On 07/04/21 00:49, Sean Christopherson wrote:
This series teaches __sev_do_cmd_locked() to gracefully handle vmalloc'd command buffers by copying _all_ incoming data pointers to an internal buffer before sending the command to the PSP. The SEV driver and KVM are then converted to use the stack for all command buffers. Tested everything except sev_ioctl_do_pek_import(), I don't know anywhere near enough about the PSP to give it the right input. v2: - Rebase to kvm/queue, commit f96be2deac9b ("KVM: x86: Support KVM VMs sharing SEV context"). - Unconditionally copy @data to the internal buffer. [Christophe, Brijesh] - Allocate a full page for the buffer. [Brijesh] - Drop one set of the "!"s. [Christophe] - Use virt_addr_valid() instead of is_vmalloc_addr() for the temporary patch (definitely feel free to drop the patch if it's not worth backporting). [Christophe] - s/intput/input/. [Tom] - Add a patch to free "sev" if init fails. This is not strictly necessary (I think; I suck horribly when it comes to the driver framework). But it felt wrong to not free cmd_buf on failure, and even more wrong to free cmd_buf but not sev. v1: - https://lkml.kernel.org/r/20210402233702.3291792-1-seanjc@xxxxxxxxxx Sean Christopherson (8): crypto: ccp: Free SEV device if SEV init fails crypto: ccp: Detect and reject "invalid" addresses destined for PSP crypto: ccp: Reject SEV commands with mismatching command buffer crypto: ccp: Play nice with vmalloc'd memory for SEV command structs crypto: ccp: Use the stack for small SEV command buffers crypto: ccp: Use the stack and common buffer for status commands crypto: ccp: Use the stack and common buffer for INIT command KVM: SVM: Allocate SEV command structures on local stack arch/x86/kvm/svm/sev.c | 262 +++++++++++++---------------------- drivers/crypto/ccp/sev-dev.c | 197 +++++++++++++------------- drivers/crypto/ccp/sev-dev.h | 4 +- 3 files changed, 196 insertions(+), 267 deletions(-)
Queued, thanks. Paolo