LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] KVM: SVM: fix missing sev_decommission in sev_receive_start
@ 2021-09-12 18:18 Mingwei Zhang
  2021-09-14 15:26 ` Sean Christopherson
  0 siblings, 1 reply; 3+ messages in thread
From: Mingwei Zhang @ 2021-09-12 18:18 UTC (permalink / raw)
  To: Paolo Bonzini
  Cc: Sean Christopherson, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Alper Gun, Borislav Petkov,
	Brijesh Singh, David Rienjes, Marc Orr, John Allen, Peter Gonda,
	Tom Lendacky, Vipin Sharma, Mingwei Zhang

sev_decommission is needed in the error path of sev_bind_asid. The purpose
of this function is to clear the firmware context. Missing this step may
cause subsequent SEV launch failures.

Although missing sev_decommission issue has previously been found and was
fixed in sev_launch_start function. It is supposed to be fixed on all
scenarios where a firmware context needs to be freed. According to the AMD
SEV API v0.24 Section 1.3.3:

"The RECEIVE_START command is the only command other than the LAUNCH_START
command that generates a new guest context and guest handle."

The above indicates that RECEIVE_START command also requires calling
sev_decommission if ASID binding fails after RECEIVE_START succeeds.

So add the sev_decommission function in sev_receive_start.

Cc: Alper Gun <alpergun@google.com>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: David Rienjes <rientjes@google.com>
Cc: Marc Orr <marcorr@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: Peter Gonda <pgonda@google.com>
Cc: Sean Christopherson <seanjc@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Vipin Sharma <vipinsh@google.com>

Reviewed-by: Marc Orr <marcorr@google.com>
Acked-by: Brijesh Singh <brijesh.singh@amd.com>
Fixes: af43cbbf954b ("KVM: SVM: Add support for KVM_SEV_RECEIVE_START command")
Signed-off-by: Mingwei Zhang <mizhang@google.com>
---
 arch/x86/kvm/svm/sev.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 75e0b21ad07c..55d8b9c933c3 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -1397,8 +1397,10 @@ static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 	/* Bind ASID to this guest */
 	ret = sev_bind_asid(kvm, start.handle, error);
-	if (ret)
+	if (ret) {
+		sev_decommission(start.handle);
 		goto e_free_session;
+	}
 
 	params.handle = start.handle;
 	if (copy_to_user((void __user *)(uintptr_t)argp->data,
-- 
2.33.0.309.g3052b89438-goog


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: SVM: fix missing sev_decommission in sev_receive_start
  2021-09-12 18:18 [PATCH] KVM: SVM: fix missing sev_decommission in sev_receive_start Mingwei Zhang
@ 2021-09-14 15:26 ` Sean Christopherson
  2021-09-21 17:58   ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Sean Christopherson @ 2021-09-14 15:26 UTC (permalink / raw)
  To: Mingwei Zhang
  Cc: Paolo Bonzini, Vitaly Kuznetsov, Wanpeng Li, Jim Mattson,
	Joerg Roedel, kvm, linux-kernel, Alper Gun, Borislav Petkov,
	Brijesh Singh, David Rienjes, Marc Orr, John Allen, Peter Gonda,
	Tom Lendacky, Vipin Sharma

On Sun, Sep 12, 2021, Mingwei Zhang wrote:
> sev_decommission

It's not a ubiquitous "requirement", but adding parantheses after function names
in changelogs is generally preferred as it succinctly identifies a function call.

> is needed in the error path of sev_bind_asid. The purpose

"error path of sev_bind_asid()" could be interpreted as meaning DECOMMISSION is
needed within sev_bind_asid(), whereas you mean when sev_bind_asid() fails.  One
way to avoid confusion, and a good habit in general, is to avoid talking in
terms of code details when possible.  There are certainly cases where talking
about the code itself is absolutely necessary, but this could be worded as:

  DECOMMISSION the current SEV context if binding an ASID fails after
  RECEIVE_START.  Per AMD's SEV API, RECEIVE_START generates a new guest
  context and thus needs to be paired with DECOMMISSION:

     The RECEIVE_START command is the only command other than the LAUNCH_START
     command that generates a new guest context and guest handle.

