connorkuehl
commented
3 years ago @codomania Is this something you've run into before?
Closed haraldh closed 3 years ago
connorkuehl
commented
3 years ago @codomania Is this something you've run into before?
codomania
commented
3 years ago IIRC, the only restriction that kernel puts is that the guest_uaddr + length should not cross a page boundary. So, if the length of the blob is a PAGE_SIZE then you must ensure that guest_uaddr is page-aligned otherwise we may start in the middle of the page blob may cross the page boundry.
connorkuehl
commented
3 years ago IIRC, the only restriction that kernel puts is that the guest_uaddr + length should not cross a page boundary. So, if the length of the blob is a PAGE_SIZE then you must ensure that guest_uaddr is page-aligned otherwise we may start in the middle of the page blob may cross the page boundry.
In that case since the firmware supports secrets up to 16KiB in length, then I presume our process needs to be using at least a 2MiB page to reach that firmware-supported maximum without the kernel returning an error from the ioctl?
codomania
commented
3 years ago Yes, I think that should work fine. Allocate 2MiB page, fill the data from offset zero to 16KiB in the length. Issue the launch_secret command.
connorkuehl
commented
3 years ago Closing, since this is not a bug. The calling process that is using this crate will need to use larger pages if it wants to inject a secret larger than 4032 bytes.
According to my experiments, the maximum secret size, which can be injected without
EINVALseems to be 4032. Curious why it is 4096 - 64 ... and if it is a SEV limitation or kernel limitation or kernel bug.