From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E90AC6FD1D for ; Wed, 15 Mar 2023 13:51:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 493086B0072; Wed, 15 Mar 2023 09:51:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 46A736B0074; Wed, 15 Mar 2023 09:51:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 30B986B007E; Wed, 15 Mar 2023 09:51:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 234C36B0072 for ; Wed, 15 Mar 2023 09:51:03 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id EAE3A404D9 for ; Wed, 15 Mar 2023 13:51:02 +0000 (UTC) X-FDA: 80571268764.04.61430C0 Received: from mail-lf1-f46.google.com (mail-lf1-f46.google.com [209.85.167.46]) by imf12.hostedemail.com (Postfix) with ESMTP id 213BC4001F for ; Wed, 15 Mar 2023 13:51:00 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b="tUrMhx/E"; spf=pass (imf12.hostedemail.com: domain of pgonda@google.com designates 209.85.167.46 as permitted sender) smtp.mailfrom=pgonda@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1678888261; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=N6h4ERbssRm4LMMhoCr7ocyGUGSfvn0Dwi4wvvYbcJ8=; b=TN0/cSp6ao/n23UvKSLDKpy01UlpqwBdtOF/mIvGJQwy5UEQc9Z7h3UHbQIpkf6D0m9Cwp Bo/EIFps6QVWFUvStz8aKxF8wMrFhlXlDFRa4atQ/i/GvPGuBQat2v+vbvqYULtl5Sxk4x CuUqfoVN0DNJjFMfn0zIhnlpHEcY9Cc= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20210112 header.b="tUrMhx/E"; spf=pass (imf12.hostedemail.com: domain of pgonda@google.com designates 209.85.167.46 as permitted sender) smtp.mailfrom=pgonda@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1678888261; a=rsa-sha256; cv=none; b=UWDAfOi6Z2dZPqNVFe7WHfatMPWG5tJiuFHGJzI+8k4+shmp15OMmeaRc2CDnx5w/ARkCy lU3jjLERJHv6zdmRVL7r6QfRi+I3BZgnbYeJVu+beNmQtqiGisu9G0pam5BJ/Zv51s5j24 49Az4bfWqw2FC31OlzoowrUaklYg4qA= Received: by mail-lf1-f46.google.com with SMTP id o8so4427202lfo.0 for ; Wed, 15 Mar 2023 06:51:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; t=1678888259; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=N6h4ERbssRm4LMMhoCr7ocyGUGSfvn0Dwi4wvvYbcJ8=; b=tUrMhx/EWygjkZ9/hDSlhoGrmjiQ++CTz7r0V0DOGzdDbI8IPqCBuv9E6jTMw6zXjH y+ILtfGZgeiehKRbPqJos+7ob+xi2Bb9Q+3sIRtkLZGjbo0ohLtLIAcIu5xnl1Qv4mTs Uv3kD2R4peNCUw8dZOZr7xeIZ0pwyqRg20FYUxoNVcrnCPxtIaQm63Y2pBC4L6YYKWu9 /Q+LNdC4HsUjMUtcSfZSehUw27dV0XpyhIkLgbBuGQMIFrSZztWtIRqYHOwmS+bGb9XE DK/19zKI81E76XOyDXXwHamkYVc1garQPgFV8GVfzCq0Eehv2foHdd4v39eR97uwXPSD FG3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678888259; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=N6h4ERbssRm4LMMhoCr7ocyGUGSfvn0Dwi4wvvYbcJ8=; b=Hi1DX8cwNzQ+hkgqgJFk22jCP0eLSBKn+/L5LCF86Y5vtz/+0nYgSHlNAAssjN8xk/ 2Pthu7niJdpc1Arh2DrsYEbRBRuqPW+esNScvKvLRHbsYGHmbVXTjg832s5bh5hNwfVT caj7cY4p4MbK6vqnvci9ZpEHopNv/5S+oP+OSdFMR87QCsyKyG4dv4bzCtP67tdtrBnK