[PATCH 5.15 178/207] KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails

6 Dec 2021

From: Sean Christopherson seanjc@google.com
[ Upstream commit 75236f5f2299b502e4b9b267c1ce3bc14a222ceb ]
Return appropriate error codes if setting up the GHCB scratch area for an
SEV-ES guest fails.  In particular, returning -EINVAL instead of -ENOMEM
when allocating the kernel buffer could be confusing as userspace would
likely suspect a guest issue.
Fixes: 8f423a80d299 ("KVM: SVM: Support MMIO for an SEV-ES guest")
Cc: Tom Lendacky thomas.lendacky@amd.com
Signed-off-by: Sean Christopherson seanjc@google.com
Message-Id: 20211109222350.2266045-2-seanjc@google.com
Signed-off-by: Paolo Bonzini pbonzini@redhat.com
Signed-off-by: Sasha Levin sashal@kernel.org
---
 arch/x86/kvm/svm/sev.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index ca0effb79eab9..134c4ea5e6ad8 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2317,7 +2317,7 @@ void pre_sev_run(struct vcpu_svm *svm, int cpu)
 }
#define GHCB_SCRATCH_AREA_LIMIT		(16ULL * PAGE_SIZE)
-static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
+static int setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
 {
    struct vmcb_control_area *control = &svm->vmcb->control;
    struct ghcb *ghcb = svm->ghcb;
@@ -2328,14 +2328,14 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
    scratch_gpa_beg = ghcb_get_sw_scratch(ghcb);
    if (!scratch_gpa_beg) {
    	pr_err("vmgexit: scratch gpa not provided\n");
-		return false;
+		return -EINVAL;
    }
scratch_gpa_end = scratch_gpa_beg + len;
    if (scratch_gpa_end < scratch_gpa_beg) {
    	pr_err("vmgexit: scratch length (%#llx) not valid for scratch address (%#llx)\n",
    	       len, scratch_gpa_beg);
-		return false;
+		return -EINVAL;
    }
if ((scratch_gpa_beg & PAGE_MASK) == control->ghcb_gpa) {
@@ -2353,7 +2353,7 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
    	    scratch_gpa_end > ghcb_scratch_end) {
    		pr_err("vmgexit: scratch area is outside of GHCB shared buffer area (%#llx - %#llx)\n",
    		       scratch_gpa_beg, scratch_gpa_end);
-			return false;
+			return -EINVAL;
    	}
scratch_va = (void *)svm->ghcb;
@@ -2366,18 +2366,18 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
    	if (len > GHCB_SCRATCH_AREA_LIMIT) {
    		pr_err("vmgexit: scratch area exceeds KVM limits (%#llx requested, %#llx limit)\n",
    		       len, GHCB_SCRATCH_AREA_LIMIT);
-			return false;
+			return -EINVAL;
    	}
    	scratch_va = kzalloc(len, GFP_KERNEL_ACCOUNT);
    	if (!scratch_va)
-			return false;
+			return -ENOMEM;
if (kvm_read_guest(svm->vcpu.kvm, scratch_gpa_beg, scratch_va, len)) {
    		/* Unable to copy scratch area from guest */
    		pr_err("vmgexit: kvm_read_guest for scratch area failed\n");
kfree(scratch_va);
-			return false;
+			return -EFAULT;
    	}
/*
@@ -2393,7 +2393,7 @@ static bool setup_vmgexit_scratch(struct vcpu_svm *svm, bool sync, u64 len)
    svm->ghcb_sa = scratch_va;
    svm->ghcb_sa_len = len;
-	return true;
+	return 0;
 }
static void set_ghcb_msr_bits(struct vcpu_svm *svm, u64 value, u64 mask,
@@ -2532,10 +2532,10 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
    ghcb_set_sw_exit_info_1(ghcb, 0);
    ghcb_set_sw_exit_info_2(ghcb, 0);
-	ret = -EINVAL;
    switch (exit_code) {
    case SVM_VMGEXIT_MMIO_READ:
-		if (!setup_vmgexit_scratch(svm, true, control->exit_info_2))
+		ret = setup_vmgexit_scratch(svm, true, control->exit_info_2);
+		if (ret)
    		break;
ret = kvm_sev_es_mmio_read(vcpu,
@@ -2544,7 +2544,8 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
    				   svm->ghcb_sa);
    	break;
    case SVM_VMGEXIT_MMIO_WRITE:
-		if (!setup_vmgexit_scratch(svm, false, control->exit_info_2))
+		ret = setup_vmgexit_scratch(svm, false, control->exit_info_2);
+		if (ret)
    		break;
ret = kvm_sev_es_mmio_write(vcpu,
@@ -2587,6 +2588,7 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
    	vcpu_unimpl(vcpu,
    		    "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n",
    		    control->exit_info_1, control->exit_info_2);
+		ret = -EINVAL;
    	break;
    default:
    	ret = svm_invoke_exit_handler(vcpu, exit_code);
@@ -2599,6 +2601,7 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in)
 {
    int count;
    int bytes;
+	int r;
if (svm->vmcb->control.exit_info_2 > INT_MAX)
    	return -EINVAL;
@@ -2607,8 +2610,9 @@ int sev_es_string_io(struct vcpu_svm *svm, int size, unsigned int port, int in)
    if (unlikely(check_mul_overflow(count, size, &bytes)))
    	return -EINVAL;
-	if (!setup_vmgexit_scratch(svm, in, bytes))
-		return -EINVAL;
+	r = setup_vmgexit_scratch(svm, in, bytes);
+	if (r)
+		return r;
return kvm_sev_es_string_io(&svm->vcpu, size, port, svm->ghcb_sa, count, in);
 }
-- 
2.33.0




    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 5.15 178/207] KVM: SEV: Return appropriate error codes if SEV-ES scratch setup fails