[PATCH v2 0/4] KVM: Miscellaneous SEV/SNP related fixes
From: Atish Patra
Date: Mon Jun 01 2026 - 19:06:26 EST
This series addresses a few issues found during code audit of the
KVM SEV/SNP and CCP driver code. The fixes include a incorrect lock state
and incomplete state handling during intra-host migration for SNP VMs.
To: Sean Christopherson <seanjc@xxxxxxxxxx>
To: Paolo Bonzini <pbonzini@xxxxxxxxxx>
To: Borislav Petkov <bp@xxxxxxxxx>
To: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
To: x86@xxxxxxxxxx
To: H. Peter Anvin <hpa@xxxxxxxxx>
To: Tom Lendacky <thomas.lendacky@xxxxxxx>
To: Peter Gonda <pgonda@xxxxxxxxxx>
To: Brijesh Singh <brijesh.singh@xxxxxxx>
To: Youngjae Lee <youngjaelee@xxxxxxxx>
To: Ashish Kalra <ashish.kalra@xxxxxxx>
To: Michael Roth <michael.roth@xxxxxxx>
To: John Allen <john.allen@xxxxxxx>
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Cc: clm@xxxxxxxx
Cc: kvm@xxxxxxxxxxxxxxx
Cc: linux-kernel@xxxxxxxxxxxxxxx
Cc: linux-crypto@xxxxxxxxxxxxxxx
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Atish Patra <atishp@xxxxxxxx>
---
Changes in v2:
- Added fixes based on the reports by Sashiko.
- Added a kselftest for validating SNP VM mirroring/migration rejection.
- Link to v1: https://lore.kernel.org/r/20260528-sev_snp_fixes-v1-0-d67a08151779@xxxxxxxx
---
Atish Patra (4):
KVM: SEV: Do not allow intra-host migration/mirroring of SNP VMs
KVM: selftests: Verify SNP VMs are rejected from migration and mirroring
crypto: ccp: Fix possible deadlock in SEV init failure path
crypto: ccp: Fix memory leak in SEV INIT_EX path
arch/x86/kvm/svm/sev.c | 4 +-
drivers/crypto/ccp/sev-dev.c | 18 +++++++--
.../testing/selftests/kvm/x86/sev_migrate_tests.c | 47 ++++++++++++++++++++++
3 files changed, 65 insertions(+), 4 deletions(-)
---
base-commit: e7ae89a0c97ce2b68b0983cd01eda67cf373517d
change-id: 20260525-sev_snp_fixes-0b73789c1a91
Best regards,
--
Atish Patra <atishp@xxxxxxxx>