* [PATCH v2] KVM: SVM: fix missing sev_decommission() in sev_receive_start()
@ 2021-09-16 21:45 Mingwei Zhang
0 siblings, 0 replies; only message in thread
From: Mingwei Zhang @ 2021-09-16 21:45 UTC (permalink / raw)
To: Paolo Bonzini
Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
Joerg Roedel, kvm, linux-kernel, Alper Gun, Borislav Petkov,
Brijesh Singh, David Rienjes, Marc Orr, John Allen, Peter Gonda,
Tom Lendacky, Vipin Sharma, Mingwei Zhang
DECOMMISSION the current SEV context if binding an ASID fails after
RECEIVE_START. Per AMD's SEV API, RECEIVE_START generates a new guest
context and thus needs to be paired with DECOMMISSION:
AMD SEV API v0.24 Section 1.3.3
"The RECEIVE_START command is the only command other than the
LAUNCH_START command that generates a new guest context and guest
handle."
The missing DECOMMISSION can result in subsequent SEV launch failures due
to insufficient resource. In particular, both LAUNCH_START and
RECEIVE_START command will fail with SEV_RET_RESOURCE_LIMIT error.
Note, LAUNCH_START suffered from the same bug, but was previously fixed by
[1]. However, the same bug could come back to LAUNCH_START if RECEIVE_START
part was not fixed.
So add the sev_decommission() function in sev_receive_start.
[1] commit 934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID
binding fails").
Cc: Alper Gun <alpergun@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: David Rienjes <rientjes@google.com>
Cc: Marc Orr <marcorr@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: Peter Gonda <pgonda@google.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Vipin Sharma <vipinsh@google.com>
Reviewed-by: Marc Orr <marcorr@google.com>
Reviewed-by: Sean Christopherson <seanjc@google.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Fixes: af43cbbf954b ("KVM: SVM: Add support for KVM_SEV_RECEIVE_START command")
Signed-off-by: Mingwei Zhang <mizhang@google.com>
---
arch/x86/kvm/svm/sev.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 75e0b21ad07c..55d8b9c933c3 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1397,8 +1397,10 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
/* Bind ASID to this guest */
ret = sev_bind_asid(kvm, start.handle, error);
- if (ret)
+ if (ret) {
+ sev_decommission(start.handle);
goto e_free_session;
+ }
params.handle = start.handle;
if (copy_to_user((void __user *)(uintptr_t)argp->data,
--
2.33.0.464.g1972c5931b-goog
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-09-16 21:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-16 21:45 [PATCH v2] KVM: SVM: fix missing sev_decommission() in sev_receive_start() Mingwei Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).