From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 22B103783AC for ; Tue, 10 Mar 2026 23:48:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186519; cv=none; b=mjfWwdGxkcoBluKd8OpDMtYLu4ISfjqQjEZxA15paA9dyWNX4bNmO/vQZEz6j7WRF552qM6aSXA8iym3K6nDcUffDEkiE2iZX2/iZcz1GeWWDpTuxUwEH8WjKunK/NEAWUJ5MXwGBOTm3mxlg6l0vhHcfN1n2n0ghorYyby5Src= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186519; c=relaxed/simple; bh=xCDwucmupayRYkTSNgAJKJM1Jpc03ttRTH1AoKY5ATs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qMppao+EZvjS23528ShEYQl7bvwpntQfb5BsfCCtZMB1XHbxYtRgUDT+KiBt2BX8ICS5936HthRUGsYI2yynd9mRPB9r4kKcEehURlSRy6RwIW0T2VBj7fwJjXPfd6ukVeHjakFvZt+Wi6mWP6sYvsmonsYiSSYas8eLLS10iUA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=SIypkxYU; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="SIypkxYU" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2adef9d486bso122449235ad.2 for ; Tue, 10 Mar 2026 16:48:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186517; x=1773791317; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=6fM2QIGctUiFaljLqwWiYors6lECqRI6f/jy34iJVpo=; b=SIypkxYUT/LnFS94uwAxYXKpjKCDz0sRFY6e/0kXAji03f1dszoLTe/c2hr3+dkKpl 7AbiA1cBgQedGRUHQ2ie+u9aKNIvfuGI78umnSokwitcqf36Bw6ixJbaDf4hvevviYX6 ABYd9QHU3VST/I/luDT+6uhwQNzUfzqrN5vhB1hWfqwWXbhZ5VhluI/yzG58v5MfgkOH V6ltpH+uokGlP+NccWTM1GQSHxf8rwYih7Q0FWK8+GAuF1nldLHLX3scq48RNClfHMYh ByHGDbsrr4ubB/frI5xX+cZgxzCHOym4J4GQYseKMBRfQO4yTbVxq8Wa+nhD4JuXGXTx Gxew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186517; x=1773791317; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=6fM2QIGctUiFaljLqwWiYors6lECqRI6f/jy34iJVpo=; b=Zmrgv+vg2kTUmz8TTAG13obrRnrg7OxWd101QFUJRgJdaDZViBROkH4KjPeLtnwlZV bveig7Xned9elsIqvGbAfRBdM7hi/bCAVsDZXQWAwJNGgCsPDZMjRifJ02JLWNcrS7J4 fHtG2XzhFNCDSCoXhRz5gcqMnf4tYWTMQpxEfBlP23wiphZ4DCLMjFDyKI/ty7g73zgY w9gCx7wu1M+xTzFlM5zW+Oezec4QAt7+LD/Lg/Dv8rQdVugD5fTTToDbR4oeeJBUN8P9 rrROZlIlWCjHEKL9y8SNx5d3vRqekevxceabSbCal/IHG9czQrN2ClP39GZZnJlEe94o Y5JQ== X-Forwarded-Encrypted: i=1; AJvYcCVnrX4EXe/m8NQH0itAi3btZ9v1nOP9CnoEGFIyk9wOj5ESXAvMOS82MCljjIxSSrZRX5t6iqPPmZJfFnU=@vger.kernel.org X-Gm-Message-State: AOJu0YxAHhxoJ7LZAKzARcoGHa6BIvR1oUY+jhClkEOy0vZidrTlr15h GbUobMQgfp1sTpbnJtmgXL4xfNMYn6zzGvdaBgusRvaiqetRSzKutXmUlb04TDG8TTAtuEheb1b 5K72fhw== X-Received: from pgeh17.prod.google.com ([2002:a05:6a02:53d1:b0:c73:9c66:99b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:4d89:b0:398:9fc9:e077 with SMTP id adf61e73a8af0-398c5f427fdmr359732637.29.1773186517386; Tue, 10 Mar 2026 16:48:37 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:09 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-2-seanjc@google.com> Subject: [PATCH 01/21] KVM: selftests: Remove duplicate LAUNCH_UPDATE_VMSA call in SEV-ES migrate test From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Drop the explicit KVM_SEV_LAUNCH_UPDATE_VMSA call when creating an SEV-ES VM in the SEV migration test, as sev_vm_create() automatically updates the VMSA pages for SEV-ES guests. The only reason the duplicate call doesn't cause visible problems is because the test doesn't actually try to run the vCPUs. That will change when KVM adds a check to prevent userspace from re-launching a VMSA (which corrupts the VMSA page due to KVM writing encrypted private memory). Fixes: 69f8e15ab61f ("KVM: selftests: Use the SEV library APIs in the intra= -host migration test") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- tools/testing/selftests/kvm/x86/sev_migrate_tests.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c b/tools/te= sting/selftests/kvm/x86/sev_migrate_tests.c index 0a6dfba3905b..6b0928e69051 100644 --- a/tools/testing/selftests/kvm/x86/sev_migrate_tests.c +++ b/tools/testing/selftests/kvm/x86/sev_migrate_tests.c @@ -36,8 +36,6 @@ static struct kvm_vm *sev_vm_create(bool es) =20 sev_vm_launch(vm, es ? SEV_POLICY_ES : 0); =20 - if (es) - vm_sev_ioctl(vm, KVM_SEV_LAUNCH_UPDATE_VMSA, NULL); return vm; } =20 --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E115A3C345C for ; Tue, 10 Mar 2026 23:48:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186521; cv=none; b=No50soTkhEOQrtoMJe1Ma0TXiGUiYRhzBNeC1afhVWTtdhTthDSueC0+i9pVLxKKQbVzeYt6DcTfXQn4V8I6lLmmcT88Fg1SUkj//8oRdo1sqk6nv7cllu7plKj1OeBGBL5ucN6IgbdVZfgarkVM49eAXHVs8TmUoS4fMt9iZnU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186521; c=relaxed/simple; bh=1XZ4DTiRFNCLSF0qVFNepkPxCOp+jc//PliIM/VALRA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=W5SWEit1pmQJ08flA72x8S0I4TefnMdOxNGNnxuTAjUfz35HK282yiesWjvLj4czcsO8B2HiKfy1XlRIwusUMM1QWvJFCObocMNepXF7v/i71xXDHLvNI+B2KZGTUYz/Hx2VgoAIWZz94eSVPTClDOT3g9VX4seShzOjHKfLjn0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=EufFisZo; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EufFisZo" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2ae3e462daeso53567545ad.0 for ; Tue, 10 Mar 2026 16:48:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186519; x=1773791319; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=KWj8o4bF94Heu5AMNW4c6J9rXL8cTQ+SLdFWvNrb5Sw=; b=EufFisZolAmoA7hsiENjiJgialdrP6ZtgNNzrjXtamU78dOhZxwDmSKjPYfpHelShn rrAgve/jmCLk3pDMNE2oOJ8njzH9xhacyoyX/Pf2zkYnKz8e5Fh8/qQhOjX8Sb6AJhaK t2vLKRGgqSz5nWWEn+sQjJI1XdumTZQpElOIR7nNKBPQJ1Ndce1BebY0yPx2V1RURTqv Uz6k6eU67eNgz98+YyJojojsWCkTF2eTDIDqAaGoGok+HQPpv2+0zkIrDnzrIAic79q3 ahAxyrFdgTQISf1ZVpB8m1SNBcD0O9tt4NvbYAUp8azH0KSdShZw3os3OhKniLtjfSyg 3Tmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186519; x=1773791319; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=KWj8o4bF94Heu5AMNW4c6J9rXL8cTQ+SLdFWvNrb5Sw=; b=cT46RJ2h+xbZmNqWVSXYIaV4BW6d1pqub6isdULoB/3XcNX23lcK+SW3uL1CmJ9GyR JFsv2IB7ES4DbVCW9iSeB0MUbrz2aD6HuLYgz5pz7nOzdPnTGo+XZBUMaHYxFoHDqv+a WCuEsRtfonpsQQrs7oekBRS5HObRtxuLGUL5pu4UTOYBRV5q40Vwkqzen/q216GiNyC4 ebuItuebWJs/NZGGxr3NKBOLA4L/xW90yX/32CeQdUOHOWBKGgPDEXIFA+o8yhf5xeWE ME1KdlsuB8CdpG9m16Dki3JGLPuE47fxPTfFNXxzWsuySgr3JPt5K4X9UnJOKjIE0Dk9 aitQ== X-Forwarded-Encrypted: i=1; AJvYcCW83eMczjicCO8Jz3izBJWKSNJq5wKuUbGu9eVFVN2g4yWvmcHlZB5dO39UJZdmWloyX4wb2lnEtHfaCmE=@vger.kernel.org X-Gm-Message-State: AOJu0YzzPUrQWXxN2m3cbhG0wKgjP8RDvR8er5JRQa1RMzlHLOeXNryv LqMQLDHRQAagTHLJthFfyVvbYNC3ftHav5QBSHHKGQVfUm3AEHgG+4Mq4PojbtpJefRYjPPH58U zzwZvhA== X-Received: from pgbdo14.prod.google.com ([2002:a05:6a02:e8e:b0:c73:9919:c4fd]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:6016:b0:398:bda8:d8cd with SMTP id adf61e73a8af0-398c5e6cc31mr354274637.7.1773186519300; Tue, 10 Mar 2026 16:48:39 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:10 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-3-seanjc@google.com> Subject: [PATCH 02/21] KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject synchronizing vCPU state to its associated VMSA if the vCPU has already been launched, i.e. if the VMSA has already been encrypted. On a host with SNP enabled, accessing guest-private memory generates an RMP #PF and panics the host. BUG: unable to handle page fault for address: ff1276cbfdf36000 #PF: supervisor write access in kernel mode #PF: error_code(0x80000003) - RMP violation PGD 5a31801067 P4D 5a31802067 PUD 40ccfb5063 PMD 40e5954063 PTE 80000040f= df36163 SEV-SNP: PFN 0x40fdf36, RMP entry: [0x6010fffffffff001 - 0x00000000000000= 1f] Oops: Oops: 0003 [#1] SMP NOPTI CPU: 33 UID: 0 PID: 996180 Comm: qemu-system-x86 Tainted: G OE Tainted: [O]=3DOOT_MODULE, [E]=3DUNSIGNED_MODULE Hardware name: Dell Inc. PowerEdge R7625/0H1TJT, BIOS 1.5.8 07/21/2023 RIP: 0010:sev_es_sync_vmsa+0x54/0x4c0 [kvm_amd] Call Trace: snp_launch_update_vmsa+0x19d/0x290 [kvm_amd] snp_launch_finish+0xb6/0x380 [kvm_amd] sev_mem_enc_ioctl+0x14e/0x720 [kvm_amd] kvm_arch_vm_ioctl+0x837/0xcf0 [kvm] kvm_vm_ioctl+0x3fd/0xcc0 [kvm] __x64_sys_ioctl+0xa3/0x100 x64_sys_call+0xfe0/0x2350 do_syscall_64+0x81/0x10f0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7ffff673287d Note, the KVM flaw has been present since commit ad73109ae7ec ("KVM: SVM: Provide support to launch and run an SEV-ES guest"), but has only been actively dangerous for the host since SNP support was added. With SEV-ES, KVM would "just" clobber guest state, which is totally fine from a host kernel perspective since userspace can clobber guest state any time before sev_launch_update_vmsa(). Fixes: ad27ce155566 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command") Reported-by: Jethro Beekman Closes: https://lore.kernel.org/all/d98692e2-d96b-4c36-8089-4bc1e5cc3d57@fo= rtanix.com Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3f9c1aa39a0a..fa319a66938c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -882,6 +882,9 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) u8 *d; int i; =20 + if (vcpu->arch.guest_state_protected) + return -EINVAL; + /* Check some debug related fields before encrypting the VMSA */ if (svm->vcpu.guest_debug || (svm->vmcb->save.dr7 & ~DR7_FIXED_1)) return -EINVAL; --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDEBA248F73 for ; Tue, 10 Mar 2026 23:48:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186523; cv=none; b=lq4disjY4+a9tcPNFAGUcr4yp8SbWq99ymhSZCao5nY1Eh5hfwj0uXzckWL3Yt6kIbbdvyujNBdRvZf0JPBATHdKPLH+BwGmKviUWXEfEAHYk+gPmbf1XTun31mIgYjg0YnOMwNlO+UOdacPkx294uz8QYc95oiDiYxdnI57cMM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186523; c=relaxed/simple; bh=b+5ch2gAT5ERnn5NbXyhxSiq0SzA5rU9kaWO6cIeDtw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=TP/9RmwH0rEDHukhcYj77zdFXF8W75zcj1BM3Lo9YOj2fWsVt2VP46R+l3kKxkSzptN2PITQLp6Ibs37O2czuN9YfU+Hoa9IMUIbKpSDFZmCAisi3pPOVrHseo27js33iskjMdm8uQSSMvntpydlKmK6IAhCWv0mWjIp9PgzgCU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Ugiyn73l; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Ugiyn73l" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2ae59e057f1so102110825ad.1 for ; Tue, 10 Mar 2026 16:48:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186521; x=1773791321; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=JjsNKd0HOBrtHRwBgNBz3zDbDewW5UJ/SeZaXW6KVIw=; b=Ugiyn73ljZN6gsvnDiGosw0D/cjoKNKaAX4c9DV41u/qeFOwe+wgOZ6TV9caZNNGRx NIp8xbaHRUEbmOf0qBLe/MU089Cn5HHkis4rX/B7W6lrwfw+ublRZbcH/SVpJav43GWx lvhl3ES70vsH1aoxnNGtrejvuoUXqaErVfvXFMJoBmPpbFGG4arOOimQKwbDTPxjp6VQ Jjyw+HasfZLX6vD/9+5VX8C30iyh+tKPEJe2uMOu8FqHUcdtNRTeoF0JdLg9rQuo/C37 7FsKwPCLky4YlZac/94bTLs8XoACsrC4hcJRcT6GFSBo3lHDtu+J48O0JiuLCXcM4gQG EPFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186521; x=1773791321; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=JjsNKd0HOBrtHRwBgNBz3zDbDewW5UJ/SeZaXW6KVIw=; b=BQF+z6We1iJxNfI2A+CzJ4qPrMoxxNFQZLLKyI2OBEzbDdUr6+QZ04mWgZQDcmVuAo aSHQ0yqXoiwfblxg1q4bGPsc56x8jsJu7ZyTmc/3CG+LFZ9bd8OnM9vCU12cc32uPo09 1qLFZfjkYanyx3m6GykJOUanY8+S1CdyrJpkqpV5TPD6iLqJIL5Lj2Y5Pcxv2uelwItp tqt+YHdBUDfLD9HqdswQz8WOzzNGiid6+gT5p+WPVCYtbCeJHbl3svEdZgRFuSvtH/68 MGW7n7HJXPQPBYW0woYxDQqwvZQTq9un/qxu30CEJgdDzZL0F3BwcoA+d/C7r3k0R6kY 27aA== X-Forwarded-Encrypted: i=1; AJvYcCXso2LU48BMiC240pcFIgWJp1TDEj78q5QxO14Sm3N+fzzUSNWCLTMcQEv7a9kRRJXHsGCaO23FTY2DXoA=@vger.kernel.org X-Gm-Message-State: AOJu0Yz+6T0rzf2c38zP6PYb2Vo+bL6lXCRK9tzJmzSvjCEYtFRwYhdI Wv3xRan4pVcTAv4beNb3vu6aqRrIg0zJYKySQoKNTsdham63tAub9RuE43N95s/3kqPjZnEiEC5 +r0yOHg== X-Received: from pfbhg13.prod.google.com ([2002:a05:6a00:860d:b0:827:3eb4:a39a]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:46c5:b0:398:c2d8:14c with SMTP id adf61e73a8af0-398c5e6e2bcmr328641637.7.1773186520900; Tue, 10 Mar 2026 16:48:40 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:11 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-4-seanjc@google.com> Subject: [PATCH 03/21] KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Take and hold kvm->lock for before checking sev_guest() in sev_mem_enc_register_region(), as sev_guest() isn't stable unless kvm->lock is held (or KVM can guarantee KVM_SEV_INIT{2} has completed and can't rollack state). If KVM_SEV_INIT{2} fails, KVM can end up trying to add to a not-yet-initialized sev->regions_list, e.g. triggering a #GP Oops: general protection fault, probably for non-canonical address 0xdfff= fc0000000000: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G U W O = 6.16.0-smp-DEV #1 NONE Tainted: [U]=3DUSER, [W]=3DWARN, [O]=3DOOT_MODULE Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 1= 0/28/2024 RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h= :83 Code: <41> 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00 RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256 RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000 RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000 R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000 R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000 FS: 00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000= 000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0 Call Trace: kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371 kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363 __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51 do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline] do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f34e9f7e9a9 Code: <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9 RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007 RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8 with a syzlang reproducer that looks like: syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)=3D{0x0, &(0x7f0000000180)=3DA= NY=3D[], 0x70}) (async) syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)=3D{0x0, &(0x7f0000000180)=3DA= NY=3D[@ANYBLOB=3D"..."], 0x4f}) (async) r0 =3D openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 =3D ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 =3D openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 =3D ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, &(0x7f0000000040)=3D{0x1, 0x8, 0x0, 0= x5625e9b0}) (async) ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)=3D{[...], 0x5}) (asy= nc) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async) r4 =3D ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)=3D{0x0= , 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=3Dnil}) (async) r5 =3D ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) close(r0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000300)=3D{0x4376ea83= 0d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) Opportunistically use guard() to avoid having to define a new error label and goto usage. Fixes: 1e80fdc09d12 ("KVM: SVM: Pin guest memory when SEV is active") Cc: stable@vger.kernel.org Reported-by: Alexander Potapenko Tested-by: Alexander Potapenko Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index fa319a66938c..7da040baba1c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2704,6 +2704,8 @@ int