Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context

From: Steve Rutherford
Date: Wed Feb 24 2021 - 22:57:29 EST

Next message: Matthew Wilcox: "Re: [PATCH] mm: test page->flags directly in page_lru()"
Previous message: Namhyung Kim: "[PATCH v2 2/2] perf stat: Fix use-after-free when -r option is used"
In reply to: Sean Christopherson: "Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context"
Next in thread: Steve Rutherford: "Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 24, 2021 at 9:37 AM Sean Christopherson <seanjc@xxxxxxxxxx> wrote:
> > + unsigned int asid;
> > + int ret;
> > +
> > + if (!sev_guest(kvm))
> > + return -ENOTTY;
> > +
> > + mutex_lock(&kvm->lock);
> > +
> > + /* Mirrors of mirrors should work, but let's not get silly */
>
> Do we really care?
Yes, unless you reparent mirrors of mirrors to the original ASID
owner. If you don't do that, I think userspace could pump a chain of
mirrors to blow the kernel stack when it closes the leaf vm, since you
could build up a chain of sev_vm_destroys. Refcounting the ASIDs
directly would also fix this.

Nate's early implementation did the reparenting, but I pushed for the
simplification since it made the locking a bit hairy.
>
> > + if (is_mirroring_enc_context(kvm)) {
> > + ret = -ENOTTY;
> > + goto failed;
> > + }
> > +

Next message: Matthew Wilcox: "Re: [PATCH] mm: test page->flags directly in page_lru()"
Previous message: Namhyung Kim: "[PATCH v2 2/2] perf stat: Fix use-after-free when -r option is used"
In reply to: Sean Christopherson: "Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context"
Next in thread: Steve Rutherford: "Re: [RFC] KVM: x86: Support KVM VMs sharing SEV context"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]