Commit 4e96f010 authored Feb 26, 2025 by Sean Christopherson

KVM: SVM: Invalidate "next" SNP VMSA GPA even on failure

When processing an SNP AP Creation event, invalidate the "next" VMSA GPA
even if acquiring the page/pfn for the new VMSA fails. In practice, the
next GPA will never be used regardless of whether or not its invalidated,
as the entire flow is guarded by snp_ap_waiting_for_reset, and said guard
and snp_vmsa_gpa are always written as a pair. But that's really hard to
see in the code.

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Link: https://lore.kernel.org/r/20250227012541.3234589-11-seanjc@google.com

Signed-off-by: Sean Christopherson <seanjc@google.com>

parent 5279d6f7

arch/x86/kvm/svm/sev.c

+1 −2

Original line number	Diff line number	Diff line
		@@ -3880,6 +3880,7 @@ void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu)
		return;

		gfn = gpa_to_gfn(svm->sev_es.snp_vmsa_gpa);
		svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;

		slot = gfn_to_memslot(vcpu->kvm, gfn);
		if (!slot)
		@@ -3910,8 +3911,6 @@ void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu)
		vcpu->arch.pv.pv_unhalted = false;
		vcpu->arch.mp_state = KVM_MP_STATE_RUNNABLE;

		svm->sev_es.snp_vmsa_gpa = INVALID_PAGE;

		/*
		* gmem pages aren't currently migratable, but if this ever changes
		* then care should be taken to ensure svm->sev_es.vmsa is pinned