From patchwork Tue Feb 21 11:34:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59873 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812012wrn; Tue, 21 Feb 2023 03:35:29 -0800 (PST) X-Google-Smtp-Source: AK7set/zq/FL0mbf4cQmrKuUQ1GsgvN9MsysSvbDzcey3amUy30y1pk2VjBkKwQBDC6MYgEkUM7E X-Received: by 2002:a05:6a20:244d:b0:bf:2917:9370 with SMTP id t13-20020a056a20244d00b000bf29179370mr6833569pzc.19.1676979328891; Tue, 21 Feb 2023 03:35:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979328; cv=none; d=google.com; s=arc-20160816; b=CBH2p/ufeQWGpfLzp+jzj+5sQgTulT/IgEd8Jv1odREo2RIJ2LBOhQXmO4Vy6m8Cjh imJuLoqdVUuAH+vVZtmY1a/RWmiWqWFvXTlae4/yAsk76uT966LW23q3i07rlfZZGbpG T2APa8WUb+c16HovQnjZ3AJR2Mci7SUdSo2BfgqO/Ep9kbffhO5xrsrnRGCJ+n/2xx+t +XWbcCA8QKbbY6LSrG+qTIKiVqT4yXemD8l/GqOOqwcbaMofQ5cbaGbypEgONRSPZhYQ 4hlx2FwKlBy/aU0RKFno9CzQiBn6WCx2JitVR7uWdTPjc/0tQT1l3TRV99k0+MG+WN5+ gfOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xAFRY6UWQLF1FP7olpHuR0CBZw+9W4Mq3Tn1rtwpBJM=; b=J5pI01WbfcjPkDxPs/cq6r6/rbNyFwc8xHMnUGNtUxISxvQgkLkfQC7QJ6RHiNkpic FNEh/Sf2Kewul2sPdh9KD2BDEIY25UVg8DVfJhm1XEKPmWuMgj65Rs9XPERj/2mhaZHL WbOWJIWUaEiWPiieENWoCBpP3OObXHI9z4Yz78HvsGGo2bKOUp1MRxDwX+3CxmwN17TK OKVvDwmCXDya5jBHbfdWLgdlhU3Cf8EgysRkn9rUNQAyhJqtXLetng3rAxeMRjBdXp3S 8v89EC4CZDhWUi7r36DUpMtPJ5M9Lr3Y3v0sgGw1as+8to9M+6qSdzKmSbZgavaE+0/q AkQw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=qZK1Zd9e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e18-20020a639a52000000b004d422660ff7si6439644pgo.244.2023.02.21.03.35.16; Tue, 21 Feb 2023 03:35:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=qZK1Zd9e; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233781AbjBULep (ORCPT + 99 others); Tue, 21 Feb 2023 06:34:45 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233605AbjBULek (ORCPT ); Tue, 21 Feb 2023 06:34:40 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5C8B7233E9 for ; Tue, 21 Feb 2023 03:34:38 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 517DA1EC064C; Tue, 21 Feb 2023 12:34:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979276; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xAFRY6UWQLF1FP7olpHuR0CBZw+9W4Mq3Tn1rtwpBJM=; b=qZK1Zd9ewhHGtj5llNFPOJ/ooJVzt5ZkJGOPofc6h/kDGBH04EZ6Tdc/ON7u7ANmGAOqEG a5SeFooneVntrBGVqiEA7LXRYimNcXgyt/Ulb4k1ftCFbeZf9BuMbtIvdFVOAfsz5DwUbW erynl47FPXz5h9Kadnn9/t7eqpvg/2w= From: Borislav Petkov To: LKML Cc: stable@kernel.org, Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 01/11] crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL Date: Tue, 21 Feb 2023 12:34:18 +0100 Message-Id: <20230221113428.19324-2-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440276568887829?= X-GMAIL-MSGID: =?utf-8?q?1758440276568887829?= From: Peter Gonda The PSP can return a "firmware error" code of -1 in circumstances where the PSP has not actually been called. To make this protocol unambiguous, name the value SEV_RET_NO_FW_CALL. [ bp: Massage a bit. ] Signed-off-by: Peter Gonda Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Cc: Link: https://lore.kernel.org/r/20221207010210.2563293-2-dionnaglaze@google.com --- Documentation/virt/coco/sev-guest.rst | 4 ++-- drivers/crypto/ccp/sev-dev.c | 8 +++++--- include/uapi/linux/psp-sev.h | 7 +++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index bf593e88cfd9..aa3e4c6a1f90 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -40,8 +40,8 @@ along with a description: The guest ioctl should be issued on a file descriptor of the /dev/sev-guest device. The ioctl accepts struct snp_user_guest_request. The input and output structure is specified through the req_data and resp_data field respectively. If the ioctl fails -to execute due to a firmware error, then fw_err code will be set otherwise the -fw_err will be set to 0x00000000000000ff. +to execute due to a firmware error, then fw_err code will be set. Otherwise, fw_err +will be set to 0x00000000ffffffff, i.e., the lower 32-bits are -1. The firmware checks that the message sequence counter is one greater than the guests message sequence counter. If guest driver fails to increment message diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 06fc7156c04f..f60bb73edfda 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -442,10 +442,10 @@ static int __sev_init_ex_locked(int *error) static int __sev_platform_init_locked(int *error) { + int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; struct psp_device *psp = psp_master; - struct sev_device *sev; - int rc = 0, psp_ret = -1; int (*init_function)(int *error); + struct sev_device *sev; if (!psp || !psp->sev_data) return -ENODEV; @@ -473,9 +473,11 @@ static int __sev_platform_init_locked(int *error) * initialization function should succeed by replacing the state * with a reset state. */ - dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); + dev_err(sev->dev, +"SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); rc = init_function(&psp_ret); } + if (error) *error = psp_ret; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 91b4c63d5cbf..1c9da485318f 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -36,6 +36,13 @@ enum { * SEV Firmware status code */ typedef enum { + /* + * This error code is not in the SEV spec. Its purpose is to convey that + * there was an error that prevented the SEV firmware from being called. + * The SEV API error codes are 16 bits, so the -1 value will not overlap + * with possible values from the specification. + */ + SEV_RET_NO_FW_CALL = -1, SEV_RET_SUCCESS = 0, SEV_RET_INVALID_PLATFORM_STATE, SEV_RET_INVALID_GUEST_STATE, From patchwork Tue Feb 21 11:34:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59875 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812055wrn; Tue, 21 Feb 2023 03:35:36 -0800 (PST) X-Google-Smtp-Source: AK7set8v3lbznmtIgcSotj5LP4EeKG+feHNpoVGamFHMiSlElGaNfA96jc6tNn/YSQUl8yhwb3mT X-Received: by 2002:a17:906:8601:b0:89c:d072:e33e with SMTP id o1-20020a170906860100b0089cd072e33emr10772108ejx.49.1676979336257; Tue, 21 Feb 2023 03:35:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979336; cv=none; d=google.com; s=arc-20160816; b=KtFfA4oGch/G6kmmpWwWkL+f6OimqtJskO+zAhLlRDzTQ4cMRZnR8pi3NG4T7JvvCQ sSlXCN2snmaclkZc/wmocDHc3Q1v5AD3J5LK29/2uIsUNco/6UuY3jPRRIuz20zQsRgS H0osb2xlZF6Wlsu9UV3mbKwxzFC/7I9l81ekQpjjRQUhoDMxxcWUKnxSkr6ygJsA5Qk6 fVMNkwwvjVHCufjyUL+2vC3iaTuWM+noFp9FnuRa+imBess7SIoM2VvQNyxbhzh6XLN1 4CRbVRASHgsUogBuOTOFY3Tnh/nR48ttK/SDAYYkpPVi1Xty5oNGnxdFoDZbTvIZYv1G 3doA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fmJP6KJzP645UaTSE0lRF5lUFM34wl43txCaH4JG/ds=; b=Z4Jx4JpscYV3SfosOudaetixTktr3gY+1RgzsRMTH+xCZP1U+RGgCJmiPPnKQMlWPX WWDt57VJlnT/n0h4sYTtHZ8WyDnm1LnN0qbBpbVNdsBqtWALXP69UgB3Fjws17GKuGVX soin0x5I+DMx+c2SKIssbrR1MakuJzVrBZ/TcrUit5teIIggwIZjzQNiUdIBbUKgy8hh X3GqDwc9HV7cOlViR56k3aRNedf1bSvZUdSFinHaV1+z5xdiLumr3OS423lGM1tGxh04 KDOEex+qZaWnRb2q1IaP/9tsLBqyLCJoV3KJg4otiIX0Lp27yTIcS/114uDQ3mYl0Qdg ixug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gr+Ft10d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n29-20020a17090673dd00b008b25e3ed221si18638383ejl.162.2023.02.21.03.35.13; Tue, 21 Feb 2023 03:35:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gr+Ft10d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233775AbjBULel (ORCPT + 99 others); Tue, 21 Feb 2023 06:34:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233677AbjBULek (ORCPT ); Tue, 21 Feb 2023 06:34:40 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F844234CA for ; Tue, 21 Feb 2023 03:34:38 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id B7E561EC064D; Tue, 21 Feb 2023 12:34:36 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979276; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fmJP6KJzP645UaTSE0lRF5lUFM34wl43txCaH4JG/ds=; b=gr+Ft10dPKgV49IOliEOEH6OOeK1mkIT1loIM1M/fMuVqQ3tJZgbmQy7PpsirIEuEwMHOf JOXiXKY+LNCKKaxs6n5oY8RWbpub0Vft/lwwfzMbCv7vQU/PuvN6mX5I69/r/VZbAbYQWu T1bhTRA4CSVexbPlRIP74fjb9yyI29k= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 02/11] virt/coco/sev-guest: Check SEV_SNP attribute at probe time Date: Tue, 21 Feb 2023 12:34:19 +0100 Message-Id: <20230221113428.19324-3-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440284757129807?= X-GMAIL-MSGID: =?utf-8?q?1758440284757129807?= From: "Borislav Petkov (AMD)" No need to check it on every ioctl. And yes, this is a common SEV driver but it does only SNP-specific operations currently. This can be revisited later, when more use cases appear. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 3 --- drivers/virt/coco/sev-guest/sev-guest.c | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 679026a640ef..c644c34372e8 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2183,9 +2183,6 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned struct ghcb *ghcb; int ret; - if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) - return -ENODEV; - if (!fw_err) return -EINVAL; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 4ec4174e05a3..edaf6031c6d9 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -689,6 +689,9 @@ static int __init sev_guest_probe(struct platform_device *pdev) void __iomem *mapping; int ret; + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) + return -ENODEV; + if (!dev->platform_data) return -ENODEV; From patchwork Tue Feb 21 11:34:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59874 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812020wrn; Tue, 21 Feb 2023 03:35:30 -0800 (PST) X-Google-Smtp-Source: AK7set9Bb8sKPXBCQNiTzBR79U6ypetIThQ5Hbf/IRn/3w3T0n+4A8Sie5j/2QICUlmL3mn1nNlY X-Received: by 2002:a05:6a20:3d8a:b0:c7:6cb7:cfbd with SMTP id s10-20020a056a203d8a00b000c76cb7cfbdmr4068066pzi.12.1676979330290; Tue, 21 Feb 2023 03:35:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979330; cv=none; d=google.com; s=arc-20160816; b=YsCp8dUT94tcaSTxOizAfZrAfPuqkUmPKZWShAFU2UjPK16g7shme8gD+fUYMe/mk5 rA1AzDjIACQNTkvWElFu+s6RbXelUomKJgxV5e3/iyUI3Dio+EQSWavOnDPYaw3bv6Cm 0enuInOf+fOjgk4SrxgGsOfaDboOO2MPVtw3MHJUwKNxiqgvd2RRIW1ESheHEpwoK+lV uiMGQUNANoGK3NKV6kgkg89hy1YWNi8rY8AIZzXx+bBnlyXcIROueAo/3zsIILiGILBl FgY5j5aRNjRO4tO3VGnRfdBkCTbvdfsbu94dJT7lOkzq07X2XoxTH81iUhEoAlZZ42e0 7Phg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ksRalnveoGheILhfPrdSCwL5dhzTJiCmiR2fo+V5RHY=; b=DEeXh18TrwG5YK9CVSZYxyMfC6SfovAlflTHDEe1XyY40ygrv1oC/eO5bxv9qj24eA pl41bzeFf2xIC2RNcMJ1QApUZ4q4f4F7Rt+k8IoQYNq31hwF649H57eLNmlsKYWO1Foi +SuLLBwv3Vvu7Cr8LRIuJenDDOvtH6UlwjoTjhD4D6aDR7im+9F6pjTjIKyQ3yI5pifu Dhw6sGcNySBtBa2Isp2pReA/iwKHkrx5+Bcjtjh3VrJLG4l2TEa6hTJOBZmsTn0Pje/+ xwP+g75BeKsax5zJOh7Ly3Pf+rLF9srdtzclhEk3k3kZUm2LJ3fgXmKy060rOPNKv99j ndEQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=E1ZqyQ7C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b4-20020a63d804000000b004fb1ed5239csi16758943pgh.364.2023.02.21.03.35.17; Tue, 21 Feb 2023 03:35:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=E1ZqyQ7C; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234079AbjBULes (ORCPT + 99 others); Tue, 21 Feb 2023 