sev_mem_enc_register_region(struct kvm *kvm, struct enc_region *region; int ret =3D 0; =20 + guard(mutex)(&kvm->lock); + if (!sev_guest(kvm)) return -ENOTTY; =20 @@ -2718,12 +2720,10 @@ int sev_mem_enc_register_region(struct kvm *kvm, if (!region) return -ENOMEM; =20 - mutex_lock(&kvm->lock); region->pages =3D sev_pin_memory(kvm, range->addr, range->size, ®ion->= npages, FOLL_WRITE | FOLL_LONGTERM); if (IS_ERR(region->pages)) { ret =3D PTR_ERR(region->pages); - mutex_unlock(&kvm->lock); goto e_free; } =20 @@ -2741,8 +2741,6 @@ int sev_mem_enc_register_region(struct kvm *kvm, region->size =3D range->size; =20 list_add_tail(®ion->list, &sev->regions_list); - mutex_unlock(&kvm->lock); - return ret; =20 e_free: --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BF123C9431 for ; Tue, 10 Mar 2026 23:48:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186524; cv=none; b=J1v6JF87C6z2j+cccibV4T9W2m3LB/bGzcHj+v4PLROFn3EYs75nhqNw/Jjo6FerzZj3/p+IMUv/enrhubhtBlY1ODe0w1o95xpRsFwPCqsCgzoRGp089MMXSLE+ODDS9NpQLvpH46vzO0LY94m2WIFKqQLEZVmW3KygLJ72cxs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186524; c=relaxed/simple; bh=wCT56whpBWZMgqHPWbSdWWOQ4rqPp8/QKwF0p6KcqTM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Yo4Izy0FrmRaMy2833BOKsdWhkOe6wYaZnFtgMU13/t7LHu4Rmggiw2ZbHlHiW/iyvhk2N6oJ3MxaaAuNTiZ/zjBIORZze9eApcKeVaRoVZihGjiFPHfSrdG8AWsxpkY1hZ5O13inZUO7Y3XkYkMlxdi3+GvKp251put5ixwrv8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MTG40A8o; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MTG40A8o" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2ae6961bff0so398920895ad.2 for ; Tue, 10 Mar 2026 16:48:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186523; x=1773791323; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=W84stS8+3WuLFZ+raEjrLuySDqRuwilAh+kUtsTzbCI=; b=MTG40A8o8HFRc56mbZoD+RnrWksX9sLnJSborcfiBrgXuZQ04LD3p4aEAd+o83xzRL IAhnpqxz3qn7Vu5HcS7cnV2BzvgGUX/QTTaPW4ftnEbNdx/Qz5c3Pxxt4bdZLWEdkHa5 OrCn95ETrY28pRhjsUBDt2q9EaVFjG+DE3EdTaa1bQcwWu/RVQRLYek6UkYHkKc2aiUJ FXjWWKR/1HbukBfhMvIRTCR1kqTViA1+ZVNwwJuGCiXjSwNBaWTkwu6GG1JUMXWQofdB lb4eJcO2ei/ITzSBXts9eW0zRnPlJWVDJ+S357Ab83LXPkCI/cbRm6VGnOu8t74IPi7z zRkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186523; x=1773791323; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=W84stS8+3WuLFZ+raEjrLuySDqRuwilAh+kUtsTzbCI=; b=mpf/Z1wS79Lm8j7SfmFC383DDUOEltUpay/YKDC1wCZC3LivRhv6pG80nVmFOEb4SL STW2gg6AoSFU46HjgVQmLSKAW0okMj+lGGhHw5keei8CmQFEcIm6NvPE6w98zDLm4TdQ i/JKsxpMz+W/lXezPdMPSaeYhxWmSbS5t9dRxk0Ia1AOETig0Pz98OZwYkGIb5/dyjr7 T3pKiCoJ4/D0auWpKDDriBvinZFnF8zxOlpswqZXOJZHf5gZAD+gghgLQeZEH3v454Yf xpD1NpBxrzL9qa/J2/ApyWRaQnGF3xgW7Z0kDm1TuJ3zLnoPJOs48R7D3TbuIBOyFFGf n+5Q== X-Forwarded-Encrypted: i=1; AJvYcCVXZ3uqsLnLUbPKoEJGB6uZMJAftLDfrwjORE5BmB0u5WdV4rrDegrz/ywoleKPG+lz0SxfyC8DRpeylOE=@vger.kernel.org X-Gm-Message-State: AOJu0Yzp7lVe1ARceD9jvI2qH4fP0uBiGvUMgvzfhJ6H3DnBjZQk4mvu 5F6EeaviPLwlD/PleZ7C6PjCOJurZ9/ZraxAzFA76o2UjhF11QsfTNR1d+dmOwIAQzaYt8eaYi0 SFiEJDw== X-Received: from pgbcz14.prod.google.com ([2002:a05:6a02:230e:b0:c73:7981:791d]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2f92:b0:2ae:5723:afb2 with SMTP id d9443c01a7336-2aeae90050bmr4364395ad.54.1773186522529; Tue, 10 Mar 2026 16:48:42 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:12 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-5-seanjc@google.com> Subject: [PATCH 04/21] KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Reject LAUNCH_FINISH for SEV-ES and SNP VMs if KVM is actively creating one or more vCPUs, as KVM needs to process and encrypt each vCPU's VMSA. Letting userspace create vCPUs while LAUNCH_FINISH is in-progress is "fine", at least in the current code base, as kvm_for_each_vcpu() operates on online_vcpus, LAUNCH_FINISH (all SEV+ sub-ioctls) holds kvm->mutex, and fully onlining a vCPU in kvm_vm_ioctl_create_vcpu() is done under kvm->mutex. I.e. there's no difference between an in-progress vCPU and a vCPU that is created entirely after LAUNCH_FINISH. However, given that concurrent LAUNCH_FINISH and vCPU creation can't possibly work (for any reasonable definition of "work"), since userspace can't guarantee whether a particular vCPU will be encrypted or not, disallow the combination as a hardening measure, to reduce the probability of introducing bugs in the future, and to avoid having to reason about the safety of future changes related to LAUNCH_FINISH. Cc: Jethro Beekman Closes: https://lore.kernel.org/all/b31f7c6e-2807-4662-bcdd-eea2c1e132fa@fo= rtanix.com Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 10 ++++++++-- include/linux/kvm_host.h | 7 +++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7da040baba1c..5de36bbc4c53 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1030,6 +1030,9 @@ static int sev_launch_update_vmsa(struct kvm *kvm, st= ruct kvm_sev_cmd *argp) if (!sev_es_guest(kvm)) return -ENOTTY; =20 + if (kvm_is_vcpu_creation_in_progress(kvm)) + return -EBUSY; + kvm_for_each_vcpu(i, vcpu, kvm) { ret =3D mutex_lock_killable(&vcpu->mutex); if (ret) @@ -2050,8 +2053,8 @@ static int sev_check_source_vcpus(struct kvm *dst, st= ruct kvm *src) struct kvm_vcpu *src_vcpu; unsigned long i; =20 - if (src->created_vcpus !=3D atomic_read(&src->online_vcpus) || - dst->created_vcpus !=3D atomic_read(&dst->online_vcpus)) + if (kvm_is_vcpu_creation_in_progress(src) || + kvm_is_vcpu_creation_in_progress(dst)) return -EBUSY; =20 if (!sev_es_guest(src)) @@ -2450,6 +2453,9 @@ static int snp_launch_update_vmsa(struct kvm *kvm, st= ruct kvm_sev_cmd *argp) unsigned long i; int ret; =20 + if (kvm_is_vcpu_creation_in_progress(kvm)) + return -EBUSY; + data.gctx_paddr =3D __psp_pa(sev->snp_context); data.page_type =3D SNP_PAGE_TYPE_VMSA; =20 diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 34759a262b28..3c7f8557f7af 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1029,6 +1029,13 @@ static inline struct kvm_vcpu *kvm_get_vcpu_by_id(st= ruct kvm *kvm, int id) return NULL; } =20 +static inline bool kvm_is_vcpu_creation_in_progress(struct kvm *kvm) +{ + lockdep_assert_held(&kvm->lock); + + return kvm->created_vcpus !=3D atomic_read(&kvm->online_vcpus); +} + void kvm_destroy_vcpus(struct kvm *kvm); =20 int kvm_trylock_all_vcpus(struct kvm *kvm); --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D41D3CC9E5 for ; Tue, 10 Mar 2026 23:48:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186526; cv=none; b=OxF8O5eszdjMq1qCnQ6niqVnc/rUbDrqp0Qr6nnDWq9OSuao17asNptnK3DE5yB6syHqcLKhSQgltn09+8vBJ/ZgMJf7MZO2H/Qk/9vRATOzVt0qLDs/UFzcDr7CSoughEXnHkzYynKQhoiSYMs4yTlVzwf2MC2qqeyYEtQSx3g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186526; c=relaxed/simple; bh=+CE1sMVEOlVNGNuq/FjIldXhgSK+ycKYDyubuZu6f6M=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=LPwv/bOG3u4hb8UEmkocGRUcQmNNyGZPortQeadpTR2lyoEulm+yYc8kQV73DRcWj/SiVb3VBTh/gI1peFI1rDSP0WTs/c2B/rEkUQGH522L/ry0IaYDrl0xfrEjwfBwDQ1p+g5ds/vvrCUttGiGylMOHOXcmNENXH8fbO8NbtA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MYjlzU+l; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MYjlzU+l" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2ae61939fa5so249534845ad.0 for ; Tue, 10 Mar 2026 16:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186524; x=1773791324; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=hnqlr1WU2mcNUm5UpgctK6uX9nSxmpmXtaHcxlHX+rw=; b=MYjlzU+l+8u05Vsojp3Ug2veuYeL4oGpNoufcEfdVpM5ookE6kjUpYkFpHbP7uPHwl DBpBIK0jOaYgp+/oinj3vvrlnEwF+twzYZuwkuKtQcIkVAVSWOww7akDdjSkl91wmJJn D2gg02Q2orWZWzQQ1rpAAU3GQ2Id4QETLA2tsA6O2am+9CZKWJ4F5kR5NS5XqiItLMcV ULHSNSnk00SGUKvndU9NWFwzW9movX1Gvk/HGqTThSP2FRCq0X4sEvQ4b5hF+YmlEKFT hZQXUla0JszQo28hbnGOX9TK2VprSSUaXMHA+orxnfUfQBSv2y6d0jd3BHkhiTGzmgwB h+3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186524; x=1773791324; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=hnqlr1WU2mcNUm5UpgctK6uX9nSxmpmXtaHcxlHX+rw=; b=pBHdfNQNMcgTuy3kcpTLubHav6w+pacRf/vPYnzlY2Wkw5zIDkpkO66E+c6+xf3w2t gP4nxSjo5DbOowJGlhrFnOO8ri+cdBuZpmfHWLhSuQ5FujzaIDKwSAtcbfqk2m329kBL ZHLU1odysMZW1FZC9wIvU6yXCzrcgIM2BiEoLLNC2TtByDvo1Bb3bqqVtYKG6QRnraE9 5PIM6nrKjCDb/Y6j0kEpwAubvFPg+jKUJEjnh9N/kqphaRITqmWNGqOXUUK0nogVyfZe Aq0P3pPmhp+H37bLYh05MBAVrEuWnSfFqfiwKJ1u9u7DqJAuKUzcdHr0atVc+9Eyn1cN KRyQ== X-Forwarded-Encrypted: i=1; AJvYcCWxq0H1ixMpCx+q+LyWJluPL9JfHvab9nr8US79cag0dVO3X4fUL3TTmHR8FU5I0kPNeTZpRkwH1bFaBpo=@vger.kernel.org X-Gm-Message-State: AOJu0YxMXRHEVPaELfbqC7KRgXFXIF/v+Ep4IxjlY0di2UsTBcr5QgBA EkYBvr3PDvOaLQOgh9aSayFkrjMbsIBnFvY+eDPzE8Z0UuHZVvRZNko0SQn0Gruts0LW/YEwju8 mZ728Hg== X-Received: from pgww3.prod.google.com ([2002:a05:6a02:2c83:b0:c6e:1eff:44ec]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2349:b0:2ae:7f49:dba6 with SMTP id d9443c01a7336-2aeae7b9c7amr5610675ad.17.1773186524360; Tue, 10 Mar 2026 16:48:44 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:13 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-6-seanjc@google.com> Subject: [PATCH 05/21] KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Lock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as allowing userspace to manipulate and/or run a vCPU while its state is being synchronized would at best corrupt vCPU state, and at worst crash the host kernel. Opportunistically assert that vcpu->mutex is held when synchronizing its VMSA (the SEV-ES path already locks vCPUs). Fixes: ad27ce155566 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_FINISH command") Cc: stable@vger.kernel.org Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 5de36bbc4c53..c10c71608208 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -882,6 +882,8 @@ static int sev_es_sync_vmsa(struct vcpu_svm *svm) u8 *d; int i; =20 + lockdep_assert_held(&vcpu->mutex); + if (vcpu->arch.guest_state_protected) return -EINVAL; =20 @@ -2456,6 +2458,10 @@ static int snp_launch_update_vmsa(struct kvm *kvm, s= truct kvm_sev_cmd *argp) if (kvm_is_vcpu_creation_in_progress(kvm)) return -EBUSY; =20 + ret =3D kvm_lock_all_vcpus(kvm); + if (ret) + return ret; + data.gctx_paddr =3D __psp_pa(sev->snp_context); data.page_type =3D SNP_PAGE_TYPE_VMSA; =20 @@ -2465,12 +2471,12 @@ static int snp_launch_update_vmsa(struct kvm *kvm, = struct kvm_sev_cmd *argp) =20 ret =3D sev_es_sync_vmsa(svm); if (ret) - return ret; + goto err; =20 /* Transition the VMSA page to a firmware state. */ ret =3D rmp_make_private(pfn, INITIAL_VMSA_GPA, PG_LEVEL_4K, sev->asid, = true); if (ret) - return ret; + goto err; =20 /* Issue the SNP command to encrypt the VMSA */ data.address =3D __sme_pa(svm->sev_es.vmsa); @@ -2479,7 +2485,7 @@ static int snp_launch_update_vmsa(struct kvm *kvm, st= ruct kvm_sev_cmd *argp) if (ret) { snp_page_reclaim(kvm, pfn); =20 - return ret; + goto err; } =20 svm->vcpu.arch.guest_state_protected =3D true; @@ -2494,6 +2500,10 @@ static int snp_launch_update_vmsa(struct kvm *kvm, s= truct kvm_sev_cmd *argp) } =20 return 0; + +err: + kvm_unlock_all_vcpus(kvm); + return ret; } =20 static int snp_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A41193CFF71 for ; Tue, 10 Mar 2026 23:48:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186529; cv=none; b=OdOdbGMj7i8BxzM/E68enj4q1TMfwiRY/aQdLWSpRp6V7Tjd+IcfEFW1FdxYzeUxyn37CiNrV5ss/TEEmZCTQjSk6tgSLZGssHHvxa99yYShmvtXnZCfdhY7wP0rP9irEPKKG7s1V02DuUL6A6B5C8a3NAMwbTZdYiityqL1IZQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186529; c=relaxed/simple; bh=np7yKuIzh2g5DJEKgMDoaxNWOTXyqLqKAdcesC7LCQY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=UB6ZHb7zaaQ1TBBySV87ObrJHWbf0tMNA1eGHf5l95T+QFB/nBJBO6HTtCyM0KCHOZRomKchqRQa0fFOqmYdMlBVuDx8YDdCWHCnkvW5zJl5KaGzrUH7yvEE9NVJSu+ApQzfSxjAtwsngFqWHAYBUtuYnOuKmShnH1fE9iO2nAM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3eJA4Nxv; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3eJA4Nxv" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c73939e0314so3006220a12.1 for ; Tue, 10 Mar 2026 16:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186526; x=1773791326; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=FpG980lWE241naOxLLMlz2TI3FNz63t0Ji/1Q07E1+Y=; b=3eJA4NxvXDWHYwTFu6EIrKJRwPwBOVrg2vfZNRifLHiwDjHbAKwFvZxJtcDa/gF9P2 tVc+TeKI5xd0fAnb/F4qge9LIkP0IEkdQCJ6G/v75xwhh2sOIUn84ta3f4qVPiRSEu+s c88lPUTmFR9W3usCkV2zvNtwUMnODbYl/BKc885vLs2faNYB9aXXFeKM96x3mUtkx16w ghNgswh/Gef5SKdAnVZVtXTDXmUBFaD/kZAoCCtvThBduKsCR7tTvsXZ2Bg4EXdDf00F Usa0UFL3UzvNUfYc+EIjBmm9xpEigbxd83AFaVMmRARBpDz3asCAnkst/ocHAQdmc/c1 HMvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186526; x=1773791326; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=FpG980lWE241naOxLLMlz2TI3FNz63t0Ji/1Q07E1+Y=; b=ntEmphV1FPLykWZ2pmyuAksmaZIWWs9H/v+Q6wnNxdhEWAe5z6SoEv7BMB9tdny6vZ t0wLpNsFttcW4qXe0Vj8+lbtAHGtZyVhg1zaI7lJ1S4wCfF8jNPee6Wz388bqhN33hL+ qLCcLquluZf240LHkGyfwNq5PYb6u8mbePQC9SP4GDaeHeFFJT0Ug33AeTrE1XjM9CAP t/EnAtu/3kmn2kJK/Y3i2kgvWEYioUs0BkKYmxZc/8uFUBWDgfQG81ldsjOUJM5y7gIf BEicrMHIWUENoVXJ9HBIRzxWdw/qOt4yGFr2X+plzzEWA22emSG2OUyU/ipNDNlhugDa wQXA== X-Forwarded-Encrypted: i=1; AJvYcCXNqGbccycpLNPyyipLspv+p22QuLsMvKZU5IAhsVhX3M3r22QBdIH3c9X6zAhbQAOjpzLZx4++maL+VCg=@vger.kernel.org X-Gm-Message-State: AOJu0Yw7U5VTHW+4IY9aJwQPas3BlukWm1LK9LDP+RESJXI34PUNZ2NP g1SJ3BJT5/LLgzE8AHERWxI8U67U6STC/2Cx3BdHKtDSOmh19hN0dcQfeGq9vpcsPVAahmBtW+k 0GGn5Eg== X-Received: from pgc27.prod.google.com ([2002:a05:6a02:2f9b:b0:c65:e8e7:d481]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:9090:b0:394:6208:6623 with SMTP id adf61e73a8af0-398c5f3bf2emr387226637.27.1773186525978; Tue, 10 Mar 2026 16:48:45 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:14 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-7-seanjc@google.com> Subject: [PATCH 06/21] KVM: SEV: Lock all vCPUs for the duration of SEV-ES VMSA synchronization From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Lock and unlock all vCPUs in a single batch when synchronizing SEV-ES VMSAs during launch finish, partly to dedup the code by a tiny amount, but mostly so that sev_launch_update_vmsa() uses the same logic/flow as all other SEV ioctls that lock all vCPUs. