This is a note to let you know that I've just added the patch titled
KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kvm-svm-skip-vmsa-init-in-sev_es_init_vmcb-if-pointer-is-null.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 1952e74da96fb3e48b72a2d0ece78c688a5848c1 Mon Sep 17 00:00:00 2001
From: Sean Christopherson <seanjc@xxxxxxxxxx>
Date: Thu, 24 Aug 2023 19:23:57 -0700
Subject: KVM: SVM: Skip VMSA init in sev_es_init_vmcb() if pointer is NULL
From: Sean Christopherson <seanjc@xxxxxxxxxx>
commit 1952e74da96fb3e48b72a2d0ece78c688a5848c1 upstream.
Skip initializing the VMSA physical address in the VMCB if the VMSA is
NULL, which occurs during intrahost migration as KVM initializes the VMCB
before copying over state from the source to the destination (including
the VMSA and its physical address).
In normal builds, __pa() is just math, so the bug isn't fatal, but with
CONFIG_DEBUG_VIRTUAL=y, the validity of the virtual address is verified
and passing in NULL will make the kernel unhappy.
Fixes: 6defa24d3b12 ("KVM: SEV: Init target VMCBs in sev_migrate_from")
Cc: stable@xxxxxxxxxxxxxxx
Cc: Peter Gonda <pgonda@xxxxxxxxxx>
Reviewed-by: Peter Gonda <pgonda@xxxxxxxxxx>
Reviewed-by: Pankaj Gupta <pankaj.gupta@xxxxxxx>
Link: https://lore.kernel.org/r/20230825022357.2852133-3-seanjc@xxxxxxxxxx
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kvm/svm/sev.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2955,9 +2955,12 @@ static void sev_es_init_vmcb(struct vcpu
/*
* An SEV-ES guest requires a VMSA area that is a separate from the
* VMCB page. Do not include the encryption mask on the VMSA physical
- * address since hardware will access it using the guest key.
+ * address since hardware will access it using the guest key. Note,
+ * the VMSA will be NULL if this vCPU is the destination for intrahost
+ * migration, and will be copied later.
*/
- svm->vmcb->control.vmsa_pa = __pa(svm->sev_es.vmsa);
+ if (svm->sev_es.vmsa)
+ svm->vmcb->control.vmsa_pa = __pa(svm->sev_es.vmsa);
/* Can't intercept CR register access, HV can't modify CR registers */
svm_clr_intercept(svm, INTERCEPT_CR0_READ);
Patches currently in stable-queue which might be from seanjc@xxxxxxxxxx are
queue-6.5/perf-header-fix-missing-pmu-caps.patch
queue-6.5/kvm-svm-don-t-inject-ud-if-kvm-attempts-to-skip-sev-guest-insn.patch
queue-6.5/kvm-nsvm-check-instead-of-asserting-on-nested-tsc-scaling-support.patch
queue-6.5/drm-i915-gvt-verify-pfn-is-valid-before-dereferencin.patch
queue-6.5/kvm-nsvm-load-l1-s-tsc-multiplier-based-on-l1-state-not-l2-state.patch
queue-6.5/x86-virt-drop-unnecessary-check-on-extended-cpuid-le.patch
queue-6.5/kvm-svm-get-source-vcpus-from-source-vm-for-sev-es-intrahost-migration.patch
queue-6.5/kvm-svm-skip-vmsa-init-in-sev_es_init_vmcb-if-pointer-is-null.patch
queue-6.5/kvm-svm-take-and-hold-ir_list_lock-when-updating-vcpu-s-physical-id-entry.patch
queue-6.5/kvm-svm-set-target-pcpu-during-irte-update-if-target-vcpu-is-running.patch
queue-6.5/perf-lock-don-t-pass-an-err_ptr-directly-to-perf_ses.patch
queue-6.5/drm-i915-gvt-put-the-page-reference-obtained-by-kvm-.patch
queue-6.5/drm-i915-gvt-drop-unused-helper-intel_vgpu_reset_gtt.patch
queue-6.5/kvm-vmx-refresh-available-regs-and-idt-vectoring-info-before-nmi-handling.patch
queue-6.5/kvm-svm-don-t-defer-nmi-unblocking-until-next-exit-f.patch
