KVM: SVM: Do not set sev->es_active until KVM_SEV_ES_INIT completes

BugLink: https://bugs.launchpad.net/bugs/1929455
commit 9fa1521daafb58d878d03d75f6863a11312fae22 upstream.

Set sev->es_active only after the guts of KVM_SEV_ES_INIT succeeds.  If
the command fails, e.g. because SEV is already active or there are no
available ASIDs, then es_active will be left set even though the VM is
not fully SEV-ES capable.

Refactor the code so that "es_active" is passed on the stack instead of
being prematurely shoved into sev_info, both to avoid having to unwind
sev_info and so that it's more obvious what actually consumes es_active
in sev_guest_init() and its helpers.

Fixes: ad73109ae7ec ("KVM: SVM: Provide support to launch and run an SEV-ES guest")
Cc: stable@vger.kernel.org
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-Id: <20210331031936.2495277-3-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 9c5cdcd28a4b729e9b9fef3a77375fb69661dc56..d05bfbded971c95710c073c471bfc6bf112f2bbe 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -86,7 +86,7 @@ static bool __sev_recycle_asids(int min_asid, int max_asid)
        return true;
 }
 
-static int sev_asid_new(struct kvm_sev_info *sev)
+static int sev_asid_new(bool es_active)
 {
        int pos, min_asid, max_asid;
        bool retry = true;
@@ -97,8 +97,8 @@ static int sev_asid_new(struct kvm_sev_info *sev)
         * SEV-enabled guests must use asid from min_sev_asid to max_sev_asid.
         * SEV-ES-enabled guest can use from 1 to min_sev_asid - 1.
         */
-       min_asid = sev->es_active ? 0 : min_sev_asid - 1;
-       max_asid = sev->es_active ? min_sev_asid - 1 : max_sev_asid;
+       min_asid = es_active ? 0 : min_sev_asid - 1;
+       max_asid = es_active ? min_sev_asid - 1 : max_sev_asid;
 again:
        pos = find_next_zero_bit(sev_asid_bitmap, max_sev_asid, min_asid);
        if (pos >= max_asid) {
@@ -178,13 +178,14 @@ static void sev_unbind_asid(struct kvm *kvm, unsigned int handle)
 static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
 {
        struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
+       bool es_active = argp->id == KVM_SEV_ES_INIT;
        int asid, ret;
 
        ret = -EBUSY;
        if (unlikely(sev->active))
                return ret;
 
-       asid = sev_asid_new(sev);
+       asid = sev_asid_new(es_active);
        if (asid < 0)
                return ret;
 
@@ -193,6 +194,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
                goto e_free;
 
        sev->active = true;
+       sev->es_active = es_active;
        sev->asid = asid;
        INIT_LIST_HEAD(&sev->regions_list);
 
@@ -203,16 +205,6 @@ e_free:
        return ret;
 }
 
-static int sev_es_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
-{
-       if (!sev_es)
-               return -ENOTTY;
-
-       to_kvm_svm(kvm)->sev_info.es_active = true;
-
-       return sev_guest_init(kvm, argp);
-}
-
 static int sev_bind_asid(struct kvm *kvm, unsigned int handle, int *error)
 {
        struct sev_data_activate *data;
@@ -1059,12 +1051,15 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
        mutex_lock(&kvm->lock);
 
        switch (sev_cmd.id) {
+       case KVM_SEV_ES_INIT:
+               if (!sev_es) {
+                       r = -ENOTTY;
+                       goto out;
+               }
+               fallthrough;
        case KVM_SEV_INIT:
                r = sev_guest_init(kvm, &sev_cmd);
                break;
-       case KVM_SEV_ES_INIT:
-               r = sev_es_guest_init(kvm, &sev_cmd);
-               break;
        case KVM_SEV_LAUNCH_START:
                r = sev_launch_start(kvm, &sev_cmd);
                break;