| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jul 2021 14:12:58 -0600
From: Peter Gonda <pgonda@...gle.com>
To: Brijesh Singh <brijesh.singh@....com>
Cc: kvm list <kvm@...r.kernel.org>, Lars Bull <larsbull@...gle.com>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
David Rientjes <rientjes@...gle.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Wanpeng Li <wanpengli@...cent.com>,
Jim Mattson <jmattson@...gle.com>,
Joerg Roedel <joro@...tes.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
"H. Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] KVM, SEV: Add support for SEV local migration
Thanks for reviewing Brijesh! Seanjc@ said he would comment so I'll
lump your suggestions and his into the V2.
On Mon, Jul 12, 2021 at 3:09 PM Brijesh Singh <brijesh.singh@....com> wrote:
>
>
>
> On 6/21/21 11:31 AM, Peter Gonda wrote:
>
> > + if (!sev_guest(kvm))
> > + return -ENOTTY;
> > +
> > + if (sev->es_active)
> > + return -EPERM;
> > +
> > + if (sev->info_token != 0)
> > + return -EEXIST;
> > +
> > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data,
> > + sizeof(params)))
> > + return -EFAULT;
> > +
> > + entry = kzalloc(sizeof(*entry), GFP_KERNEL);
> > + if (!entry)
> > + return -ENOMEM;
> > +
> > + entry->asid = sev->asid;
> > + entry->handle = sev->handle;
> > + entry->pages_locked = sev->pages_locked;
> > + entry->misc_cg = sev->misc_cg;
> > +
> > + INIT_LIST_HEAD(&entry->regions_list);
> > + list_replace_init(&sev->regions_list, &entry->regions_list);
>
> I believe the entry->regions_list will be NULL if the command is called
> before the memory regions are registered. The quesiton is, do you need
> to check whether for a valid sev->handle (i.e, LAUNCH_START is done)?
Makes sense to add a check for LAUNCH_START by checking sev->handle,
I'll add that in V2.
Would it also make sense to add similar checks to ioctls like launch
update, measure, and finish? If so I can send a separate patch to add
those checks.
>
>
> > +
> > /* Userspace wants to query session length. */
> > static int
> > __sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp,
> > @@ -1513,6 +1711,18 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
> > goto out;
> > }
> >
> > + /*
> > + * If this VM has started exporting its SEV contents to another VM,
> > + * it's not allowed to do any more SEV operations that may modify the
> > + * SEV state.
> > + */
> > + if (to_kvm_svm(kvm)->sev_info.info_token &&
> > + sev_cmd.id != KVM_SEV_DBG_ENCRYPT &&
> > + sev_cmd.id != KVM_SEV_DBG_DECRYPT) {
> > + r = -EPERM;
> > + goto out;
> > + }
>
> Maybe move this check in a function so that it can later extended for
> SEV-SNP (cmd ids for the debug is different).
>
> Something like:
>
> static bool is_local_mig_active(struct kvm *)
> {
> ....
> }
Will do!
>
> Once the migration range hypercall is merged, we also need to preserve
> any metadata memory maintained by KVM for the unencrypted ranges.
OK. Any suggestions on how to manage these impending conflicts. Are
those almost ready and I should build these patches on top of those or
what would you suggest?
>
> -Brijesh
Powered by blists - more mailing lists