From: Sean Christopherson <seanjc@google.com>
To: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Peter Gonda <pgonda@google.com>,
kvm@vger.kernel.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Joerg Roedel <joro@8bytes.org>,
Brijesh Singh <brijesh.singh@amd.com>,
x86@kernel.org, stable@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Fix unsynchronized access to sev members through svm_register_enc_region
Date: Tue, 26 Jan 2021 15:10:08 -0800 [thread overview]
Message-ID: <YBChUOc1iKZv8TJ1@google.com> (raw)
In-Reply-To: <6407cdf6-5dc7-96c0-343b-d2c0e1d7aaa4@amd.com>
On Tue, Jan 26, 2021, Tom Lendacky wrote:
> On 1/26/21 12:54 PM, Peter Gonda wrote:
> > sev_pin_memory assumes that callers hold the kvm->lock. This was true for
> > all callers except svm_register_enc_region since it does not originate
> > from svm_mem_enc_op. Also added lockdep annotation to help prevent
> > future regressions.
>
> I'm not exactly sure what the problem is that your fixing? What is the
> symptom that you're seeing?
svm_register_enc_region() calls sev_pin_memory() without holding kvm->lock. If
userspace does multiple KVM_MEMORY_ENCRYPT_REG_REGION in parallel, it could
circumvent the rlimit(RLIMIT_MEMLOCK) check.
prev parent reply other threads:[~2021-01-27 8:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-26 18:54 [PATCH] Fix unsynchronized access to sev members through svm_register_enc_region Peter Gonda
2021-01-26 19:14 ` Sean Christopherson
2021-01-26 20:19 ` Tom Lendacky
2021-01-26 23:10 ` Sean Christopherson [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YBChUOc1iKZv8TJ1@google.com \
--to=seanjc@google.com \
--cc=brijesh.singh@amd.com \
--cc=hpa@zytor.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.