KVM: SEV: Return INVALID_INPUT, not MISSING_INPUT, for bad GUEST_REQUEST input(s)

Return INVALID_INPUT, not MISSING_INPUT, if the guest provides an unaligned
address for a GUEST_REQUEST, and/or attempts to use the same page for the
source and destination.  The inputs are obviously invalid, not missing.

Opportunistically move the checks out of sev_es_validate_vmgexit(), to
continue the march towards reducing the scope of the helper, and to help
guide future changes into correctly handling bad input.

Fixes: 88caf544c930 ("KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event")
Fixes: 74458e4859d8 ("KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event")
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20260501202250.2115252-22-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20260529183549.1104619-22-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index b59adddfdbccb06cd5d6142c2629f190b9c9c2fb..84421d9a116ba9ebe98eaba981b85292ebda070e 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -3508,10 +3508,6 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm)
                break;
        case SVM_VMGEXIT_GUEST_REQUEST:
        case SVM_VMGEXIT_EXT_GUEST_REQUEST:
-               if (!PAGE_ALIGNED(control->exit_info_1) ||
-                   !PAGE_ALIGNED(control->exit_info_2) ||
-                   control->exit_info_1 == control->exit_info_2)
-                       goto vmgexit_err;
                break;
        default:
                reason = GHCB_ERR_INVALID_EVENT;
@@ -4631,10 +4627,20 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
                ret = 1;
                break;
        case SVM_VMGEXIT_GUEST_REQUEST:
-               ret = snp_handle_guest_req(svm, control->exit_info_1, control->exit_info_2);
-               break;
        case SVM_VMGEXIT_EXT_GUEST_REQUEST:
-               ret = snp_handle_ext_guest_req(svm, control->exit_info_1, control->exit_info_2);
+               if (!PAGE_ALIGNED(control->exit_info_1) ||
+                   !PAGE_ALIGNED(control->exit_info_2) ||
+                   control->exit_info_1 == control->exit_info_2) {
+                       svm_vmgexit_bad_input(svm, GHCB_ERR_INVALID_INPUT);
+                       return 1;
+               }
+
+               if (control->exit_code == SVM_VMGEXIT_GUEST_REQUEST)
+                       ret = snp_handle_guest_req(svm, control->exit_info_1,
+                                                  control->exit_info_2);
+               else
+                       ret = snp_handle_ext_guest_req(svm, control->exit_info_1,
+                                                      control->exit_info_2);
                break;
        case SVM_VMGEXIT_UNSUPPORTED_EVENT:
                vcpu_unimpl(vcpu,