From nobody Sat Oct  4 00:28:09 2025
Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com
 [209.85.210.202])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5C6BB393DC3
	for <linux-kernel@vger.kernel.org>; Thu, 21 Aug 2025 21:38:44 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.210.202
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1755812325; cv=none;
 b=hpzQkM0gV6eHX3IPIiXwh433Z8SOwl74KA1AfR9oZgSv427pL0UNOsmy1D1rMRl+Bgpz9CE50SZvrPp+AcRLY779/ART16lZOfgwS4p++8Nz0GqiPACKINqyELF6nA4WMZPbWBRLRj/K/KQtVJDVL7FY2bUIa1ISfg0cSpTOpVg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1755812325; c=relaxed/simple;
	bh=9IigR4Wlagg6xhLm9hN1vALyc5QXNqvJf+sepyZxpOU=;
	h=Date:Mime-Version:Message-ID:Subject:From:To:Cc:Content-Type;
 b=c/Bj/uVRh+FdYH9gFYsiV9tDKM6b+7mexfyvR0USHQALgkYV07iiluyu/n2g4fDyyp1L5+HgLHH37CSTLNXq0X8nPEATbsAjHu3hYmwNc8YTQnyYKWhgrQcY+hRoLCGlp6yXJhIHd1DkssvdAuoEYJRCQz5i+2jqzc2+/E7y2CE=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com;
 dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b=ZVWFsfya; arc=none smtp.client-ip=209.85.210.202
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=google.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=google.com header.i=@google.com
 header.b="ZVWFsfya"
Received: by mail-pf1-f202.google.com with SMTP id
 d2e1a72fcca58-76e55665b05so1351113b3a.2
        for <linux-kernel@vger.kernel.org>;
 Thu, 21 Aug 2025 14:38:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20230601; t=1755812324; x=1756417124;
 darn=vger.kernel.org;
        h=cc:to:from:subject:message-id:mime-version:date:reply-to:from:to:cc
         :subject:date:message-id:reply-to;
        bh=vHVEfAKtxAdzAcGw4A2fKIX4sGvGDOZHuTt9dFxqKbs=;
        b=ZVWFsfyap49n437Lwfl51JA0FjQlKlC7qi5cHbds5Anq6kcHmvlRP27Yki/ix2upuJ
         20WYGXhRQi1UrpAyVFQqv/SeV06+wR1aMT+9YRz+/5P9Y3fQrO0M2+8R+VxL5lAs+typ
         6bqZJg8vKtS94WO/d7rrNlDc0VRLjCE4nktOUOhF/WvC7KJUqpGP9BzuXOR95h7UEXpw
         kWkbr4wTRC71IhZZp7glR9+nSiML8h1c8aA4gIm4JaE5licjU0ywdwvb2CymAFJEKCo4
         aIZ4smPlBSF7IJdiV/t1nKUKqFYfsVAXlMXyBDh1A61p+hlrUVEVK70OxtRlwKqReaQg
         12bQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1755812324; x=1756417124;
        h=cc:to:from:subject:message-id:mime-version:date:reply-to
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=vHVEfAKtxAdzAcGw4A2fKIX4sGvGDOZHuTt9dFxqKbs=;
        b=DQ0SHft6ihaNPC5+lPEle+89MzAeXxL8jyHr3EmqIg+ORc1SH/4YVbKoKWtkT019n5
         +gjEPSLvRGa3mFE7QwAua1b3SY8sf9qJ2J19aunAntCjiePb5ebqAhavQ5/K59yrDWWP
         js3RCEjsuGHgp16k8+NoFebasQCWkzztFMrOE4GfkLeU0GxWVDKbomY0UpnmGUlwugut
         EShvT6Ze+2D0exSPmXM1Kv6p1c0zITxjoO8JzhTBgzK+RHy/3nVnOnxxISnLuvalpNIe
         X/g5fn+3EEJiZ4HXy17Cu/FvnWY7TMvJVCingrhHOjYJefyDmzZIlapbaIEWL+Nsc05p
         eChQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCXz4z9L/pCciReKMJmPeS4Bsx2XVhfcj5pxR2D0vD04oN1+Q3lXUd0Fda+4Ik/ymtEteqL/H5m81MdwJU0=@vger.kernel.org
X-Gm-Message-State: AOJu0YxmJhlfaYHMpFoeSrhELdmNB9Ccs/kopl0bBlsuznxB2iaI4fbN
	t9YnhKFNE5iOwvGQh5hjHh4cUPZpidQ8ptZuIMniuERoglogOjv4nxpjc7rFz+8YuqPH5h7MQUB
	oT1xnbw==
X-Google-Smtp-Source: 
 AGHT+IHFQiSefcTlno7Uq/XGi8nI9plpgfoEU78HL5FBciMulA4rlZ4sbQS82vcym6ASk7rbb+I7gPlrtRg=
X-Received: from pggr14.prod.google.com ([2002:a63:d90e:0:b0:b42:373b:8dfc])
 (user=seanjc job=prod-delivery.src-stubby-dispatcher) by
 2002:a05:6a20:3d87:b0:243:78a:82be
 with SMTP id adf61e73a8af0-24340da7cefmr889872637.56.1755812323689; Thu, 21
 Aug 2025 14:38:43 -0700 (PDT)
Reply-To: Sean Christopherson <seanjc@google.com>
Date: Thu, 21 Aug 2025 14:38:41 -0700
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
X-Mailer: git-send-email 2.51.0.261.g7ce5a0a67e-goog
Message-ID: <20250821213841.3462339-1-seanjc@google.com>
Subject: [PATCH] KVM: SEV: Save the SEV policy if and only if LAUNCH_START
 succeeds
From: Sean Christopherson <seanjc@google.com>
To: Sean Christopherson <seanjc@google.com>,
 Paolo Bonzini <pbonzini@redhat.com>
Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
	Tom Lendacky <thomas.lendacky@amd.com>, Kim Phillips <kim.phillips@amd.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

