| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3wiz2i6rc5t2slrgvppquxe35wrirvh44jlm6qdgz3a6nj342u@il7ylsyfzq6r> Date: Fri, 28 Jun 2024 19:48:03 -0500 From: Michael Roth <michael.roth@....com> To: <kvm@...r.kernel.org> CC: <linux-coco@...ts.linux.dev>, <linux-kernel@...r.kernel.org>, <x86@...nel.org>, <pbonzini@...hat.com>, <seanjc@...gle.com>, <jroedel@...e.de>, <thomas.lendacky@....com>, <pgonda@...gle.com>, <ashish.kalra@....com>, <bp@...en8.de>, <pankaj.gupta@....com>, <liam.merwick@...cle.com> Subject: Re: [PATCH v2 0/3] SEV-SNP: Add KVM support for attestation On Fri, Jun 28, 2024 at 01:52:41PM -0500, Michael Roth wrote: > Changes since v1: > > * Fix cleanup path when handling firmware error (Liam, Sean) > * Use bounce-pages for interacting with firmware rather than passing in the > guest-provided pages directly. (Sean) > * Drop SNP_GUEST_VMM_ERR_GENERIC and rely solely on firmware-provided error > code to report any firmware error to the guest. (Sean) > * Use kvm_clear_guest() to handle writing empty certificate table instead > of kvm_write_guest() (Sean) > * Add additional comments in commit messages and throughout code to better > explain the interactions with firmware/guest. (Sean) > * Drop 4K-alignment restrictions on the guest-provided req/resp buffers, > since the GHCB-spec only specifically requires they fit within 4K, It turns out my eyeballs were not functional when I reached that conclusion and it's clearly documented that the pages needed to be 4K-aligned in the GHCB spec. With the current implementation, KVM can actually handle unaligned req/resp GPAs thanks to the bounce buffers, but it should still be enforced. So I will resend a v3 with this change, but leave a bit more time in case there are other review comments for v2. Thanks, Mike > not necessarily that they be 4K-aligned. Additionally, the bounce > pages passed to firmware will be 4K-aligned regardless. > > Changes since splitting this off from v15 SNP KVM patchset: > > * Address clang-reported warnings regarding uninitialized variables > * Address a memory leak of the request/response buffer pages, and refactor > the code based on Sean's suggestions: > https://lore.kernel.org/kvm/ZktbBRLXeOp9X6aH@google.com/ > * Fix SNP Extended Guest Request handling to only attempt to fetch > certificates if handling MSG_REQ_REPORT (attestation) message types > * Drop KVM_EXIT_VMGEXIT and introduce KVM_EXIT_COCO events instead > * Refactor patch layout for easier handling/review > > ---------------------------------------------------------------- > Brijesh Singh (1): > KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event > > Michael Roth (2): > x86/sev: Move sev_guest.h into common SEV header > KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event > > arch/x86/include/asm/sev.h | 48 ++++++++ > arch/x86/kvm/svm/sev.c | 187 ++++++++++++++++++++++++++++++++ > arch/x86/kvm/svm/svm.h | 3 + > drivers/virt/coco/sev-guest/sev-guest.c | 2 - > drivers/virt/coco/sev-guest/sev-guest.h | 63 ----------- > include/uapi/linux/sev-guest.h | 3 + > 6 files changed, 241 insertions(+), 65 deletions(-) > delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h > >
Powered by blists - more mailing lists