bltm0msHhCRg+lIBvJwOZhqD1sgkJfCtAC1NxbGaveqi7RvORgtKa9KE3s16tfIwIKD+ lsCUXXDn4bVLUEwyHb7Hec/i88XeBCbMnNMfIRK8OJjcTzd/3SlW8aYgG/1zk70rhh1o tubw== X-Gm-Message-State: AO0yUKXQHFks0CT3l1mH8cpXmNmngnVIHt3d+LYKOfofzBkvvx3gfVD7 0dQgi91BXm4GIe0sEQf1MXUq9U5SLBmgNim+ALj+zg== X-Google-Smtp-Source: AK7set+NNTkYt2/d+MgEjUvarKLQKaS8YVNi6mXQadcgIPQNNFZDexhH24VlBFoWVdIbuy/oPMYT5XonhlGPvPlh0TI= X-Received: by 2002:ac2:48ac:0:b0:4db:b4:c8d7 with SMTP id u12-20020ac248ac000000b004db00b4c8d7mr2010159lfg.2.1678888259137; Wed, 15 Mar 2023 06:50:59 -0700 (PDT) MIME-Version: 1.0 References: <20221214194056.161492-1-michael.roth@amd.com> <20221214194056.161492-39-michael.roth@amd.com> In-Reply-To: <20221214194056.161492-39-michael.roth@amd.com> From: Peter Gonda Date: Wed, 15 Mar 2023 07:50:47 -0600 Message-ID: Subject: Re: [PATCH RFC v7 38/64] KVM: SVM: Add KVM_SEV_SNP_LAUNCH_START command To: Michael Roth Cc: kvm@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, linux-crypto@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org, tglx@linutronix.de, mingo@redhat.com, jroedel@suse.de, thomas.lendacky@amd.com, hpa@zytor.com, ardb@kernel.org, pbonzini@redhat.com, seanjc@google.com, vkuznets@redhat.com, wanpengli@tencent.com, jmattson@google.com, luto@kernel.org, dave.hansen@linux.intel.com, slp@redhat.com, peterz@infradead.org, srinivas.pandruvada@linux.intel.com, rientjes@google.com, dovmurik@linux.ibm.com, tobin@ibm.com, bp@alien8.de, vbabka@suse.cz, kirill@shutemov.name, ak@linux.intel.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com, alpergun@google.com, dgilbert@redhat.com, jarkko@kernel.org, ashish.kalra@amd.com, harald@profian.com, Brijesh Singh , Josh Eads Content-Type: text/plain; charset="UTF-8" X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 213BC4001F X-Rspam-User: X-Stat-Signature: fh434rdt3zmw151sh6tefm6kbzm1twri X-HE-Tag: 1678888260-830307 X-HE-Meta: U2FsdGVkX192CEQ2bGXfnL9EqP5TfxZpu0k2hikrkeWWE8yQcRVjCGpqLcUSaryaY3qwVhbiBhisRDvNvmHwQUIXp3K0mpDfi3iLXyl9NbMjMKSaYdLlfirtlF7Te7BtayUdkO2xpTm8MOSxRT2DIgQ/m5zXV86Bq9UUReb6DC0JCubyhlUWris3tn9hjFxyWAE9DqPb9Rf7oGTYvxYRoW3OJ+oZ9bYGUc24sZY7dKoTxd+DwOwcjsNQLBXv4IrhAV5Aa3DHJEWRo01DpDDC3CNyF2KT7PFU4JqOKD7QRAd3dIBg64nVe4Wbc+PMar+CpPQE4XkSrKQyrIEb2lHhR30XmKmMYwOk/mJqM1BVUlhnP7tmZRiLg9ArexzOFj9NABBLQveRblzc8PT+Bsk9+HPVvn1sWcfaRV85VxB4EP2g1FIfvF2JDwUeKsDD92RtWyq2xrxg/3yLABqvxpHjZpn8fwwJnURWudmWcfVQt9zkXdayzkgyXFSVUwbR0oY+xJzl2OpsOLFdRED+LSqxKMKYU6bdGuCAvH1L7JelqoREgrHg0dSQsztlN9BNGkS0t/fcAChr+Zrq4IEp9wq1OZPCX9lD1dkJFrwBMyLXneY0uzkDr6exzjUFBeZrubTLPmEM0VJa386IMmlidYCOe9KzlWbFC+leNLoD5jALBaV9DvIvLUiW1/uXKtdt4jVgbLzpKWmQXah/+fjGWuVcbDxmYKpd1wEuYQuT1uUh/Bga8b3J6muqZ8yO9ASNOUBkyI+tEEqi/dEIXFdeiwkThIK90EcTZTPnMrUK4CQPgbIW2SuCk70c0DHxqRTSFRaKKlbkzrMJ6AEVgnreLXImwdLhJp7CfUjxeaFBP1y5Y44cZf7mwRRjV68rdpkgbEV4ilPJWaiGv8HhsGZA3P/siSX8JzLKa0zFbpz5sbjLQ9+JfvGRz0Oy+M3xYAuyFUFzeez4cnkRlmMRDiWW4zI