[PATCH v2 3/6] KVM: SEV: Explicitly validate the dst buffer for debug operations

Next message: Sean Christopherson: "[PATCH v2 4/6] KVM: SEV: Add helper function to pin/unpin a single page"
Previous message: Sean Christopherson: "[PATCH v2 1/6] KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path"
In reply to: Sean Christopherson: "[PATCH v2 1/6] KVM: SVM: Fix page overflow in sev_dbg_crypt() for ENCRYPT path"
Next in thread: Sean Christopherson: "[PATCH v2 4/6] KVM: SEV: Add helper function to pin/unpin a single page"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sean Christopherson

Date: Thu Apr 16 2026 - 19:13:32 EST

When encrypting/decrypting guest memory, explicitly check that the
destination is non-NULL and doesn't wrap instead of subtly relying on
sev_pin_memory() to perform the check. This will allow adding and using
a more focused single-page pinning helper.

Signed-off-by: Sean Christopherson <seanjc@xxxxxxxxxx>
---
arch/x86/kvm/svm/sev.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index b9d7bd868e0b..9d2044fd910d 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1357,9 +1357,11 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec)
if (copy_from_user(&debug, u64_to_user_ptr(argp->data), sizeof(debug)))
return -EFAULT;

- if (!debug.len || debug.src_uaddr + debug.len < debug.src_uaddr)
+ if (!debug.len || !debug.src_uaddr || !debug.dst_uaddr)
return -EINVAL;
- if (!debug.dst_uaddr)
+
+ if (debug.src_uaddr + debug.len < debug.src_uaddr ||
+ debug.dst_uaddr + debug.len < debug.dst_uaddr)
return -EINVAL;

vaddr = debug.src_uaddr;
--
2.54.0.rc1.513.gad8abe7a5a-goog