Wait until LAUNCH_START fully succeeds to set a VM's SEV/SNP policy so
that KVM doesn't keep a potentially stale policy.  In practice, the issue
is benign as the policy is only used to detect if the VMSA can be
decrypted, and the VMSA only needs to be decrypted if LAUNCH_UPDATE and
thus LAUNCH_START succeeded.

Fixes: 962e2b6152ef ("KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debuggin=
g is enabled")
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Kim Phillips <kim.phillips@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
---
 arch/x86/kvm/svm/sev.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index f4381878a9e5..65b59939754c 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -583,8 +583,6 @@ static int sev_launch_start(struct kvm *kvm, struct kvm=
_sev_cmd *argp)
 	if (copy_from_user(&params, u64_to_user_ptr(argp->data), sizeof(params)))
 		return -EFAULT;
=20
-	sev->policy =3D params.policy;
-
 	memset(&start, 0, sizeof(start));
=20
 	dh_blob =3D NULL;
@@ -632,6 +630,7 @@ static int sev_launch_start(struct kvm *kvm, struct kvm=
_sev_cmd *argp)
 		goto e_free_session;
 	}
=20
+	sev->policy =3D params.policy;
 	sev->handle =3D start.handle;
 	sev->fd =3D argp->sev_fd;
=20
@@ -2201,8 +2200,6 @@ static int snp_launch_start(struct kvm *kvm, struct k=
vm_sev_cmd *argp)
 		start.desired_tsc_khz =3D kvm->arch.default_tsc_khz;
 	}
=20
-	sev->policy =3D params.policy;
-
 	sev->snp_context =3D snp_context_create(kvm, argp);
 	if (!sev->snp_context)
 		return -ENOTTY;
@@ -2218,6 +2215,7 @@ static int snp_launch_start(struct kvm *kvm, struct k=
vm_sev_cmd *argp)
 		goto e_free_context;
 	}
=20
+	sev->policy =3D params.policy;
 	sev->fd =3D argp->sev_fd;
 	rc =3D snp_bind_asid(kvm, &argp->error);
 	if (rc) {

base-commit: ecbcc2461839e848970468b44db32282e5059925
--=20
2.51.0.261.g7ce5a0a67e-goog