KVM: SEV: Reject MMIO requests larger than 8 bytes with GHCB v2+

When using GHCB v2+, reject MMIO requests that are larger than 8 bytes.
Per the GHCB spec:

  SW_EXITINFO2 must be less than or equal to 0x7fffffff for version 1 and
  less than or equal to 0x8 for all other versions.

Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version")
Cc: stable@vger.kernel.org
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Sean Christopherson <seanjc@google.com>
Message-ID: <20260501202250.2115252-4-seanjc@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index fb2174b6d1ba43aac9ad9feb88b9a6bb51046877..e6579ca9f364fc144dda22369d63fb05861808b0 100644 (file)
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4502,6 +4502,11 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
                if (!len)
                        return 1;
 
+               if (to_kvm_sev_info(vcpu->kvm)->ghcb_version >= 2 && len > 8) {
+                       svm_vmgexit_bad_input(svm, GHCB_ERR_INVALID_INPUT);
+                       return 1;
+               }
+
                ret = setup_vmgexit_scratch(svm, !is_write, len);
                if (ret)
                        break;