On Mon, Mar 10, 2025 at 09:13:11PM +1100, Alexey Kardashevskiy wrote:
>
>
> On 10/3/25 21:00, Alexey Kardashevskiy wrote:
> > Compared to the SNP Guest Request, the "Extended" version adds data pages
> > for receiving certificates. If not enough pages provided, the HV can
> > report to the VM how much is needed so the VM can reallocate and repeat.
> >
> > Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command
> > mutex") moved handling of the allocated/desired pages number out of scope
> > of said mutex and create a possibility for a race (multiple instances
> > trying to trigger Extended request in a VM) as there is just one instance
> > of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex.
> >
> > Fix the issue by moving the data blob/size and the GHCB input struct
> > (snp_req_data) into snp_guest_req which is allocated on stack now
> > and accessed by the GHCB caller under that mutex.
> >
> > Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of
> > four callers needs it. Free the received blob in get_ext_report() right
> > after it is copied to the userspace. Possible future users of
> > snp_send_guest_request() are likely to have different ideas about
> > the buffer size anyways.
> >
> > Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex")
> > Cc: stable@xxxxxxxxxxxxxxx # 6.13
> > Cc: Nikunj A Dadhania <nikunj@xxxxxxx>
> > Signed-off-by: Alexey Kardashevskiy <aik@xxxxxxx>
>
> Missed:
>
> (cherry picked from commit 3e385c0d6ce88ac9916dcf84267bd5855d830748)
>
> I first cherrypicked and sent, then I read about "cherry-oick -x", sorry for
> the noise. thanks,
Please resend with this in the commit so that our tools pick it up
properly.
thanks,
greg k-h
