Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp880843ybc; Tue, 12 Nov 2019 10:37:50 -0800 (PST) X-Google-Smtp-Source: APXvYqx7O42HW9XKfG9Pq5aqBjbC7XO4t1TMml7C9V/IC2ziyZc66NYNnMAqfjD1AzH7m1VBe9WR X-Received: by 2002:a17:906:3582:: with SMTP id o2mr29340525ejb.54.1573583870059; Tue, 12 Nov 2019 10:37:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573583870; cv=none; d=google.com; s=arc-20160816; b=Tb0MnE8r2tgNYeEiYFrrTj+mG3g2gfp6YTVhAfkuNbaP9fXH4n+PHQZXSTN/6WbSpG y1mrJnSrTyll69VJl9FIB/EzWxxj3yY/bhNjRWmosF2x0KKoHQtQ+Rgh4MxFZ5zxqAnq fzyeBuKCQYJUFDxq0ORte0fNoQXE80eh9/rv5FR7RPk5CbzoJdfjAvrvkWQQbRb6cAUB TOqOzYvQi9sfnO4XsZM4ktU5AzsJuTdB1TLuqv5KdZFO0GzjxOj7TPP4dIUUTXj2pixM 71KS/ecSHo/3h/b7lt+PX9t50C0bQqVjTslYpPu4eJX02z3Uw9rHDNdFLI9HYcSQHQOA saqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Pt+Eiiq/E3aycrVMhn1krJyuGOpfFcyGAVCaAM8khkU=; b=aGNZN63NOTG8BM725L9r5+LUEFmB/NIjLMaZSlPev7VyUJHajiREsjyCSvfSHG6dZr XzDZYb4m1Mpq8kPyOSFHeW5Iuc6rmIvmzzpBiZOB5acEqX3P68pdQGO4L8cGBZvMU4HQ yHflkU7VVvKvbu+9SGQkPu1qfI+2AwljP2pjFw3uPROdfMQ4+gVSs60HrUhSj6tnP2gx xv16KqbRE/41ayxV0Dv3I5hFuFvPdghtmclsNdhfr5EC8PnDOeNMzurkhuexhAG4gyqx d4NkeKC+adFzDmdwIax7pcm+cVpu3tZIFUstUbpnFK7MzYQt8qgX9Q5t+xM26EwjAkQn jlIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=f6K0GT66; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v6si15975120edi.308.2019.11.12.10.37.25; Tue, 12 Nov 2019 10:37:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=f6K0GT66; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727189AbfKLSgK (ORCPT + 99 others); Tue, 12 Nov 2019 13:36:10 -0500 Received: from mail-il1-f196.google.com ([209.85.166.196]:44186 "EHLO mail-il1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727046AbfKLSgJ (ORCPT ); Tue, 12 Nov 2019 13:36:09 -0500 Received: by mail-il1-f196.google.com with SMTP id i6so16459129ilr.11 for ; Tue, 12 Nov 2019 10:36:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Pt+Eiiq/E3aycrVMhn1krJyuGOpfFcyGAVCaAM8khkU=; b=f6K0GT66CzhSK/ru9GwCp5nsZpF/byuB2/tBzi+H5ZVbqtqipkO4CYxbvjXBMBXUvK YLcl8i2AB/HlfTzxiOYLksHji6gKTh5t7UTqCWFEIyXMI1wPzqm31OhXptGE+imOKxHm +5HOOpK1JsITDHjr6Y4XktnW5KqAoM267ax3nr4dwAHPkn/eDHgkMBhzrf2VMeHBcdWI FVa2i0UwMTOiZz7oS06zZxkPjv/c6YEwVDuV95ckL2jf8h86P+mC/gOVkhlccR8wUIiA b+2c4Dq9zX2nMhXQcDN6GNf/8CMGzC+lVincUyYI62Hhkfvsya1bzQ6iKUYz1DdmOy7P 32JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Pt+Eiiq/E3aycrVMhn1krJyuGOpfFcyGAVCaAM8khkU=; b=cYacE0SI8XA7qT8Z1wSanq2aGXBldQzv+S8YvnYt/1XkJsrvE8jeajl9CUkwxhvAT2 WHaCZxbBk38J9Dia7XAkV/RDyg9Iih9roYX4SD37iC+MI5sQQwWnht0oBwUMfrMx++i8 3324iDooPfmJrgowAw+KSGVVjvbh9vLs9UXtdnYNoH6OywXPre/t+u7yr5skhX01sOOA q9EtjXUiOmmtN1UidbhLmBvU2fyPFnaAQ3K9bZvRWoJRDSs9Z7Ffa+ATEVkvJ9dubyL9 THWfvKHS4YeVUHizV5J9a0HuthDq8T8Hmsvksc91y9rtPBBF9Xn0D0150SGygClPJdbo fLxg== X-Gm-Message-State: APjAAAXzPIKmC3KUSol5ug3jUtjKw7aS0/e7r7+BqK/g8twXP2HULAW7 1JDrkDymjVtAQ+JJhM2M4dIsIrQsCtPr90eF9DOyOA== X-Received: by 2002:a92:9adb:: with SMTP id c88mr37066861ill.193.1573583767237; Tue, 12 Nov 2019 10:36:07 -0800 (PST) MIME-Version: 1.0 References: <20190710201244.25195-1-brijesh.singh@amd.com> <20190710201244.25195-2-brijesh.singh@amd.com> In-Reply-To: <20190710201244.25195-2-brijesh.singh@amd.com> From: Peter Gonda Date: Tue, 12 Nov 2019 10:35:55 -0800 Message-ID: Subject: Re: [PATCH v3 01/11] KVM: SVM: Add KVM_SEV SEND_START command To: "Singh, Brijesh" Cc: "kvm@vger.kernel.org" , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Joerg Roedel , Borislav Petkov , "Lendacky, Thomas" , "x86@kernel.org" , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 10, 2019 at 1:13 PM Singh, Brijesh wrote: > > +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + void *amd_cert = NULL, *session_data = NULL; > + void *pdh_cert = NULL, *plat_cert = NULL; > + struct sev_data_send_start *data = NULL; > + struct kvm_sev_send_start params; > + int ret; > + > + if (!sev_guest(kvm)) > + return -ENOTTY; > + > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, > + sizeof(struct kvm_sev_send_start))) > + return -EFAULT; > + > + data = kzalloc(sizeof(*data), GFP_KERNEL); > + if (!data) > + return -ENOMEM; > + > + /* userspace wants to query the session length */ > + if (!params.session_len) > + goto cmd; > + > + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || > + !params.session_uaddr) > + return -EINVAL; I think pdh_cert is only required if the guest policy SEV bit is set. Can pdh_cert be optional? > + > + /* copy the certificate blobs from userspace */ > + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, params.pdh_cert_len); > + if (IS_ERR(pdh_cert)) { > + ret = PTR_ERR(pdh_cert); > + goto e_free; > + } > + > + data->pdh_cert_address = __psp_pa(pdh_cert); > + data->pdh_cert_len = params.pdh_cert_len; > + > + plat_cert = psp_copy_user_blob(params.plat_cert_uaddr, params.plat_cert_len); > + if (IS_ERR(plat_cert)) { > + ret = PTR_ERR(plat_cert); > + goto e_free_pdh; > + } I think plat_cert is also only required if the guest policy SEV bit is set. Can plat_cert also be optional? > + > + data->plat_cert_address = __psp_pa(plat_cert); > + data->plat_cert_len = params.plat_cert_len; > + > + amd_cert = psp_copy_user_blob(params.amd_cert_uaddr, params.amd_cert_len); > + if (IS_ERR(amd_cert)) { > + ret = PTR_ERR(amd_cert); > + goto e_free_plat_cert; > + } I think amd_cert is also only required if the guest policy SEV bit is set. Can amd_cert also be optional? > + > + data->amd_cert_address = __psp_pa(amd_cert); > + data->amd_cert_len = params.amd_cert_len; > + > + ret = -EINVAL; > + if (params.session_len > SEV_FW_BLOB_MAX_SIZE) > + goto e_free_amd_cert; > + > + ret = -ENOMEM; > + session_data = kmalloc(params.session_len, GFP_KERNEL); > + if (!session_data) > + goto e_free_amd_cert; This pattern of returning -EINVAL if a length is greater than SEV_FW_BLOB_MAX_SIZE and -ENOMEM if kmalloc fails is used at sev_launch_measure. And I think in your later patches you do similar, did you consider factoring this out into a helper function similar to psp_copy_user_blob?