[PATCH 03/24] KVM: SEV: Reject MMIO requests larger than 8 bytes with GHCB v2+

Next message: Paolo Bonzini: "[PATCH 04/24] KVM: SEV: Ignore Port I/O requests of length '0'"
Previous message: Paolo Bonzini: "[PATCH 02/24] KVM: SEV: Ignore MMIO requests of length '0'"
In reply to: Paolo Bonzini: "[PATCH 02/24] KVM: SEV: Ignore MMIO requests of length '0'"
Next in thread: Paolo Bonzini: "[PATCH 04/24] KVM: SEV: Ignore Port I/O requests of length '0'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Paolo Bonzini

Date: Fri May 29 2026 - 14:38:55 EST

From: Sean Christopherson <seanjc@xxxxxxxxxx>

When using GHCB v2+, reject MMIO requests that are larger than 8 bytes.
Per the GHCB spec:

SW_EXITINFO2 must be less than or equal to 0x7fffffff for version 1 and
less than or equal to 0x8 for all other versions.

Fixes: 4af663c2f64a ("KVM: SEV: Allow per-guest configuration of GHCB protocol version")
Cc: stable@xxxxxxxxxxxxxxx
Reviewed-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
Message-ID: <20260501202250.2115252-4-seanjc@xxxxxxxxxx>
Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
---
arch/x86/kvm/svm/sev.c | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index fb2174b6d1ba..e6579ca9f364 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -4502,6 +4502,11 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu)
if (!len)
return 1;

+ if (to_kvm_sev_info(vcpu->kvm)->ghcb_version >= 2 && len > 8) {
+ svm_vmgexit_bad_input(svm, GHCB_ERR_INVALID_INPUT);
+ return 1;
+ }
+
ret = setup_vmgexit_scratch(svm, !is_write, len);
if (ret)
break;
--
2.54.0