  The missing DECOMMISSION can result in subsequent SEV launch failures due to
  <fill in this part>.

  Note, LAUNCH_START suffered the same bug, but was previously fixed by
  934002cd660b ("KVM: SVM: Call SEV Guest Decommission if ASID binding fails").

> of this function is to clear the firmware context. Missing this step may

Kind of a nit: "this function" is ambiguous.  I'm pretty sure you're referring
to sev_decommission(), but it's trivially easy to be 100% unambiguous (see above).

> cause subsequent SEV launch failures.
>
> Although missing sev_decommission issue has previously been found and was
> fixed in sev_launch_start function. It is supposed to be fixed on all
> scenarios where a firmware context needs to be freed.

More nits: provide the commit ID of the previous fix so that folks don't have
to hunt it down (even though it's an easy git blame away).  And this is better
as a footnote of sorts as it's not relevant to the justification of the patch in
the sense that it's best to avoid "we do x there, so we should do x here".  That
might be a true statement, as is the case here, but the patch still needs to be
justified without that type of reasoning.

> According to the AMD SEV API v0.24 Section 1.3.3:
>
> "The RECEIVE_START command is the only command other than the LAUNCH_START
> command that generates a new guest context and guest handle."
>
> The above indicates that RECEIVE_START command also requires calling
> sev_decommission if ASID binding fails after RECEIVE_START succeeds.
>
> So add the sev_decommission function in sev_receive_start.

And more nits :-)  As alluded to above the, last few sentences are somewhat
redundant and can be dropped and/or worded into the statement about what the
patch is doing.

> Cc: Alper Gun <alpergun@google.com>
> Cc: Borislav Petkov <bp@alien8.de>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: David Rienjes <rientjes@google.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: John Allen <john.allen@amd.com>
> Cc: Peter Gonda <pgonda@google.com>
> Cc: Sean Christopherson <seanjc@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Vipin Sharma <vipinsh@google.com>
> 
> Reviewed-by: Marc Orr <marcorr@google.com>
> Acked-by: Brijesh Singh <brijesh.singh@amd.com>
> Fixes: af43cbbf954b ("KVM: SVM: Add support for KVM_SEV_RECEIVE_START command")

Cc: stable@vger.kernel.org

> Signed-off-by: Mingwei Zhang <mizhang@google.com>
> ---

With a cleaned up changelog,

Reviewed-by: Sean Christopherson <seanjc@google.com>

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] KVM: SVM: fix missing sev_decommission in sev_receive_start
  2021-09-14 15:26 ` Sean Christopherson
@ 2021-09-21 17:58   ` Paolo Bonzini
  0 siblings, 0 replies; 3+ messages in thread
From: Paolo Bonzini @ 2021-09-21 17:58 UTC (permalink / raw)
  To: Sean Christopherson, Mingwei Zhang
  Cc: Vitaly Kuznetsov, Wanpeng Li, Jim Mattson, Joerg Roedel, kvm,
	linux-kernel, Alper Gun, Borislav Petkov, Brijesh Singh,
	David Rienjes, Marc Orr, John Allen, Peter Gonda, Tom Lendacky,
	Vipin Sharma

On 14/09/21 17:26, Sean Christopherson wrote:
> With a cleaned up changelog,
> 
> Reviewed-by: Sean Christopherson<seanjc@google.com>
> 

Done and queued, thanks.

Paolo


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-09-21 17:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-12 18:18 [PATCH] KVM: SVM: fix missing sev_decommission in sev_receive_start Mingwei Zhang
2021-09-14 15:26 ` Sean Christopherson
2021-09-21 17:58   ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).