Re: [PATCH v8 36/40] x86/sev: Provide support for SNP guest request NAEs

Borislav Petkov <bp@xxxxxxxxx> · Thu, 27 Jan 2022 17:21:06 +0100

On Fri, Dec 10, 2021 at 09:43:28AM -0600, Brijesh Singh wrote:
> Version 2 of GHCB specification provides SNP_GUEST_REQUEST and
> SNP_EXT_GUEST_REQUEST NAE that can be used by the SNP guest to communicate
> with the PSP.
> 
> While at it, add a snp_issue_guest_request() helper that can be used by

Not "that can" but "that will".

> driver or other subsystem to issue the request to PSP.
> 
> See SEV-SNP and GHCB spec for more details.
> 
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
>  arch/x86/include/asm/sev-common.h |  3 ++
>  arch/x86/include/asm/sev.h        | 14 +++++++++
>  arch/x86/include/uapi/asm/svm.h   |  4 +++
>  arch/x86/kernel/sev.c             | 51 +++++++++++++++++++++++++++++++
>  4 files changed, 72 insertions(+)
> 
> diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h
> index 673e6778194b..346600724b84 100644
> --- a/arch/x86/include/asm/sev-common.h
> +++ b/arch/x86/include/asm/sev-common.h
> @@ -128,6 +128,9 @@ struct snp_psc_desc {
>  	struct psc_entry entries[VMGEXIT_PSC_MAX_ENTRY];
>  } __packed;
>  
> +/* Guest message request error code */
> +#define SNP_GUEST_REQ_INVALID_LEN	BIT_ULL(32)

SZ_4G is more descriptive, perhaps...

> +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err)
> +{
> +	struct ghcb_state state;
> +	unsigned long flags;
> +	struct ghcb *ghcb;
> +	int ret;
> +
> +	if (!cc_platform_has(CC_ATTR_SEV_SNP))
> +		return -ENODEV;
> +
> +	/* __sev_get_ghcb() need to run with IRQs disabled because it using per-cpu GHCB */

			   needs 				it is using a

> +	local_irq_save(flags);
> +
> +	ghcb = __sev_get_ghcb(&state);
> +	if (!ghcb) {
> +		ret = -EIO;
> +		goto e_restore_irq;
> +	}
> +
> +	vc_ghcb_invalidate(ghcb);
> +
> +	if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) {
> +		ghcb_set_rax(ghcb, input->data_gpa);
> +		ghcb_set_rbx(ghcb, input->data_npages);
> +	}
> +
> +	ret = sev_es_ghcb_hv_call(ghcb, true, NULL, exit_code, input->req_gpa, input->resp_gpa);
					      ^^^^^

That's ctxt which is accessed without a NULL check in
verify_exception_info().

Why aren't you allocating a ctxt on stack like the other callers do?

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette