Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support

From: Joerg Roedel
Date: Thu Nov 25 2021 - 05:07:59 EST

Next message: Andy Shevchenko: "Re: [PATCH v3 1/2] SPI: Add SPI driver for Sunplus SP7021"
Previous message: kernel test robot: "[mcgrof-next:20211116-sysctl-cleanups-v3 19/20] fs/binfmt_misc.c:826:17: error: too few arguments to function 'panic'"
In reply to: Vlastimil Babka: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Next in thread: Brijesh Singh: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 24, 2021 at 09:48:14AM -0800, Dave Hansen wrote:
> That covers things like copy_from_user(). It does not account for
> things where kernel mappings are used, like where a
> get_user_pages()/kmap() is in play.

The kmap case is guarded by KVM code, which locks the page first so that
the guest can't change the page state, then checks the page state, and
if it is shared does the kmap and the access.

This should turn an RMP fault in the kernel which is not covered in the
uaccess exception table into a fatal error.

Regards,

--
Jörg Rödel
jroedel@xxxxxxx

SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

(HRB 36809, AG Nürnberg)
Geschäftsführer: Ivo Totev

Next message: Andy Shevchenko: "Re: [PATCH v3 1/2] SPI: Add SPI driver for Sunplus SP7021"
Previous message: kernel test robot: "[mcgrof-next:20211116-sysctl-cleanups-v3 19/20] fs/binfmt_misc.c:826:17: error: too few arguments to function 'panic'"
In reply to: Vlastimil Babka: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Next in thread: Brijesh Singh: "Re: [PATCH Part2 v5 00/45] Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]