While doing minor KVM cleanup to account various kernel allocations, I
noticed that all of the SEV command buffers are allocated via kmalloc(),
even for commands whose payloads is smaller than a pointer. After much
head scratching, the only reason I could come up with for dynamically
allocating the command data is CONFIG_VMAP_STACK=y.
This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd
command buffers by copying such buffers an internal buffer before sending
the command to the PSP. The SEV driver and KVM are then converted to use
the stack for all command buffers.
The first patch is optional, I included it in case someone wants to
backport it to stable kernels. It wouldn't actually fix bugs, but it
would make debugging issues a lot easier if they did pop up.
Tested everything except sev_ioctl_do_pek_import(), I don't know anywhere
near enough about the PSP to give it the right input.
Based on kvm/queue, commit f96be2deac9b ("KVM: x86: Support KVM VMs
sharing SEV context") to avoid a minor conflict.
Sean Christopherson (5):
crypto: ccp: Detect and reject vmalloc addresses destined for PSP
crypto: ccp: Reject SEV commands with mismatching command buffer
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs
crypto: ccp: Use the stack for small SEV command buffers
KVM: SVM: Allocate SEV command structures on local stack
arch/x86/kvm/svm/sev.c | 262 +++++++++++++----------------------
drivers/crypto/ccp/sev-dev.c | 161 ++++++++++-----------
drivers/crypto/ccp/sev-dev.h | 7 +
3 files changed, 184 insertions(+), 246 deletions(-)
--
2.31.0.208.g409f899ff0-goog
