Commit 4b3b8a8b authored by Carlos López's avatar Carlos López Committed by Paolo Bonzini
Browse files

KVM: x86: synthesize CPUID bits only if CPU capability is set 

KVM incorrectly synthesizes CPUID bits for KVM-only leaves, as the
following branch in kvm_cpu_cap_init() is never taken:

    if (leaf < NCAPINTS)
        kvm_cpu_caps[leaf] &= kernel_cpu_caps[leaf];

This means that bits set via SYNTHESIZED_F() for KVM-only leaves are
unconditionally set. This for example can cause issues for SEV-SNP
guests running on Family 19h CPUs, as TSA_SQ_NO and TSA_L1_NO are
always enabled by KVM in 80000021[ECX]. When userspace issues a
SNP_LAUNCH_UPDATE command to update the CPUID page for the guest, SNP
firmware will explicitly reject the command if the page sets sets these
bits on vulnerable CPUs.

To fix this, check in SYNTHESIZED_F() that the corresponding X86
capability is set before adding it to to kvm_cpu_cap_features.

Fixes: 31272abd ("KVM: SVM: Advertise TSA CPUID bits to guests")
Link: https://lore.kernel.org/all/20260208164233.30405-1-clopez@suse.de/


Signed-off-by: default avatarCarlos López <clopez@suse.de>
Reviewed-by: default avatarNikolay Borisov <nik.borisov@suse.com>
Link: https://patch.msgid.link/20260209153108.70667-2-clopez@suse.de


Signed-off-by: default avatarSean Christopherson <seanjc@google.com>
Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
parent fe2a08ec

arch/x86/kvm/cpuid.c

+4 −1
Original line number Diff line number Diff line
@@ -776,6 +776,9 @@ do { \ 
#define SYNTHESIZED_F(name)					\

({								\

	kvm_cpu_cap_synthesized |= feature_bit(name);		\

								\

	BUILD_BUG_ON(X86_FEATURE_##name >= MAX_CPU_FEATURES);	\

	if (boot_cpu_has(X86_FEATURE_##name))			\

		F(name);					\

})