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c10c71608208..1bdcc5bef7c3 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1035,19 +1035,18 @@ static int sev_launch_update_vmsa(struct kvm *kvm, = struct kvm_sev_cmd *argp) if (kvm_is_vcpu_creation_in_progress(kvm)) return -EBUSY; =20 - kvm_for_each_vcpu(i, vcpu, kvm) { - ret =3D mutex_lock_killable(&vcpu->mutex); - if (ret) - return ret; + ret =3D kvm_lock_all_vcpus(kvm); + if (ret) + return ret; =20 + kvm_for_each_vcpu(i, vcpu, kvm) { ret =3D __sev_launch_update_vmsa(kvm, vcpu, &argp->error); - - mutex_unlock(&vcpu->mutex); if (ret) - return ret; + break; } =20 - return 0; + kvm_unlock_all_vcpus(kvm); + return ret; } =20 static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 609163D3CE7 for ; Tue, 10 Mar 2026 23:48:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186532; cv=none; b=lKzegTdRJgcKj84dQkxSRUEt6ZIBBZgF1JJ1pfnSHN434LOtKAkyATtnwAvfm3q8zrnerzYzGfr6OScb3mE0CpjMf5xdOrmr9BbIzDdz7ILcWMkifKyW7+Z2MCioIupUgXbz5Gsit6VGhoFV88143i47QIVeNmOjMB1kHdnv8b8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186532; c=relaxed/simple; bh=n05WuNyx4F1eCOEShaK40S0iS9nGzHIVXJDIl9v8oqA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=G1VPgTNLR0A7xNf6TsmXsda1DeI+8b3n0esfI0vgNfA0NmzfRbr8R6cB9rPd8BOb6I1AtmLCT0Ml9XYoOQDemenpIo3HkjDbJpTrHbXee+/xkh+ilNrbQecg1SWnVuvYrr0JJQ517lmYrE6nP9eu5dC6uY3CU81ZPx1s4iEllD4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bRRcLUrs; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bRRcLUrs" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-b62da7602a0so8116670a12.2 for ; Tue, 10 Mar 2026 16:48:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186528; x=1773791328; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=XKuSACzGwtmcfqQ+YK6gKCkGNw0Cl5aXLpmtLU0/pdI=; b=bRRcLUrs+/FcCal7pt+JwXYS3Gh0HIo4CcLbY8O2mACoSCRFaZw222cgSw87sasFxo 7cIzpe1lP+S10ayXX6BGC5OF89fCVOlK99YT6qbDf9C6f2gen4BxROnnVpMhrx1oNuw/ pVwbnubygRP3MVuM6MhxLKVUqykwaOyk9OKagqS+JlIzQ7PfWTfjZ6ja8tNsAq+FJw2Y G+LCvW2zUA4a7syOh4RuiubQm9n8p5VZGzSuTVcFC7rjXZQ5Ba0zdNqQ+ubgsY0n2PDp WBbtgj6pSEQK9unQBvYIbtxb0kBNUblf+JlHQhFkfgUpHNaOTqih5GTxlewtcS2fweds ZP7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186528; x=1773791328; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=XKuSACzGwtmcfqQ+YK6gKCkGNw0Cl5aXLpmtLU0/pdI=; b=Az8MOUheKcXBJZF68PNU4RspDZ/WJjEMfj1Jza1J7g43T5CQhcDxEWUILvs5bkjmCH UVyF9X91bAF3iOzIK4LL5Pxiq/B54MfcB6GmsdrcCZyQct6rSDs2LV+EBcLFVzpUAuFy Ygj7GgUPHBRFEQiJGnhtHbtm6mii+H5hZZ5N2TRgNdxA9SuuOXUnQ1heFVa2u3JOMeKF lf98BYqrmXsyTODLzGxhODKfE6T6chB/cQPiRwiaIutjJVD4ToYX/ozDEK9lwHP350OQ m8WhKQLJYIVLGBD1VR1Zo88VgCaDH4HjVKB+XN61UVsbDomWgFZN4qG3maLsXP2ezrwg xR+A== X-Forwarded-Encrypted: i=1; AJvYcCUq6o1iipmvysR6tg0HscdP9aEZgX7vgr0uNyZgWFSPXPHXPmzl38yhVZQyRlEohjgHPkxssnxLUArRq5c=@vger.kernel.org X-Gm-Message-State: AOJu0YyERbhd9kK9koXcKFSGpRd3KFY689LaiSRcG0Ba8skdgNtBjO2o PRIHpMYrTFFzxMJvcWgvlflYjB0zhDGezM38IkfLPiWgUJhE6lAaumK4zUVpZVXbpm/+6LNSaXa K5a3lwA== X-Received: from pgbfe28.prod.google.com ([2002:a05:6a02:289c:b0:c73:be03:1111]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:6e04:b0:398:b95c:51ed with SMTP id adf61e73a8af0-398c60cd73bmr327596637.35.1773186527565; Tue, 10 Mar 2026 16:48:47 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:15 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-8-seanjc@google.com> Subject: [PATCH 07/21] KVM: SEV: Provide vCPU-scoped accessors for detecting SEV+ guests From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Provide vCPU-scoped accessors for detecting if the vCPU belongs to an SEV, SEV-ES, or SEV-SNP VM, partly to dedup a small amount of code, but mostly to better document which usages are "safe". Generally speaking, using the VM-scoped sev_guest() and friends outside of kvm->lock is unsafe, as they can get both false positives and false negatives. But for vCPUs, the accessors are guaranteed to provide a stable result as KVM disallows initialization SEV+ state after vCPUs are created. I.e. operating on a vCPU guarantees the VM can't "become" an SEV+ VM, and that it can't revert back to a "normal" VM. This will also allow dropping the stubs for the VM-scoped accessors, as it's relatively easy to eliminate usage of the accessors from common SVM once the vCPU-scoped checks are out of the way. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 49 +++++++++++++------------- arch/x86/kvm/svm/svm.c | 80 +++++++++++++++++++++--------------------- arch/x86/kvm/svm/svm.h | 17 +++++++++ 3 files changed, 82 insertions(+), 64 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 1bdcc5bef7c3..35033dc79390 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3271,7 +3271,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm; =20 - if (!sev_es_guest(vcpu->kvm)) + if (!is_sev_es_guest(vcpu)) return; =20 svm =3D to_svm(vcpu); @@ -3281,7 +3281,7 @@ void sev_free_vcpu(struct kvm_vcpu *vcpu) * a guest-owned page. Transition the page to hypervisor state before * releasing it back to the system. */ - if (sev_snp_guest(vcpu->kvm)) { + if (is_sev_snp_guest(vcpu)) { u64 pfn =3D __pa(svm->sev_es.vmsa) >> PAGE_SHIFT; =20 if (kvm_rmp_make_shared(vcpu->kvm, pfn, PG_LEVEL_4K)) @@ -3482,7 +3482,7 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *s= vm) goto vmgexit_err; break; case SVM_VMGEXIT_AP_CREATION: - if (!sev_snp_guest(vcpu->kvm)) + if (!is_sev_snp_guest(vcpu)) goto vmgexit_err; if (lower_32_bits(control->exit_info_1) !=3D SVM_VMGEXIT_AP_DESTROY) if (!kvm_ghcb_rax_is_valid(svm)) @@ -3496,12 +3496,12 @@ static int sev_es_validate_vmgexit(struct vcpu_svm = *svm) case SVM_VMGEXIT_TERM_REQUEST: break; case SVM_VMGEXIT_PSC: - if (!sev_snp_guest(vcpu->kvm) || !kvm_ghcb_sw_scratch_is_valid(svm)) + if (!is_sev_snp_guest(vcpu) || !kvm_ghcb_sw_scratch_is_valid(svm)) goto vmgexit_err; break; case SVM_VMGEXIT_GUEST_REQUEST: case SVM_VMGEXIT_EXT_GUEST_REQUEST: - if (!sev_snp_guest(vcpu->kvm) || + if (!is_sev_snp_guest(vcpu) || !PAGE_ALIGNED(control->exit_info_1) || !PAGE_ALIGNED(control->exit_info_2) || control->exit_info_1 =3D=3D control->exit_info_2) @@ -3575,7 +3575,8 @@ void sev_es_unmap_ghcb(struct vcpu_svm *svm) int pre_sev_run(struct vcpu_svm *svm, int cpu) { struct svm_cpu_data *sd =3D per_cpu_ptr(&svm_data, cpu); - struct kvm *kvm =3D svm->vcpu.kvm; + struct kvm_vcpu *vcpu =3D &svm->vcpu; + struct kvm *kvm =3D vcpu->kvm; unsigned int asid =3D sev_get_asid(kvm); =20 /* @@ -3583,7 +3584,7 @@ int pre_sev_run(struct vcpu_svm *svm, int cpu) * VMSA, e.g. if userspace forces the vCPU to be RUNNABLE after an SNP * AP Destroy event. */ - if (sev_es_guest(kvm) && !VALID_PAGE(svm->vmcb->control.vmsa_pa)) + if (is_sev_es_guest(vcpu) && !VALID_PAGE(svm->vmcb->control.vmsa_pa)) return -EINVAL; =20 /* @@ -4129,7 +4130,7 @@ static int snp_handle_guest_req(struct vcpu_svm *svm,= gpa_t req_gpa, gpa_t resp_ sev_ret_code fw_err =3D 0; int ret; =20 - if (!sev_snp_guest(kvm)) + if (!is_sev_snp_guest(&svm->vcpu)) return -EINVAL; =20 mutex_lock(&sev->guest_req_mutex); @@ -4199,10 +4200,12 @@ static int snp_complete_req_certs(struct kvm_vcpu *= vcpu) =20 static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, g= pa_t resp_gpa) { - struct kvm *kvm =3D svm->vcpu.kvm; + struct kvm_vcpu *vcpu =3D &svm->vcpu; + struct kvm *kvm =3D vcpu->kvm; + u8 msg_type; =20 - if (!sev_snp_guest(kvm)) + if (!is_sev_snp_guest(vcpu)) return -EINVAL; =20 if (kvm_read_guest(kvm, req_gpa + offsetof(struct snp_guest_msg_hdr, msg_= type), @@ -4221,7 +4224,6 @@ static int snp_handle_ext_guest_req(struct vcpu_svm *= svm, gpa_t req_gpa, gpa_t r */ if (msg_type =3D=3D SNP_MSG_REPORT_REQ) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; - struct kvm_vcpu *vcpu =3D &svm->vcpu; u64 data_npages; gpa_t data_gpa; =20 @@ -4338,7 +4340,7 @@ static int sev_handle_vmgexit_msr_protocol(struct vcp= u_svm *svm) GHCB_MSR_INFO_MASK, GHCB_MSR_INFO_POS); break; case GHCB_MSR_PREF_GPA_REQ: - if (!sev_snp_guest(vcpu->kvm)) + if (!is_sev_snp_guest(vcpu)) goto out_terminate; =20 set_ghcb_msr_bits(svm, GHCB_MSR_PREF_GPA_NONE, GHCB_MSR_GPA_VALUE_MASK, @@ -4349,7 +4351,7 @@ static int sev_handle_vmgexit_msr_protocol(struct vcp= u_svm *svm) case GHCB_MSR_REG_GPA_REQ: { u64 gfn; =20 - if (!sev_snp_guest(vcpu->kvm)) + if (!is_sev_snp_guest(vcpu)) goto out_terminate; =20 gfn =3D get_ghcb_msr_bits(svm, GHCB_MSR_GPA_VALUE_MASK, @@ -4364,7 +4366,7 @@ static int sev_handle_vmgexit_msr_protocol(struct vcp= u_svm *svm) break; } case GHCB_MSR_PSC_REQ: - if (!sev_snp_guest(vcpu->kvm)) + if (!is_sev_snp_guest(vcpu)) goto out_terminate; =20 ret =3D snp_begin_psc_msr(svm, control->ghcb_gpa); @@ -4437,7 +4439,7 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) sev_es_sync_from_ghcb(svm); =20 /* SEV-SNP guest requires that the GHCB GPA must be registered */ - if (sev_snp_guest(svm->vcpu.kvm) && !ghcb_gpa_is_registered(svm, ghcb_gpa= )) { + if (is_sev_snp_guest(vcpu) && !ghcb_gpa_is_registered(svm, ghcb_gpa)) { vcpu_unimpl(&svm->vcpu, "vmgexit: GHCB GPA [%#llx] is not registered.\n"= , ghcb_gpa); return -EINVAL; } @@ -4695,10 +4697,10 @@ void sev_init_vmcb(struct vcpu_svm *svm, bool init_= event) */ clr_exception_intercept(svm, GP_VECTOR); =20 - if (init_event && sev_snp_guest(vcpu->kvm)) + if (init_event && is_sev_snp_guest(vcpu)) sev_snp_init_protected_guest_state(vcpu); =20 - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) sev_es_init_vmcb(svm, init_event); } =20 @@ -4709,7 +4711,7 @@ int sev_vcpu_create(struct kvm_vcpu *vcpu) =20 mutex_init(&svm->sev_es.snp_vmsa_mutex); =20 - if (!sev_es_guest(vcpu->kvm)) + if (!is_sev_es_guest(vcpu)) return 0; =20 /* @@ -4729,8 +4731,6 @@ int sev_vcpu_create(struct kvm_vcpu *vcpu) =20 void sev_es_prepare_switch_to_guest(struct vcpu_svm *svm, struct sev_es_sa= ve_area *hostsa) { - struct kvm *kvm =3D svm->vcpu.kvm; - /* * All host state for SEV-ES guests is categorized into three swap types * based on how it is handled by hardware during a world switch: @@ -4769,7 +4769,8 @@ void sev_es_prepare_switch_to_guest(struct vcpu_svm *= svm, struct sev_es_save_are * loaded with the correct values *if* the CPU writes the MSRs. */ if (sev_vcpu_has_debug_swap(svm) || - (sev_snp_guest(kvm) && cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP))) { + (cpu_feature_enabled(X86_FEATURE_DEBUG_SWAP) && + is_sev_snp_guest(&svm->vcpu))) { hostsa->dr0_addr_mask =3D amd_get_dr_addr_mask(0); hostsa->dr1_addr_mask =3D amd_get_dr_addr_mask(1); hostsa->dr2_addr_mask =3D amd_get_dr_addr_mask(2); @@ -5133,7 +5134,7 @@ struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vc= pu *vcpu) int error =3D 0; int ret; =20 - if (!sev_es_guest(vcpu->kvm)) + if (!is_sev_es_guest(vcpu)) return NULL; =20 /* @@ -5146,7 +5147,7 @@ struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vc= pu *vcpu) sev =3D to_kvm_sev_info(vcpu->kvm); =20 /* Check if the SEV policy allows debugging */ - if (sev_snp_guest(vcpu->kvm)) { + if (is_sev_snp_guest(vcpu)) { if (!(sev->policy & SNP_POLICY_MASK_DEBUG)) return NULL; } else { @@ -5154,7 +5155,7 @@ struct vmcb_save_area *sev_decrypt_vmsa(struct kvm_vc= pu *vcpu) return NULL; } =20 - if (sev_snp_guest(vcpu->kvm)) { + if (is_sev_snp_guest(vcpu)) { struct sev_data_snp_dbg dbg =3D {0}; =20 vmsa =3D snp_alloc_firmware_page(__GFP_ZERO); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 8f8bc863e214..0a1acc21b133 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -241,7 +241,7 @@ int svm_set_efer(struct kvm_vcpu *vcpu, u64 efer) * Never intercept #GP for SEV guests, KVM can't * decrypt guest memory to workaround the erratum. */ - if (svm_gp_erratum_intercept && !sev_guest(vcpu->kvm)) + if (svm_gp_erratum_intercept && !is_sev_guest(vcpu)) set_exception_intercept(svm, GP_VECTOR); } } @@ -283,7 +283,7 @@ static int __svm_skip_emulated_instruction(struct kvm_v= cpu *vcpu, * SEV-ES does not expose the next RIP. The RIP update is controlled by * the type of exit and the #VC handler in the guest. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) goto done; =20 if (nrips && svm->vmcb->control.next_rip !=3D 0) { @@ -720,7 +720,7 @@ static void svm_recalc_lbr_msr_intercepts(struct kvm_vc= pu *vcpu) svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTFROMIP, MSR_TYPE_RW, inte= rcept); svm_set_intercept_for_msr(vcpu, MSR_IA32_LASTINTTOIP, MSR_TYPE_RW, interc= ept); =20 - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) svm_set_intercept_for_msr(vcpu, MSR_IA32_DEBUGCTLMSR, MSR_TYPE_RW, inter= cept); =20 svm->lbr_msrs_intercepted =3D intercept; @@ -830,7 +830,7 @@ static void svm_recalc_msr_intercepts(struct kvm_vcpu *= vcpu) svm_set_intercept_for_msr(vcpu, MSR_IA32_PL3_SSP, MSR_TYPE_RW, !shstk_en= abled); } =20 - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) sev_es_recalc_msr_intercepts(vcpu); =20 svm_recalc_pmu_msr_intercepts(vcpu); @@ -865,7 +865,7 @@ void svm_enable_lbrv(struct kvm_vcpu *vcpu) =20 static void __svm_disable_lbrv(struct kvm_vcpu *vcpu) { - KVM_BUG_ON(sev_es_guest(vcpu->kvm), vcpu->kvm); + KVM_BUG_ON(is_sev_es_guest(vcpu), vcpu->kvm); to_svm(vcpu)->vmcb->control.virt_ext &=3D ~LBR_CTL_ENABLE_MASK; } =20 @@ -1207,7 +1207,7 @@ static void init_vmcb(struct kvm_vcpu *vcpu, bool ini= t_event) if (vcpu->kvm->arch.bus_lock_detection_enabled) svm_set_intercept(svm, INTERCEPT_BUSLOCK); =20 - if (sev_guest(vcpu->kvm)) + if (is_sev_guest(vcpu)) sev_init_vmcb(svm, init_event); =20 svm_hv_init_vmcb(vmcb); @@ -1381,7 +1381,7 @@ static void svm_prepare_switch_to_guest(struct kvm_vc= pu *vcpu) struct vcpu_svm *svm =3D to_svm(vcpu); struct svm_cpu_data *sd =3D per_cpu_ptr(&svm_data, vcpu->cpu); =20 - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) sev_es_unmap_ghcb(svm); =20 if (svm->guest_state_loaded) @@ -1392,7 +1392,7 @@ static void svm_prepare_switch_to_guest(struct kvm_vc= pu *vcpu) * or subsequent vmload of host save area. */ vmsave(sd->save_area_pa); - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) sev_es_prepare_switch_to_guest(svm, sev_es_host_save_area(sd)); =20 if (tsc_scaling) @@ -1405,7 +1405,7 @@ static void svm_prepare_switch_to_guest(struct kvm_vc= pu *vcpu) * all CPUs support TSC_AUX virtualization). */ if (likely(tsc_aux_uret_slot >=3D 0) && - (!boot_cpu_has(X86_FEATURE_V_TSC_AUX) || !sev_es_guest(vcpu->kvm))) + (!boot_cpu_has(X86_FEATURE_V_TSC_AUX) || !is_sev_es_guest(vcpu))) kvm_set_user_return_msr(tsc_aux_uret_slot, svm->tsc_aux, -1ull); =20 if (cpu_feature_enabled(X86_FEATURE_SRSO_BP_SPEC_REDUCE) && @@ -1472,7 +1472,7 @@ static bool svm_get_if_flag(struct kvm_vcpu *vcpu) { struct vmcb *vmcb =3D to_svm(vcpu)->vmcb; =20 - return sev_es_guest(vcpu->kvm) + return is_sev_es_guest(vcpu) ? vmcb->control.int_state & SVM_GUEST_INTERRUPT_MASK : kvm_get_rflags(vcpu) & X86_EFLAGS_IF; } @@ -1706,7 +1706,7 @@ static void sev_post_set_cr3(struct kvm_vcpu *vcpu, u= nsigned long cr3) * contents of the VMSA, and future VMCB save area updates won't be * seen. */ - if (sev_es_guest(vcpu->kvm)) { + if (is_sev_es_guest(vcpu)) { svm->vmcb->save.cr3 =3D cr3; vmcb_mark_dirty(svm->vmcb, VMCB_CR); } @@ -1761,7 +1761,7 @@ void svm_set_cr0(struct kvm_vcpu *vcpu, unsigned long= cr0) * SEV-ES guests must always keep the CR intercepts cleared. CR * tracking is done using the CR write traps. