[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZyuPmXEeRK9KYDXh@google.com>
Date: Wed, 6 Nov 2024 07:47:37 -0800
From: Sean Christopherson <seanjc@...gle.com>
To: Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Michael Roth <michael.roth@....com>,
Brijesh Singh <brijesh.singh@....com>, Ashish Kalra <ashish.kalra@....com>,
Tom Lendacky <thomas.lendacky@....com>, John Allen <john.allen@....com>,
Herbert Xu <herbert@...dor.apana.org.au>, "David S. Miller" <davem@...emloft.net>,
Luis Chamberlain <mcgrof@...nel.org>, Russ Weight <russ.weight@...ux.dev>,
Danilo Krummrich <dakr@...hat.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Rafael J. Wysocki" <rafael@...nel.org>, Tianfei zhang <tianfei.zhang@...el.com>,
Alexey Kardashevskiy <aik@....com>, kvm@...r.kernel.org
Subject: Re: [PATCH v4 1/6] kvm: svm: Fix gctx page leak on invalid inputs
On Wed, Nov 06, 2024, Dionna Amalie Glaze wrote:
> On Wed, Nov 6, 2024 at 6:34 AM Sean Christopherson <seanjc@...gle.com> wrote:
> >
> > KVM: SVM:
> >
> > In the future, please post bug fixes separately from new features series, especially
> > when the fix has very little to do with the rest of the series (AFAICT, this has
> > no relation whatsoever beyond SNP).
> >
>
> Understood. Are dependent series best shared through links to a dev
> branch containing all patches?
I don't follow. There is no dependency here. If this series were moving
snp_context_create() out of KVM, then that would be a different story, i.e. then
it _would_ be appropriate to include the fix at the front of the series.
If you end up a situation where a dependency is created after the initial posting,
e.g. you post this fix, then later decide to move snp_context_create() out of KVM,
then simply call that out in the cover letter and provide a lore.kernel.org link.
For large scale dependencies, e.g. multi-patch series that build on other multi-patch
series, then providing a link to a git branch is helpful. But for something this
trivial, it's overkill.
> > > ---
> > > arch/x86/kvm/svm/sev.c | 8 ++++----
> > > 1 file changed, 4 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> > > index 714c517dd4b72..f6e96ec0a5caa 100644
> > > --- a/arch/x86/kvm/svm/sev.c
> > > +++ b/arch/x86/kvm/svm/sev.c
> > > @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> > > if (sev->snp_context)
> > > return -EINVAL;
> > >
> > > - sev->snp_context = snp_context_create(kvm, argp);
> > > - if (!sev->snp_context)
> > > - return -ENOTTY;
> > > -
> > > if (params.flags)
> > > return -EINVAL;
> > >
> > > @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> > > if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET)
> > > return -EINVAL;
> > >
> > > + sev->snp_context = snp_context_create(kvm, argp);
> > > + if (!sev->snp_context)
> > > + return -ENOTTY;
> >
> > Related to this fix, the return values from snp_context_create() are garbage. It
> > should return ERR_PTR(), not NULL. -ENOTTY on an OOM scenatio is blatantly wrong,
> > as -ENOTTY on any SEV_CMD_SNP_GCTX_CREATE failure is too.
>
> I caught this too. I'll be changing that behavior with the new gctx
> management API from ccp in v5, i.e.,
Please fix the KVM flaws before moving code out of KVM, i.e. ensure the flaws are
cleaned up even if we opt not to go the route of moving the code out of KVM (which
I assume is what you plan to do with sev_snp_create_context()).
Powered by blists - more mailing lists