git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Nikunj A Dadhania <nikunj@amd.com>
	Tue, 19 Aug 2025 23:48:27 +0000 (16:48 -0700)
committer	Sean Christopherson <seanjc@google.com>
	Thu, 21 Aug 2025 15:44:49 +0000 (08:44 -0700)
commit	00f0b959ffb094ea677ca24a0bd14d300a3013a0
tree	0d204caa1184f1cd0781f34df27fbc1deee9daa4	tree \| snapshot
parent	c78af20374a1c9c230cc535857d2af3de5d4442c	commit \| diff

KVM: SEV: Enforce minimum GHCB version requirement for SEV-SNP guests

Require a minimum GHCB version of 2 when starting SEV-SNP guests through
KVM_SEV_INIT2. When a VMM attempts to start an SEV-SNP guest with an
incompatible GHCB version (less than 2), reject the request early rather
than allowing the guest kernel to start with an incorrect protocol version
and fail later with GHCB_SNP_UNSUPPORTED guest termination.

Not enforcing the minimum version typically causes the guest to request
termination with GHCB_SNP_UNSUPPORTED error code:

kvm_amd: SEV-ES guest requested termination: 0x0:0x2

Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version")
Cc: Thomas Lendacky <thomas.lendacky@amd.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Michael Roth <michael.roth@amd.com>
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
Link: https://lore.kernel.org/r/20250819234833.3080255-3-seanjc@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>