Re: [PATCH v15 01/13] x86/sev: Carve out and export SNP guest messaging init routines

[Borislav Petkov]

On Thu, Dec 05, 2024 at 11:53:53AM +0530, Nikunj A. Dadhania wrote:
> > * get_report - I don't think so:
> > 
> >         /*      
> >          * The intermediate response buffer is used while decrypting the
> >          * response payload. Make sure that it has enough space to cover the
> >          * authtag.
> >          */
> >         resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize;
> >         report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
> > 
> > That resp_len is limited and that's on the guest_ioctl path which cannot
> > happen concurrently?
> 
> It is a trusted allocation, but should it be accounted as it is part of
> the userspace ioctl path ?

Well, it is unlocked_ioctl() and snp_guest_ioctl() is not taking any locks.
What's stopping anyone from writing a nasty little program which hammers the
sev-guest on the ioctl interface until the OOM killer activates?

IOW, this should probably remain _ACCOUNT AFAICT.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette