From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C3242D592C for ; Tue, 30 Jun 2026 21:37:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782855437; cv=none; b=V8iqUuMXvGYRZVlpDUGJO3D4KnlfrWRp9lvir6UTrHIMWs7oH/Z99pUYCFhiGTjiBlq2WauBZfgS/nbYq3IwSYyxPvpz+f8/ykGOyqTkQ0FRrp73YeEMm3QDynnNxD80ZpYCcxdDNmNZjIDtffJLBE/tgDxrnGzNKzXGdqjE1vw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782855437; c=relaxed/simple; bh=VEV764k+YjgSV8ElwdVW6Rpo38QFc1TTbPvkYXFjsh8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Ib92Wgs0NexdLWnh04zuTr4IXB/2oY2SpU8wCfJjp/HdgDchoxTLx0U3ZWx/QL7xOh+5hyJtItcS2GhIGLIPKF3i/2/Qz3T+GpD+NxSZTHcwZGBL7AY4n/Tf2CB7nKaYWIToCTOCzMmfi4Lbc4GQVWTAXwAwscK8p7t0+9m/X7M= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=D6ie1Sk+; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="D6ie1Sk+" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-2c81c7421abso145245ad.0 for ; Tue, 30 Jun 2026 14:37:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1782855434; x=1783460234; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:from:to:cc:subject:date:message-id:reply-to; bh=uJbwc1Qhi2ZE+Oi6hXPhS12AxXWHzXClhddjya3ipjo=; b=D6ie1Sk+7wRpfZnK7ocqFQ3Ypm1MfLorf6iXpunmg26y7Qdq2w/M/GGWuWj9UmxTyO w+1otz+G8advwaU0v6rpS/YH1/iVfbM2xgRTihMKw9XftKdIJlp8lQYyDHGqxaN4iQLu 6Rb2FrcvAX/gI7ryzFRswEcRfunF1plfoFBHDUCd5ZilWCcwg4QqFCyIc/Ck5eURjBrp z/RwNsc/DyaTRb8F7ixGjrh3bQr4pVRM78lK6eK0Zgjokjotb8VZDzbQZJPsjml+h0EC /cC6h3aYGDO2vU4CBk30FXal6I8VJEY0rqPopzRVblp/OeQB+m5gpd+GFZrYan4UnFsT htCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782855434; x=1783460234; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:reply-to:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uJbwc1Qhi2ZE+Oi6hXPhS12AxXWHzXClhddjya3ipjo=; b=h0mxIIDtLu5ebbDsOIR7Z2DC3Xh23+/jy4WkOM9khVkUzk9eoJOQl4kWIKVWtLUakJ nW3nk/uY2x7D7l3cBdyDroa4seZC2yYmW1HRf+M2rH2Ff40UIUBTz7lppTLFA4K22LDj DIxY0wwRYHZUjnk+VAcqQC8tho/j6CJiTI0nHoL8fuwg9OcsY13w9Nq1ntBcqukRhgH0 bdyIv75Zl8eIsq40OzWekcZ0T+sXyzdc888weASHxvKWJMPWIbg3iG6kq9Rg0UjsK9bG HD6y0pTxEGYvQARVHBNLG4Zh9Fu1LhquUSk2LwpHz2j4jN5T7W+tXMOF7taPI86woz2j WmkQ== X-Forwarded-Encrypted: i=1; AHgh+Rp+bgAYWaMQs/o894T55S99eSQq/IJc9mUxIWzX+wSyoRcP4sqFe7Rs3y1F5RNo5EMjqU4J4ygkYyzCFOE=@vger.kernel.org X-Gm-Message-State: AOJu0Yyk8Nbcidx9qpE5p+jd8sIdCaIQPmoVK+XQ1mAWKJebszvDEY6M 15hMucw50Yd0CTQeX4MZRHYhx9oWXaNtsdUrCum03SCUSTezopw7n244nECS6ao4g1VL8us8Eny b+Imyig== X-Received: from plbkq4.prod.google.com ([2002:a17:903:2844:b0:2c7:f3c5:4bc6]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:903:1a0e:b0:2c0:af09:f3c7 with SMTP id d9443c01a7336-2ca2ea17914mr38760775ad.30.1782855434158; Tue, 30 Jun 2026 14:37:14 -0700 (PDT) Reply-To: Sean Christopherson Date: Tue, 30 Jun 2026 14:37:10 -0700 In-Reply-To: <20260630213711.479692-1-seanjc@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260630213711.479692-1-seanjc@google.com> X-Mailer: git-send-email 2.55.0.rc0.799.gd6f94ed593-goog Message-ID: <20260630213711.479692-2-seanjc@google.com> Subject: [PATCH v2 1/2] KVM: SEV: Explicitly disallow NULL user address for SNP_LAUNCH_UPDATE From: Sean Christopherson To: Sean Christopherson , Paolo Bonzini , Kiryl Shutsemau Cc: Dave Hansen , Rick Edgecombe , kvm@vger.kernel.org, x86@kernel.org, linux-coco@lists.linux.dev, linux-kernel@vger.kernel.org, Sashiko Bot , Joerg Roedel , Yan Zhao , Ackerley Tng Content-Type: text/plain; charset="UTF-8" From: Joerg Roedel Explicitly reject a NULL userspace virtual address for the source page of SNP_LAUNCH_UPDATE instead of relying on the post-populate callback to do the check, and don't WARN on failure, as the scenario is blatantly user- triggerable, as reported by Sashiko. Waiting until post-populate to check the address "works", but makes it unnecessarily difficult to see that KVM's ABI is to disallow a NULL source page for non-ZERO pages. Note, several existing VMMs pass a valid userspace address for the ZERO case, i.e. KVM can't *require* the userspace address to be NULL for ZERO pages, at least not without breaking userspace. Fixes: dee5a47cc7a4 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_UPDATE command") Reported-by: Sashiko Bot Closes: https://lore.kernel.org/all/20260611125849.9ED631F00893@smtp.kernel.org Signed-off-by: Joerg Roedel Co-developed-by: Sean Christopherson Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 74fb15551e83..621a2eaa58f2 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2330,9 +2330,6 @@ static int sev_gmem_post_populate(struct kvm *kvm, gfn_t gfn, kvm_pfn_t pfn, int level; int ret; - if (WARN_ON_ONCE(sev_populate_args->type != KVM_SEV_SNP_PAGE_TYPE_ZERO && !src_page)) - return -EINVAL; - ret = snp_lookup_rmpentry((u64)pfn, &assigned, &level); if (ret || assigned) { pr_debug("%s: Failed to ensure GFN 0x%llx RMP entry is initial shared state, ret: %d assigned: %d\n", @@ -2421,10 +2418,12 @@ static int snp_launch_update(struct kvm *kvm, struct kvm_sev_cmd *argp) params.type != KVM_SEV_SNP_PAGE_TYPE_CPUID)) return -EINVAL; - src = params.type == KVM_SEV_SNP_PAGE_TYPE_ZERO ? NULL : u64_to_user_ptr(params.uaddr); - - if (!PAGE_ALIGNED(src)) + if (params.type == KVM_SEV_SNP_PAGE_TYPE_ZERO) + src = NULL; + else if (!params.uaddr || !PAGE_ALIGNED(params.uaddr)) return -EINVAL; + else + src = u64_to_user_ptr(params.uaddr); npages = params.len / PAGE_SIZE; -- 2.55.0.rc0.799.gd6f94ed593-goog