KVM: SEV: Restrict userspace return codes for KVM_HC_MAP_GPA_RANGE

To align with the updated TDX api that allows userspace to request
that guests retry MAP_GPA operations, make sure that userspace is only
returning EINVAL or EAGAIN as possible error codes.

Reviewed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Sagi Shahar <sagis@google.com>
Link: https://patch.msgid.link/20260305222627.4193305-3-sagis@google.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 940b97d4a8523eabb2f6c5633953982f6074fc12..2cb20fec99743ad813947a02c20b343b5b41fd3e 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3781,9 +3781,13 @@ static int snp_rmptable_psmash(kvm_pfn_t pfn)
 
 static int snp_complete_psc_msr(struct kvm_vcpu *vcpu)
 {
+       u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
        struct vcpu_svm *svm = to_svm(vcpu);
 
-       if (vcpu->run->hypercall.ret)
+       if (!kvm_is_valid_map_gpa_range_ret(hypercall_ret))
+               return -EINVAL;
+
+       if (hypercall_ret)
                set_ghcb_msr(svm, GHCB_MSR_PSC_RESP_ERROR);
        else
                set_ghcb_msr(svm, GHCB_MSR_PSC_RESP);
@@ -3874,10 +3878,14 @@ static void __snp_complete_one_psc(struct vcpu_svm *svm)
 
 static int snp_complete_one_psc(struct kvm_vcpu *vcpu)
 {
+       u64 hypercall_ret = READ_ONCE(vcpu->run->hypercall.ret);
        struct vcpu_svm *svm = to_svm(vcpu);
        struct psc_buffer *psc = svm->sev_es.ghcb_sa;
 
-       if (vcpu->run->hypercall.ret) {
+       if (!kvm_is_valid_map_gpa_range_ret(hypercall_ret))
+               return -EINVAL;
+
+       if (hypercall_ret) {
                snp_complete_psc(svm, VMGEXIT_PSC_ERROR_GENERIC);
                return 1; /* resume guest */
        }