From: Tom Lendacky <thomas.lendacky@amd.com>
To: Atish Patra <atish.patra@linux.dev>,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Peter Gonda <pgonda@google.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Youngjae Lee <youngjaelee@meta.com>,
Ashish Kalra <ashish.kalra@amd.com>,
Michael Roth <michael.roth@amd.com>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>
Cc: clm@meta.com, kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-crypto@vger.kernel.org, stable@vger.kernel.org,
Atish Patra <atishp@meta.com>, Sashiko <sashiko-bot@kernel.org>
Subject: Re: [PATCH v2 1/4] KVM: SEV: Do not allow intra-host migration/mirroring of SNP VMs
Date: Tue, 2 Jun 2026 09:38:45 -0500 [thread overview]
Message-ID: <ec31f685-e766-42e0-8239-eb6202cabdde@amd.com> (raw)
In-Reply-To: <20260601-sev_snp_fixes-v2-1-611891b28a86@meta.com>
On 6/1/26 18:04, Atish Patra wrote:
> From: Atish Patra <atishp@meta.com>
>
> The intra-host migration/mirroring feature is not fully implemented for
> SEV-SNP VMs. The proper migration requires additional SNP-specific
> state such as guest_req_mutex, guest_req_buf, and guest_resp_buf to be
> transferred or initialized on the destination.
>
> The SNP VM mirroring requires vmsa features to be copied as well otherwise
> ASID would be bound to SNP range while VM is detected as a SEV VM.
>
> Reject SNP source VMs in migration/mirroring until proper SNP state
> transfer is implemented.
>
> Fixes: 0b020f5af092 ("KVM: SEV: Add support for SEV-ES intra host migration")
Probably not the correct Fixes: tag. It should the tag that first
introduces SNP hypervisor support.
And adding a comment above the if statements that indicate additional
support is required for SNP, so don't allow it for now, would be nice.
Otherwise, for the actual code...
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
>
> Reported-by: Chris Mason <clm@meta.com>
> Reported-by: Sashiko <sashiko-bot@kernel.org>
> Assisted-by: Claude:claude-opus-4-6
> Signed-off-by: Atish Patra <atishp@meta.com>
> ---
> arch/x86/kvm/svm/sev.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index c2126b3c3072..e6ad6af128c9 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2142,7 +2142,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
> return ret;
>
> if (kvm->arch.vm_type != source_kvm->arch.vm_type ||
> - sev_guest(kvm) || !sev_guest(source_kvm)) {
> + sev_guest(kvm) || !sev_guest(source_kvm) ||
> + sev_snp_guest(source_kvm)) {
> ret = -EINVAL;
> goto out_unlock;
> }
> @@ -2865,6 +2866,7 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, unsigned int source_fd)
> * created after SEV/SEV-ES initialization, e.g. to init intercepts.
> */
> if (sev_guest(kvm) || !sev_guest(source_kvm) ||
> + sev_snp_guest(source_kvm) ||
> is_mirroring_enc_context(source_kvm) || kvm->created_vcpus) {
> ret = -EINVAL;
> goto e_unlock;
>
next prev parent reply other threads:[~2026-06-02 14:38 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-01 23:04 [PATCH v2 0/4] KVM: Miscellaneous SEV/SNP related fixes Atish Patra
2026-06-01 23:04 ` [PATCH v2 1/4] KVM: SEV: Do not allow intra-host migration/mirroring of SNP VMs Atish Patra
2026-06-01 23:17 ` sashiko-bot
2026-06-02 21:55 ` Atish Patra
2026-06-03 13:08 ` Tom Lendacky
2026-06-02 14:38 ` Tom Lendacky [this message]
2026-06-02 18:44 ` Atish Patra
2026-06-01 23:04 ` [PATCH v2 2/4] KVM: selftests: Verify SNP VMs are rejected from migration and mirroring Atish Patra
2026-06-01 23:04 ` [PATCH v2 3/4] crypto: ccp: Fix possible deadlock in SEV init failure path Atish Patra
2026-06-01 23:41 ` sashiko-bot
2026-06-02 21:58 ` Atish Patra
2026-06-02 14:43 ` Tom Lendacky
2026-06-02 18:46 ` Atish Patra
2026-06-01 23:04 ` [PATCH v2 4/4] crypto: ccp: Fix memory leak in SEV INIT_EX path Atish Patra
2026-06-01 23:55 ` sashiko-bot
2026-06-02 19:08 ` Atish Patra
2026-06-02 14:54 ` Tom Lendacky
2026-06-02 18:17 ` Atish Patra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ec31f685-e766-42e0-8239-eb6202cabdde@amd.com \
--to=thomas.lendacky@amd.com \
--cc=ashish.kalra@amd.com \
--cc=atish.patra@linux.dev \
--cc=atishp@meta.com \
--cc=bp@alien8.de \
--cc=brijesh.singh@amd.com \
--cc=clm@meta.com \
--cc=dave.hansen@linux.intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=john.allen@amd.com \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=sashiko-bot@kernel.org \
--cc=seanjc@google.com \
--cc=stable@vger.kernel.org \
--cc=x86@kernel.org \
--cc=youngjaelee@meta.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.