This is a note to let you know that I've just added the patch titled KVM: SEV-ES: Set guest_state_protected after VMSA update to the 5.14-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: kvm-sev-es-set-guest_state_protected-after-vmsa-update.patch and it can be found in the queue-5.14 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From baa1e5ca172ce7bf9554070139482dd7ea919528 Mon Sep 17 00:00:00 2001 From: Peter Gonda <pgonda@xxxxxxxxxx> Date: Fri, 15 Oct 2021 13:32:22 -0400 Subject: KVM: SEV-ES: Set guest_state_protected after VMSA update From: Peter Gonda <pgonda@xxxxxxxxxx> commit baa1e5ca172ce7bf9554070139482dd7ea919528 upstream. The refactoring in commit bb18a6777465 ("KVM: SEV: Acquire vcpu mutex when updating VMSA") left behind the assignment to svm->vcpu.arch.guest_state_protected; add it back. Signed-off-by: Peter Gonda <pgonda@xxxxxxxxxx> [Delta between v2 and v3 of Peter's patch, which had already been committed; the commit message is my own. - Paolo] Fixes: bb18a6777465 ("KVM: SEV: Acquire vcpu mutex when updating VMSA") Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- arch/x86/kvm/svm/sev.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -619,7 +619,12 @@ static int __sev_launch_update_vmsa(stru vmsa.handle = to_kvm_svm(kvm)->sev_info.handle; vmsa.address = __sme_pa(svm->vmsa); vmsa.len = PAGE_SIZE; - return sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, &vmsa, error); + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_VMSA, &vmsa, error); + if (ret) + return ret; + + vcpu->arch.guest_state_protected = true; + return 0; } static int sev_launch_update_vmsa(struct kvm *kvm, struct kvm_sev_cmd *argp) Patches currently in stable-queue which might be from pgonda@xxxxxxxxxx are queue-5.14/kvm-sev-flush-cache-on-non-coherent-systems-before-receive_update_data.patch queue-5.14/kvm-sev-es-set-guest_state_protected-after-vmsa-update.patch