kvm.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/5] ccp: KVM: SVM: Use stack for SEV command buffers
@ 2021-04-02 23:36 Sean Christopherson
  2021-04-02 23:36 ` [PATCH 1/5] crypto: ccp: Detect and reject vmalloc addresses destined for PSP Sean Christopherson
                   ` (5 more replies)
  0 siblings, 6 replies; 17+ messages in thread
From: Sean Christopherson @ 2021-04-02 23:36 UTC (permalink / raw)
  To: Paolo Bonzini, Brijesh Singh, Tom Lendacky, John Allen
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-crypto, linux-kernel, Borislav Petkov

While doing minor KVM cleanup to account various kernel allocations, I
noticed that all of the SEV command buffers are allocated via kmalloc(),
even for commands whose payloads is smaller than a pointer.  After much
head scratching, the only reason I could come up with for dynamically
allocating the command data is CONFIG_VMAP_STACK=y.

This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
command buffers by copying such buffers an internal buffer before sending
the command to the PSP.  The SEV driver and KVM are then converted to use
the stack for all command buffers.

The first patch is optional, I included it in case someone wants to
backport it to stable kernels.  It wouldn't actually fix bugs, but it
would make debugging issues a lot easier if they did pop up.

Tested everything except sev_ioctl_do_pek_import(), I don't know anywhere
near enough about the PSP to give it the right input.

Based on kvm/queue, commit f96be2deac9b ("KVM: x86: Support KVM VMs
sharing SEV context") to avoid a minor conflict.

Sean Christopherson (5):
  crypto: ccp: Detect and reject vmalloc addresses destined for PSP
  crypto: ccp: Reject SEV commands with mismatching command buffer
  crypto: ccp: Play nice with vmalloc'd memory for SEV command structs
  crypto: ccp: Use the stack for small SEV command buffers
  KVM: SVM: Allocate SEV command structures on local stack

 arch/x86/kvm/svm/sev.c       | 262 +++++++++++++----------------------
 drivers/crypto/ccp/sev-dev.c | 161 ++++++++++-----------
 drivers/crypto/ccp/sev-dev.h |   7 +
 3 files changed, 184 insertions(+), 246 deletions(-)

-- 
2.31.0.208.g409f899ff0-goog


^ permalink raw reply	[flat|nested] 17+ messages in thread

end of thread, other threads:[~2021-04-05 16:37 UTC | newest]

Thread overview: 17+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-02 23:36 [PATCH 0/5] ccp: KVM: SVM: Use stack for SEV command buffers Sean Christopherson
2021-04-02 23:36 ` [PATCH 1/5] crypto: ccp: Detect and reject vmalloc addresses destined for PSP Sean Christopherson
2021-04-04  6:31   ` Christophe Leroy
2021-04-02 23:36 ` [PATCH 2/5] crypto: ccp: Reject SEV commands with mismatching command buffer Sean Christopherson
2021-04-03 17:02   ` Christophe Leroy
2021-04-05 16:26   ` Tom Lendacky
2021-04-05 16:33     ` Sean Christopherson
2021-04-05 16:37       ` Tom Lendacky
2021-04-02 23:37 ` [PATCH 3/5] crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Sean Christopherson
2021-04-03 17:05   ` Christophe Leroy
2021-04-03 17:13   ` Christophe Leroy
2021-04-04  6:48   ` Christophe Leroy
2021-04-05 15:06     ` Sean Christopherson
2021-04-05 16:01       ` Brijesh Singh
2021-04-02 23:37 ` [PATCH 4/5] crypto: ccp: Use the stack for small SEV command buffers Sean Christopherson
2021-04-02 23:37 ` [PATCH 5/5] KVM: SVM: Allocate SEV command structures on local stack Sean Christopherson
2021-04-04 19:54 ` [PATCH 0/5] ccp: KVM: SVM: Use stack for SEV command buffers Brijesh Singh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).