VIRTUAL=3Dy, the validity of the virtual address is verified and passing in NULL will make the kernel unhappy. Fixes: 6defa24d3b12 ("KVM: SEV: Init target VMCBs in sev_migrate_from") Cc: stable@vger.kernel.org Cc: Peter Gonda Signed-off-by: Sean Christopherson Reviewed-by: Pankaj Gupta Reviewed-by: Peter Gonda --- arch/x86/kvm/svm/sev.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index acc700bcb299..5585a3556179 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2975,9 +2975,12 @@ static void sev_es_init_vmcb(struct vcpu_svm *svm) /* * An SEV-ES guest requires a VMSA area that is a separate from the * VMCB page. Do not include the encryption mask on the VMSA physical - * address since hardware will access it using the guest key. + * address since hardware will access it using the guest key. Note, + * the VMSA will be NULL if this vCPU is the destination for intrahost + * migration, and will be copied later. */ - svm->vmcb->control.vmsa_pa =3D __pa(svm->sev_es.vmsa); + if (svm->sev_es.vmsa) + svm->vmcb->control.vmsa_pa =3D __pa(svm->sev_es.vmsa); =20 /* Can't intercept CR register access, HV can't modify CR registers */ svm_clr_intercept(svm, INTERCEPT_CR0_READ); --=20 2.42.0.rc2.253.gd59a3bf2b4-goog