Re: [PATCH 1/8] KVM: SEV-ES: fix length of string I/O

From: Paolo Bonzini
Date: Mon Oct 25 2021 - 04:59:17 EST

Next message: Dmitry Vyukov: "Re: [syzbot] general protection fault in nf_tables_dump_tables"
Previous message: Uwe Kleine-König: "Re: [PATCH v6 1/3] pwm: Introduce single-PWM of_xlate function"
In reply to: Marc Orr: "Re: [PATCH 1/8] KVM: SEV-ES: fix length of string I/O"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 25/10/21 03:31, Marc Orr wrote:

I could be missing something, but I'm pretty sure that this is wrong.
The GHCB spec says that `exit_info_2` is the `rep` count. Not the
string length.

For example, given a `rep outsw` instruction, with `ECX` set to `8`,
the rep count written into `SW_EXITINFO2` should be eight x86 words
(i.e., 16 bytes) and the IO size should be one x86 word (i.e., 2
bytes). In other words, the code was correct before this patch. This
patch is incorrectly dividing the rep count by the IO size, causing
the string IO to be truncated.

Then what's wrong is _also_ the call to setup_vmgexit_scratch, because that one definitely expects bytes:

scratch_va = kzalloc(len, GFP_KERNEL_ACCOUNT);

Paolo

Next message: Dmitry Vyukov: "Re: [syzbot] general protection fault in nf_tables_dump_tables"
Previous message: Uwe Kleine-König: "Re: [PATCH v6 1/3] pwm: Introduce single-PWM of_xlate function"
In reply to: Marc Orr: "Re: [PATCH 1/8] KVM: SEV-ES: fix length of string I/O"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]