From: Sean Christopherson <seanjc@google.com>
To: Paolo Bonzini <pbonzini@redhat.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
John Allen <john.allen@amd.com>
Cc: Sean Christopherson <seanjc@google.com>,
Vitaly Kuznetsov <vkuznets@redhat.com>,
Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-kernel@vger.kernel.org, Borislav Petkov <bp@suse.de>,
Christophe Leroy <christophe.leroy@csgroup.eu>
Subject: [PATCH v2 0/8] ccp: KVM: SVM: Use stack for SEV command buffers
Date: Tue, 6 Apr 2021 15:49:44 -0700 [thread overview]
Message-ID: <20210406224952.4177376-1-seanjc@google.com> (raw)
This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
command buffers by copying _all_ incoming data pointers to an internal
buffer before sending the command to the PSP. The SEV driver and KVM are
then converted to use the stack for all command buffers.
Tested everything except sev_ioctl_do_pek_import(), I don't know anywhere
near enough about the PSP to give it the right input.
v2:
- Rebase to kvm/queue, commit f96be2deac9b ("KVM: x86: Support KVM VMs
sharing SEV context").
- Unconditionally copy @data to the internal buffer. [Christophe, Brijesh]
- Allocate a full page for the buffer. [Brijesh]
- Drop one set of the "!"s. [Christophe]
- Use virt_addr_valid() instead of is_vmalloc_addr() for the temporary
patch (definitely feel free to drop the patch if it's not worth
backporting). [Christophe]
- s/intput/input/. [Tom]
- Add a patch to free "sev" if init fails. This is not strictly
necessary (I think; I suck horribly when it comes to the driver
framework). But it felt wrong to not free cmd_buf on failure, and
even more wrong to free cmd_buf but not sev.
v1:
- https://lkml.kernel.org/r/20210402233702.3291792-1-seanjc@google.com
Sean Christopherson (8):
crypto: ccp: Free SEV device if SEV init fails
crypto: ccp: Detect and reject "invalid" addresses destined for PSP
crypto: ccp: Reject SEV commands with mismatching command buffer
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs
crypto: ccp: Use the stack for small SEV command buffers
crypto: ccp: Use the stack and common buffer for status commands
crypto: ccp: Use the stack and common buffer for INIT command
KVM: SVM: Allocate SEV command structures on local stack
arch/x86/kvm/svm/sev.c | 262 +++++++++++++----------------------
drivers/crypto/ccp/sev-dev.c | 197 +++++++++++++-------------
drivers/crypto/ccp/sev-dev.h | 4 +-
3 files changed, 196 insertions(+), 267 deletions(-)
--
2.31.0.208.g409f899ff0-goog
next reply other threads:[~2021-04-06 22:50 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-06 22:49 Sean Christopherson [this message]
2021-04-06 22:49 ` [PATCH v2 1/8] crypto: ccp: Free SEV device if SEV init fails Sean Christopherson
2021-04-06 22:49 ` [PATCH v2 2/8] crypto: ccp: Detect and reject "invalid" addresses destined for PSP Sean Christopherson
2021-04-06 22:49 ` [PATCH v2 3/8] crypto: ccp: Reject SEV commands with mismatching command buffer Sean Christopherson
2021-04-06 22:49 ` [PATCH v2 4/8] crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Sean Christopherson
2021-04-06 22:49 ` [PATCH v2 5/8] crypto: ccp: Use the stack for small SEV command buffers Sean Christopherson
2021-04-07 5:18 ` Christophe Leroy
2021-04-17 12:40 ` Paolo Bonzini
2021-04-06 22:49 ` [PATCH v2 6/8] crypto: ccp: Use the stack and common buffer for status commands Sean Christopherson
2021-04-06 22:49 ` [PATCH v2 7/8] crypto: ccp: Use the stack and common buffer for INIT command Sean Christopherson
2021-04-07 5:20 ` Christophe Leroy
2021-04-17 12:42 ` Paolo Bonzini
2021-04-06 22:49 ` [PATCH v2 8/8] KVM: SVM: Allocate SEV command structures on local stack Sean Christopherson
2021-04-07 5:24 ` Christophe Leroy
2021-04-07 10:24 ` Borislav Petkov
2021-04-07 17:05 ` Sean Christopherson
2021-04-07 17:06 ` Christophe Leroy
2021-04-07 17:34 ` Borislav Petkov
2021-04-17 12:45 ` Paolo Bonzini
2021-04-07 17:16 ` [PATCH v2 0/8] ccp: KVM: SVM: Use stack for SEV command buffers Brijesh Singh
2021-04-07 18:00 ` Tom Lendacky
2021-04-15 16:09 ` Paolo Bonzini
2021-04-15 18:15 ` Tom Lendacky
2021-04-16 0:28 ` Herbert Xu
2021-04-17 12:47 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210406224952.4177376-1-seanjc@google.com \
--to=seanjc@google.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=christophe.leroy@csgroup.eu \
--cc=jmattson@google.com \
--cc=john.allen@amd.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=thomas.lendacky@amd.com \
--cc=vkuznets@redhat.com \
--cc=wanpengli@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).