[PATCH 1/2] KVM: SEV: Do not allow SEV-SNP VMs from intra-host migration

Next message: Alex Williamson: "Re: [PATCH v2 8/9] vfio/pci: Permanently revoke a DMABUF on request"
Previous message: Atish Patra: "[PATCH 0/2] KVM: Miscallenous SEV/SNP fixes"
In reply to: Atish Patra: "[PATCH 0/2] KVM: Miscallenous SEV/SNP fixes"
Next in thread: Atish Patra: "[PATCH 2/2] crypto: ccp: Fix possible deadlock in SEV init failure path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Atish Patra

Date: Thu May 28 2026 - 19:18:20 EST

From: Atish Patra <atishp@xxxxxxxx>

The intra-host migration feature is not fully implemented for SEV-SNP
VMs which require additional SNP-specific state such as guest_req_mutex,
guest_req_buf, and guest_resp_buf to be transferred or initialized on
the destination.

Reject SNP source VMs in sev_vm_move_enc_context_from() until proper
SNP state transfer is implemented.

Fixes: 0b020f5af092 ("KVM: SEV: Add support for SEV-ES intra host migration")

Reported-by: Chris Mason <clm@xxxxxxxx>
Assisted-by: Claude:claude-opus-4-6
Signed-off-by: Atish Patra <atishp@xxxxxxxx>
---
arch/x86/kvm/svm/sev.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index c2126b3c3072..aff6a0cf5bfe 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2142,7 +2142,8 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
return ret;

if (kvm->arch.vm_type != source_kvm->arch.vm_type ||
- sev_guest(kvm) || !sev_guest(source_kvm)) {
+ sev_guest(kvm) || !sev_guest(source_kvm) ||
+ sev_snp_guest(source_kvm)) {
ret = -EINVAL;
goto out_unlock;
}

--
2.53.0-Meta