From: Sean Christopherson <seanjc@google.com>
To: Thorsten Blum <thorsten.blum@linux.dev>
Cc: Paolo Bonzini <pbonzini@redhat.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
"Kirill A. Shutemov" <kas@kernel.org>,
Rick Edgecombe <rick.p.edgecombe@intel.com>,
kvm@vger.kernel.org, linux-kernel@vger.kernel.org,
linux-coco@lists.linux.dev
Subject: Re: [PATCH] KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init
Date: Mon, 13 Oct 2025 15:15:59 -0700 [thread overview]
Message-ID: <aO16HySFc6wNVpix@google.com> (raw)
In-Reply-To: <20250916213129.2535597-2-thorsten.blum@linux.dev>
On Tue, Sep 16, 2025, Thorsten Blum wrote:
> Use get_user() to retrieve the number of entries instead of allocating
> memory for 'init_vm' with the maximum size, copying 'cmd->data' to it,
> only to then read the actual entry count 'cpuid.nent' from the copy.
>
> Return -E2BIG early if 'nr_user_entries' exceeds KVM_MAX_CPUID_ENTRIES.
I think I'll drop this line from the changelog. At first glance I thought you
were calling out a change in behavior, and my hackles went up. :-)
> Use memdup_user() to allocate just enough memory to fit all entries and
> to copy 'cmd->data' from userspace. Use struct_size() instead of
> manually calculating the number of bytes to allocate and copy.
>
> No functional changes intended.
>
> Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
> ---
> Compile-tested only.
> ---
> arch/x86/kvm/vmx/tdx.c | 32 ++++++++++++--------------------
> 1 file changed, 12 insertions(+), 20 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c
> index 66744f5768c8..87510541d2a2 100644
> --- a/arch/x86/kvm/vmx/tdx.c
> +++ b/arch/x86/kvm/vmx/tdx.c
> @@ -2742,8 +2742,10 @@ static int tdx_read_cpuid(struct kvm_vcpu *vcpu, u32 leaf, u32 sub_leaf,
> static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd)
> {
> struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm);
> + struct kvm_tdx_init_vm __user *user_init_vm;
Any objection to calling this user_data instead of user_init_vm? I keep reading
user_init_vm as a flag or command, e.g. "user initialized VM" or something, not
as a pointer to user data.
No need for a v2, I'll fixup to whatever we settle on (assuming no one jumps in
with a crazy idea).
next prev parent reply other threads:[~2025-10-13 22:16 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-16 21:31 [PATCH] KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init Thorsten Blum
2025-10-13 22:15 ` Sean Christopherson [this message]
2025-10-14 11:16 ` Thorsten Blum
2025-10-15 18:02 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aO16HySFc6wNVpix@google.com \
--to=seanjc@google.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=rick.p.edgecombe@intel.com \
--cc=tglx@linutronix.de \
--cc=thorsten.blum@linux.dev \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.