From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 34352C05027 for ; Mon, 20 Feb 2023 18:01:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A3C546B0071; Mon, 20 Feb 2023 13:00:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id A105A6B0072; Mon, 20 Feb 2023 13:00:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 889BD6B0073; Mon, 20 Feb 2023 13:00:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id 7568B6B0071 for ; Mon, 20 Feb 2023 13:00:59 -0500 (EST) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 0FE8A1A09E7 for ; Mon, 20 Feb 2023 18:00:59 +0000 (UTC) X-FDA: 80488436238.06.409B0AC Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2085.outbound.protection.outlook.com [40.107.243.85]) by imf29.hostedemail.com (Postfix) with ESMTP id D36FF120023 for ; Mon, 20 Feb 2023 18:00:55 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="OWbq2No/"; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf29.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.243.85 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1676916056; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Uk+LWUxY6+CTC9e6M3h1dBX3qjS69sBQa4Z/Xa+IYiU=; b=Cg65kZBwpY15T8LqTaVhd391zWQmDB5Xp0B2/mNd10J5bAP8TpDZpMTuOGMoZECjV4snSW KrfTl6svgi3RUWo1o3WmsurPlrW55jyM0IsZ+Jv2IeetuM6BMmI3YDlArYVDgJM3MEnYzX AkmyCke9oSU8hpfpa7TOpK3pUdiiPEE= ARC-Authentication-Results: i=2; imf29.hostedemail.com; dkim=pass header.d=amd.com header.s=selector1 header.b="OWbq2No/"; arc=pass ("microsoft.com:s=arcselector9901:i=1"); spf=pass (imf29.hostedemail.com: domain of Michael.Roth@amd.com designates 40.107.243.85 as permitted sender) smtp.mailfrom=Michael.Roth@amd.com; dmarc=pass (policy=quarantine) header.from=amd.com ARC-Seal: i=2; s=arc-20220608; d=hostedemail.com; t=1676916056; a=rsa-sha256; cv=pass; b=WYlvj5n9pyCqEM9R71pn9IxsEAMAI4ljP5RIWswvblfatORC10st+TCTnuRtM7uyOO/nHK Ijd4SlK1sBOUpEuQKex7XWAfWvt0y2EU/+s0+QNO+DB2fddw95PXXsKeqAdy26IztFEPuI heaOWRav1PXdi/sxx12y5eahTYbLiM8= ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=C2t0cSkFTaKraxp7LQk2+/9KVm5c3cW3TdDhu9ooCxkB8U16R4po53u+yV85gA7+bYEa53ZeXi2q8s6l96ZSugXslVun8I0cFk26EWIxdeFtGyxdf3++O9Qt6H+D3mO0NS5gHsgKZfNpR7toKuMEvKFT6/evSKz4jM2wIp6p27KW4kl91lPaVBRHBUJ9RxZKe9j2DPF3WWRhk6e3IylsgjrjatmRzy5s/pwOrfJe/SQ6UMvLTHJRoQvs6mOaAQe8USIIvDekLCyF51tnb/HhMxTESJi4prQrMm/nnrTUf6vjbaNO7axR9uAARMCRomc989t3qB/NkrUd7joKXU3oQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Uk+LWUxY6+CTC9e6M3h1dBX3qjS69sBQa4Z/Xa+IYiU=; b=jH3G+ba10TXy4Op7kFJUX90HH3SH4OGu6rUvp7EATLVgFCofPCDL5dAcWqOVQr0R9Hb7VLN90A/wmP1suHpgLXoxTVZg6eHH1Glmf2IpG/rVyWmgLJ04nxMQ9GKvj0zHSFTNn2nmPTw6unei50iH80uiqgMF3qGhMSvqx/9hJLZjdPlqmncuiD+fZOVZf387e7UJnteNBiIg1aQCwph5kdDyyzZYCHe30URyHmh+XpVN2Xto4l4g3YY7iOsO4QvIfh6d5vzUQesiSd/BbIYLIgGoD9D40c9QtsskDKYnGce54Nz4CcmOUI2if7fK/VVAobfzpwznScK5fLd5lom4ZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=alien8.de smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Uk+LWUxY6+CTC9e6M3h1dBX3qjS69sBQa4Z/Xa+IYiU=; b=OWbq2No/Drnb+ADMVMVSHw3MWhiTO9FkNy8G5boBueOxUkhanVdTNfIr5tm7JXwtInMEt0Rb2MzO0FW3sq0su7X3C2IBqpq1WjybDhczWGGiMvTvFaQR6lGzpvLEMGRbqSfqBjxTCAUXn6M9OpNr+HAWe7TUq39UIjcvp8NxYHw= Received: from DM5PR07CA0051.namprd07.prod.outlook.com (2603:10b6:4:ad::16) by BL1PR12MB5318.namprd12.prod.outlook.com (2603:10b6:208:31d::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20; Mon, 20 Feb 2023 18:00:53 +0000 Received: from DS1PEPF0000E64A.namprd02.prod.outlook.com (2603:10b6:4:ad:cafe::f3) by DM5PR07CA0051.outlook.office365.com (2603:10b6:4:ad::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6111.20 via Frontend Transport; Mon, 20 Feb 2023 18:00:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS1PEPF0000E64A.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6134.14 via Frontend Transport; Mon, 20 Feb 2023 18:00:52 +0000 Received: from localhost (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Mon, 20 Feb 2023 12:00:52 -0600 Date: Mon, 20 Feb 2023 11:49:44 -0600 From: Michael Roth To: Borislav Petkov CC: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Vishal Annapurve Subject: Re: [PATCH RFC v7 10/64] KVM: SEV: Populate private memory fd during LAUNCH_UPDATE_DATA Message-ID: <20230220174944.upvvaepvb4h6sat7@amd.com> References: <20221214194056.161492-1-michael.roth@amd.com> <20221214194056.161492-11-michael.roth@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS1PEPF0000E64A:EE_|BL1PR12MB5318:EE_ X-MS-Office365-Filtering-Correlation-Id: 1edee287-ad2d-4d04-8cee-08db136c6841 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: nwcVXbfkwnJZxpx6ImoZc9T3d2xRTSlzPhw+lqvmRU4LQcEhpA1yOB9JYFAGviPwdlmLhguWQ4v6esPR8jzW/TTbjjTmP6NCi0ED7gPPLZI23uC0/e3MqruigfSbUeuiIHl86WQDYQwAs+B76cHYeU8sMccrh0bHj/P9L/40EWSfYk6dh81LF6HcDqpdWKcqrZ4GEt+4BB4ZkMfp6hMC97XJPgeErUSd3fVgBwgAlBWubCh2rfcX513idTy0rKHVGmpJ20hMf23oPtpf+ycria3XzBBU+g8hnyNXyodg/4t5caISEJBn5U/2cgl/XOdWzzUWS4VrhctrCmybzsXKmpgwRIcKbDldzgmhuFvtxc09fI/KYIiMtKxMOOqzoGl0OIC/2fiN77Q1YzvpDo9R4ScOmB3CYDpBDVjOTQdDFDNulBMKoyIze7j10qRNNoPbjIKXmKDb4YKFCy5mOE1Y/0vwW+DtGoIHY4yCjRAtEDf8By2b0by025BeoFtJsRd+N36wGVwOfV9IHoS5F3sltxl97o6UVgET3EzNa7zb2HAGuIc64tkYpDazHLyM0J+vrHVEKnjgSw2ddtgNX21evIpUAXM8AwTbD6bXRwib8EqTsdz9Rca8Q2GISstrYjgbLKHS6Vgvsr6ceDWSqmcYASkWFG445o/Qv0DUG5gStdATr+T8/oPOMX+uEuRdvwH5kfcbfCx90ahVqa3zui6YFOuJFKiSoE/3PTcEYB0h+J/9zlw2MtEjWQWrNuQn9LaRc6NJZtaIxr6fJ/MMBFN6/w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230025)(4636009)(396003)(136003)(346002)(376002)(39860400002)(451199018)(40470700004)(46966006)(36840700001)(40480700001)(16526019)(40460700003)(5660300002)(83380400001)(8936002)(7406005)(7416002)(41300700001)(426003)(47076005)(86362001)(44832011)(70206006)(4326008)(966005)(70586007)(6666004)(186003)(26005)(1076003)(2906002)(316002)(8676002)(6916009)(336012)(54906003)(2616005)(478600001)(356005)(36860700001)(82310400005)(36756003)(81166007)(82740400003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Feb 