>From 6cd53151470bb088e6a5f1fded0e4d9b66fe7bbe Mon Sep 17 00:00:00 2001 From: Sean Christopherson Date: Fri, 28 Feb 2025 10:09:48 -0800 Subject: [PATCH 2/4] KVM: SVM: Reject SNP VM creation if SNP platform initialization failed Explicitly check that SNP platform initialization succeeded prior to creating SNP VMs. The return from sev_platform_init() only tracks "legacy" SEV and SEV-ES support, i.e. can return '0' even if SNP setup fails. Fixes: 1dfe571c12cf ("KVM: SEV: Add initial SEV-SNP support") Signed-off-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 3fc87cdc95c8..dd001a293899 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -449,6 +449,10 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp, /* This needs to happen after SEV/SNP firmware initialization. */ if (vm_type == KVM_X86_SNP_VM) { + if (!init_args.snp_initialized) { + ret = -EIO; + goto e_free; + } ret = snp_guest_req_init(kvm); if (ret) goto e_free; -- 2.48.1.711.g2feabab25a-goog