On 9/14/17 5:35 AM, Borislav Petkov wrote: ... > + >> + if (copy_from_user(¶ms, (void *) argp->data, >> + sizeof(struct kvm_sev_guest_status))) > Let me try to understand what's going on here. You copy user data into > params... This is wrong -- since all the parameters in GET_STATUS is "OUT" hence we don't need to perform copy_from_user. I will fix it. thanks > >> + return -EFAULT; >> + >> + data = kzalloc(sizeof(*data), GFP_KERNEL); >> + if (!data) >> + return -ENOMEM; >> + >> + data->handle = sev_get_handle(kvm); >> + ret = sev_issue_cmd(kvm, SEV_CMD_GUEST_STATUS, data, &argp->error); >> + if (ret) >> + goto e_free; >> + >> + params.policy = data->policy; >> + params.state = data->state; >> + params.handle = data->handle; > ... *overwrite* the copied data which means, the copy meant *absolutely* > *nothing* at all! ... > > Also, why does userspace need to know the firmware ->handle? SEV firmware supports key-sharing, if guest policy allows sharing the key between VMs then we need the firmware->handle. If key-sharing feature is used then firmware->handle of the 1st VM will be passed into the LAUNCH_START of 2nd VM. I still have not coded up anything in qemu for key-sharing and also I am using GET_STATUS command in qemu yet. But wanted to make sure that if we decide to add "info sev-status" command in qemu-monitor to retrieve the SEV state information and then all the information is available to us.