2023 18:00:52.8485 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1edee287-ad2d-4d04-8cee-08db136c6841 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS1PEPF0000E64A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR12MB5318 X-Rspam-User: X-Rspamd-Server: rspam03 X-Stat-Signature: o9c571b8q6u795bhpt151hi7rqjuhgn9 X-Rspamd-Queue-Id: D36FF120023 X-HE-Tag: 1676916055-570238 X-HE-Meta: U2FsdGVkX1/iQBf2n1ZtLG9Tr4b8vj9vpnUKv4hO0MJ03Pb6A63sH/I9qeK1gSbB7yMeak/X7G+0gNOY6Nyt9ISvGw+jdGEqTNFQel+6C+GMR66fJXFcK6XJ1bG6+LLs4hheylrmj2ZgkK/e3wTZiVNK6Lq2f6W/vfeAa+NxfEw0AGjD35M7u5wAucB8NhGz0vSAfv1I+wGri85COJ4EbIKNBuo6RqbVOKpTry1Xi0vODjaKEJc5F99ePpZdjZqQXwVNj+5zib9mKh0YD1DlijdOv1ko4CszYAMd2AxRD0RSsUIOS6IqYWGhM5ThZw/jDBUKhPuLvArZD0vHCG1dnHL4px+yFVr3MQPDx41k1qmVY2CnwRBFvdWAZShfVnZ3P8JmMvqPkc/ySRY203wHUlmYMEzNC0zotYpnBmETHK1cZfXMi+NcDyZxKsQnaiYjMBf+KTxeoi+ApvNaeQVX0eLVCamvZ2TY0F3UTkTeEilq7l0M4SuzSV7rAjhR4bNvcOK8h1ThZzcrVpQ3yj0JrWKNwL5+79DVMgEcWt1N1dhjBOoS40f2eeLGD/7blDR6mWjkVh+ijzqbPMLuf5cx07cWmoPbbo+8NPGPOQk1eq7fvm5YeJfzZhRqmQFS5mVW2UETzI1ixyy1msOky78dlTJnLPUF3XS8OVo6lh3faOGTaNYyKqv0o9lLWyGsvAgeSUiSrMj+eDXzoF29QSVeXGKuh7K3VTxJ/+SrfpaqQHTClAmqswePasTKspS2SDzIdkxDNSuzT6yUrk1ZCrKGnmERjfXi/UdlOE7msfIWWg2QP9XnJj2HkXOSeD49aY9RT2rHrE/YPmhZxt0aJkkMdCXw+M8soFTo4CiUun92vv4lPtj9OPaX8lMksq6YkSY+uiLoZcB5zwJiuZ3nFJIOQrKPNo0WNOJWGAR8CdDgvFducP93iySaeoPTTfymPsX1TTU0lFe1kBNP2zPsSIu agmdssZ5 MXHlDe/WUrlN6w7JMNvRdDNoijV0mmzdRtEcsNOMPt6YoFOBpWeU8vrFJRBTRoanYQI/pUFALJ6m0dASjYEDvgqQfZ3dz3OkDWT1nwTn51wzs1itHOHzz/cykQKRUCLihu/sonaCMfFHVxqqhF0yvVw5Af0daV1FCUxUdemEa0GYUzCcfCWNqMrBSu9E3JQvgyRUFmDcuNrEi4Oocio0nUlFK+O8oFGrKMJQWgMYscx/TMljHGiszlGtq3QADWAmAhFNzDXuzZSWcXDH98/OpMTay++sVDIhOAvU4OnBvrYlQus3aXn/y91ETa4fiWZ2jTj+iU6rifNmc+IMNsAACxdMwiWkbg6KgMDON1QdcDdlqHWdIBeu4RFK4rz6tK8tXVa7BFseaAdPZ7fW2B9kshccyuRsq8/9MxCcRsv7FkcNJ9fkEixMQ8k87jnhrf2fEFeaG X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Jan 13, 2023 at 08:11:14PM +0100, Borislav Petkov wrote: > On Wed, Dec 14, 2022 at 01:40:02PM -0600, Michael Roth wrote: > > From: Vishal Annapurve > > > > This change adds handling of HVA ranges to copy contents > > s/This change adds handling of/Handle/ > > > +static int sev_launch_update_priv_gfn_handler(struct kvm *kvm, > > + struct kvm_gfn_range *range, > > + struct kvm_sev_cmd *argp) > > +{ > > + struct sev_data_launch_update_data data; > > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > > + gfn_t gfn; > > + kvm_pfn_t pfn; > > + struct kvm_memory_slot *memslot = range->slot; > > + int ret = 0; > > + > > + data.reserved = 