XqRv9bEo xq17WKfuBAsfs+u8AJS/SPmZREir0GKe99ZVzHG1vLdKacPePzr2/bNicIxmWen0s3tTZyfypO+TLvBPdYOmMW9Yh4n+1m6rUQQAc2hv0Biy/0qLy8kBJ6+koYIT0xS/iooREUYLrXqBP78vRW3ujeG+7HrWgiDfB2FmO8Hv3hE0v5m1rt6atHv3HFKTgPw7ZH7zkKM7Hgw1l5F19GU+n/cAn7mcixg5GCyE8ggNOIuzMJW2g2h7ahxrnDlS++jX0z9cZTgthg3nmq8EocYauz9SRqEKxprTHxcbc X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: > > +/* > + * The guest context contains all the information, keys and metadata > + * associated with the guest that the firmware tracks to implement SEV > + * and SNP features. The firmware stores the guest context in hypervisor > + * provide page via the SNP_GCTX_CREATE command. > + */ > +static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) > +{ > + struct sev_data_snp_addr data = {}; > + void *context; > + int rc; > + > + /* Allocate memory for context page */ > + context = snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); > + if (!context) > + return NULL; > + > + data.gctx_paddr = __psp_pa(context); > + rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &argp->error); > + if (rc) { > + snp_free_firmware_page(context); > + return NULL; > + } > + > + return context; > +} > + > +static int snp_bind_asid(struct kvm *kvm, int *error) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct sev_data_snp_activate data = {0}; > + > + data.gctx_paddr = __psp_pa(sev->snp_context); > + data.asid = sev_get_asid(kvm); > + return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); > +} > + > +static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct sev_data_snp_launch_start start = {0}; > + struct kvm_sev_snp_launch_start params; > + int rc; > + > + if (!sev_snp_guest(kvm)) > + return -ENOTTY; > + > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) > + return -EFAULT; > + > + sev->snp_context = snp_context_create(kvm, argp); > + if (!sev->snp_context) > + return -ENOTTY; This was reported-by josheads@. Its possible that userspace can repeatedly call snp_launch_start() causing the leak of memory from repeated snp_context_create() calls, leaking SNP contexts in the ASP, and leaking ASIDs. A possible solution could be to just error out if snp_context already exists? + if (sev->snp_context) + return -EINVAL; + > + > + start.gctx_paddr = __psp_pa(sev->snp_context); > + start.policy = params.policy; > + memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); > + rc = __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); > + if (rc) > + goto e_free_context; > + > + sev->fd = argp->sev_fd; > + rc = snp_bind_asid(kvm, &argp->error); > + if (rc) > + goto e_free_context; > + > + return 0; > + > +e_free_context: > + snp_decommission_context(kvm); > + > + return rc; > +} > +