06:34:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233706AbjBULek (ORCPT ); Tue, 21 Feb 2023 06:34:40 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D994B234DB for ; Tue, 21 Feb 2023 03:34:38 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 33AC71EC064E; Tue, 21 Feb 2023 12:34:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ksRalnveoGheILhfPrdSCwL5dhzTJiCmiR2fo+V5RHY=; b=E1ZqyQ7CvzM2ZM9uGSEnSE2bhwBpOF0WxTjYdYzoBZwvQswxl15MXwB8jTAPLKGM7YCLuH kfkXc+VhCOVOy6vK5YMAy7lXUi6YsF3PTIY3mD5wxp1RYM9044VpbLXBGH2hZuxLdM5ciy xWoA405WdEpn6QB/PdUd8bzyJOaOjoY= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 03/11] virt/coco/sev-guest: Simplify extended guest request handling Date: Tue, 21 Feb 2023 12:34:20 +0100 Message-Id: <20230221113428.19324-4-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440278194615301?= X-GMAIL-MSGID: =?utf-8?q?1758440278194615301?= From: "Borislav Petkov (AMD)" Return a specific error code - -ENOSPC - to signal the too small cert data buffer instead of checking exit code and exitinfo2. While at it, hoist the *fw_err assignment in snp_issue_guest_request() so that a proper error value is returned to the callers. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 11 +++--- drivers/virt/coco/sev-guest/sev-guest.c | 46 ++++++++++++++----------- 2 files changed, 31 insertions(+), 26 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c644c34372e8..6a3e1425ba17 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2209,15 +2209,16 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (ret) goto e_put; + *fw_err = ghcb->save.sw_exit_info_2; if (ghcb->save.sw_exit_info_2) { /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) + ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) { input->data_npages = ghcb_get_rbx(ghcb); - - *fw_err = ghcb->save.sw_exit_info_2; - - ret = -EIO; + ret = -ENOSPC; + } else { + ret = -EIO; + } } e_put: diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index edaf6031c6d9..5b4cddf44a3a 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -322,7 +322,8 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in u8 type, void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, __u64 *fw_err) { - unsigned long err; + unsigned long err, override_err = 0; + unsigned int override_npages = 0; u64 seqno; int rc; @@ -338,6 +339,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (rc) return rc; +retry_request: /* * Call firmware to process the request. In this function the encrypted * message enters shared memory with the host. So after this call the @@ -346,17 +348,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in */ rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - /* - * If the extended guest request fails due to having too small of a - * certificate data buffer, retry the same guest request without the - * extended data request in order to increment the sequence number - * and thus avoid IV reuse. - */ - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - err == SNP_GUEST_REQ_INVALID_LEN) { - const unsigned int certs_npages = snp_dev->input.data_npages; + switch (rc) { + case -ENOSPC: + /* + * If the extended guest request fails due to having too + * small of a certificate data buffer, retry the same + * guest request without the extended data request in + * order to increment the sequence number and thus avoid + * IV reuse. + */ + override_npages = snp_dev->input.data_npages; + exit_code = SVM_VMGEXIT_GUEST_REQUEST; - exit_code = SVM_VMGEXIT_GUEST_REQUEST; + /* + * Override the error to inform callers the given extended + * request buffer size was too small and give the caller the + * required buffer size. + */ + override_err = SNP_GUEST_REQ_INVALID_LEN; /* * If this call to the firmware succeeds, the sequence number can @@ -366,19 +375,14 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in * of the VMPCK and the error code being propagated back to the * user as an ioctl() return code. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - - /* - * Override the error to inform callers the given extended - * request buffer size was too small and give the caller the - * required buffer size. - */ - err = SNP_GUEST_REQ_INVALID_LEN; - snp_dev->input.data_npages = certs_npages; + goto retry_request; } if (fw_err) - *fw_err = err; + *fw_err = override_err ?: err; + + if (override_npages) + snp_dev->input.data_npages = override_npages; if (rc) { dev_alert(snp_dev->dev, From patchwork Tue Feb 21 11:34:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59876 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812158wrn; Tue, 21 Feb 2023 03:35:51 -0800 (PST) X-Google-Smtp-Source: AK7set/J+0JfFjbylGbeh3NY0Wt/5TdExt6w0dCE6ACZKGoCjJMf5wHwBHCxYhvzcrbhJig/FFMl X-Received: by 2002:a05:6a20:2451:b0:c0:b55b:8259 with SMTP id t17-20020a056a20245100b000c0b55b8259mr16335826pzc.0.1676979351219; Tue, 21 Feb 2023 03:35:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979351; cv=none; d=google.com; s=arc-20160816; b=mCyyx4agPjPCPAuUXOxFNd9eKRkKChS/alCnXss8bqX38zakgbaYm1GsngbFs9E3tf kvCGr3piCwqV/qJA7911cV4FD3htMhsdbvOT1hCiayOPicCIpAtR+8PZACTAdR5hEmbH cNvMs7Dsgat6J4kGIWdNrlYI2nil3Z1kdlkNl+ByMGOPT37oPz7V0hxNGbp986gz3XPc 4XWvfzycYEsRz3WdLW82GHNgXJ8RSnGbEI/+8b2mCj1xzDXeQ84pjXKlPNmMROU9S/kH qnecQwntGays+rjMz5SWN/VAFc3LOAfJiY3dtEysXLSjw/+moG6M/t2fC6sgfiRLfqoL N11A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eIxV1gF+0xxMeTGWWux4B6qDSXGFkU3ZGwakcGga7O0=; b=rU9aqQdQBlc+fPBJ35gVskLa3c5eE5+K0MaOYpmqXe30+TAXslHAL4lyj5Zv76m5jk O99AKO6mMoKTCyk792HIX3JXQlONQMHng+Y4fi/uMRhBpN8uVgaXmVDBNBKCZj7k9phh tbYNq1epwMJmV4FIVlcdTRFZ/LK0+DEhAj6m3gRHqb+m02Y1c6p/uEvR0NJsyuEwZT6y bq6+Q5toC3wjRlRwHMYJSQkQJqHmI7E1Eu2d6gh8LSEdPK7IFuV1C0neDaNEbmWozVQJ CfI8KTj3BHfEnnsztsXUEcg6R0zDb4HSav0wscpRhJjjq+60w+6/DjXOjDGuU6f5+IAu 08HA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=ZpmskPJi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id fd5-20020a056a002e8500b005924b9f5b9dsi5414885pfb.333.2023.02.21.03.35.38; Tue, 21 Feb 2023 03:35:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=ZpmskPJi; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234166AbjBULew (ORCPT + 99 others); Tue, 21 Feb 2023 06:34:52 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233151AbjBULel (ORCPT ); Tue, 21 Feb 2023 06:34:41 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7249F234E0 for ; Tue, 21 Feb 2023 03:34:39 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C8C8F1EC0662; Tue, 21 Feb 2023 12:34:37 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979277; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eIxV1gF+0xxMeTGWWux4B6qDSXGFkU3ZGwakcGga7O0=; b=ZpmskPJims9Hyc9dnmgeiYuGxje5mn0CO+IORb6lkVE++tmyaqBr+fekPt4jmfGXeUcGPu zLDVvfAhZZ/TR3k89W4U7PKjtyjOQMfQy8+ZXxp7Tc6VPmKeOOpLJxJxpWIvy4p3ibOT1K acb4yQU4Ykknp8PzRcHsdMYUx1ARNL8= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 04/11] virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() Date: Tue, 21 Feb 2023 12:34:21 +0100 Message-Id: <20230221113428.19324-5-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440300387319258?= X-GMAIL-MSGID: =?utf-8?q?1758440300387319258?= From: "Borislav Petkov (AMD)" Call the function directly instead. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 5b4cddf44a3a..c0ecc5885573 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -388,7 +388,8 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); - goto disable_vmpck; + snp_disable_vmpck(snp_dev); + return rc; } rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); @@ -396,17 +397,14 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); - goto disable_vmpck; + snp_disable_vmpck(snp_dev); + return rc; } /* Increment to new message sequence after payload decryption was successful. */ snp_inc_msg_seqno(snp_dev); return 0; - -disable_vmpck: - snp_disable_vmpck(snp_dev); - return rc; } static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) From patchwork Tue Feb 21 11:34:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59877 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812258wrn; Tue, 21 Feb 2023 03:36:11 -0800 (PST) X-Google-Smtp-Source: AK7set+phg+n2gq0Apg/vnl1p+XFbXa8Zz11094A8S8B2GzfAoJeEZZr/4a7jrZqO81tS6k1wlEB X-Received: by 2002:a17:907:c788:b0:88b:f26d:7b25 with SMTP id tz8-20020a170907c78800b0088bf26d7b25mr15925434ejc.28.1676979370849; Tue, 21 Feb 2023 03:36:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979370; cv=none; d=google.com; s=arc-20160816; b=XciqkWi9TF8kclWsDnbmzCUr5r/S6hxrZqAhGY79HU+IALYSc8rk25pAGG+7ygSa4F NQfyZp1tuaeNOpCLyf7z2I1xnRQ/CYtVtT2v44U/sOOklFSOL8RsrFGwoEDUM4nXJ9pq Zy55xAu8KEpTCddQoak4+a7Oi8XPrvIXL/VYtQSzHwq6go8104DRdAdaqi2Sbb31AD45 kXQ4msJLpWRlHo67CPCXtbypaoMwENm8VH1e6i379PxZ73951yzXSctZ7LLKBuRDdPVx bE9VWpKK6KfhjoNF2VI51srewJbNqKNP7t0qpmDO4NVWL6H0o4BQR8adkgBdXRhUpwG0 OcfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=cwRPhPVa7VbVWxOqB+Oos/acf4MTp3gp6dUcgjiwjrA=; b=D+CC2D2Xne57fTnh6ysrs0lXLCRcN3F1Pum7pH7HGNez32TljSfD65WOeMkP4cpt2o M1gn5j2lXA8RpGFJ6maSUrcGaZwARy2PR1ANfgvsHylW7zqkOTaRPUoAiIq+bNPcW9Bt xDj4xoUdl6LLXUJ8Id3PMdfjDiAWIGyaM4Sok/MOvAw8fQMHlxCW4xt8gDyYziQ4DAMo khNPZ1t0IJ+6ZHjzlcUM0dhQRryY1ODX0szwP7O3d1uFAlMRnaM4aFlikGlE+ITBPC65 OBs+iL7WZ3jZQQ4P//QYQcioMD2NqkZmr10jC0DV8VFBbxBM35bja43Nr+2XmxeBIknr TEuQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="beu/SnEp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q4-20020aa7da84000000b004accfd0cdb2si629006eds.189.2023.02.21.03.35.46; Tue, 21 Feb 2023 03:36:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="beu/SnEp"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234215AbjBULe4 (ORCPT + 99 others); Tue, 21 Feb 2023 06:34:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58010 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233751AbjBULel (ORCPT ); Tue, 21 Feb 2023 06:34:41 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0010123858 for ; Tue, 21 Feb 2023 03:34:39 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 64B5F1EC0666; Tue, 21 Feb 2023 12:34:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979278; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cwRPhPVa7VbVWxOqB+Oos/acf4MTp3gp6dUcgjiwjrA=; b=beu/SnEpU6k01R9hmAUwPqllKFAUqkW0jJEU87dx7kdHVXy5avM1YPz+3XpcsqPnxeANif Dl6+r9bAuxzk5CT4P1jlE4fqMMb8ewBai1pI4bvAcdGfwFJ8yk6p8Ekc8sPpalw33WLysY lUGkjCzK9EKp7bu6FQ0Z9kkypY2bggQ= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 05/11] virt/coco/sev-guest: Carve out the request issuing logic into a helper Date: Tue, 21 Feb 2023 12:34:22 +0100 Message-Id: <20230221113428.19324-6-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440320403270497?= X-GMAIL-MSGID: =?utf-8?q?1758440320403270497?= From: "Borislav Petkov (AMD)" This makes the code flow a lot easier to follow. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 41 +++++++++++++++---------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index c0ecc5885573..e72289de2b28 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -318,27 +318,12 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 return __enc_payload(snp_dev, req, payload, sz); } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, - u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) +static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) { unsigned long err, override_err = 0; unsigned int override_npages = 0; - u64 seqno; int rc; - /* Get message sequence and verify that its a non-zero */ - seqno = snp_get_msg_seqno(snp_dev); - if (!seqno) - return -EIO; - - memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); - - /* Encrypt the userspace provided payload */ - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); - if (rc) - return rc; - retry_request: /* * Call firmware to process the request. In this function the encrypted @@ -347,7 +332,6 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in * prevent reuse of the IV. */ rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - switch (rc) { case -ENOSPC: /* @@ -384,6 +368,29 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (override_npages) snp_dev->input.data_npages = override_npages; + return rc; +} + +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, + u8 type, void *req_buf, size_t req_sz, void *resp_buf, + u32 resp_sz, __u64 *fw_err) +{ + u64 seqno; + int rc; + + /* Get message sequence and verify that its a non-zero */ + seqno = snp_get_msg_seqno(snp_dev); + if (!seqno) + return -EIO; + + memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); + + /* Encrypt the userspace provided payload */ + rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); + if (rc) + return rc; + + rc = __handle_guest_request(snp_dev, exit_code, fw_err); if (rc) { dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", From patchwork Tue Feb 21 11:34:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59879 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812329wrn; Tue, 21 Feb 2023 03:36:22 -0800 (PST) X-Google-Smtp-Source: AK7set+V4OMG6ObZaYkuHwAg2lpgR1LR2p+ZVJIMlPmDGUVDjqBO2/fNy541ofaYcn3IfOdaw32y X-Received: by 2002:a17:907:9627:b0:8d7:c649:635d with SMTP id gb39-20020a170907962700b008d7c649635dmr5380004ejc.37.1676979382492; Tue, 21 Feb 2023 03:36:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979382; cv=none; d=google.com; s=arc-20160816; b=i3uGG7UBpUWAUuIVSKyMlPsnoumSBGA0YXUpn3SWVw4HQpz6LMdo3NbUDzTQ9nQMCP BxrCGf/jVl685YA8NWaFa3tQ/DNYy6qlS4XBbp8da7nociee6AbleRzGxSGL6ztVG9qi uoRWGZdscgURKKwUIS9R8480WOpZAXcVakII00vtCRkSzKi7Q8BeyAWgzv37OcFkNEW+ WkghszqCTwTDYT1v0wOQ8gmkUXnIy7XnaZ5YHCYBbHzefSQn32KxyDfFQK5J9Me1mgvF mqCarkH0jv/xa1qsm2FgT/LJE6ECXXchF9ULXJeSLKYcuuNLJKe8HKKss+VF4y+F2oFv 1Sfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=9ZqBaTyUq+/8HiR92mwl2yPYyLN2fWif2NArmQh+IzA=; b=FL46QtKhbK2XeKB9aY91UH5Ki+6ejw7MZ1kH52YYVvxITQgx7z8hgQJgUFnI5HnIOC 1RqBJcaWLvG0r2tyg5KHrDn6vcH3XH0c82/xev7TmfHqtjGhahVuRsoMAzV40B7kEX0y Vk3P6eYRNZ7yBSCu5yGle1A238MV69RWaQOdaGsJSx6L4bfvlTY3vsi1FKGQ8PxfOqNx E3UftBslfvpogbsnr8NMQuY0aW0/o09rLCG+st9kPknsGfxOUFwSZWM4xOAYHVsfsAqT 2BP58NDxyb8Q+u6YiBxHOceIWT96fNFYRPfPJ8ED9VNgkvMRScV9rH50NL3Sd3oaoYq5 3epw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="IzN/qDVr"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id mr20-20020a170907829400b008ce4075b9e9si7920699ejc.544.2023.02.21.03.35.59; Tue, 21 Feb 2023 03:36:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="IzN/qDVr"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234239AbjBULfA (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:00 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58064 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233777AbjBULem (ORCPT ); Tue, 21 Feb 2023 06:34:42 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6CBE523840 for ; Tue, 21 