0; > > + data.handle = sev->handle; > > + > > + for (gfn = range->start; gfn < range->end; gfn++) { > > + int order; > > + void *kvaddr; > > + > > + ret = kvm_restricted_mem_get_pfn(memslot, gfn, &pfn, &order); > > + if (ret) > > + return ret; > > + > > + kvaddr = pfn_to_kaddr(pfn); > > + if (!virt_addr_valid(kvaddr)) { > > + pr_err("Invalid kvaddr 0x%llx\n", (uint64_t)kvaddr); > > Is that some debugging help leftover or what is that printk issued for? A mix of error-reporting and debugging I think. I think the error message isn't needed since the error value will get plumbed straight to userspace and anything beyond that is kernel debugging, so I added some context and switched this to pr_debug(). > > + ret = -EINVAL; > > + goto e_ret; > > + } > > + > > + ret = kvm_read_guest_page(kvm, gfn, kvaddr, 0, PAGE_SIZE); > > + if (ret) { > > + pr_err("guest read failed 0x%x\n", ret); > > + goto e_ret; > > + } > > + > > + if (!this_cpu_has(X86_FEATURE_SME_COHERENT)) > > check_for_deprecated_apis: WARNING: arch/x86/kvm/svm/sev.c:602: Do not use this_cpu_has() - use cpu_feature_enabled() instead. > > > + clflush_cache_range(kvaddr, PAGE_SIZE); > > + > > + data.len = PAGE_SIZE; > > + data.address = __sme_set(pfn << PAGE_SHIFT); > > + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_DATA, &data, &argp->error); > > + if (ret) > > + goto e_ret; > > + kvm_release_pfn_clean(pfn); > > + } > > + kvm_vm_set_region_attr(kvm, range->start, range->end, > > + true /* priv_attr */); > > No need to break that line. > > > + > > +e_ret: > > + return ret; > > +} > > + > > +static int sev_launch_update_gfn_handler(struct kvm *kvm, struct kvm_gfn_range *range, > > + void *data) > > +{ > > + struct kvm_sev_cmd *argp = (struct kvm_sev_cmd *)data; > > + > > + if (kvm_slot_can_be_private(range->slot)) > > + return sev_launch_update_priv_gfn_handler(kvm, range, argp); > > + > > + return sev_launch_update_shared_gfn_handler(kvm, range, argp); > > +} > > + > > +static int sev_launch_update_data(struct kvm *kvm, > > + struct kvm_sev_cmd *argp) > > +{ > > + struct kvm_sev_launch_update_data params; > > + > > + if (!sev_guest(kvm)) > > + return -ENOTTY; > > + > > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) > > + return -EFAULT; > > Not gonna check those user-supplied values for sanity? > > Or is this check > > if (WARN_ON_ONCE(hva_end <= hva_start)) > return -EINVAL; > > in kvm_vm_do_hva_range_op() enough? Only partially, but kvm_vm_do_hva_range_op() should sanitize the address range and only call sev_launch_update_gfn_handler() on valid GFNs within the range, so if userspace provides a bogus HVA range that doesn't actually correspond to a valid memslot it'll simply be treated as a no-op. -Mike > > Thx. > > -- > Regards/Gruss, > Boris. > > https://people.kernel.org/tglx/notes-about-netiquette