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return; =20 if (hcr0 =3D=3D cr0) { @@ -1872,7 +1872,7 @@ static void svm_sync_dirty_debug_regs(struct kvm_vcpu= *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 - if (WARN_ON_ONCE(sev_es_guest(vcpu->kvm))) + if (WARN_ON_ONCE(is_sev_es_guest(vcpu))) return; =20 get_debugreg(vcpu->arch.db[0], 0); @@ -1951,7 +1951,7 @@ static int npf_interception(struct kvm_vcpu *vcpu) } } =20 - if (sev_snp_guest(vcpu->kvm) && (error_code & PFERR_GUEST_ENC_MASK)) + if (is_sev_snp_guest(vcpu) && (error_code & PFERR_GUEST_ENC_MASK)) error_code |=3D PFERR_PRIVATE_ACCESS; =20 trace_kvm_page_fault(vcpu, gpa, error_code); @@ -2096,7 +2096,7 @@ static int shutdown_interception(struct kvm_vcpu *vcp= u) * The VM save area for SEV-ES guests has already been encrypted so it * cannot be reinitialized, i.e. synthesizing INIT is futile. */ - if (!sev_es_guest(vcpu->kvm)) { + if (!is_sev_es_guest(vcpu)) { clear_page(svm->vmcb); #ifdef CONFIG_KVM_SMM if (is_smm(vcpu)) @@ -2123,7 +2123,7 @@ static int io_interception(struct kvm_vcpu *vcpu) size =3D (io_info & SVM_IOIO_SIZE_MASK) >> SVM_IOIO_SIZE_SHIFT; =20 if (string) { - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return sev_es_string_io(svm, size, port, in); else return kvm_emulate_instruction(vcpu, 0); @@ -2455,13 +2455,13 @@ static int task_switch_interception(struct kvm_vcpu= *vcpu) =20 static void svm_clr_iret_intercept(struct vcpu_svm *svm) { - if (!sev_es_guest(svm->vcpu.kvm)) + if (!is_sev_es_guest(&svm->vcpu)) svm_clr_intercept(svm, INTERCEPT_IRET); } =20 static void svm_set_iret_intercept(struct vcpu_svm *svm) { - if (!sev_es_guest(svm->vcpu.kvm)) + if (!is_sev_es_guest(&svm->vcpu)) svm_set_intercept(svm, INTERCEPT_IRET); } =20 @@ -2469,7 +2469,7 @@ static int iret_interception(struct kvm_vcpu *vcpu) { struct vcpu_svm *svm =3D to_svm(vcpu); =20 - WARN_ON_ONCE(sev_es_guest(vcpu->kvm)); + WARN_ON_ONCE(is_sev_es_guest(vcpu)); =20 ++vcpu->stat.nmi_window_exits; svm->awaiting_iret_completion =3D true; @@ -2643,7 +2643,7 @@ static int dr_interception(struct kvm_vcpu *vcpu) * SEV-ES intercepts DR7 only to disable guest debugging and the guest is= sues a VMGEXIT * for DR7 write only. KVM cannot change DR7 (always swapped as type 'A')= so return early. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return 1; =20 if (vcpu->guest_debug =3D=3D 0) { @@ -2725,7 +2725,7 @@ static int svm_get_feature_msr(u32 msr, u64 *data) static bool sev_es_prevent_msr_access(struct kvm_vcpu *vcpu, struct msr_data *msr_info) { - return sev_es_guest(vcpu->kvm) && vcpu->arch.guest_state_protected && + return is_sev_es_guest(vcpu) && vcpu->arch.guest_state_protected && msr_info->index !=3D MSR_IA32_XSS && !msr_write_intercepted(vcpu, msr_info->index); } @@ -2861,7 +2861,7 @@ static int svm_get_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr_info) static int svm_complete_emulated_msr(struct kvm_vcpu *vcpu, int err) { struct vcpu_svm *svm =3D to_svm(vcpu); - if (!err || !sev_es_guest(vcpu->kvm) || WARN_ON_ONCE(!svm->sev_es.ghcb)) + if (!err || !is_sev_es_guest(vcpu) || WARN_ON_ONCE(!svm->sev_es.ghcb)) return kvm_complete_insn_gp(vcpu, err); =20 svm_vmgexit_inject_exception(svm, X86_TRAP_GP); @@ -3042,7 +3042,7 @@ static int svm_set_msr(struct kvm_vcpu *vcpu, struct = msr_data *msr) * required in this case because TSC_AUX is restored on #VMEXIT * from the host save area. */ - if (boot_cpu_has(X86_FEATURE_V_TSC_AUX) && sev_es_guest(vcpu->kvm)) + if (boot_cpu_has(X86_FEATURE_V_TSC_AUX) && is_sev_es_guest(vcpu)) break; =20 /* @@ -3156,7 +3156,7 @@ static int pause_interception(struct kvm_vcpu *vcpu) * vcpu->arch.preempted_in_kernel can never be true. Just * set in_kernel to false as well. */ - in_kernel =3D !sev_es_guest(vcpu->kvm) && svm_get_cpl(vcpu) =3D=3D 0; + in_kernel =3D !is_sev_es_guest(vcpu) && svm_get_cpl(vcpu) =3D=3D 0; =20 grow_ple_window(vcpu); =20 @@ -3321,9 +3321,9 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) =20 guard(mutex)(&vmcb_dump_mutex); =20 - vm_type =3D sev_snp_guest(vcpu->kvm) ? "SEV-SNP" : - sev_es_guest(vcpu->kvm) ? "SEV-ES" : - sev_guest(vcpu->kvm) ? "SEV" : "SVM"; + vm_type =3D is_sev_snp_guest(vcpu) ? "SEV-SNP" : + is_sev_es_guest(vcpu) ? "SEV-ES" : + is_sev_guest(vcpu) ? "SEV" : "SVM"; =20 pr_err("%s vCPU%u VMCB %p, last attempted VMRUN on CPU %d\n", vm_type, vcpu->vcpu_id, svm->current_vmcb->ptr, vcpu->arch.last_vm= entry_cpu); @@ -3368,7 +3368,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) pr_err("%-20s%016llx\n", "allowed_sev_features:", control->allowed_sev_fe= atures); pr_err("%-20s%016llx\n", "guest_sev_features:", control->guest_sev_featur= es); =20 - if (sev_es_guest(vcpu->kvm)) { + if (is_sev_es_guest(vcpu)) { save =3D sev_decrypt_vmsa(vcpu); if (!save) goto no_vmsa; @@ -3451,7 +3451,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) "excp_from:", save->last_excp_from, "excp_to:", save->last_excp_to); =20 - if (sev_es_guest(vcpu->kvm)) { + if (is_sev_es_guest(vcpu)) { struct sev_es_save_area *vmsa =3D (struct sev_es_save_area *)save; =20 pr_err("%-15s %016llx\n", @@ -3512,7 +3512,7 @@ static void dump_vmcb(struct kvm_vcpu *vcpu) } =20 no_vmsa: - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) sev_free_decrypted_vmsa(vcpu, save); } =20 @@ -3601,7 +3601,7 @@ static int svm_handle_exit(struct kvm_vcpu *vcpu, fas= tpath_t exit_fastpath) struct kvm_run *kvm_run =3D vcpu->run; =20 /* SEV-ES guests must use the CR write traps to track CR registers. */ - if (!sev_es_guest(vcpu->kvm)) { + if (!is_sev_es_guest(vcpu)) { if (!svm_is_intercept(svm, INTERCEPT_CR0_WRITE)) vcpu->arch.cr0 =3D svm->vmcb->save.cr0; if (npt_enabled) @@ -3653,7 +3653,7 @@ static int pre_svm_run(struct kvm_vcpu *vcpu) svm->current_vmcb->cpu =3D vcpu->cpu; } =20 - if (sev_guest(vcpu->kvm)) + if (is_sev_guest(vcpu)) return pre_sev_run(svm, vcpu->cpu); =20 /* FIXME: handle wraparound of asid_generation */ @@ -3796,7 +3796,7 @@ static void svm_update_cr8_intercept(struct kvm_vcpu = *vcpu, int tpr, int irr) * SEV-ES guests must always keep the CR intercepts cleared. CR * tracking is done using the CR write traps. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return; =20 if (nested_svm_virtualize_tpr(vcpu)) @@ -3985,7 +3985,7 @@ static void svm_enable_nmi_window(struct kvm_vcpu *vc= pu) * ignores SEV-ES guest writes to EFER.SVME *and* CLGI/STGI are not * supported NAEs in the GHCB protocol. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return; =20 if (!gif_set(svm)) { @@ -4273,7 +4273,7 @@ static noinstr void svm_vcpu_enter_exit(struct kvm_vc= pu *vcpu, bool spec_ctrl_in =20 amd_clear_divider(); =20 - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) __svm_sev_es_vcpu_run(svm, spec_ctrl_intercepted, sev_es_host_save_area(sd)); else @@ -4374,7 +4374,7 @@ static __no_kcsan fastpath_t svm_vcpu_run(struct kvm_= vcpu *vcpu, u64 run_flags) if (!static_cpu_has(X86_FEATURE_V_SPEC_CTRL)) x86_spec_ctrl_restore_host(svm->virt_spec_ctrl); =20 - if (!sev_es_guest(vcpu->kvm)) { + if (!is_sev_es_guest(vcpu)) { vcpu->arch.cr2 =3D svm->vmcb->save.cr2; vcpu->arch.regs[VCPU_REGS_RAX] =3D svm->vmcb->save.rax; vcpu->arch.regs[VCPU_REGS_RSP] =3D svm->vmcb->save.rsp; @@ -4524,7 +4524,7 @@ static void svm_vcpu_after_set_cpuid(struct kvm_vcpu = *vcpu) if (guest_cpuid_is_intel_compatible(vcpu)) guest_cpu_cap_clear(vcpu, X86_FEATURE_V_VMSAVE_VMLOAD); =20 - if (sev_guest(vcpu->kvm)) + if (is_sev_guest(vcpu)) sev_vcpu_after_set_cpuid(svm); } =20 @@ -4920,7 +4920,7 @@ static int svm_check_emulate_instruction(struct kvm_v= cpu *vcpu, int emul_type, return X86EMUL_UNHANDLEABLE_VECTORING; =20 /* Emulation is always possible when KVM has access to all guest state. */ - if (!sev_guest(vcpu->kvm)) + if (!is_sev_guest(vcpu)) return X86EMUL_CONTINUE; =20 /* #UD and #GP should never be intercepted for SEV guests. */ @@ -4932,7 +4932,7 @@ static int svm_check_emulate_instruction(struct kvm_v= cpu *vcpu, int emul_type, * Emulation is impossible for SEV-ES guests as KVM doesn't have access * to guest register state. */ - if (sev_es_guest(vcpu->kvm)) + if (is_sev_es_guest(vcpu)) return X86EMUL_RETRY_INSTR; =20 /* @@ -5069,7 +5069,7 @@ static bool svm_apic_init_signal_blocked(struct kvm_v= cpu *vcpu) =20 static void svm_vcpu_deliver_sipi_vector(struct kvm_vcpu *vcpu, u8 vector) { - if (!sev_es_guest(vcpu->kvm)) + if (!is_sev_es_guest(vcpu)) return kvm_vcpu_deliver_sipi_vector(vcpu, vector); =20 sev_vcpu_deliver_sipi_vector(vcpu, vector); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index ebd7b36b1ceb..121138901fd6 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -388,10 +388,27 @@ static __always_inline bool sev_snp_guest(struct kvm = *kvm) return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) && !WARN_ON_ONCE(!sev_es_guest(kvm)); } + +static __always_inline bool is_sev_guest(struct kvm_vcpu *vcpu) +{ + return sev_guest(vcpu->kvm); +} +static __always_inline bool is_sev_es_guest(struct kvm_vcpu *vcpu) +{ + return sev_es_guest(vcpu->kvm); +} + +static __always_inline bool is_sev_snp_guest(struct kvm_vcpu *vcpu) +{ + return sev_snp_guest(vcpu->kvm); +} #else #define sev_guest(kvm) false #define sev_es_guest(kvm) false #define sev_snp_guest(kvm) false +#define is_sev_guest(vcpu) false +#define is_sev_es_guest(vcpu) false +#define is_sev_snp_guest(vcpu) false #endif =20 static inline bool ghcb_gpa_is_registered(struct vcpu_svm *svm, u64 val) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D2673CAE7A for ; Tue, 10 Mar 2026 23:48:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186532; cv=none; b=TEGON6FSzmmLypqomoEV2+IFhfS1gHGQYoagsh3mnoMKPGjjIqyUKP9ckcMMnYPLUWIkQ18GUAZG9TrnfkBb4zEcYkp9qHwWqcGQOx6HvdC24W7WysMvbH28E55bC+lx3Yyz1iJ0GPgeexV02aWs3OQbMYoNez/0Mgvono8q7sU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186532; c=relaxed/simple; bh=I3L4f0GVjyD921aN1yvrqvHsXqt03nCQtScrvSoRo8E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JSksVRMDhBL8yOh5YO0OblI1Q+IkyMNZbv/cPuB4izVMv4zEjrvdUvILhIkKS/MTQRm4eUoZIdMvSLyX7R40vq/02Hje32sL8HKfiyVp4knftBXfIIjfxtpSOPRfs/uj5So/tOB1Kyg8JVaeqqKuS0QGO/ptIgeTaJX6snmfif8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=ax3t30Xo; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ax3t30Xo" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-b62da7602a0so8116678a12.2 for ; Tue, 10 Mar 2026 16:48:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186529; x=1773791329; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=zJpZVYlklFn/XNcFTpm87RMPwls9psijPGNAP7bKSe8=; b=ax3t30XoXrxsYbI8R6RrwrFiA5MdI3jD2421sENCp5zvPE/UDsC+zfSAdSuVRy5iv5 Zv0xClc+aBRiQJ1pJE737H/u1bgnZRiRBv9Ju6FiYjWp2JbnBOZMY72284oqEXcWYGhb GuWIsO99/ZqI4m07RDWVFl9b7WGKjrBVAdUL9ALIrPEA70Go4ekeemvgK32PwDWXPWNZ SU2HuhwbRdAc9+gUiO5zTyrB83CFYKfdI6mK0DCx5HtyAwmvhlrpEkKj4DhEAYErttRi 9bWVR1rVV+bDvrwliHvufc1XVySHVrDWwhlvAtJ/mB10/Iz+426Ya5Z7IF2+FpS2KD8g JY9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186529; x=1773791329; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=zJpZVYlklFn/XNcFTpm87RMPwls9psijPGNAP7bKSe8=; b=uZRn2Y4lFev709+T/kek9uL1LvrEivvrPYzL8U0cR1hkeZGD+1hzoQ/RmZUluk2EZy MSXuuu5V2+NWsck1Taa5MllvBTikqFKfhYgUEP+tHHPfxhz9orQzlMeKx7ZwHDmTGZFI NfMK/CvptBI89M+9NBgcm5InE7vLSLQTmscQbFAFZThyTg9m8JY7KKoaE7NttwXqwCEk MVhKyNuT1Wryfth2yjE4XQENmEpMp8Qi3Dvjzgo+bKZbLCwn1M0g9NFLlXXambs5OyQd i7o5I3z7s2N0aq/N0SGsCEEFCi+NEqmo9ZjskSG2Ys316Cq5LTUDXTrHwDgKGP1tdMZu Z/YA== X-Forwarded-Encrypted: i=1; AJvYcCWXtSbVxSCteIbXs6yuEam9Qm+WHUybOwbjwdwwnR252igJCl63/iJfhk/WagfPUiC576r/MsaD4WiUFW0=@vger.kernel.org X-Gm-Message-State: AOJu0YyWIkF4PLA0TrFyVR75e84SueAJR/kEDG3+ZU6qQyQtKeEBIOB7 iY2pBeJ6Ft/s8HU5olKcomVuE5Nu19lZD4lwYcoUPp0cjoZkY1Zqfhe63mt1GUA+3k/YZTCn1As DBSvxQA== X-Received: from pgbq9.prod.google.com ([2002:a63:5c09:0:b0:c73:91cb:fa1]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:700d:b0:398:9466:2eda with SMTP id adf61e73a8af0-398c5ed605bmr325143637.19.1773186529314; Tue, 10 Mar 2026 16:48:49 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:16 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-9-seanjc@google.com> Subject: [PATCH 08/21] KVM: SEV: Add quad-underscore version of VM-scoped APIs to detect SEV+ guests From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Add "unsafe" quad-underscore versions of the SEV+ guest detectors in anticipation of hardening the APIs via lockdep assertions. This will allow adding exceptions for usage that is known to be safe in advance of the lockdep assertions. Use a pile of underscores to try and communicate that use of the "unsafe" shouldn't be done lightly. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.h | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 121138901fd6..5f8977eec874 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -370,37 +370,51 @@ static __always_inline struct kvm_sev_info *to_kvm_se= v_info(struct kvm *kvm) } =20 #ifdef CONFIG_KVM_AMD_SEV -static __always_inline bool sev_guest(struct kvm *kvm) +static __always_inline bool ____sev_guest(struct kvm *kvm) { return to_kvm_sev_info(kvm)->active; } -static __always_inline bool sev_es_guest(struct kvm *kvm) +static __always_inline bool ____sev_es_guest(struct kvm *kvm) { struct kvm_sev_info *sev =3D to_kvm_sev_info(kvm); =20 return sev->es_active && !WARN_ON_ONCE(!sev->active); } =20 -static __always_inline bool sev_snp_guest(struct kvm *kvm) +static __always_inline bool ____sev_snp_guest(struct kvm *kvm) { struct kvm_sev_info *sev =3D to_kvm_sev_info(kvm); =20 return (sev->vmsa_features & SVM_SEV_FEAT_SNP_ACTIVE) && - !WARN_ON_ONCE(!sev_es_guest(kvm)); + !WARN_ON_ONCE(!