Re: [PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall

From: Sean Christopherson
Date: Mon Jan 10 2022 - 20:05:40 EST

Next message: John Hubbard: "Re: [PATCH v2 01/28] gup: Remove for_each_compound_range()"
Previous message: Yang Li: "[PATCH -next] RISC-V: KVM: remove unneeded semicolon"
In reply to: Shirong Hao: "[PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall"
Next in thread: Shirong Hao: "[PATCH 2/3] KVM/SVM: move the implementation of sev_get_attestation_report to ccp driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 10, 2022, Shirong Hao wrote:
> This hypercall is used by the SEV guest to get the firmware handle.

This is completely insufficient to justify why KVM is providing host information
to the guest, let alone why KVM is providing that information to guest _userspace_.

> +static int sev_vm_handle(struct kvm *kvm)
> +{
> + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> +
> + if (!sev_guest(kvm))
> + return -ENOTTY;
> +
> + return sev->handle;
> +}
> +
> static struct kvm_x86_ops svm_x86_ops __initdata = {
> .name = "kvm_amd",
>

...

> diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
> index 0cf1082455df..24acf0f2a539 100644
> --- a/arch/x86/kvm/x86.c
> +++ b/arch/x86/kvm/x86.c
> @@ -8906,7 +8906,7 @@ int kvm_emulate_hypercall(struct kvm_vcpu *vcpu)
> a3 &= 0xFFFFFFFF;
> }
>
> - if (static_call(kvm_x86_get_cpl)(vcpu) != 0) {
> + if (static_call(kvm_x86_get_cpl)(vcpu) != 0 && nr != KVM_HC_VM_HANDLE) {
> ret = -KVM_EPERM;
> goto out;
> }

Next message: John Hubbard: "Re: [PATCH v2 01/28] gup: Remove for_each_compound_range()"
Previous message: Yang Li: "[PATCH -next] RISC-V: KVM: remove unneeded semicolon"
In reply to: Shirong Hao: "[PATCH 1/3] KVM: X86: Introduce KVM_HC_VM_HANDLE hypercall"
Next in thread: Shirong Hao: "[PATCH 2/3] KVM/SVM: move the implementation of sev_get_attestation_report to ccp driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]