Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit

[PATCH v6 00/42] Add AMD Secure Nested Paging (SEV-SNP) Guest Support · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 01/42] x86/mm: Extend cc_attr to include AMD SEV-SNP · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 02/42] x86/sev: Shorten GHCB terminate macro names · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 03/42] x86/sev: Get rid of excessive use of defines · Borislav Petkov <bp@alien8.de> · 2021-10-11
[PATCH v6 05/42] x86/sev: Define the Linux specific guest termination reasons · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 06/42] x86/sev: Save the negotiated GHCB version · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 04/42] x86/head64: Carve out the guest encryption postprocessing into a helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-18
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-20
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Dr. David Alan Gilbert <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-21
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-25
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Borislav Petkov <bp@alien8.de> · 2021-10-27
Re: [PATCH v6 08/42] x86/sev-es: initialize sev_status/features within #VC handler · Michael Roth <hidden> · 2021-10-27
[PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 07/42] x86/sev: Add support for hypervisor feature VMGEXIT · Borislav Petkov <bp@alien8.de> · 2021-10-13
[PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 09/42] x86/sev: Check SEV-SNP features support · Borislav Petkov <bp@alien8.de> · 2021-10-19
[PATCH v6 10/42] x86/sev: Add a helper for the PVALIDATE instruction · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 12/42] x86/compressed: Add helper for validating pages in the decompression stage · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 13/42] x86/compressed: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 11/42] x86/sev: Check the vmpl level · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 11/42] x86/sev: Check the vmpl level · Borislav Petkov <bp@alien8.de> · 2021-10-28
[PATCH v6 17/42] x86/kernel: Make the bss.decrypted section shared in RMP table · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 20/42] KVM: SVM: Define sev_features and vmpl field in the VMSA · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 18/42] x86/kernel: Validate rom memory before accessing when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-09
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Brijesh Singh <hidden> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-10
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Tom Lendacky <thomas.lendacky@amd.com> · 2021-11-11
Re: [PATCH v6 19/42] x86/mm: Add support to validate memory when changing C-bit · Borislav Petkov <bp@alien8.de> · 2021-11-11
[PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-02
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-03
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Borislav Petkov <bp@alien8.de> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Brijesh Singh <hidden> · 2021-11-04
Re: [PATCH v6 14/42] x86/sev: Register GHCB memory when SEV-SNP is active · Boris Petkov <bp@alien8.de> · 2021-11-04
[PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 15/42] x86/sev: Remove do_early_exception() forward declarations · Borislav Petkov <bp@alien8.de> · 2021-11-02
[PATCH v6 21/42] KVM: SVM: Create a separate mapping for the SEV-ES save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 22/42] KVM: SVM: Create a separate mapping for the GHCB save area · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 23/42] KVM: SVM: Update the SEV-ES save area mapping · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 24/42] x86/sev: Use SEV-SNP AP creation to start secondary CPUs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 25/42] x86/head: re-enable stack protection for 32/64-bit builds · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 28/42] x86/compressed/acpi: move EFI system table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 16/42] x86/sev: Add helper for validating pages in early enc attribute changes · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 26/42] x86/sev: move MSR-based VMGEXITs for CPUID to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 27/42] KVM: x86: move lookup of indexed CPUID leafs to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 30/42] x86/compressed/acpi: move EFI vendor table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 29/42] x86/compressed/acpi: move EFI config table lookup to helper · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 31/42] x86/boot: Add Confidential Computing type to setup_data · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 41/42] virt: sevguest: Add support to derive key · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 39/42] x86/sev: Register SNP guest request platform device · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 38/42] x86/sev: Provide support for SNP guest request NAEs · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-08
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Dov Murik <hidden> · 2021-10-10
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-13
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-20
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Brijesh Singh <hidden> · 2021-10-27
Re: [PATCH v6 40/42] virt: Add SEV-SNP guest driver · Peter Gonda <hidden> · 2021-10-27
[PATCH v6 36/42] x86/compressed/64: add identity mapping for Confidential Computing blob · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 37/42] x86/sev: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 42/42] virt: sevguest: Add support to get extended report · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 35/42] x86/compressed/64: store Confidential Computing blob address in bootparams · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 32/42] x86/compressed/64: add support for SEV-SNP CPUID table in #VC handlers · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 33/42] boot/compressed/64: use firmware-validated CPUID for SEV-SNP guests · Brijesh Singh <hidden> · 2021-10-08
[PATCH v6 34/42] x86/boot: add a pointer to Confidential Computing blob in bootparams · Brijesh Singh <hidden> · 2021-10-08

From: Borislav Petkov <bp@alien8.de>
Date: 2021-11-11 16:01:25
Also in: kvm, linux-efi, linux-mm, lkml, platform-driver-x86

On Thu, Nov 11, 2021 at 08:49:49AM -0600, Tom Lendacky wrote:

2032 => sizeof(ghcb->shared_buffer) ?

Or that.

The idea is that a full snp_psc_desc structure is meant to fit completely in
the shared_buffer area. So if there are no compile time checks, then the
code on the HV side will need to ensure that the input doesn't cause the HV
to access the structure outside of the shared_buffer area - which, IIRC, it
does (think protect against a malicious guest), so the min_t() on the memcpy
should be safe on the guest side.

But given the snp_psc_desc is sized/meant to fit completely in the
shared_buffer, a compile time check would be a good idea, too, right?

If the desc thing is meant to fit, then a compile-time check is also a
good way to express that intention. So yeah.

Thx.

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help