On 8/21/25 16:38, Sean Christopherson wrote:
> Wait until LAUNCH_START fully succeeds to set a VM's SEV/SNP policy so
> that KVM doesn't keep a potentially stale policy. In practice, the issue
> is benign as the policy is only used to detect if the VMSA can be
> decrypted, and the VMSA only needs to be decrypted if LAUNCH_UPDATE and
> thus LAUNCH_START succeeded.
>
> Fixes: 962e2b6152ef ("KVM: SVM: Decrypt SEV VMSA in dump_vmcb() if debugging is enabled")
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: Kim Phillips <kim.phillips@xxxxxxx>
> Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
> ---
> arch/x86/kvm/svm/sev.c | 6 ++----
> 1 file changed, 2 insertions(+), 4 deletions(-)
>
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index f4381878a9e5..65b59939754c 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -583,8 +583,6 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> if (copy_from_user(¶ms, u64_to_user_ptr(argp->data), sizeof(params)))
> return -EFAULT;
>
> - sev->policy = params.policy;
> -
> memset(&start, 0, sizeof(start));
>
> dh_blob = NULL;
> @@ -632,6 +630,7 @@ static int sev_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> goto e_free_session;
> }
>
> + sev->policy = params.policy;
> sev->handle = start.handle;
> sev->fd = argp->sev_fd;
>
> @@ -2201,8 +2200,6 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> start.desired_tsc_khz = kvm->arch.default_tsc_khz;
> }
>
> - sev->policy = params.policy;
> -
> sev->snp_context = snp_context_create(kvm, argp);
> if (!sev->snp_context)
> return -ENOTTY;
> @@ -2218,6 +2215,7 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> goto e_free_context;
> }
>
> + sev->policy = params.policy;
> sev->fd = argp->sev_fd;
> rc = snp_bind_asid(kvm, &argp->error);
> if (rc) {
>
> base-commit: ecbcc2461839e848970468b44db32282e5059925
