KVM: SEV: use mutex guard in sev_mem_enc_ioctl() (63e56d84) · Commits · git / linux-net

arch/x86/kvm/svm/sev.c

+8 −17

Original line number	Diff line number	Diff line
		@@ -2637,30 +2637,24 @@ int sev_mem_enc_ioctl(struct kvm kvm, void __user argp)
		if (copy_from_user(&sev_cmd, argp, sizeof(struct kvm_sev_cmd)))
		return -EFAULT;

		mutex_lock(&kvm->lock);
		guard(mutex)(&kvm->lock);

		/* Only the enc_context_owner handles some memory enc operations. */
		if (is_mirroring_enc_context(kvm) &&
		!is_cmd_allowed_from_mirror(sev_cmd.id)) {
		r = -EINVAL;
		goto out;
		}
		!is_cmd_allowed_from_mirror(sev_cmd.id))
		return -EINVAL;

		/*
		* Once KVM_SEV_INIT2 initializes a KVM instance as an SNP guest, only
		* allow the use of SNP-specific commands.
		*/
		if (sev_snp_guest(kvm) && sev_cmd.id < KVM_SEV_SNP_LAUNCH_START) {
		r = -EPERM;
		goto out;
		}
		if (sev_snp_guest(kvm) && sev_cmd.id < KVM_SEV_SNP_LAUNCH_START)
		return -EPERM;

		switch (sev_cmd.id) {
		case KVM_SEV_ES_INIT:
		if (!sev_es_enabled) {
		r = -ENOTTY;
		goto out;
		}
		if (!sev_es_enabled)
		return -ENOTTY;
		fallthrough;
		case KVM_SEV_INIT:
		r = sev_guest_init(kvm, &sev_cmd);
		@@ -2732,15 +2726,12 @@ int sev_mem_enc_ioctl(struct kvm kvm, void __user argp)
		r = snp_enable_certs(kvm);
		break;
		default:
		r = -EINVAL;
		goto out;
		return -EINVAL;
		}

		if (copy_to_user(argp, &sev_cmd, sizeof(struct kvm_sev_cmd)))
		r = -EFAULT;

		out:
		mutex_unlock(&kvm->lock);
		return r;
		}