____sev_es_guest(kvm)); +} + +static __always_inline bool sev_guest(struct kvm *kvm) +{ + return ____sev_guest(kvm); +} +static __always_inline bool sev_es_guest(struct kvm *kvm) +{ + return ____sev_es_guest(kvm); +} + +static __always_inline bool sev_snp_guest(struct kvm *kvm) +{ + return ____sev_snp_guest(kvm); } =20 static __always_inline bool is_sev_guest(struct kvm_vcpu *vcpu) { - return sev_guest(vcpu->kvm); + return ____sev_guest(vcpu->kvm); } static __always_inline bool is_sev_es_guest(struct kvm_vcpu *vcpu) { - return sev_es_guest(vcpu->kvm); + return ____sev_es_guest(vcpu->kvm); } =20 static __always_inline bool is_sev_snp_guest(struct kvm_vcpu *vcpu) { - return sev_snp_guest(vcpu->kvm); + return ____sev_snp_guest(vcpu->kvm); } #else #define sev_guest(kvm) false --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C67933DD529 for ; Tue, 10 Mar 2026 23:48:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; cv=none; b=kF9nW9Jskb2MU4NmzI/7zsTixwa0dvZLGfiqcexkhlif2cmVyntI1W00YWfxkeWuPFu+JmfK+2+JA/7yS4N0RE4uNr2ft2rfsbb9an/9BNM0IuKvd738GSIvwTvWK1dfYhUVJd+choCkCG4GuyBRRWiVQPgQXNZr3s+F2MGhd74= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; c=relaxed/simple; bh=EAXd6U23TOM0TNLsWbdxjSjEvAZh9Ps8RAlEBkf+Mr8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WMPWoSeJhGwgnTNMNeeduPZzWWyi06VE07wrlOzek+fs6MV158nbl5NnjLsUV/dgXTxZ03lbs8MLkfYTkFYBFip/qxM2t/KqUqua2LUtQAHYJ/eru9DkAawH0hx2AaEpjzHBIfIQ2hHPyLRkybl0gLw5oxmomEOZ3jmrvM4gU1c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=olR06XDV; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="olR06XDV" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2adc527eaf5so82417735ad.0 for ; Tue, 10 Mar 2026 16:48:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186531; x=1773791331; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=EuE4VxLPE3eeqbVSDrv7j4XL4cakaBn+k4JWu7FqMLU=; b=olR06XDV8Ybj6d0sp9Rrjz+WsTQf6puOSrVKGVxWLz/ADazuC1pOF93aOtmj770EOQ G7MqFtoPCwDpRuUeTDiQWJSqXSyjXKkIUQky56t9mOc+iggsCXOCZJBtMXsKJJoThZ6U taduqY1GMx2A1heVCB94/yxAfMVXxcoOPa0KQyX4zk793XpRf9OxzI9ztYzJe++0erlT OnAl/n6wYUMzEB5xY2sty7uCvkFqMsd9v0fx6bSvphal9/hRv2QVUdOnSrEpK+RsnbC8 SyZwN0G7dQ9/quih2wEcRsrjnWnw++o8pAfY9SJsRanIeLaqTT0SUbYHeZg7/PWU/Ej/ ijRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186531; x=1773791331; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EuE4VxLPE3eeqbVSDrv7j4XL4cakaBn+k4JWu7FqMLU=; b=focgGFUVSDZVn/VJHA3YQsTxnaFb00mjWWx1JbUfThkRMihvUu8Weo3Ms3/wJjWnzl 2wWXSYzT/ddISqGjV1LcnQ3B9rhrGF8zfzt3iK6aADJGQmcHECgchlNbCdovuAQFqGR7 8Zfp0bopimjzk99KxfSjcc48Xe5l5GtkQboFT/5tdcnMZ15zmAXY37pYqsKFadlWLP8V 1ZsK7CmyvPJ/tZsQwCI4IncxOaV94SUmPG7W7EnrGshRSYY9n8CfZuiegeNcePTvpq8B z4Qv6KMX8klEY9TO9tsTKoB6xPnK4gcmvhSxTO11OLsBVClan9TYhxhIIbwBpFpeyvwF BCtg== X-Forwarded-Encrypted: i=1; AJvYcCUNuq7BN4CRfTGSvP98bFu+wgh+dEwUs0ClvEDnhMWcJVRCqOkrCjbmDXI2oOt+g9U/w4XSUFdKbOJEsiY=@vger.kernel.org X-Gm-Message-State: AOJu0Ywc476NA875xEfjYqaVbTwm8T8TR944CCGUGu6b2Xj/5GFU0euv N5saWTiNwLmPjYUeBRHMd6kclf9iVhC2l4RV5wSXfZBTiSn0YN0DjX4gNb+QAzEuLfPD4lZT8gQ JLpXBxQ== X-Received: from plbkm15.prod.google.com ([2002:a17:903:27cf:b0:2ae:4e8d:56b4]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:238d:b0:2ae:4911:4a52 with SMTP id d9443c01a7336-2aeae763046mr3121315ad.5.1773186530965; Tue, 10 Mar 2026 16:48:50 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:17 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-10-seanjc@google.com> Subject: [PATCH 09/21] KVM: SEV: Document the SEV-ES check when querying SMM support as "safe" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Use the "unsafe" API to check for an SEV-ES+ guest when determining whether or not SMBASE is a supported MSR, i.e. whether or not emulated SMM is supported. This will eventually allow adding lockdep assertings to the APIs for detecting SEV+ VMs without triggering "real" false positives. While svm_has_emulated_msr() doesn't hold kvm->lock, i.e. can get both false positives *and* false negatives, both are completely fine, as the only time the result isn't stable is when userspace is the sole consumer of the result. I.e. userspace can confuse itself, but that's it. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 0a1acc21b133..bd0c497c6040 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4487,9 +4487,17 @@ static bool svm_has_emulated_msr(struct kvm *kvm, u3= 2 index) case MSR_IA32_SMBASE: if (!IS_ENABLED(CONFIG_KVM_SMM)) return false; - /* SEV-ES guests do not support SMM, so report false */ - if (kvm && sev_es_guest(kvm)) + +#ifdef CONFIG_KVM_AMD_SEV + /* + * KVM can't access register state to emulate SMM for SEV-ES + * guests. Conusming stale data here is "fine", as KVM only + * checks for MSR_IA32_SMBASE support without a vCPU when + * userspace is querying KVM_CAP_X86_SMM. + */ + if (kvm && ____sev_es_guest(kvm)) return false; +#endif break; default: break; --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f201.google.com (mail-pg1-f201.google.com [209.85.215.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 513AC3E869D for ; Tue, 10 Mar 2026 23:48:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; cv=none; b=jH+DGf/o56hPvqu40oHF7JGXNOZtjBfcVsLCJyrvU7rpyrAjhQ9yN70KG/xZU+xQ+v9x9+RcVX4isW5DrF+e7Xq4hlQ5JJ6YhMbeqW9YxMpcNIlx8zJsEPblAc+dDUZkuD3+oC3BWC1EjXw7e4smuOnuhUiDCPK/2Oo0zB779ng= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186534; c=relaxed/simple; bh=90O6JzYqbzkgAxXkOD7D5rrxUZpMuuEbxgasWWkKpaU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=tkr59iD4KscDCV/1832YMv7mpAwOiPI9l6ZA/jPi9kMmHjDiE2dvim2ghYRZ51doMF51utYr7DLuZdYhJrrpSbCq5IVVu8x6NSa8mjrwg21moY69763Jiht6fA8KH+kHFQ0IXVq+eySQN3QaQjtEPrmBTTgyaNoiRvrNVf286pU= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MiXd1vrx; arc=none smtp.client-ip=209.85.215.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MiXd1vrx" Received: by mail-pg1-f201.google.com with SMTP id 41be03b00d2f7-c738f71723aso3401848a12.2 for ; Tue, 10 Mar 2026 16:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186533; x=1773791333; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=tD4Z1nqIAQC9F2Tarxi6stByrkCrz7QH2uC/2+jh2A4=; b=MiXd1vrxLnicyuYiQP2Vqp/LPwGVD9sasjmARKlsaPsFiEt4TWvhVWggGfUOMxJ1Ls tHv/p5zqOvqdXLsIrFFrG9vLYMl1SgtzhJwMAT2XoJ2J46u8nNcq9GBPGuqjhtDDeVW2 nNCKXp1VztwEmrB5mI01JxUp2/qM8nggJBdiYvIIlsmBWLUw4umqs7ybyRbVqCn+wisI o4CLh9GK8rMYNM6ZCNgZ7cCRoMr4PIU4FrAyK0E0avNDnZO8Es+1z11AjD6JCgTLeUUV CK0NtIZCeWbamIzvYMSiWs8u2vRj/l8+fyuk2f2dx/6h3mttAn4YxDkpf4BY19VmF8k5 cp4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186533; x=1773791333; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tD4Z1nqIAQC9F2Tarxi6stByrkCrz7QH2uC/2+jh2A4=; b=sGAEIrBUFynkJXLkRMzyZtBWYBS4dWRuL3Qgvq+CrwvwP+WBCIVjARDMQ5Fk+2wV+4 ihE2tyKoLxUJoOZDl2XOOB6LFlCFW/l08Wj+AxBa1kxxE+xInTZmaewbeoPHJWCXDp8c L9f2Ppov8BH/hJfBVNkeb1brRVg58ek0o4myHNbCIudzMNbPrIfP2VPBHD+1BMds70Sp PlyrwSw6EjS0WtWgyT+Q4WivTTscOzh4/znZp1xfBEKjEMipzjcsTpIQE96JtjSi9Lz0 cdHWnxhbJSolnYaR8u9EF9pzuACDsHuQy0lZySN37kSJLtfuiVusHH+aMaPr99cBFNpx JkxA== X-Forwarded-Encrypted: i=1; AJvYcCVF/+hrdgWOa9XhDaQts0HMyRPCBIASJDfTDP0HMCGUCT1jrw2lO1daiTXQJcadla0lEzUibh5+dWDE0fw=@vger.kernel.org X-Gm-Message-State: AOJu0YzvrpCFW9zA6ac0dBEBFcLLy6lWCMnhFA3ms/+h2gXam5BFHw/L wiiE49iDClQAkPzYy5jiKZ1u+9TxieXcUB1CG74+jEw/ecUXrpYNM7KeQ6KERJfdQGwypjNlXw6 zsIC5QA== X-Received: from pgkh18.prod.google.com ([2002:a63:e152:0:b0:c70:e97b:b573]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:1393:b0:398:96c6:b8de with SMTP id adf61e73a8af0-398c60dc911mr407994637.37.1773186532623; Tue, 10 Mar 2026 16:48:52 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:18 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-11-seanjc@google.com> Subject: [PATCH 10/21] KVM: SEV: Move standard VM-scoped helpers to detect SEV+ guests to sev.c From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Now that all external usage of the VM-scoped APIs to detect SEV+ guests is gone, drop the stubs provided for CONFIG_KVM_AMD_SEV=3Dn builds and bury the "standard" APIs in sev.c. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 14 ++++++++++++++ arch/x86/kvm/svm/svm.h | 17 ----------------- 2 files changed, 14 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 35033dc79390..0c5b47272335 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -107,6 +107,20 @@ static unsigned int nr_asids; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; =20 +static bool sev_guest(struct kvm *kvm) +{ + return ____sev_guest(kvm); +} +static bool sev_es_guest(struct kvm *kvm) +{ + return ____sev_es_guest(kvm); +} + +static bool sev_snp_guest(struct kvm *kvm) +{ + return ____sev_snp_guest(kvm); +} + static int snp_decommission_context(struct kvm *kvm); =20 struct enc_region { diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 5f8977eec874..1b27d20f3022 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -389,20 +389,6 @@ static __always_inline bool ____sev_snp_guest(struct k= vm *kvm) !WARN_ON_ONCE(!____sev_es_guest(kvm)); } =20 -static __always_inline bool sev_guest(struct kvm *kvm) -{ - return ____sev_guest(kvm); -} -static __always_inline bool sev_es_guest(struct kvm *kvm) -{ - return ____sev_es_guest(kvm); -} - -static __always_inline bool sev_snp_guest(struct kvm *kvm) -{ - return ____sev_snp_guest(kvm); -} - static __always_inline bool is_sev_guest(struct kvm_vcpu *vcpu) { return ____sev_guest(vcpu->kvm); @@ -417,9 +403,6 @@ static __always_inline bool is_sev_snp_guest(struct kvm= _vcpu *vcpu) return ____sev_snp_guest(vcpu->kvm); } #else -#define sev_guest(kvm) false -#define sev_es_guest(kvm) false -#define sev_snp_guest(kvm) false #define is_sev_guest(vcpu) false #define is_sev_es_guest(vcpu) false #define is_sev_snp_guest(vcpu) false --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F14753ECBC0 for ; Tue, 10 Mar 2026 23:48:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186536; cv=none; b=O6siEQ+oSumXGsVwube/UWeDGkIcijgn4ZDgqiiNOE0vRKlbaWGIW5pO6bOixgdtV4BxAIITHkMMZAr63qegTc2AaLd8VrYP6LUTIRbxaoUi6O4jr7vGBQlKN8EMTCiAc60I8Wd+BY++MHs11Aen1B3nW5xJrmSdcaH4O6nz55Y= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186536; c=relaxed/simple; bh=8ne8MkK4K85JoNzXsxwnssB6HZgQt0IZT4YFEhXWxjA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=CRKfPUarAlvA8Odh0ZpgO/dXnYiGGGsGjLtBZbOcIHul8BNcXDQBYIn42tvC25ErlWn6opyQ/X6SXNMAc3rI1yHJnxXClP+MaZIFCnmfhc2qUw2B164E65GWTZCP958ZV7hr9omqUEL69nv/XfkFY3g1H3d54hYwj+SsLMrPZXg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=TKEqC8by; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="TKEqC8by" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2ae4af66f40so106205855ad.1 for ; Tue, 10 Mar 2026 16:48:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186534; x=1773791334; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=CPjkzUEfG6jizjcDCrY5SRP9ZwheMlXTocmku9Giv8g=; b=TKEqC8by+mU/c43pBylV3HIPp8WbmIMbzU+hZIw7szInuIUfytG0Bqy0KRLBa6v6TO bUQGFhMp2DlM8aPDWvANzU+7++Ds10p8aFXos+iaanSmdPuXDjb92qFHsrhjrT8qqAjy dyMuO2FWP6+6wCmg/BVvOJZ7kQt7cssDOazd40Fzo7FAGTxysB3Jed1j/H7rpa5Y4l0g PLk/ITymIBCoJsROx0kLbHfwtNzEXs3guJw1PPPrZE2kBH6d7ZONg0I1Xr7WkNcsRZ39 QKyGGSE/EYopPsdVGaEu4OuJRwMzrndlEMl2U0cUuvLLuk/XOx2dXsVPKDXI0oOTw1k8 f9Dg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186534; x=1773791334; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=CPjkzUEfG6jizjcDCrY5SRP9ZwheMlXTocmku9Giv8g=; b=D9BWDjo8dCZsZ64LCiivj06xwJUcNu835GtSWKs5l2KHXzQd/Q88LnLHzwb9uzleh1 pAOVOLQ4kzod2IJcLZlIiyTbBGeqF6Qyx9dEhHNr56aGqN3qoML2pAS06w9Do0Q+YmN2 BFH1zLAt2swcEaGeVJBrpvyfWcf8xfRFuWfMCBPsK4LYsH4In5JvOeWB0FtLdEaCmg+D ENjB0C6C5Qk8UJIvVCQOp9IDKX8wGX79/vwJ0oGtmXv+Y+sHPM9DD+O2wf7fame0IqHx ZEJzy6ZyppVgO3QpnpF/+CYh1RvFlMKKocRb3XtaMw/e4Y0an3cvrTAyExNx3hU3n3Mu +2qQ== X-Forwarded-Encrypted: i=1; AJvYcCWMGTY4fxT2dx3XdR1AGCj4A7L+v3cuzJ5t0Fb7MdKDbW24LWTYwQ00yovQbQBrl5tX6/KupqTRaArHID8=@vger.kernel.org X-Gm-Message-State: AOJu0YxXSghFKPriV9KJJ20cMJXLVtN4CHAIURYSLb2E4fJod/6+OJDX IwXaD8cbARFLAYOXcZY4n4nCFolT9aqeYbFFFpGBJ3JrOu12aoH6qmgk601ERehLaJLwGojLOG4 hkxB6/Q== X-Received: from plv14.prod.google.com ([2002:a17:903:bce:b0:2ae:506a:658]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2b0c:b0:2ae:450c:951e with SMTP id d9443c01a7336-2aeae7d35b2mr4781825ad.17.1773186534257; Tue, 10 Mar 2026 16:48:54 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:19 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-12-seanjc@google.com> Subject: [PATCH 11/21] KVM: SEV: Move SEV-specific VM initialization to sev.c From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move SEV+ VM initialization to sev.c (as sev_vm_init()) so that kvm_sev_info (and all usage) can be gated on CONFIG_KVM_AMD_SEV=3Dy without needing more #ifdefs. As a bonus, isolating the logic will make it easier to harden the flow, e.g. to WARN if the vm_type is unknown. No functional change intended (SEV, SEV_ES, and SNP VM types are only supported if CONFIG_KVM_AMD_SEV=3Dy). Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 15 +++++++++++++++ arch/x86/kvm/svm/svm.c | 12 +----------- arch/x86/kvm/svm/svm.h | 2 ++ 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 0c5b47272335..e5dae76d2986 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2928,6 +2928,21 @@ static int snp_decommission_context(struct kvm *kvm) return 0; } =20 +void sev_vm_init(struct kvm *kvm) +{ + int type =3D kvm->arch.vm_type; + + if (type =3D=3D KVM_X86_DEFAULT_VM || type =3D=3D KVM_X86_SW_PROTECTED_VM) + return; + + kvm->arch.has_protected_state =3D (type =3D=3D KVM_X86_SEV_ES_VM || + type =3D=3D KVM_X86_SNP_VM); + to_kvm_sev_info(kvm)->need_init =3D true; + + kvm->arch.has_private_mem =3D (type =3D=3D KVM_X86_SNP_VM); + kvm->arch.pre_fault_allowed =3D !kvm->arch.has_private_mem; +} + void sev_vm_destroy(struct kvm *kvm) { struct kvm_sev_info *sev =3D to_kvm_sev_info(kvm); diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index bd0c497c6040..780acd454913 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5093,17 +5093,7 @@ static void svm_vm_destroy(struct kvm *kvm) =20 static int svm_vm_init(struct kvm *kvm) { - int type =3D kvm->arch.vm_type; - - if (type !=3D KVM_X86_DEFAULT_VM && - type !=3D KVM_X86_SW_PROTECTED_VM) { - kvm->arch.has_protected_state =3D - (type =3D=3D KVM_X86_SEV_ES_VM || type =3D=3D KVM_X86_SNP_VM); - to_kvm_sev_info(kvm)->need_init =3D true; - - kvm->arch.has_private_mem =3D (type =3D=3D KVM_X86_SNP_VM); - kvm->arch.pre_fault_allowed =3D !kvm->arch.has_private_mem; - } + sev_vm_init(kvm); =20 if (!pause_filter_count || !pause_filter_thresh) kvm_disable_exits(kvm, KVM_X86_DISABLE_EXITS_PAUSE); diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 1b27d20f3022..7f28445766b6 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -899,6 +899,7 @@ static inline struct page *snp_safe_alloc_page(void) =20 int sev_vcpu_create(struct kvm_vcpu *vcpu); void sev_free_vcpu(struct kvm_vcpu *vcpu); +void sev_vm_init(struct kvm *kvm); void sev_vm_destroy(struct kvm *kvm); void __init sev_set_cpu_caps(void); void __init sev_hardware_setup(void); @@ -925,6 +926,7 @@ static inline struct page *snp_safe_alloc_page(void) =20 static inline int sev_vcpu_create(struct kvm_vcpu *vcpu) { return 0; } static inline void sev_free_vcpu(struct kvm_vcpu *vcpu) {} +static inline void sev_vm_init(struct kvm *kvm) {} static inline void sev_vm_destroy(struct kvm *kvm) {} static inline void __init sev_set_cpu_caps(void) {} static inline void __init sev_hardware_setup(void) {} --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9EEA83F164B for ; Tue, 10 Mar 2026 23:48:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186537; cv=none; b=SIpeVQtQhigpgo7W5B0HjPPvl5krEZWt/2AOUzofL/Zh5gSKdsY8xpC5czl9MwoeizX8B+iFzlrnka+mbUVsq+SpME3cxPSzjFA+tILRLdmhLPk+AjQFplHICtKvbFxqncFJrAPPc26Ezhnq4jExB5Lk9MG9d0rP4vOf43rGCVc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186537; c=relaxed/simple; bh=ijcut67xN4CRBOz4C3fEZ3fWCluP+xATTUXzB3lsp0k=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ZuMzBtB6CpCKPbO4FEz2preG8jGnSHjRPDdWnHZegQhtnNv6pzeV0g2DvHtXwpbRMOJFPs9C2tnzk7JRmLqMK9D2sNqODX8C22taDN5rw6idwxRBII4EZ/eUHZkwlLMeuQcmVrOYR/mIK8kbZ45I4H6ljHzPvchA6JL5g1l7fak= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=OsUl+jc1; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="OsUl+jc1" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2ae50463c39so96049055ad.1 for ; Tue, 10 Mar 2026 16:48:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186536; x=1773791336; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=IkZbacKi2/io3/Px84Zc7YCbNlt1jj22ioCAhRfNNK4=; b=OsUl+jc1/bmL4GSWMnpdiG7pqpbEIyDU/BsSouSfwt0EhWZM2Lhp2RkMt7dn9MfDPR REi8TkKYBo2LLGWxOiHQx8QrsaWrDsZX6KhsowRcqLMyHtlwORVyF/Coseh4FbaBvZOY QErk8s8TTFEoTVRLrXaN+JaqCn3376e8L72PTBfP9r3MINAveyqT7hbv61APfcyj0Xaa fNtRbWelIgO4TYAYzJUjZxLhDW6xbwBie2il62v07LB3jb6fynJEuEYTxyz+DLtncKov dPNK5DBe4h61FhKpL4ygHQEwK2p10P3Hl8Zroyl3Ymj9TAAS10ettnswIegemhuT9m95 Xk9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186536; x=1773791336; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=IkZbacKi2/io3/Px84Zc7YCbNlt1jj22ioCAhRfNNK4=; b=MX6NkPviyZUPmNnt6O6UywqpwauxzUYQmWUJC2rpbhQAWikQ7RpVYNle++oyefwuCP lr9jSHLhsHM/zYcxq53uwYRPrFUCRWw04M+q22eUc4MCAz6+Kv5D7MRyVELLHJxSN5Md deEZn701co5zxdctWKtLb9bom/nDdNfQwYm3herwPCoi5OC4rufHrDeWbnPCRG8TPnMe jxSP1t13Iw2Hs8yYB9RsvsiSlvIHwS+cmc0NrNw8Fgv71DN64yIkccVgpvjvbwIWtcZv 1Wb9GS76Hhw6mpk8cgSb3y2UkWbKXhkVWrvzQeil0gYTgNqW8cmcm9cABc2bFUq/FiH9 vmhA== X-Forwarded-Encrypted: i=1; AJvYcCWFTMOGKyoYZ0aAsvKp07y03f0JQgwCc/yQ2p/YlSR+g7LgcVec+sgypv6vruUKwbxn521Yfood1Ru5WDc=@vger.kernel.org X-Gm-Message-State: AOJu0YxN0QA19IV1AJ79N5Pzrcsqz4KC087ZshJD4wV5V++hAzyUstWv tcN2YtYVKWzggziwFC3ryJTR4ritMnpBmCjY0xQ3J/H20MarZcjO4pptomKJu7NhWkJdUyd2phK OIpPhuA== X-Received: from plbv8.prod.google.com ([2002:a17:903:44c8:b0:2ae:aa88:59dd]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:d488:b0:2ae:5b64:12da with SMTP id d9443c01a7336-2aeae90b632mr4856785ad.45.1773186536084; Tue, 10 Mar 2026 16:48:56 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:20 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-13-seanjc@google.com> Subject: [PATCH 12/21] KVM: SEV: WARN on unhandled VM type when initializing VM From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" WARN if KVM encounters an unhandled VM type when setting up flags for SEV+ VMs, e.g. to guard against adding a new flavor of SEV without adding proper recognition in sev_vm_init(). Practically speaking, no functional change intended (the new "default" case should be unreachable). Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index e5dae76d2986..9a907bc057d0 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2930,17 +2930,24 @@ static int snp_decommission_context(struct kvm *kvm) =20 void sev_vm_init(struct kvm *kvm) { - int type =3D kvm->arch.vm_type; - - if (type =3D=3D KVM_X86_DEFAULT_VM || type =3D=3D KVM_X86_SW_PROTECTED_VM) - return; - - kvm->arch.has_protected_state =3D (type =3D=3D KVM_X86_SEV_ES_VM || - type =3D=3D KVM_X86_SNP_VM); - to_kvm_sev_info(kvm)->need_init =3D true; - - kvm->arch.has_private_mem =3D (type =3D=3D KVM_X86_SNP_VM); - kvm->arch.pre_fault_allowed =3D !kvm->arch.has_private_mem; + switch (kvm->arch.vm_type) { + case KVM_X86_DEFAULT_VM: + case KVM_X86_SW_PROTECTED_VM: + break; + case KVM_X86_SNP_VM: + kvm->arch.has_private_mem =3D true; + fallthrough; + case KVM_X86_SEV_ES_VM: + kvm->arch.has_protected_state =3D true; + fallthrough; + case KVM_X86_SEV_VM: + kvm->arch.pre_fault_allowed =3D !kvm->arch.has_private_mem; + to_kvm_sev_info(kvm)->need_init =3D true; + break; + default: + WARN_ONCE(1, "Unsupported VM type %lu", kvm->arch.vm_type); + break; + } } =20 void sev_vm_destroy(struct kvm *kvm) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 911D33F23CE for ; Tue, 10 Mar 2026 23:48:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186546; cv=none; b=n1YyFNT/n8YI6oL7TEaTigtX1b9ZVYVbgNwwBmhLgABLZnDHUZuKePEt49xIo7xm6OgiDxjgZYu4qVwYl1pZo1hrLdayAiqJg1Se3txz51vtn9F6WUSAeVRY6l3tkBr4N2q1TbSkoihyxbQFQKTuRzEpueP3AT6EIWcax2ekfmw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186546; c=relaxed/simple; bh=yLT9leD6tbVXClrxr+0/anPB/JESBZGwpnCJuvNlJGU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=pPb5apX4qsqeKvgsU0tMWEQaDt9mtUZ9aVy808d6+s5AiXs0QylGn5RlgwR79alwdoyMTZQCLVHFHByGfGYgx5QT5Je6EzWCDDzP5Nx2cjH0JH52y21BK+Cp8772sUPMzABu68qjfNd6hsR65aGbbTk2yKzh1+ViBwPn+hCpYQk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=G1tSQs9h; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="G1tSQs9h" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2ae65d5cc57so411469475ad.2 for ; Tue, 10 Mar 2026 16:48:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186538; x=1773791338; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=yv2t64tdKmKRfKfd/MV+khzQ98ceOtJdslfcnGZwzWg=; b=G1tSQs9hnp0MBiTTkvjLSXehIcjKGFpKHS1Fd0fN3gpVmpkzSnNMpftqDyrGbT90yf nmp17v15sEkNG+3Ur0Flh3Aq2xB4g+tPJHQg/GDSL/UJFXcO3ZAPEqOvc+8uPwqW55mZ T54XMZQfNJLtDb1qBXAezOQ0R7Z/jLqjd7F/j2vKGLRNXgUYRyhj3yMDFgNlk1PSarpL RbqoZH0lKHRnSc0OO0PBznbcaBcY+VTLZB490omsK7fhGlxNHXdzjQy3LY2b4vq8nVW+ vgFukN7Nepuq1aZekTw81B+kzNsxQcq3WFrLmbIb8+fDsd58W0f4anqbcAsnnpiCafYH Bqlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186538; x=1773791338; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=yv2t64tdKmKRfKfd/MV+khzQ98ceOtJdslfcnGZwzWg=; b=atbi/pT4C8qAIrIzgKQCHLOMkx37vSwcmEg5sAwv93dB9FUnUOCSc6Aq9niPJ0HZbD UPq9zqGKFEQyQGjQmIiA0k/Lrh751LNd7Xs9RLmPj6ouZ8tU+fSFVhmH0xkt7ZOii7AD a2YaDSA+OBeENAIgn+TDqKIgQRpr2Vnek/vGUcFM3Qd7NyGZ6Mi0N11+KOuZO5ij9HCU 35nUXeBNLROsA6heqiFTUwu3D4iJ0lOkbie/BYSWCdmczRFy6psm9Ui0p2iwhtzglnSz Moc2uzqWaonKaVYTbuQAWakZ6ZWdxafnTG24TRWTbBUNce4xqaGYvDd9/wpQc7Il+oB5 6puQ== X-Forwarded-Encrypted: i=1; AJvYcCWCM54wPK2OL/NCHTeuw4Q5kgV30ZNd376mU41hufuwcewhKZhMbWwoyJ74my0IlmjhYVYGzV9LxVISHb0=@vger.kernel.org X-Gm-Message-State: AOJu0YxbPcmj0Wuc8+1xnb+7wzeSeFOU3oXtitxX2zylq2CrC++9pLDV eFa8yEKv56cIVo2wE3gMD5uRHwkuxeqH+ygceg62vBHzSdvrD48XkXykIgeDw0HzFuJFdxiYVvk bph/VNw== X-Received: from plsl9.prod.google.com ([2002:a17:903:2449:b0:2ae:3d76:eb1b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:2b03:b0:2ae:5b52:3818 with SMTP id d9443c01a7336-2aeae76f543mr5386855ad.8.1773186537997; Tue, 10 Mar 2026 16:48:57 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:21 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-14-seanjc@google.com> Subject: [PATCH 13/21] KVM: SEV: Hide "struct kvm_sev_info" behind CONFIG_KVM_AMD_SEV=y From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Bury "struct kvm_sev_info" behind CONFIG_KVM_AMD_SEV=3Dy to make it harder for SEV specific code to sneak into common SVM code. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/svm.c | 2 ++ arch/x86/kvm/svm/svm.h | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index 780acd454913..e6691c044913 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -4215,8 +4215,10 @@ static void svm_cancel_injection(struct kvm_vcpu *vc= pu) =20 static int svm_vcpu_pre_run(struct kvm_vcpu *vcpu) { +#ifdef CONFIG_KVM_AMD_SEV if (to_kvm_sev_info(vcpu->kvm)->need_init) return -EINVAL; +#endif =20 return 1; } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 7f28445766b6..58c08ed0819a 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -92,6 +92,7 @@ enum { /* TPR and CR2 are always written before VMRUN */ #define VMCB_ALWAYS_DIRTY_MASK ((1U << VMCB_INTR) | (1U << VMCB_CR2)) =20 +#ifdef CONFIG_KVM_AMD_SEV struct kvm_sev_info { bool active; /* SEV enabled guest */ bool es_active; /* SEV-ES enabled guest */ @@ -117,6 +118,7 @@ struct kvm_sev_info { cpumask_var_t have_run_cpus; /* CPUs that have done VMRUN for this VM. */ bool snp_certs_enabled; /* SNP certificate-fetching support. */ }; +#endif =20 struct kvm_svm { struct kvm kvm; @@ -127,7 +129,9 @@ struct kvm_svm { u64 *avic_physical_id_table; struct hlist_node hnode; =20 +#ifdef CONFIG_KVM_AMD_SEV struct kvm_sev_info sev_info; +#endif }; =20 struct kvm_vcpu; @@ -364,12 +368,12 @@ static __always_inline struct kvm_svm *to_kvm_svm(str= uct kvm *kvm) return container_of(kvm, struct kvm_svm, kvm); } =20 +#ifdef CONFIG_KVM_AMD_SEV static __always_inline struct kvm_sev_info *to_kvm_sev_info(struct kvm *kv= m) { return &to_kvm_svm(kvm)->sev_info; } =20 -#ifdef CONFIG_KVM_AMD_SEV static __always_inline bool ____sev_guest(struct kvm *kvm) { return to_kvm_sev_info(kvm)->active; --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 912733F23CF for ; Tue, 10 Mar 2026 23:49:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186541; cv=none; b=UnAlSqcHKi2VpKqWhKI2GclF8flPucjC26tAAdUZka01uDnFLmh0ZV//lw4p29kPxRFBbxtYZxHNrWVZnRKjjQpHKPnUonwH27EnlDmVzsh21NyOg3B+MieeVmDzESjI/9wdd3ITjtHvBjxD97ZjgBebuY1iofMYnxKD6/6DHs8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186541; c=relaxed/simple; bh=s5PHNN6ivra7JTqKpFtmgQ4VhrnCt+DVMv2IumBMKZQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=F83OvMrvflQWhvzOop4iwYhtKhyj11fXB2uC9oKiUOdx2Xa2/7yB2XDr9BPur2y6fqrdygotUf4MQ6QwX/NfzZpaSn8Bz5nxrp7rBdGMqjFkl3KhZp0sp16kgJzwIzmcLW1Ln/C9Xw8YakuqljZbX5bJWW/qeKg50ALnZSwFNnk= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MeMrgjih; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MeMrgjih" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2ae3badc00dso115224895ad.3 for ; Tue, 10 Mar 2026 16:49:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186540; x=1773791340; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=v+UG8GmpftbH/hU/LDZZ4z/cbiXMAWddtqqIMRz+5yA=; b=MeMrgjihuw22a+0ulO/nBGiAgTcFplvjDfNWUI40kLa07iJK+J55UXNSJFbiLonhrW yR+FVR2T82MwIXIIRHNb31ULw56ZWQ9tK53d0zTLWOe5Y06KYKUNBcBc0N3YrSOjvSHK xEFt5zbHPOKRDZjPZGsT5jM0q9LX4WQo6Q1Nf3HtSt64ixkCuzbPlRgF2IWHDdj3vLqI 4r5dMkz9ND1zgOxg3Qt0svUVw0x1RXMuBjYDRMK3/YmpVuicMwnMIGCnWw8AXS8/QmZ9 yP9Mm7Fia99h+HbdOh00KhW48DCyOQy5MWXRcf5yBNrgUgXGEbBF0HGCngD1KcCMih/Y ouTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186540; x=1773791340; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=v+UG8GmpftbH/hU/LDZZ4z/cbiXMAWddtqqIMRz+5yA=; b=FgMVM0xtHoovhH0vFSbMrH3bzv0u1eA/Rno5DMJ4R0yJFDw3VhN7Iq6OHOj7oswyFu VqSGAPjEwosnEjeT1p6fOS5aRirzBWknwtkf3L4o/5QqMS9AH6yJgKLmjqzujgOWYK+f c1P65f694kf2tSh3lxq1DjwsoZEUxIsmzfv2pxSQSqtWFivsm41GIHsh+oT9eZBBAknv b7ZwvmDoUY6YzrvqmwD5dZeRVm09/BbR6NBjXprVxdy/vVkXxRAJ34J9KDKR4n1qScqL LfjOj9e69EYK0vMxFTv9wHGr293s1X7OKs6dBlW9uowQ57xlwpDUqCYMpGMIgZOw7pu+ mkKg== X-Forwarded-Encrypted: i=1; AJvYcCXccSaxGkPG4Go/5e91dFkNSZuHJLyoPhQeKtgA7rYEXhBQLzOpnjJqp8igYiby6b3mKh8SxGK2og83+NQ=@vger.kernel.org X-Gm-Message-State: AOJu0YyL5c7KriS00qcnOD6P8JQByqlzDtWlZAPM+h2FTsCODyzhF5NQ Vq9uxHQuuNbXrBqCOKXoSE30kfdKbeeQLi+RIL9HlcJqrfPeNAZNcWbXGMCjZNf2y/CPwYM0Oc7 PKdgwNA== X-Received: from pldy4.prod.google.com ([2002:a17:902:cac4:b0:2ae:3a49:7600]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:4b4b:b0:2ae:5eab:1338 with SMTP id d9443c01a7336-2aeae795720mr5642965ad.8.1773186539824; Tue, 10 Mar 2026 16:48:59 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:22 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-15-seanjc@google.com> Subject: [PATCH 14/21] KVM: SEV: Document that checking for SEV+ guests when reclaiming memory is "safe" From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Document that the check for an SEV+ guest when reclaiming guest memory is safe even though kvm->lock isn't held. This will allow asserting that kvm->lock is held in the SEV accessors, without triggering false positives on the "safe" cases. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9a907bc057d0..7bb9318f0703 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -3296,8 +3296,14 @@ void sev_guest_memory_reclaimed(struct kvm *kvm) * With SNP+gmem, private/encrypted memory is unreachable via the * hva-based mmu notifiers, i.e. these events are explicitly scoped to * shared pages, where there's no need to flush caches. + * + * Checking for SEV+ outside of kvm->lock is safe as __sev_guest_init() + * can only be done before vCPUs are created, caches can be incoherent + * if and only if a vCPU was run, and either this task will see the VM + * as being SEV+ or the vCPU won't be to access the memory (because of + * the in-progress invalidation). */ - if (!sev_guest(kvm) || sev_snp_guest(kvm)) + if (!____sev_guest(kvm) || ____sev_snp_guest(kvm)) return; =20 sev_writeback_caches(kvm); --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pj1-f74.google.com (mail-pj1-f74.google.com [209.85.216.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2C7633CAE89 for ; Tue, 10 Mar 2026 23:49:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.74 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186543; cv=none; b=ZSaisqPbzw6A7L9Y6tYeLlftPyiph1p+wvoa8zvIfzGqcdcJDGivawOnAaf4GLmxoTid8sSRGAKO737jCRNwoizcdodasaTIaMZ+i+zFBScc+oWE3ktYb4l06owobBw/oaRhFbA2ydPPXBPNYjZvLOfL25vDR/4B2vEegxhXbTg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186543; c=relaxed/simple; bh=uVoR9Xe4mRfHE6loxSVhvjcSNc6aBMfQ8wHKJPqrrOc=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Eu8us8ie3/OJ+BMK6GsS572i7bi/WIjCBQ7Pvz2h5g93dYBR/ggXaD0HL4gIoZ+EnW1eIcYC3wh2bWggQlyMg0vYao96WqRIGSKBtn86EoImxeOOR6gAj3i2nmetJlyn7OrGxPvesLLphjRcrBAEL299c+VlcsYzB0tSfrRK4Kc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=j0n9jp7h; arc=none smtp.client-ip=209.85.216.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="j0n9jp7h" Received: by mail-pj1-f74.google.com with SMTP id 98e67ed59e1d1-359f31809a0so6436236a91.2 for ; Tue, 10 Mar 2026 16:49:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186541; x=1773791341; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=gENHh+LHHspcmPyJqV4yOmmwYVieLWgsYWBJG3PvZfE=; b=j0n9jp7hWsJEOfwS46O4qU5dAFnw1Ded1NVV1k1Co0N5SebsGDwWPE4wlsMXfSgsuK LHFSadnR4VJuJXJDqD1mOADzwtUp1A0ZSXS3FBLZz/+6TAeBx9yElMEcTOJAoAijDYRj 9KzJr2VfDwiJY6tu6Zf17LRswD4MPFY7wULU+AGVNJuZHXX1O47QVABXLcu/D/EeibgM VclmVIZUnlzakmTeYOoRiZoPRgmE1rpKZ7HbF8VEmSB6HMIlKWF6NtuCRNSih/JyrbUz rYNbKu1YlJLbL9907i/cUX0qa+dMqaKjtvv1Agva9YhQ/TTKzMUi+VywefHakOlmA6kQ 5lVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186541; x=1773791341; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=gENHh+LHHspcmPyJqV4yOmmwYVieLWgsYWBJG3PvZfE=; b=O+HsBCKBmyRmwdizOL6SOxU15BhVi9ZWTxlq/zqpmPSd0+WH3JJ8Hzska+tduTqQX3 0kVIF1Vs4GmE+BmiIvrBtdVd9gKtybdXmOBwx93ASyXTmzq22RNnsi3p+FAGYArSa4L9 g2PL7p3HmPIZHyiE2ovL0COzkX4NSZj5E0Sh9x8ng0e2qaGa9AZfK7WDKhGjP2EzYK6S zGABVLzHtTvJpD9mtPSRL+dvorhl4mBEXmW8H0chzHjvn1q0eRxFtGb2KBO1mCUD5+zS RQginHJZtpLtYufenFwY+cCEPRTqwnkOoJRQMR3XWLEJb4ih1yd+uj34r/WZlkD2txmv NyDA== X-Forwarded-Encrypted: i=1; AJvYcCVNcsLC01j4ClEHPsQl9oKteZXjbY+ubPu7CotDvQD57UfcyFa3u4zW13SDYj1ObhIsN7VfB89GRwdelMI=@vger.kernel.org X-Gm-Message-State: AOJu0YzKVMrQkLfE8I4hkPfYnUMhVghURWtmBYDkcqUXL8Ba/dgYf3u7 wOMyU98lV6dsTaQLw3ecpk1DGb04Ze9dzHXltNBvs3ph3nGS8NoIk8bnx5toW9NIMT6AN3Uw96m hP5Ogeg== X-Received: from pjbbx13.prod.google.com ([2002:a17:90a:f48d:b0:359:f1f1:7bcb]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5743:b0:34c:fe57:2793 with SMTP id 98e67ed59e1d1-35a0138a096mr508515a91.20.1773186541445; Tue, 10 Mar 2026 16:49:01 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:23 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-16-seanjc@google.com> Subject: [PATCH 15/21] KVM: SEV: Assert that kvm->lock is held when querying SEV+ support From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Assert that kvm->lock is held when checking if a VM is an SEV+ VM, as KVM sets *and* resets the relevant flags when initialization SEV state, i.e. it's extremely easy to end up with TOCTOU bugs if kvm->lock isn't held. Add waivers for a VM being torn down (refcount is '0') and for there being a loaded vCPU, with comments for both explaining why they're safe. Note, the "vCPU loaded" waiver is necessary to avoid splats on the SNP checks in sev_gmem_prepare() and sev_gmem_max_mapping_level(), which are currently called when handling nested page faults. Alternatively, those checks could key off KVM_X86_SNP_VM, as kvm_arch.vm_type is stable early in VM creation. Prioritize consistency, at least for now, and to leave a "reminder" that the max mapping level code in particular likely needs special attention if/when KVM supports dirty logging for SNP guests. