Re: [PATCH 6.13.y] virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex

[Greg KH <gregkh@linuxfoundation.org>]

On Mon, Mar 10, 2025 at 09:13:11PM +1100, Alexey Kardashevskiy wrote:
> 
> 
> On 10/3/25 21:00, Alexey Kardashevskiy wrote:
> > Compared to the SNP Guest Request, the "Extended" version adds data pages
> > for receiving certificates. If not enough pages provided, the HV can
> > report to the VM how much is needed so the VM can reallocate and repeat.
> > 
> > Commit ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command
> > mutex") moved handling of the allocated/desired pages number out of scope
> > of said mutex and create a possibility for a race (multiple instances
> > trying to trigger Extended request in a VM) as there is just one instance
> > of snp_msg_desc per /dev/sev-guest and no locking other than snp_cmd_mutex.
> > 
> > Fix the issue by moving the data blob/size and the GHCB input struct
> > (snp_req_data) into snp_guest_req which is allocated on stack now
> > and accessed by the GHCB caller under that mutex.
> > 
> > Stop allocating SEV_FW_BLOB_MAX_SIZE in snp_msg_alloc() as only one of
> > four callers needs it. Free the received blob in get_ext_report() right
> > after it is copied to the userspace. Possible future users of
> > snp_send_guest_request() are likely to have different ideas about
> > the buffer size anyways.
> > 
> > Fixes: ae596615d93d ("virt: sev-guest: Reduce the scope of SNP command mutex")
> > Cc: stable@vger.kernel.org # 6.13
> > Cc: Nikunj A Dadhania <nikunj@amd.com>
> > Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
> 
> Missed:
> 
> (cherry picked from commit 3e385c0d6ce88ac9916dcf84267bd5855d830748)
> 
> I first cherrypicked and sent, then I read about "cherry-oick -x", sorry for
> the noise. thanks,

Please resend with this in the commit so that our tools pick it up
properly.

thanks,

greg k-h