> +static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
> {
> unsigned long err;
> u64 seqno;
> int rc;
>
> + if (!snp_dev || !req)
> + return -ENODEV;
> +
> /* Get message sequence and verify that its a non-zero */
> seqno = snp_get_msg_seqno(snp_dev);
> if (!seqno)
> @@ -261,7 +253,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
> memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
>
> /* Encrypt the userspace provided payload */
> - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
> + rc = enc_payload(snp_dev, seqno, req, vmpck_id);
> if (rc)
> return rc;
>
> @@ -271,7 +263,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
> * sequence number must be incremented or the VMPCK must be deleted to
> * prevent reuse of the IV.
> */
> - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
> + rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
>
> /*
> * If the extended guest request fails due to having too small of a
> @@ -279,11 +271,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
> * extended data request in order to increment the sequence number
> * and thus avoid IV reuse.
> */
> - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
> + if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
> err == SNP_GUEST_REQ_INVALID_LEN) {
> const unsigned int certs_npages = snp_dev->input.data_npages;
>
> - exit_code = SVM_VMGEXIT_GUEST_REQUEST;
> + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
>
> /*
> * If this call to the firmware succeeds, the sequence number can
> @@ -293,7 +285,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
> * of the VMPCK and the error code being propagated back to the
> * user as an ioctl() return code.
> */
> - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
> + rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
>
This is going to have a merge conflict with "[PATCH v13 1/4]
virt/coco/sev-guest: Add throttling awareness", which is an important
fix to ensure hosts are allowed to throttle guest requests and guests
are able to retry instead of disabling the vmpck. I think that set of
patches, or at least the first patch, is going to be going in before
this series. Please be aware.
On 31/01/23 00:15, Dionna Amalie Glaze wrote:
>> +static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
>> {
>> unsigned long err;
>> u64 seqno;
>> int rc;
>>
>> + if (!snp_dev || !req)
>> + return -ENODEV;
>> +
>> /* Get message sequence and verify that its a non-zero */
>> seqno = snp_get_msg_seqno(snp_dev);
>> if (!seqno)
>> @@ -261,7 +253,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>> memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
>>
>> /* Encrypt the userspace provided payload */
>> - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
>> + rc = enc_payload(snp_dev, seqno, req, vmpck_id);
>> if (rc)
>> return rc;
>>
>> @@ -271,7 +263,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>> * sequence number must be incremented or the VMPCK must be deleted to
>> * prevent reuse of the IV.
>> */
>> - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
>> + rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
>>
>> /*
>> * If the extended guest request fails due to having too small of a
>> @@ -279,11 +271,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>> * extended data request in order to increment the sequence number
>> * and thus avoid IV reuse.
>> */
>> - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
>> + if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
>> err == SNP_GUEST_REQ_INVALID_LEN) {
>> const unsigned int certs_npages = snp_dev->input.data_npages;
>>
>> - exit_code = SVM_VMGEXIT_GUEST_REQUEST;
>> + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
>>
>> /*
>> * If this call to the firmware succeeds, the sequence number can
>> @@ -293,7 +285,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>> * of the VMPCK and the error code being propagated back to the
>> * user as an ioctl() return code.
>> */
>> - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
>> + rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
>>
>
> This is going to have a merge conflict with "[PATCH v13 1/4]
> virt/coco/sev-guest: Add throttling awareness", which is an important
> fix to ensure hosts are allowed to throttle guest requests and guests
> are able to retry instead of disabling the vmpck. I think that set of
> patches, or at least the first patch, is going to be going in before
> this series. Please be aware.
Yes, I am aware of the series. I can rebase my patches once that goes in.
