linux-kernel - Re: [RFC PATCH v1 02/10] KVM: SVM: Add KVM_SEND_UPDATE

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date:   Mon, 29 Apr 2019 16:54:08 +0000
From:   "Singh, Brijesh" <brijesh.singh@....com>
To:     "Lendacky, Thomas" <Thomas.Lendacky@....com>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>
CC:     "Singh, Brijesh" <brijesh.singh@....com>,
        "qemu-devel@...gnu.org" <qemu-devel@...gnu.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Joerg Roedel <joro@...tes.org>, Borislav Petkov <bp@...e.de>,
        "x86@...nel.org" <x86@...nel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH v1 02/10] KVM: SVM: Add KVM_SEND_UPDATE_DATA command



On 4/26/19 3:31 PM, Lendacky, Thomas wrote:
...

>>   
>>   static unsigned int max_sev_asid;
>>   static unsigned int min_sev_asid;
>> +static unsigned long me_mask;
> 
> sev_me_mask ?
> 

Agreed.

>>   static unsigned long *sev_asid_bitmap;
>>   #define __sme_page_pa(x) __sme_set(page_to_pfn(x) << PAGE_SHIFT)
>>   
>> @@ -1216,15 +1217,21 @@ static int avic_ga_log_notifier(u32 ga_tag)
>>   static __init int sev_hardware_setup(void)
>>   {
>>   	struct sev_user_data_status *status;
>> +	int eax, ebx;
>>   	int rc;
>>   
>> -	/* Maximum number of encrypted guests supported simultaneously */
>> -	max_sev_asid = cpuid_ecx(0x8000001F);
>> +	/*
>> +	 * Query the memory encryption information.
>> +	 *  EBX:  Bit 0:5 Pagetable bit position used to indicate encryption (aka Cbit).
>> +	 *  ECX:  Maximum number of encrypted guests supported simultaneously.
>> +	 *  EDX:  Minimum ASID value that should be used for SEV guest.
>> +	 */
>> +	cpuid(0x8000001f, &eax, &ebx, &max_sev_asid, &min_sev_asid);
>>   
>>   	if (!max_sev_asid)
>>   		return 1;
>>   
>> -	/* Minimum ASID value that should be used for SEV guest */
>> +	me_mask = 1UL << (ebx & 0x3f);
>>   	min_sev_asid = cpuid_edx(0x8000001F);
> 
> You can remove this since you obtained it with the cpuid() call above.
> 

I thought I removed it but.. I will take care in next rev.

>>   
>>   	/* Initialize SEV ASID bitmap */
>> @@ -7053,6 +7060,118 @@ static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
>>   	return ret;
>>   }
>>   
>> +static int sev_send_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
>> +{
>> +	struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
>> +	struct sev_data_send_update_data *data;
>> +	struct kvm_sev_send_update_data params;
>> +	void *hdr = NULL, *trans_data = NULL;
>> +	struct page **guest_page = NULL;
>> +	unsigned long n;
>> +	int ret, offset;
>> +
>> +	if (!sev_guest(kvm))
>> +		return -ENOTTY;
>> +
>> +	if (copy_from_user(&params, (void __user *)(uintptr_t)argp->data,
>> +			sizeof(struct kvm_sev_send_update_data)))
>> +		return -EFAULT;
>> +
>> +	data = kzalloc(sizeof(*data), GFP_KERNEL);
>> +	if (!data)
>> +		return -ENOMEM;
>> +
>> +	/* userspace wants to query either header or trans length */
>> +	if (!params.trans_len || !params.hdr_len)
>> +		goto cmd;
>> +
>> +	ret = -EINVAL;
>> +	if (!params.trans_uaddr || !params.guest_uaddr ||
>> +	    !params.guest_len || !params.hdr_uaddr)
>> +		goto e_free;
>> +
>> +	/* Check if we are crossing the page boundry */
>> +	ret = -EINVAL;
>> +	offset = params.guest_uaddr & (PAGE_SIZE - 1);
>> +	if ((params.guest_len + offset > PAGE_SIZE))
>> +		goto e_free;
>> +
>> +	ret = -ENOMEM;
>> +	hdr = kmalloc(params.hdr_len, GFP_KERNEL);
>> +	if (!hdr)
>> +		goto e_free;
>> +
>> +	data->hdr_address = __psp_pa(hdr);
>> +	data->hdr_len = params.hdr_len;
>> +
>> +	ret = -ENOMEM;
>> +	trans_data = kmalloc(params.trans_len, GFP_KERNEL);
>> +	if (!trans_data)
>> +		goto e_free;
>> +
>> +	data->trans_address = __psp_pa(trans_data);
>> +	data->trans_len = params.trans_len;
>> +
>> +	/* Pin guest memory */
>> +	ret = -EFAULT;
>> +	guest_page = sev_pin_memory(kvm, params.guest_uaddr & PAGE_MASK,
>> +				    PAGE_SIZE, &n, 0);
>> +	if (!guest_page)
>> +		goto e_free;
>> +
>> +	data->guest_address = __sme_page_pa(guest_page[0]) + offset;
> 
> If the C-bit needs to be set regardless below, then you don't need the
> __sme version of this.
> 

Noted.