From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 977922E2840 for ; Mon, 13 Oct 2025 22:16:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760393763; cv=none; b=ggjazovWxQ4l0hVjD3eo7LSjumtz5wXN/ByBvYdRmWZG93mIygv9WOKqA4UYPPtKYtntMsvvrRXydS/ayrY0M88ti0mZ/cc0H7CuqZRVtKeqlKQ2IL5g6PSrzlHlEu6Z2WR0wjedcTsHymjuk16nAbXqLiwNIOtJ9SSyYECjm4c= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1760393763; c=relaxed/simple; bh=EsI8Pj+TMjNMEvffwJXPkIgDDGEuZTpDpvzf3MMl4Xw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=NcsFaFGW5iHJK9qx5Qk6aaRgji5ZPVz2Nhlauzbvo3nVeSfYPs6eZjeOjGV+HdmH71fWs1iTUwsjna+vjbHSxlEU/KYwcoG+eRS+V+Jh6XWJXxw6Fc7NE9X5wF/NHj6hGtXkwcdrScPNJHBYKzVGkho6xxtfhwBNe2XmM2LGK4I= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2zod3GHJ; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--seanjc.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2zod3GHJ" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-33428befd39so20330093a91.0 for ; Mon, 13 Oct 2025 15:16:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1760393761; x=1760998561; darn=lists.linux.dev; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=o5tbyGlkKL3So+hBiWC82PGLyzixJzG0YKnqLTUBX/Q=; b=2zod3GHJ5M1BU3zZRlmg5vIiIiHnFGpNEsk+vAM7cSzxUbweg2mTAAB224j5IcR/AC OCVwAhuL9Pjk+FAocBIpKvj52MDmO2DUqrmAXiCCDT+2YuDpGr+INKNLHy6bmDnpiue2 7OE5g38NzfsglK2H7DPh7VMin41CeW4deqSUA1ipmKEr+Fd6DicZv0+Erzzqez+eI06q x9e++RxIkOMsaBgDVs1CiFZZ4P6S/A1LeQwoq+aTVzK5+/LGcos6ORBv2fyiTZTeOkvo iDaemfzO9pPlksJ2aH6XhfM6QRgoU4QFqO4bmkRz0kxvB0DYT79LDk4JramLtq6qMV6o h4Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1760393761; x=1760998561; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=o5tbyGlkKL3So+hBiWC82PGLyzixJzG0YKnqLTUBX/Q=; b=vGdpd8X6/lVaisGv5W3bH9rmYG58AZ+pBtDR9h2EL0fLnBdb0g4xrxmlphv8q+W7Di MCDNNMzLfGaBeHICs6XLxSZpZN7ZGwFPQVOMuo1B3k3vBFWdSm6CwZbB7ygA0+Ak2LaF wNkxxSErFlqgB5UfKaLbjR0U9/oU5k+10Rxv/A2IIHs7zSBOOjf3hWBYeUhSNz2+3t1t ZD5pyBtOSz/oK/vR3SsAzAFCvdKAeHdk4/wBeHJgu4quLlTqfF/yG1x8KvttHMlupert QLk+r45tu6qoSe3D+9CeUGDW0mYmb/et4d2er1w2EWuONKIH7cX1K5EuBFzSy02O/b5T /RSg== X-Forwarded-Encrypted: i=1; AJvYcCX/o4sD2KxcwI+yeCsTTuKguy7zhwtPqwVfczzlAPRo7n8N1G/d8Kxjhh6kWqjckgPm0DmFRUYkzzt6@lists.linux.dev X-Gm-Message-State: AOJu0YySF2krl/zqWfxxVE3D4PwQKmiOe+aqnQ+h2oni2kvatQN3yyPS F5HFuqX2dyvOjeH453qpuzSEieo+QfePnozi/UCBdrfvVEquQBUVt1+uRd/CZz65i2nWGpwx6l2 cyzkeuA== X-Google-Smtp-Source: AGHT+IFUWxarAg7wsogLlrLQavveY10BjaBC0NiGpa23EdpXu+4jZCMden6QCThEaCSo0ktYnzwUV/xVzQo= X-Received: from pjbie2.prod.google.com ([2002:a17:90b:4002:b0:329:e84e:1c50]) (user=seanjc job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:1b50:b0:32d:a0f7:fa19 with SMTP id 98e67ed59e1d1-33b51375940mr34746129a91.17.1760393760740; Mon, 13 Oct 2025 15:16:00 -0700 (PDT) Date: Mon, 13 Oct 2025 15:15:59 -0700 In-Reply-To: <20250916213129.2535597-2-thorsten.blum@linux.dev> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250916213129.2535597-2-thorsten.blum@linux.dev> Message-ID: Subject: Re: [PATCH] KVM: TDX: Replace kmalloc + copy_from_user with memdup_user in tdx_td_init From: Sean Christopherson To: Thorsten Blum Cc: Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , "Kirill A. Shutemov" , Rick Edgecombe , kvm@vger.kernel.org, linux-kernel@vger.kernel.org, linux-coco@lists.linux.dev Content-Type: text/plain; charset="us-ascii" On Tue, Sep 16, 2025, Thorsten Blum wrote: > Use get_user() to retrieve the number of entries instead of allocating > memory for 'init_vm' with the maximum size, copying 'cmd->data' to it, > only to then read the actual entry count 'cpuid.nent' from the copy. > > Return -E2BIG early if 'nr_user_entries' exceeds KVM_MAX_CPUID_ENTRIES. I think I'll drop this line from the changelog. At first glance I thought you were calling out a change in behavior, and my hackles went up. :-) > Use memdup_user() to allocate just enough memory to fit all entries and > to copy 'cmd->data' from userspace. Use struct_size() instead of > manually calculating the number of bytes to allocate and copy. > > No functional changes intended. > > Signed-off-by: Thorsten Blum > --- > Compile-tested only. > --- > arch/x86/kvm/vmx/tdx.c | 32 ++++++++++++-------------------- > 1 file changed, 12 insertions(+), 20 deletions(-) > > diff --git a/arch/x86/kvm/vmx/tdx.c b/arch/x86/kvm/vmx/tdx.c > index 66744f5768c8..87510541d2a2 100644 > --- a/arch/x86/kvm/vmx/tdx.c > +++ b/arch/x86/kvm/vmx/tdx.c > @@ -2742,8 +2742,10 @@ static int tdx_read_cpuid(struct kvm_vcpu *vcpu, u32 leaf, u32 sub_leaf, > static int tdx_td_init(struct kvm *kvm, struct kvm_tdx_cmd *cmd) > { > struct kvm_tdx *kvm_tdx = to_kvm_tdx(kvm); > + struct kvm_tdx_init_vm __user *user_init_vm; Any objection to calling this user_data instead of user_init_vm? I keep reading user_init_vm as a flag or command, e.g. "user initialized VM" or something, not as a pointer to user data. No need for a v2, I'll fixup to whatever we settle on (assuming no one jumps in with a crazy idea).