[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20211117163809.1441845-1-pbonzini@redhat.com>
Date: Wed, 17 Nov 2021 11:38:05 -0500
From: Paolo Bonzini <pbonzini@...hat.com>
To: linux-kernel@...r.kernel.org, kvm@...r.kernel.org
Cc: pgonda@...gle.com, seanjc@...gle.com
Subject: [PATCH 0/4] MOVE/COPY_ENC_CONTEXT_FROM locking cleanup and tests
Patches 1 and 2 are the long-awaited tests for COPY_ENC_CONTEXT_FROM,
based on the ones for intra-host migration. The aim of patches 3
and 4 is to simplify the locking for COPY_ENC_CONTEXT_FROM, and solving
(by sidestepping the question) the problem of a VM's encryption
context being moved from and copied from at the same time.
These patches are an alternative to Sean's patch with subject "KVM:
SEV: Explicitly document that there are no TOCTOU races in copy ASID"
(https://lore.kernel.org/kvm/76c7c752-f1b0-f100-03dd-364366eff02f@redhat.com/T/).
There is another bug: a VM that is the owner of a copied context must not
be migrated, otherwise you could have a dangling ASID:
1. copy context from A to B (gets ref to A)
2. move context from A to L (moves ASID from A to L)
3. close L (releases ASID from L, B still references it)
The right way to do the handoff instead is to create a fresh mirror VM
on the destination first:
1. copy context from A to B (gets ref to A)
[later] 2. close B (releases ref to A)
3. move context from A to L (moves ASID from A to L)
4. copy context from L to M
I'll take a look at this later, probably next week after this series has
been reviewed.
Paolo
Paolo Bonzini (4):
selftests: sev_migrate_tests: free all VMs
selftests: sev_migrate_tests: add tests for
KVM_CAP_VM_COPY_ENC_CONTEXT_FROM
KVM: SEV: cleanup locking for KVM_CAP_VM_MOVE_ENC_CONTEXT_FROM
KVM: SEV: Do COPY_ENC_CONTEXT_FROM with both VMs locked
arch/x86/kvm/svm/sev.c | 118 ++++++++----------
.../selftests/kvm/x86_64/sev_migrate_tests.c | 113 +++++++++++++++--
2 files changed, 155 insertions(+), 76 deletions(-)
--
2.27.0
Powered by blists - more mailing lists