From: Greg Kroah-Hartman Date: Thu, 8 Jul 2021 18:39:31 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v4.4.275~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=675cea6f2c937a12b861f89107c868ed809115a3;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: kvm-svm-call-sev-guest-decommission-if-asid-binding-fails.patch --- diff --git a/queue-4.19/kvm-svm-call-sev-guest-decommission-if-asid-binding-fails.patch b/queue-4.19/kvm-svm-call-sev-guest-decommission-if-asid-binding-fails.patch new file mode 100644 index 00000000000..5a439e2599b --- /dev/null +++ b/queue-4.19/kvm-svm-call-sev-guest-decommission-if-asid-binding-fails.patch @@ -0,0 +1,93 @@ +From 934002cd660b035b926438244b4294e647507e13 Mon Sep 17 00:00:00 2001 +From: Alper Gun +Date: Thu, 10 Jun 2021 17:46:04 +0000 +Subject: KVM: SVM: Call SEV Guest Decommission if ASID binding fails + +From: Alper Gun + +commit 934002cd660b035b926438244b4294e647507e13 upstream. + +Send SEV_CMD_DECOMMISSION command to PSP firmware if ASID binding +fails. If a failure happens after a successful LAUNCH_START command, +a decommission command should be executed. Otherwise, guest context +will be unfreed inside the AMD SP. After the firmware will not have +memory to allocate more SEV guest context, LAUNCH_START command will +begin to fail with SEV_RET_RESOURCE_LIMIT error. + +The existing code calls decommission inside sev_unbind_asid, but it is +not called if a failure happens before guest activation succeeds. If +sev_bind_asid fails, decommission is never called. PSP firmware has a +limit for the number of guests. If sev_asid_binding fails many times, +PSP firmware will not have resources to create another guest context. + +Cc: stable@vger.kernel.org +Fixes: 59414c989220 ("KVM: SVM: Add support for KVM_SEV_LAUNCH_START command") +Reported-by: Peter Gonda +Signed-off-by: Alper Gun +Reviewed-by: Marc Orr +Signed-off-by: Paolo Bonzini +Message-Id: <20210610174604.2554090-1-alpergun@google.com> +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/svm.c | 32 +++++++++++++++++++++----------- + 1 file changed, 21 insertions(+), 11 deletions(-) + +--- a/arch/x86/kvm/svm.c ++++ b/arch/x86/kvm/svm.c +@@ -1791,9 +1791,25 @@ static void sev_asid_free(struct kvm *kv + __sev_asid_free(sev->asid); + } + +-static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) ++static void sev_decommission(unsigned int handle) + { + struct sev_data_decommission *decommission; ++ ++ if (!handle) ++ return; ++ ++ decommission = kzalloc(sizeof(*decommission), GFP_KERNEL); ++ if (!decommission) ++ return; ++ ++ decommission->handle = handle; ++ sev_guest_decommission(decommission, NULL); ++ ++ kfree(decommission); ++} ++ ++static void sev_unbind_asid(struct kvm *kvm, unsigned int handle) ++{ + struct sev_data_deactivate *data; + + if (!handle) +@@ -1811,15 +1827,7 @@ static void sev_unbind_asid(struct kvm * + sev_guest_df_flush(NULL); + kfree(data); + +- decommission = kzalloc(sizeof(*decommission), GFP_KERNEL); +- if (!decommission) +- return; +- +- /* decommission handle */ +- decommission->handle = handle; +- sev_guest_decommission(decommission, NULL); +- +- kfree(decommission); ++ sev_decommission(handle); + } + + static struct page **sev_pin_memory(struct kvm *kvm, unsigned long uaddr, +@@ -6469,8 +6477,10 @@ static int sev_launch_start(struct kvm * + + /* Bind ASID to this guest */ + ret = sev_bind_asid(kvm, start->handle, error); +- if (ret) ++ if (ret) { ++ sev_decommission(start->handle); + goto e_free_session; ++ } + + /* return handle to userspace */ + params.handle = start->handle; diff --git a/queue-4.19/series b/queue-4.19/series index 9101833ab57..722498bf9cd 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -27,3 +27,4 @@ arm-dts-imx6qdl-sabresd-remove-incorrect-power-supply-assignment.patch kthread_worker-split-code-for-canceling-the-delayed-work-timer.patch kthread-prevent-deadlock-when-kthread_mod_delayed_work-races-with-kthread_cancel_delayed_work_sync.patch xen-events-reset-active-flag-for-lateeoi-events-later.patch +kvm-svm-call-sev-guest-decommission-if-asid-binding-fails.patch