On 12/7/2024 1:57 AM, Borislav Petkov wrote: > On Thu, Dec 05, 2024 at 11:53:53AM +0530, Nikunj A. Dadhania wrote: >>> * get_report - I don't think so: >>> >>> /* >>> * The intermediate response buffer is used while decrypting the >>> * response payload. Make sure that it has enough space to cover the >>> * authtag. >>> */ >>> resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize; >>> report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); >>> >>> That resp_len is limited and that's on the guest_ioctl path which cannot >>> happen concurrently? >> >> It is a trusted allocation, but should it be accounted as it is part of >> the userspace ioctl path ? > > Well, it is unlocked_ioctl() and snp_guest_ioctl() is not taking any locks. > What's stopping anyone from writing a nasty little program which hammers the > sev-guest on the ioctl interface until the OOM killer activates? > > IOW, this should probably remain _ACCOUNT AFAICT. Both get_report()/get_ext_report() are in the unlocked_ioctl(), we will retain the _ACCOUNT That leaves us with only one site: snp_init_crypto(), should I fold this change in current patch ? Regards Nikunj
