Re: [PATCH RFC v8 45/56] KVM: SVM: Provide support for SNP_GUEST_REQUEST NAE event

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 20.02.23 19:38, Michael Roth wrote:
From: Brijesh Singh <brijesh.singh@xxxxxxx>

Version 2 of GHCB specification added the support for two SNP Guest
Request Message NAE events. The events allows for an SEV-SNP guest to
make request to the SEV-SNP firmware through hypervisor using the
SNP_GUEST_REQUEST API define in the SEV-SNP firmware specification.

The SNP_EXT_GUEST_REQUEST is similar to SNP_GUEST_REQUEST with the
difference of an additional certificate blob that can be passed through
the SNP_SET_CONFIG ioctl defined in the CCP driver. The CCP driver
provides snp_guest_ext_guest_request() that is used by the KVM to get
both the report and certificate data at once.

Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
---
  arch/x86/kvm/svm/sev.c | 185 +++++++++++++++++++++++++++++++++++++++--
  arch/x86/kvm/svm/svm.h |   2 +
  2 files changed, 181 insertions(+), 6 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 197b1f904567..92179614102e 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -327,6 +327,7 @@ static int sev_guest_init(struct kvm *kvm, struct kvm_sev_cmd *argp)
                 if (ret)
                         goto e_free;

+               mutex_init(&sev->guest_req_lock);
                 ret = sev_snp_init(&argp->error, false);
         } else {
                 ret = sev_platform_init(&argp->error);
@@ -2059,23 +2060,34 @@ int sev_vm_move_enc_context_from(struct kvm *kvm, unsigned int source_fd)
   */
  static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp)
  {
+       struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
         struct sev_data_snp_addr data = {};
-       void *context;
+       void *context, *certs_data;
         int rc;

+       /* Allocate memory used for the certs data in SNP guest request */
+       certs_data = kzalloc(SEV_FW_BLOB_MAX_SIZE, GFP_KERNEL_ACCOUNT);
+       if (!certs_data)
+               return NULL;


I don't understand why this is part of the context creation, which again is part of the KVM_SEV_SNP_LAUNCH_START op. Would you mind to create a separate op for this and then check later on while you use the buffer whether it was ever allocated?


Alex





Amazon Development Center Germany GmbH
Krausenstr. 38
10117 Berlin
Geschaeftsfuehrung: Christian Schlaeger, Jonathan Weiss
Eingetragen am Amtsgericht Charlottenburg unter HRB 149173 B
Sitz: Berlin
Ust-ID: DE 289 237 879






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux