Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp169034pxb; Wed, 24 Feb 2021 22:21:18 -0800 (PST) X-Google-Smtp-Source: ABdhPJzmphi4kiaE9mdTZu7i80duOAN8Ka3UxBAWpKpwmKIbzDR3+hG2f+jNioJ7EJGgqTHU5KMn X-Received: by 2002:a17:906:4349:: with SMTP id z9mr1170820ejm.471.1614234078080; Wed, 24 Feb 2021 22:21:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614234078; cv=none; d=google.com; s=arc-20160816; b=x8Jx4+a1EPgW6kKP/EYSOwfw3VN42Q5sWfgJY7hVIxQffkQTpr2vA6dzKvU/WsrA7e MkPCUyudiQ1e3jDkfFq0S3j9C/9b6CDJ0CcgftQE3Tuy/CD0wqe2ZAvyv3wfgid9MQNB 7ebRRba+jCSS0rUJxkoAqU4ls+puODIXKTLxQfpzzpHt+jkmJhXUc81gjwhVRcDQqewv xrmc9rAN62gdPefoPQ/uT2w23KjkhrNT51j89BLdyhVB9uJCMekfq9tadthwRhw2fZpL Yfc2+RZ09JkXcgPHx5lt9VtrHHp3zS2d0YKH5GyQ0P/FiMMpK6ukCP5aAkdadXIeK2jF OTPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VMhssfkntbp6BkEdgeddf6ITSgH2/sACeJhofv7G7Qk=; b=tNZVf6oa7vJPyVJ6Wn57LTCr/c5dio3HywNTV/HpKrRgDWK1JT/uhFeppSUN/I1Kd5 SUqFrEsac5LbqTpuH1UTFZhZcW54E02WnQCULr7ZvkH7aejpSgRm4MBsDV2ecUS6VVPY R+zRSd+uZDP6XNWSIEcFJ/a3ldErlMARAXy4JqjMOG+UHNTcalkLNVncs6PYBo8gWqNP HPoweOOeFNiMUo23Fu+4fQ1fYs+ovCrl8WEZzZ9HW2OAc4mnLLcnqcXnV8yHjPyW4H8t lS73/KTogFsrOa7uqV01ffOIArzYxQjqbmfQ3JMPJxNkiwVD3RNAWAt4CTgAWTWwWXc1 w+JQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pxq5QeWU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i7si3669833ejo.67.2021.02.24.22.20.54; Wed, 24 Feb 2021 22:21:18 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pxq5QeWU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231604AbhBYD5K (ORCPT + 99 others); Wed, 24 Feb 2021 22:57:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233084AbhBYD5J (ORCPT ); Wed, 24 Feb 2021 22:57:09 -0500 Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DD699C06174A for ; Wed, 24 Feb 2021 19:56:28 -0800 (PST) Received: by mail-io1-xd32.google.com with SMTP id a7so4428292iok.12 for ; Wed, 24 Feb 2021 19:56:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VMhssfkntbp6BkEdgeddf6ITSgH2/sACeJhofv7G7Qk=; b=pxq5QeWUzVL/vGfbVNLb2osJm/A4y0MvKWH4ryodlpu0IGEyWYJkLK62EquwoT5vXh NjkZcEXppruaW6kFhkh974WJiWPRwzLu45wO2HtCpV4jNukAZT1RhMTu43qeag0yBWJz po+gSu7r6sRDp+sqq853uK73AqEBXX/5Ci5/PgDbWFH8WHeFGpLcwOUqddgQPo53HFJU p8XlSL2wWT8u/rrxAc7omZUYo/nQEJDVAE/+Dxk9+arLL2hPE/xen1C9gnqBQGfnytTY j+FXMPiW8pn8RweYVtBm5CtEflk1w5nPIbrkJEb/9RmPioWT6g7WR8pqwby6N9rhNJo7 R9Sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VMhssfkntbp6BkEdgeddf6ITSgH2/sACeJhofv7G7Qk=; b=afb4h0Gd+VR/Xyl36kBxki9BVwyqM3huAoTHceHrBfdVyRmDwBrtMlfmFuCXo5XMAQ As1cyoRfeB5eR6colrW8G/jQOzs9qC+KEce/5fGVDlRKCWFc8sUl7UBRCjaxwnkzaJzg HdStQUrACcozXTFq/veohtZypXLAA5JhvAqwkeAMWCGNn0X+ssQNu4U02tBVQe2NCfpv W0+/OJijZDQbCbvXDD3YHUGNolXzA5cfX38NVjoRsbqdcfc94zFtyhoB+yB0iNmHow07 FZwkXV8D0IzQQgg13oSfomkOq23h2JQwXQzlZf6TSgNJ5qGafL7VPX+g2pdpMKq1+mtc 5Z8g== X-Gm-Message-State: AOAM530QJGxn/pAAl/n3AR2hZ9NOZK/aGIXZ52Vj3obo4BW3fCiXR3aJ 99n7/oz/4AWslY2d2cDQrit98EFie1peU4whsIdSRA== X-Received: by 2002:a6b:c40b:: with SMTP id y11mr991070ioa.205.1614225387929; Wed, 24 Feb 2021 19:56:27 -0800 (PST) MIME-Version: 1.0 References: <20210224085915.28751-1-natet@google.com> In-Reply-To: From: Steve Rutherford Date: Wed, 24 Feb 2021 19:55:51 -0800 Message-ID: Subject: Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context To: Sean Christopherson Cc: Nathan Tempelman , Paolo Bonzini , Tom Lendacky , X86 ML , KVM list , LKML , David Rientjes , Brijesh Singh , Ashish Kalra Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 24, 2021 at 9:37 AM Sean Christopherson wrote: > > + unsigned int asid; > > + int ret; > > + > > + if (!sev_guest(kvm)) > > + return -ENOTTY; > > + > > + mutex_lock(&kvm->lock); > > + > > + /* Mirrors of mirrors should work, but let's not get silly */ > > Do we really care? Yes, unless you reparent mirrors of mirrors to the original ASID owner. If you don't do that, I think userspace could pump a chain of mirrors to blow the kernel stack when it closes the leaf vm, since you could build up a chain of sev_vm_destroys. Refcounting the ASIDs directly would also fix this. Nate's early implementation did the reparenting, but I pushed for the simplification since it made the locking a bit hairy. > > > + if (is_mirroring_enc_context(kvm)) { > > + ret = -ENOTTY; > > + goto failed; > > + } > > +