Regards
Nikunj
@@ -57,16 +57,6 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
return 0;
}
-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
-{
- char zero_key[VMPCK_KEY_LEN] = {0};
-
- if (snp_dev->vmpck)
- return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
-
- return true;
-}
-
/*
* If an error is received from the host or AMD Secure Processor (ASP) there
* are two options. Either retry the exact same encrypted request or discontinue
@@ -195,8 +185,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
struct aesgcm_ctx *ctx = snp_dev->ctx;
- dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
- resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
+ pr_debug("response [seqno %lld type %d version %d sz %d]\n",
+ resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
+ resp_hdr->msg_sz);
/* Verify that the sequence counter is incremented by 1 */
if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1)))
@@ -218,41 +209,42 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
return dec_payload(ctx, resp, payload, resp_hdr->msg_sz);
}
-static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
- void *payload, size_t sz)
+static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno,
+ struct snp_guest_req *req, u8 __vmpck_id)
{
- struct snp_guest_msg *req = snp_dev->request;
- struct snp_guest_msg_hdr *hdr = &req->hdr;
+ struct snp_guest_msg *msg = snp_dev->request;
+ struct snp_guest_msg_hdr *hdr = &msg->hdr;
- memset(req, 0, sizeof(*req));
+ memset(msg, 0, sizeof(*msg));
hdr->algo = SNP_AEAD_AES_256_GCM;
hdr->hdr_version = MSG_HDR_VER;
hdr->hdr_sz = sizeof(*hdr);
- hdr->msg_type = type;
- hdr->msg_version = version;
+ hdr->msg_type = req->msg_type;
+ hdr->msg_version = req->msg_version;
hdr->msg_seqno = seqno;
- hdr->msg_vmpck = vmpck_id;
- hdr->msg_sz = sz;
+ hdr->msg_vmpck = __vmpck_id;
+ hdr->msg_sz = req->req_sz;
/* Verify the sequence number is non-zero */
if (!hdr->msg_seqno)
return -ENOSR;
- dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
+ pr_debug("request [seqno %lld type %d version %d sz %d]\n",
hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
- return __enc_payload(snp_dev->ctx, req, payload, sz);
+ return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz);
}
-static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
- u8 type, void *req_buf, size_t req_sz, void *resp_buf,
- u32 resp_sz, __u64 *fw_err)
+static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
{
unsigned long err;
u64 seqno;
int rc;
+ if (!snp_dev || !req)
+ return -ENODEV;
+
/* Get message sequence and verify that its a non-zero */
seqno = snp_get_msg_seqno(snp_dev);
if (!seqno)
@@ -261,7 +253,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
/* Encrypt the userspace provided payload */
- rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
+ rc = enc_payload(snp_dev, seqno, req, vmpck_id);
if (rc)
return rc;
@@ -271,7 +263,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* sequence number must be incremented or the VMPCK must be deleted to
* prevent reuse of the IV.
*/
- rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+ rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
/*
* If the extended guest request fails due to having too small of a
@@ -279,11 +271,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* extended data request in order to increment the sequence number
* and thus avoid IV reuse.
*/
- if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
+ if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
err == SNP_GUEST_REQ_INVALID_LEN) {
const unsigned int certs_npages = snp_dev->input.data_npages;
- exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+ req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
/*
* If this call to the firmware succeeds, the sequence number can
@@ -293,7 +285,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* of the VMPCK and the error code being propagated back to the
* user as an ioctl() return code.
*/
- rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+ rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
/*
* Override the error to inform callers the given extended
@@ -304,17 +296,17 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
snp_dev->input.data_npages = certs_npages;
}
- if (fw_err)
- *fw_err = err;
+ if (req->fw_err)
+ *req->fw_err = err;
if (rc) {
dev_alert(snp_dev->dev,
"Detected error from ASP request. rc: %d, fw_err: %llu\n",
- rc, *fw_err);
+ rc, *req->fw_err);
goto disable_vmpck;
}
- rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
+ rc = verify_and_dec_payload(snp_dev, req->resp_buf, req->resp_sz);
if (rc) {
dev_alert(snp_dev->dev,
"Detected unexpected decode failure from ASP. rc: %d\n",
@@ -332,6 +324,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
return rc;
}
+
+static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, u8 msg_version,
+ u8 msg_type, void *req_buf, size_t req_sz, void *resp_buf,
+ u32 resp_sz, __u64 *fw_err)
+{
+ struct snp_guest_req guest_req = {
+ .msg_version = msg_version,
+ .msg_type = msg_type,
+ .req_buf = req_buf,
+ .req_sz = req_sz,
+ .resp_buf = resp_buf,
+ .resp_sz = resp_sz,
+ .fw_err = fw_err,
+ .exit_code = exit_code,
+ };
+ return snp_send_guest_request(snp_dev, &guest_req);
+}
+
static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
{
struct snp_report_resp *resp;
@@ -505,7 +515,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
mutex_lock(&snp_dev->cmd_mutex);
/* Check if the VMPCK is not empty */
- if (is_vmpck_empty(snp_dev)) {
+ if (is_vmpck_empty(snp_dev->vmpck)) {
dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
mutex_unlock(&snp_dev->cmd_mutex);
return -ENOTTY;
@@ -636,7 +646,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
}
/* Verify that VMPCK is not zero. */
- if (is_vmpck_empty(snp_dev)) {
+ if (is_vmpck_empty(snp_dev->vmpck)) {
dev_err(dev, "vmpck id %d is null\n", vmpck_id);
goto e_unmap;
}
@@ -63,4 +63,23 @@ struct snp_guest_msg {
u8 payload[4000];
} __packed;
+struct snp_guest_req {
+ void *req_buf, *resp_buf;
+ size_t req_sz, resp_sz;
+ u64 exit_code;
+ u64 *fw_err;
+ u8 msg_version;
+ u8 msg_type;
+};
+
+static inline bool is_vmpck_empty(u8 *vmpck)
+{
+ char zero_key[VMPCK_KEY_LEN] = {0};
+
+ if (vmpck)
+ return !memcmp(vmpck, zero_key, VMPCK_KEY_LEN);
+
+ return true;
+}
+
#endif /* __VIRT_SEVGUEST_H__ */