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7bb9318f0703..cbb5886304fa 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -107,17 +107,42 @@ static unsigned int nr_asids; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; =20 +static __always_inline void kvm_lockdep_assert_sev_lock_held(struct kvm *k= vm) +{ +#ifdef CONFIG_PROVE_LOCKING + /* + * Querying SEV+ support is safe if there are no other references, i.e. + * if concurrent initialization of SEV+ is impossible. + */ + if (!refcount_read(&kvm->users_count)) + return; + + /* + * Querying SEV+ support from vCPU context is always safe, as vCPUs can + * only be created after SEV+ is initialized (and KVM disallows all SEV + * sub-ioctls while vCPU creation is in-progress). + */ + if (kvm_get_running_vcpu()) + return; + + lockdep_assert_held(&kvm->lock); +#endif +} + static bool sev_guest(struct kvm *kvm) { + kvm_lockdep_assert_sev_lock_held(kvm); return ____sev_guest(kvm); } static bool sev_es_guest(struct kvm *kvm) { + kvm_lockdep_assert_sev_lock_held(kvm); return ____sev_es_guest(kvm); } =20 static bool sev_snp_guest(struct kvm *kvm) { + kvm_lockdep_assert_sev_lock_held(kvm); return ____sev_snp_guest(kvm); } =20 --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DDA153F32AE for ; Tue, 10 Mar 2026 23:49:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186547; cv=none; b=Eo9gIpGhNTwdCjkllnuNt7dPNO1A+qCFArOu0uToaPjmDQ41eiH45LEudCO56zCXk807jOuhc6fP81g+BaEpmqcvKZmW88jVoVVf9q0XsVPzYFs7L8EkDFMhdgXvkNCbIZ0pMOp2gX0POKr9Lb8B+TP0PhDTUNSlRiBkId1+mJI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186547; c=relaxed/simple; bh=a+yWtnTa9sO4rPU2hZ741rzOJs/zu36KXomkjGQRtys=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qsNyBPAf8g5yciC9/6YRw14GJ8Cle2y+OlOL7TWTMTIwFOVSupyUQjYkj1g6SVTNX8IgdgrUbfQA8FUqD7MFY0R7Ch3WXHU1C+G8iADnLNs4TidYfBEI/aQ18kZjqJbPist8bJP2RfaWoYMdIPMNMO/JNg7rXpGPoUn0Dltxd6c= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3NRK5Cm0; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3NRK5Cm0" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2ae50463c39so96049915ad.1 for ; Tue, 10 Mar 2026 16:49:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186543; x=1773791343; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date :message-id:reply-to; bh=h2W+vx33PxDPD5fB6lzV3xxuVrFoYQtOIge3J7XoMco=; b=3NRK5Cm0DbusptKEFLOnfW1qLtPVgFKkd/Gi36q8dbeOcyUCxxX5Dm725NwVt+HVul f92VoGeIfDgUAEW7ZJFQFDRdxC69wxGoZj4CGWmqTsIUjrYMFEzR9/NGMFcwstJts8g3 Yt5q3SXCpljEsykgONZKTbxg1041MGMHXQFUgJg55SvUvQmS89UpxIZv3CQOSWJ9siUa b2jmWQixDA6BEgaZlrHbARTYIwT71ULRSG4triY+MtQDuUwUCBM0y6GMCmrJTr2QRJeP SH9t1rHdTvgL7qPVkUuASVEi1xYY7nDH0N7QZ+Xa8PzPoNAjf9xY6O836pxL4QBbWZQw nsTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186543; x=1773791343; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=h2W+vx33PxDPD5fB6lzV3xxuVrFoYQtOIge3J7XoMco=; b=fBUdJKNHX3HSBElCWNzdi3ce8UKMFJ9KxT9jLd+IteSDIJY7ZqSlsAvtyPenOb3CfR o/j1t9MY6x5/yd4Zp2sE4SLyJOBOi0KfIyO+nPe1YazU+ODB+uxqbqNsCa6yyGP02fSB +fShYv+4sM1bKxvUI4BriMHosPYBgbusLfNGxmGfmu8WaEIZA6bL9y/29Mn/oCLQHGfl P4n7kPJzdRpDAhqKryx9T96u/FeO2fshiDfcvobAVoBIn/scfrlxGqNoJIGnPtlPYUjn 5h/Zg2yRYFsaGFmIboF/deF9TgW3JmEJbt2ejvN68fYg2ZpTWonbcFSyOTM0tehaeWgB EbxQ== X-Forwarded-Encrypted: i=1; AJvYcCWzTIwPj8ulJXAUeZxJPunHBDjGKynzR0AFW4l2AxjOY8HtB05H7IEVMPhxRDkrTzyFUKiYqGEzACk/Trk=@vger.kernel.org X-Gm-Message-State: AOJu0Yw+KcWr5YlDLjp2oXPLcdtMJ6TOs3UoNqguGuhT1NDSZl3cVoXV 53UMY6xQ9I6Mwgp9GxxmDlbaxjic3iW4eXtHoZ6tum/2y/x8OZ074BljAp1gFjvdX+bTGHP2wF/ rrg0WyA== X-Received: from plmk8.prod.google.com ([2002:a17:903:1808:b0:2ad:ca86:4f]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:ec8c:b0:2ae:422d:6ed1 with SMTP id d9443c01a7336-2aeae7a32c3mr5261305ad.10.1773186543260; Tue, 10 Mar 2026 16:49:03 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:24 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-17-seanjc@google.com> Subject: [PATCH 16/21] KVM: SEV: use mutex guard in snp_launch_update() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Carlos L=C3=B3pez Simplify the error paths in snp_launch_update() by using a mutex guard, allowing early return instead of using gotos. Signed-off-by: Carlos L=C3=B3pez Link: https://patch.msgid.link/20260120201013.3931334-4-clopez@suse.de Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index cbb5886304fa..b559d7141ae9 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2405,7 +2405,6 @@ static int snp_launch_update(struct kvm *kvm, struct = kvm_sev_cmd *argp) struct kvm_memory_slot *memslot; long npages, count; void __user *src; - int ret =3D 0; =20 if (!sev_snp_guest(kvm) || !sev->snp_context) return -EINVAL; @@ -2450,13 +2449,11 @@ static int snp_launch_update(struct kvm *kvm, struc= t kvm_sev_cmd *argp) * initial expected state and better guard against unexpected * situations. */ - mutex_lock(&kvm->slots_lock); + guard(mutex)(&kvm->slots_lock); =20 memslot =3D gfn_to_memslot(kvm, params.gfn_start); - if (!kvm_slot_has_gmem(memslot)) { - ret =3D -EINVAL; - goto out; - } + if (!kvm_slot_has_gmem(memslot)) + return -EINVAL; =20 sev_populate_args.sev_fd =3D argp->sev_fd; sev_populate_args.type =3D params.type; @@ -2467,22 +2464,18 @@ static int snp_launch_update(struct kvm *kvm, struc= t kvm_sev_cmd *argp) argp->error =3D sev_populate_args.fw_error; pr_debug("%s: kvm_gmem_populate failed, ret %ld (fw_error %d)\n", __func__, count, argp->error); - ret =3D -EIO; - } else { - params.gfn_start +=3D count; - params.len -=3D count * PAGE_SIZE; - if (params.type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO) - params.uaddr +=3D count * PAGE_SIZE; - - ret =3D 0; - if (copy_to_user(u64_to_user_ptr(argp->data), ¶ms, sizeof(params))) - ret =3D -EFAULT; + return -EIO; } =20 -out: - mutex_unlock(&kvm->slots_lock); + params.gfn_start +=3D count; + params.len -=3D count * PAGE_SIZE; + if (params.type !=3D KVM_SEV_SNP_PAGE_TYPE_ZERO) + params.uaddr +=3D count * PAGE_SIZE; =20 - return ret; + if (copy_to_user(u64_to_user_ptr(argp->data), ¶ms, sizeof(params))) + return -EFAULT; + + return 0; } =20 static int snp_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *arg= p) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F26B03CB2F6 for ; Tue, 10 Mar 2026 23:49:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186548; cv=none; b=hS9zwcpfkG6njiazBm8xexKdj0Q60XWCjPKKKnTMHEUhbGXUZtp8VNZe2qjYMO4R7R6nGQEdYYxdPVQLW/NcUpHp0kv6ukHydb1mIpEWewL0fI9qIe+tsqWXM1FZyDYE6zZE5s87uvDyFsU5Drter3T7tjjFv1/L1/+1PpihMWA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186548; c=relaxed/simple; bh=UAGJsfn4uITqChnO7v2b/A3dIcvrCY5sndUyVXMl/+8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=GVrEzVJixRirCU8hFGuXYTJbpGIxm+2nuBpvvwSvDyJ7uhErTSVMP2JhwS+ymo+GjVkuKG4YvXlnFzjhuKPoNeMoSq0TIhFkMn/hI6ElFR/v98r95+uIgP1ZDwdX5ieA6tx9TdjdWEwAjvO/qKWkEbqdNqEksfncBQq6nZ2IOEM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=f9D4uwwD; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="f9D4uwwD" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c73b0c33e72so1695893a12.0 for ; Tue, 10 Mar 2026 16:49:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186546; x=1773791346; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date :message-id:reply-to; bh=hN/R+oBH3CWqA3Eu2CQ+n5bQS63N2Tp/FKIbWvw+0KE=; b=f9D4uwwDaMh+n3lTRr0akA/M2s6VZjoQjRkNzcllA+7kL+vg5w5DpwynFzFaOr8G89 H41SvGhRmblojZWdz1xCe1IXpKqnoFIOcIcsyTuLaSJ3fqVaC5lhrU90bjjnp7yli20d rTfMs0NKof6UhrYEuE4XKykA1wKBXUiRt4Z9eVvxU/VDUSiU5ISLR/AASjTnjlzf6+GY IhtrQUWSGRIAmmaRWpTswf8mXN0+3cAzL9Rc0WPP6khLGb0Wfk1m9SZPt7aFaAwMm0QO td/1JbKwgomX9wxd+Gs2kzhpSWR/br9CFiyT57EM7I/9d/jnr7L3+3/xqcQ7gFpFYx9C Bz9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186546; x=1773791346; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=hN/R+oBH3CWqA3Eu2CQ+n5bQS63N2Tp/FKIbWvw+0KE=; b=YcDEft6RvjUkrQbpput4DM3bD83VoU0QVIS8eGUGv+GSuDA33lgM60Z5TyK3g2VyR0 cmA6V+/EniwMmH4hDH7M1FGYDw3+URIHq9qJgDpqfNIopybtTUGGGg85TCfUvxit+Vx6 G8ZzjS6OMvQsHuJh9OjdEvqG4lsCVYUAHkbGpp4/pPVi0izzyUeQGDgroX5riWf5S+c7 bZYgTpiS2T6mKxJbufLqh1snoUGPhEr0jpdWI/fBFT6vjzkDPDHkgYmfH4XPWjZEwiyy bkHJ/yjtSi+G3QukKaOeL4Sg87MnTj7IGLHx5kyovYNv4TfLnJPdDct6WxdL6LTOX/CU relA== X-Forwarded-Encrypted: i=1; AJvYcCVwYqhHeZtWnLHH8coSwgUtUYpkdmBWzspVaCTOj3g8l9zp8uHlfVD3wvzuwTgGMAmsaY1KG3WmsRILe6A=@vger.kernel.org X-Gm-Message-State: AOJu0YwUY9o7gkde1bFWy+2Kb6XD2xAR8pD8VQLWLbvbt03xRluiOjDj w2xJo8I0cGYcSG+Gle1gBeuPPnKB+Gw8qXfmcdgw90ObztduIibpobXpCWveFpHxnAlurkEF9w3 UXTJNpQ== X-Received: from pgbca14.prod.google.com ([2002:a05:6a02:68e:b0:c73:98e9:27c]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:482:b0:398:9301:b9ac with SMTP id adf61e73a8af0-398c617126amr308413637.69.1773186546203; Tue, 10 Mar 2026 16:49:06 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:25 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-18-seanjc@google.com> Subject: [PATCH 17/21] KVM: SEV: use mutex guard in sev_mem_enc_ioctl() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Carlos L=C3=B3pez Simplify the error paths in sev_mem_enc_ioctl() by using a mutex guard, allowing early return instead of using gotos. Signed-off-by: Carlos L=C3=B3pez Link: https://patch.msgid.link/20260120201013.3931334-5-clopez@suse.de Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index b559d7141ae9..d71241e8de95 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2637,30 +2637,24 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user = *argp) if (copy_from_user(&sev_cmd, argp, sizeof(struct kvm_sev_cmd))) return -EFAULT; =20 - mutex_lock(&kvm->lock); + guard(mutex)(&kvm->lock); =20 /* Only the enc_context_owner handles some memory enc operations. */ if (is_mirroring_enc_context(kvm) && - !is_cmd_allowed_from_mirror(sev_cmd.id)) { - r =3D -EINVAL; - goto out; - } + !is_cmd_allowed_from_mirror(sev_cmd.id)) + return -EINVAL; =20 /* * Once KVM_SEV_INIT2 initializes a KVM instance as an SNP guest, only * allow the use of SNP-specific commands. */ - if (sev_snp_guest(kvm) && sev_cmd.id < KVM_SEV_SNP_LAUNCH_START) { - r =3D -EPERM; - goto out; - } + if (sev_snp_guest(kvm) && sev_cmd.id < KVM_SEV_SNP_LAUNCH_START) + return -EPERM; =20 switch (sev_cmd.id) { case KVM_SEV_ES_INIT: - if (!sev_es_enabled) { - r =3D -ENOTTY; - goto out; - } + if (!sev_es_enabled) + return -ENOTTY; fallthrough; case KVM_SEV_INIT: r =3D sev_guest_init(kvm, &sev_cmd); @@ -2732,15 +2726,12 @@ int sev_mem_enc_ioctl(struct kvm *kvm, void __user = *argp) r =3D snp_enable_certs(kvm); break; default: - r =3D -EINVAL; - goto out; + return -EINVAL; } =20 if (copy_to_user(argp, &sev_cmd, sizeof(struct kvm_sev_cmd))) r =3D -EFAULT; =20 -out: - mutex_unlock(&kvm->lock); return r; } =20 --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BE4CA3F32D6 for ; Tue, 10 Mar 2026 23:49:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186549; cv=none; b=jhCqLykJ8VpcoV1rlZ1FPv5qarDc85QrXcPYdze9kBY2ooNrnAMtV1nzA/1LQ6edMZOKkRyHZSUvtOqFgb8bouCXZKi3AoDA3n81lMuO193G034PyLUQVlqm9scjmbS18jsZK8NdElfL5b6+FO91HBx5hdv6zVByciPWEXrax0o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186549; c=relaxed/simple; bh=NYFo993tTkJnZVxYyi8yhYGD0rwpt0fJ6Qw67xx6DSM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XCDYQ/CBqgLyViPMFqtTMZBUf/8TupLxrPTmRuDJIJnBVZuJEp+ypD0XXRQtK8yc19EeywKffCCXbd/j61Waf7SKz4TJvtqghuUT1/kRLqUR2bGPbR09BsdjEiVpkhwyyDM4KePnHngrk61azPCwFARauiOpx+p38+GxsL1v8u8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Ab2Exknn; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Ab2Exknn" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c738f71723aso3401914a12.2 for ; Tue, 10 Mar 2026 16:49:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186548; x=1773791348; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date :message-id:reply-to; bh=dBZkGpoLO8YBRN9uFX112erAiueHmjShOSeCtGMnrhs=; b=Ab2ExknnJ2jiK3t62+6QQjIaGpu/EIYCXMIgURREeh4gK04vwilZkR8DTHAy8rGsNH kuarvQ9qttW/h4WNuuxjOFofdvV4JTNj50Gkrh8+Ois5yagmO+Sipd323TYbz1nqhwN5 83Ws20RKdiMYBC4qkDH5F90E0GbN5HLfz46B8NYBf5NogJWbdlwG0kPJZskVRY+3icDW dkaOTJkZg0n9krN4jbkDojZUh6KyjzDp3u3UIAj5D0B7XF+BxHQH4dx1NXCChpsMvtjn ykRZKfQH4cm8AEv5biQUxSZvVIyEpFaLKL74HiUjrs0T0mc6zqjWyk9l6xVgB1CW59yC iaRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186548; x=1773791348; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=dBZkGpoLO8YBRN9uFX112erAiueHmjShOSeCtGMnrhs=; b=B7vJU3gpTcJLcmzbJkXKVoNpJt9/kVwBib5nmfUz5cAM3QyR0HcGKXOMU7uG0zBgcs H/ME3W7J/KTGHjBgSP84+4170supjHI0nC10k78WUEjjjoyIUiDpvQPz0CNp7nIayb2x MWKJFbU37WImfQhzDTrbJHAoun/hW6viim/vauUuT46YoTk52cs+CtIaaKSqKBMYyk5p k9Yj4OIuv5ZB4eF4cDdXcYI39JLEXn1qTV7zdF22LXI2Lr+f4kOGQDS8/QrKKCGZrbtA qsEDydVDarK7ThVPqrW25/AD6mrfwHTOg2t7TZOtjmy9n3bzMHF6/gbL8eU25u4ve0oD TnzQ== X-Forwarded-Encrypted: i=1; AJvYcCXRFmCO9XowPaP3E0/Q2sUfsylRq2Fuf6+EaeqMvLo6SYNxhd7gVshe5LtYwh5swcndT1ppNDlJ0jXgQ6I=@vger.kernel.org X-Gm-Message-State: AOJu0YweGZD4PXhEUHl4dYEIIG8T4XN1FN6zg1NJV+yrGia1hjpIT6ED bNxHSMYJrcX/V3PGoO4rsmGFYq0qylYKIHyXR5NIHHesJDqm9FP3vG+gudJWIpwdjsbJD2NJZy/ e0jcMdg== X-Received: from pgx11.prod.google.com ([2002:a63:174b:0:b0:c73:846d:a381]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:700e:b0:398:b5c0:587 with SMTP id adf61e73a8af0-398c60d925bmr346250637.42.1773186548043; Tue, 10 Mar 2026 16:49:08 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:26 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-19-seanjc@google.com> Subject: [PATCH 18/21] KVM: SEV: use mutex guard in sev_mem_enc_unregister_region() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Carlos L=C3=B3pez Simplify the error paths in sev_mem_enc_unregister_region() by using a mutex guard, allowing early return instead of using gotos. Signed-off-by: Carlos L=C3=B3pez Link: https://patch.msgid.link/20260120201013.3931334-7-clopez@suse.de Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d71241e8de95..61347d8508f2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2814,35 +2814,25 @@ int sev_mem_enc_unregister_region(struct kvm *kvm, struct kvm_enc_region *range) { struct enc_region *region; - int ret; =20 /* If kvm is mirroring encryption context it isn't responsible for it */ if (is_mirroring_enc_context(kvm)) return -EINVAL; =20 - mutex_lock(&kvm->lock); + guard(mutex)(&kvm->lock); =20 - if (!sev_guest(kvm)) { - ret =3D -ENOTTY; - goto failed; - } + if (!sev_guest(kvm)) + return -ENOTTY; =20 region =3D find_enc_region(kvm, range); - if (!region) { - ret =3D -EINVAL; - goto failed; - } + if (!region) + return -EINVAL; =20 sev_writeback_caches(kvm); =20 __unregister_enc_region_locked(kvm, region); =20 - mutex_unlock(&kvm->lock); return 0; - -failed: - mutex_unlock(&kvm->lock); - return ret; } =20 int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AEDE13CFF58 for ; Tue, 10 Mar 2026 23:49:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186552; cv=none; b=d8+kDLny6DkhKUECv/f59e214SwG15dDAsODedBVm9RFVHee6legbqpqKfCVr3EH7Rs2UrJkzm0zElaaazRRiDKXinmkdae7P8rXFlEimFPc3EmTCZRjEicReLWj44vfG9MIfFnDxzJtZuW8mhSWHSYOHmnJxTXNj+U3eAG9mec= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186552; c=relaxed/simple; bh=4TD9pPi5TlvpvhOzVSMC/8tIlufHssTvpFKZG9MSCS8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=jvMBjeVAs427rpb4s4hccYoV/THPY52HuAyaZQW9VqeWAHaEzVZSYBN9dLafyRN/zM1/XKp0gY4znbhuC92IIdhuT78Uc07vMoeu5MxjUZZtbZ+mZr21vhe4002LlmAx6AYMWjjnpmnb3oGaIBihtf1IO5ZXwSTojsloRaYLmkM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=nuH1AKLN; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="nuH1AKLN" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c73c065dd15so1014953a12.0 for ; Tue, 10 Mar 2026 16:49:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186550; x=1773791350; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date :message-id:reply-to; bh=rsy02nKNMThAB7RAfyDYV+cekM55MBbRNNmsTH3jOcQ=; b=nuH1AKLN4Qu9XnRijhhKzVf6fWwcVq2ig1WNk/pjBhLdkjzUO8VselpW/TfBEJ1LTi PLeIJ0YgJpsTl51cthif4lCSMN56BwVEkATIJSsnO0KOwtMadMV8lwXwKWMOE31EesAW e4zEPO3pNxHKxXsSIqF89LOIuUPQk5pjvx/cjZWD23BFcdz8vVNP0sySUecXQwjzyqhk zpiJdgt3CgVs2duoVgk28UX0luJPrXazgKwX+c9QOmvUqFJ2XPMZHrc0+V6Vc/WGuk1y HdNFT4kOfAwaSs9dvV9M3pgvwLHrPpEybXiFTXqBCknWtlIdUF5hD4poObXf+1nLsDIB PoDg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186550; x=1773791350; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=rsy02nKNMThAB7RAfyDYV+cekM55MBbRNNmsTH3jOcQ=; b=G+JJwsJDsDTJ0/IYzGKC4WluxkIk4kdB17FuHbFiBq5gNCvdzUHCBlxHJFy+6ckmAS d/aVqgFjFEvgv9A4o5W6zvu2Mo4zObZ5GuTM1fR7txmvu0kHCttaJ21iLkGA8p3pwE4R y3lkFbvh9w/3vT2GUV8AeQM/0ovSJSHv/r8J5lB892k91pMcLvK9sGye2Lll1MeCyROI eiDqc26S43rTkExX3Wkm0QGccBr2qBJw1BbY09+VhD7917VobVwFLqsjirh/ivrelD/a Sh0T4o3oeHW21L32FNlOcw0F7ekiH1Lp+I4wdxxnE7MMTOmKUqYuJD57/vmn/RbpMmnT 8aDA== X-Forwarded-Encrypted: i=1; AJvYcCW8utbqUiIdlloO2Quxu0SXi8W+BTbH7WVnWcpp804ImTgkZ6Kbkqqt7TlOx/3fVRqNEqTrHeuiUUeIFR4=@vger.kernel.org X-Gm-Message-State: AOJu0YweeiaT/qmZtz2i0sjpiqoEpcZyuc8WqYdkekn0UPibwMqa8PM4 kVS4ReF8CtmgYQn4znfyGhXjlyEsv3uJA3WNS64OwMrHBYgeYEaomd/EfO3/MpkCzq/nFgQnA2C MgKP7UQ== X-Received: from pgww18.prod.google.com ([2002:a05:6a02:2c92:b0:c73:7789:143c]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:400f:b0:398:7b1d:87ce with SMTP id adf61e73a8af0-398c5f94378mr339334637.20.1773186549951; Tue, 10 Mar 2026 16:49:09 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:27 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-20-seanjc@google.com> Subject: [PATCH 19/21] KVM: SEV: use mutex guard in snp_handle_guest_req() From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Carlos L=C3=B3pez Simplify the error paths in snp_handle_guest_req() by using a mutex guard, allowing early return instead of using gotos. Signed-off-by: Carlos L=C3=B3pez Link: https://patch.msgid.link/20260120201013.3931334-8-clopez@suse.de Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 61347d8508f2..36a33e8ade4d 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -4174,12 +4174,10 @@ static int snp_handle_guest_req(struct vcpu_svm *sv= m, gpa_t req_gpa, gpa_t resp_ if (!is_sev_snp_guest(&svm->vcpu)) return -EINVAL; =20 - mutex_lock(&sev->guest_req_mutex); + guard(mutex)(&sev->guest_req_mutex); =20 - if (kvm_read_guest(kvm, req_gpa, sev->guest_req_buf, PAGE_SIZE)) { - ret =3D -EIO; - goto out_unlock; - } + if (kvm_read_guest(kvm, req_gpa, sev->guest_req_buf, PAGE_SIZE)) + return -EIO; =20 data.gctx_paddr =3D __psp_pa(sev->snp_context); data.req_paddr =3D __psp_pa(sev->guest_req_buf); @@ -4192,21 +4190,16 @@ static int snp_handle_guest_req(struct vcpu_svm *sv= m, gpa_t req_gpa, gpa_t resp_ */ ret =3D sev_issue_cmd(kvm, SEV_CMD_SNP_GUEST_REQUEST, &data, &fw_err); if (ret && !fw_err) - goto out_unlock; + return ret; =20 - if (kvm_write_guest(kvm, resp_gpa, sev->guest_resp_buf, PAGE_SIZE)) { - ret =3D -EIO; - goto out_unlock; - } + if (kvm_write_guest(kvm, resp_gpa, sev->guest_resp_buf, PAGE_SIZE)) + return -EIO; =20 /* No action is requested *from KVM* if there was a firmware error. */ svm_vmgexit_no_action(svm, SNP_GUEST_ERR(0, fw_err)); =20 - ret =3D 1; /* resume guest */ - -out_unlock: - mutex_unlock(&sev->guest_req_mutex); - return ret; + /* resume guest */ + return 1; } =20 static int snp_req_certs_err(struct vcpu_svm *svm, u32 vmm_error) --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 569233F65E1 for ; Tue, 10 Mar 2026 23:49:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186553; cv=none; b=VXljg/3XhSgeVSiFA1R3wD/opNM5Q+wFlz6XjF8isYvG5Pxwy9Ippg6hzALb24HvAsPjx50vEP+/mlMOHU/P/IWOaX4biJth6HMDyi1sCk5cd5dzA1xBf1wVqAXDjpGdzqIaSurBoZJeua4GOF/Ze4xBdj/A4uTL7JY1O0bRUOw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186553; c=relaxed/simple; bh=lQVINFRBfCNVeU648cAxFtZU2dxkYDd+1iFEZqJg0K4=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=t+utf24vwIaKq1Drb9mo2qQipDLnJXuhQOacEfAnnm5nEDss9duGI/kGBUwzwwIr9kIWrWNcWqkeIwsxanOOaOam8MExmIk0g5WWTxvSGapViLUwjU1G50M2RPJkxk/gbFb5YPJ1FtRs3lRCv61C16VkBb3OBgVhWrCwQvpl8AY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=XKcY62KK; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="XKcY62KK" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-c73935acff2so2808512a12.2 for ; Tue, 10 Mar 2026 16:49:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186552; x=1773791352; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:from:to:cc:subject:date :message-id:reply-to; bh=KGe66xfGbOxCz1mpJAIyMP4Fec52GFDEzf1ERh019gQ=; b=XKcY62KKxm8ZcVKVlCbfG0B/vVU3BRe0ff2dIClw9DEHuq9XnqgvdqAJroF84ivftI TQykyxTXyZuslrPb1h5CbXSEo8pTGI2OXUmcAt569lgfLinugZDwQF1v4hXA3CLNyK5v YipkomTscxtjAxFc3DENBaqdZencVq5YRrTvgqSw26fnXY159Odgkg18EGz+TZvdCL2r xIC6MlRMX96strefSJ+HdeFWOK5WQO1GuI0d7u61Rx2iDNDtz2zXn9BXoPOKFFGarc1P OQTQQA7QfCMeNr42I/qpr9i7Yht0YS0LLC5vF1Z17pGzY2NTnkysU08fQZR5M0SX/j8o lidA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186552; x=1773791352; h=content-transfer-encoding:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:reply-to:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=KGe66xfGbOxCz1mpJAIyMP4Fec52GFDEzf1ERh019gQ=; b=EWnm9rzf4qBn2oA8JfyFyD0k/Osu+Ov2emOFG8jZGUwIxsdGRGX2Eq0CN8xmLq5zqq hZanvm/sNJ9JJw7V9+0fxVUDh074pImmbbv45qqZLqSi+4V3GAa7B/wqz05ZlMfNmnlK HRnqYQRNbxGQSAB/fToMAA0vqt4xu8B29ovX0DlDurCdQpq4fXdlc5k9kvJAp5+7UVfw ZPtG+81JAPi6mlVpMJxCgkqQOXNii9LDac0dK5svDfQ2oyszK1QSg5D+cTbo0I2UkNYq +O6v04I4I/n7dXb0KqbZ0PY52Fpm63oAssWszZxpGicvslU93nhztDcj5fVK1Ff4K5zo O9Cg== X-Forwarded-Encrypted: i=1; AJvYcCWS3Vs+birxj/3KeSMv0J0gsvbIrX2GA4zHuvoUGytSunVZB1Qg0BHO/2jg8ewFz6zi8ZFqmfVeUgChmq4=@vger.kernel.org X-Gm-Message-State: AOJu0Yx0b6WzBrC0M1SCZ4EXKhh8niT9vXj+3aUAizBiTeKiTedopXiO IjCOwsEfEsWj0XGWs5YiJSDPmsmZM7bFJ+YGlktBsGLAwCe8ifNmuIhbXpj7XJG59nYIJ/CFcjP 2kip50w== X-Received: from pgam3.prod.google.com ([2002:a05:6a02:2b43:b0:c61:35ea:4553]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:691:b0:394:5ff3:2a98 with SMTP id adf61e73a8af0-398c60e3834mr350163637.46.1773186551520; Tue, 10 Mar 2026 16:49:11 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:28 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-21-seanjc@google.com> Subject: [PATCH 20/21] KVM: SVM: Move lock-protected allocation of SEV ASID into a separate helper From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Carlos L=C3=B3pez Extract the lock-protected parts of SEV ASID allocation into a new helper and opportunistically convert it to use guard() when acquiring the mutex. Preserve the goto even though it's a little odd, as it's there's a fair amount of subtlety that makes it surprisingly difficult to replicate the functionality with a loop construct, and arguably using goto yields the most readable code. No functional change intended. Signed-off-by: Carlos L=C3=B3pez [sean: move code to separate helper, rework shortlog+changelog] Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 36a33e8ade4d..c35eb9e30993 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -237,6 +237,28 @@ static void sev_misc_cg_uncharge(struct kvm_sev_info *= sev) misc_cg_uncharge(type, sev->misc_cg, 1); } =20 +static unsigned int sev_alloc_asid(unsigned int min_asid, unsigned int max= _asid) +{ + unsigned int asid; + bool retry =3D true; + + guard(mutex)(&sev_bitmap_lock); + +again: + asid =3D find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); + if (asid > max_asid) { + if (retry && __sev_recycle_asids(min_asid, max_asid)) { + retry =3D false; + goto again; + } + + return asid; + } + + __set_bit(asid, sev_asid_bitmap); + return asid; +} + static int sev_asid_new(struct kvm_sev_info *sev, unsigned long vm_type) { /* @@ -244,7 +266,6 @@ static int sev_asid_new(struct kvm_sev_info *sev, unsig= ned long vm_type) * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1. */ unsigned int min_asid, max_asid, asid; - bool retry =3D true; int ret; =20 if (vm_type =3D=3D KVM_X86_SNP_VM) { @@ -277,24 +298,12 @@ static int sev_asid_new(struct kvm_sev_info *sev, uns= igned long vm_type) return ret; } =20 - mutex_lock(&sev_bitmap_lock); - -again: - asid =3D find_next_zero_bit(sev_asid_bitmap, max_asid + 1, min_asid); + asid =3D sev_alloc_asid(min_asid, max_asid); if (asid > max_asid) { - if (retry && __sev_recycle_asids(min_asid, max_asid)) { - retry =3D false; - goto again; - } - mutex_unlock(&sev_bitmap_lock); ret =3D -EBUSY; goto e_uncharge; } =20 - __set_bit(asid, sev_asid_bitmap); - - mutex_unlock(&sev_bitmap_lock); - sev->asid =3D asid; return 0; e_uncharge: --=20 2.53.0.473.g4a7958ca14-goog From nobody Wed Apr 8 03:07:45 2026 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 182BB3EE1C7 for ; Tue, 10 Mar 2026 23:49:13 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186555; cv=none; b=AMYU4pvzYwLoNmT/NCvqLNv3WsN/zYBi2iwuBJ3OLGCllZnaeZaLLhL2KkSkwK0Urz8JiO0fBKtoVAEXpjDpjPmEG9cupD9AhmG/xRL8m+jDNG2MXbB5VdExkEqCbmKa3H7FtEZcp0LibwcoQNy1XYFXXjkHnKsgyA1gTJJkrFE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1773186555; c=relaxed/simple; bh=wxT6ANPDWoUdiA3RflJKhdUGnjSjqmEv68Sd9E4VFWA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=l705sr1nHgn+TO0wqc24OkID5j3N0GFi7VRaDxxYZVeQwh52QwF/upd+wM4Y20zLLFAWuDE+M1RYCLMFoSZ2CdWwDQCogtdZ+0wN8dKpbbG/HwZt4ugpj7IW+KhERz9OfuMGnTH3UVacO0/I1dlSL767atm5lWjWfQLlu8nHrPI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=sUXsVkUp; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="sUXsVkUp" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-829a535ad50so1901409b3a.2 for ; Tue, 10 Mar 2026 16:49:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1773186553; x=1773791353; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=S/oj221AyjL7p0LimTIXezs2T/jJm5OAuCv1irweo4I=; b=sUXsVkUpLTwMDzrrM91zSWBX9YLV4diFt0ij+vfW6YHRQnIaoQw7iUuXDfkdd0NqwM wPT8jZ1m13YMCirOLrT5LrRP8ivTrhUjmcC81rPeXo3yVGNS3e3WiJuLNS61j5LlqRaJ nBx8yScxpTpudUYxpzmuZSToxJmShCLq22zPU+2jwItJ+ULjzKFE+GZl3Vfp6ShfER8N xiuUwfRmL8vxEA2Tlc7fzR9qfqh1NdXIli72evfgaqfTAlAGy0Wc6u7oOUlDk7DxQEW1 dGVPIdbPx6sMWKgqDN8+xwtWr30IO4Hz3WQY13iiX3xZa66DNZiqIFa5SF8Ok5L8lWqg 9sTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773186553; x=1773791353; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=S/oj221AyjL7p0LimTIXezs2T/jJm5OAuCv1irweo4I=; b=pKRmpSlsuJTwbst9u5ln3DOJvH4z+dLpeJ3IZzDupaG3+LKc2Q105jdsc15hiN9zQD f9sEJRQ/LFRGKNDxR7+3p2rih2L+ZFVAn4/p9HQ+KTklRLFefV7zMwsFIG6Kiuysj34U Set3kY7Iy8hOfx7sl8a7MM3hU/LpRyUrghOIMtpLuseOGgaWVJTsEb7APy5ncLdMA04a ZQtXjsTMuOmqLQBQzvx/THlakCtxLwa7P4TNBapqFxuCYe2ec5d8z5Yf+YvAuV6Ak0TI SF+uw3foiN4blMrCqw7BPqCgnKfMm79VsbHCyPc/d3WJfJ3FOSkgcRV9Sx0SbbOOEy+A 5vEg== X-Forwarded-Encrypted: i=1; AJvYcCXWUepmQUWKkS6M9hi4C+z8zrGhjnFKl3aXQb4logbpihwJPfCbbC2sn6J00mjkOrEsyVB8T6/xcIxsYYY=@vger.kernel.org X-Gm-Message-State: AOJu0Yz3DxJDYOhOdEwMiDHukbM9QMMCV3cOLHu0sUtms2/BM6PG9Nv0 bBjmgNLqLWS9y6WxC343eU2CTQGJ8z8Vd1kYhGhctQZ88KbFQWAtX394BtWZ2YfqrguKqKoAGxh c1jS+VA== X-Received: from pfbef18.prod.google.com ([2002:a05:6a00:2c92:b0:81f:9d66:115b]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a00:2d1a:b0:81b:d5d9:a83a with SMTP id d2e1a72fcca58-829f7269925mr520796b3a.61.1773186553338; Tue, 10 Mar 2026 16:49:13 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 10 Mar 2026 16:48:29 -0700 In-Reply-To: <20260310234829.2608037-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260310234829.2608037-1-seanjc@google.com> X-Mailer: git-send-email 2.53.0.473.g4a7958ca14-goog Message-ID: <20260310234829.2608037-22-seanjc@google.com> Subject: [PATCH 21/21] KVM: SEV: Goto an existing error label if charging misc_cg for an ASID fails From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini Cc: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, Jethro Beekman , Alexander Potapenko , "=?UTF-8?q?Carlos=20L=C3=B3pez?=" Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Dedup a small amount of cleanup code in SEV ASID allocation by reusing an existing error label. No functional change intended. Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c35eb9e30993..32d7f329f92c 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -289,14 +289,11 @@ static int sev_asid_new(struct kvm_sev_info *sev, uns= igned long vm_type) if (min_asid > max_asid) return -ENOTTY; =20 - WARN_ON(sev->misc_cg); + WARN_ON_ONCE(sev->misc_cg); sev->misc_cg =3D get_current_misc_cg(); ret =3D sev_misc_cg_try_charge(sev); - if (ret) { - put_misc_cg(sev->misc_cg); - sev->misc_cg =3D NULL; - return ret; - } + if (ret) + goto e_put_cg; =20 asid =3D sev_alloc_asid(min_asid, max_asid); if (asid > max_asid) { @@ -306,8 +303,10 @@ static int sev_asid_new(struct kvm_sev_info *sev, unsi= gned long vm_type) =20 sev->asid =3D asid; return 0; + e_uncharge: sev_misc_cg_uncharge(sev); +e_put_cg: put_misc_cg(sev->misc_cg); sev->misc_cg =3D NULL; return ret; --=20 2.53.0.473.g4a7958ca14-goog