Feb 2023 03:34:40 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id F3B2E1EC0674; Tue, 21 Feb 2023 12:34:38 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=9ZqBaTyUq+/8HiR92mwl2yPYyLN2fWif2NArmQh+IzA=; b=IzN/qDVrRHW2mngsE32WaSNfsn2pPg52BPW85dqrC2L2pviR1URMIq/88KYpwdXfST6D2E gQIx4wbc+zd31yLMgJfKKJej618u0FO9TVjaMWUNuUo4NK2J9G8SA/iPDXVRE9OyP8QjLd OZ150zmTo4MnzgrOXeUA5lrUSagDdyc= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 06/11] virt/coco/sev-guest: Do some code style cleanups Date: Tue, 21 Feb 2023 12:34:23 +0100 Message-Id: <20230221113428.19324-7-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440333228298331?= X-GMAIL-MSGID: =?utf-8?q?1758440333228298331?= From: "Borislav Petkov (AMD)" Remove unnecessary linebreaks, make the code more compact. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index e72289de2b28..d430e2be2a22 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -392,18 +392,14 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in rc = __handle_guest_request(snp_dev, exit_code, fw_err); if (rc) { - dev_alert(snp_dev->dev, - "Detected error from ASP request. rc: %d, fw_err: %llu\n", - rc, *fw_err); + dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); snp_disable_vmpck(snp_dev); return rc; } rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); if (rc) { - dev_alert(snp_dev->dev, - "Detected unexpected decode failure from ASP. rc: %d\n", - rc); + dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); snp_disable_vmpck(snp_dev); return rc; } From patchwork Tue Feb 21 11:34:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59883 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812803wrn; Tue, 21 Feb 2023 03:37:46 -0800 (PST) X-Google-Smtp-Source: AK7set/oZy2A8qV95YC+cto011vgC79cBSDAMSELAam1Tq+m1J50Sr+VfqQQVbCQM/I0rXesUpAQ X-Received: by 2002:a05:6402:14cf:b0:4aa:a442:4213 with SMTP id f15-20020a05640214cf00b004aaa4424213mr3118297edx.35.1676979466756; Tue, 21 Feb 2023 03:37:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979466; cv=none; d=google.com; s=arc-20160816; b=mOQu3qK/O8zkzC7ow3bc/RNHdKt+XYNplPq9+dIBj6jpuYfU7k/5LOwIe5TNxGwhkL 7z8ZO4sdR691DCHttrS26JCoDrLpXa9A7VcPG7VrRn+KxmGZ8KsuFIGdX/1hE52z+hOe f/6QpXHniLx4ntDwBgnSBEjodi5NkUNxtXvsJ9Be+blFFZ9+1pJYymiER896m+TDiNYq Onle122zxo2pUIlSnZbC1k3qVSSaCVa8xD19QSoDkanwNrdFURfGQ3ffIxVg+6mvvrnD wiBziuEQiJ76gIDtG5EhIU7vTZxrtqrxUP+q56JleBl775xCNtkS5nafhx+fIPJy9aOm gpDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KR4vVsJESSCg86kIVXeeVz75YYrz3rzwdB6btBRiLEY=; b=wMLtYXuc5BGk0w9E3FUUBpeS9UTJcavYP/fXSU1SRGlUKEYCzqI4TfwydTYwjoUXva SDwb+13AfcsQdLwK87urqpMhZZQqZ7G2rZ3iZxtaq0QMpuqnBJnWK+Yefpv8glry29wl FRKH6qKUWVtuM2dkUQ9cK6Deogt+zXFPyFnIHohAt39VJ51fRRSBMAZBFVf3E5/rGBYS AYCogv6R33ckhb5gEGfOPndS7o/nfC0qiEyfro+iF+pHrNVZKUA4qE2cZwhSKFSzZ7fJ fLE2YYBSp0zOLB39VZElIT6Eu7BQAV7gu6cIYVq6CIRu+BpHkiNkzgk0kIX+rh4gTS0Y gyPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=K1Qiusbp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a11-20020aa7cf0b000000b004acc77edc4asi5108351edy.124.2023.02.21.03.37.23; Tue, 21 Feb 2023 03:37:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=K1Qiusbp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233902AbjBULfH (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58142 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233826AbjBULeo (ORCPT ); Tue, 21 Feb 2023 06:34:44 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34D142594D for ; Tue, 21 Feb 2023 03:34:41 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 622981EC067C; Tue, 21 Feb 2023 12:34:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KR4vVsJESSCg86kIVXeeVz75YYrz3rzwdB6btBRiLEY=; b=K1QiusbpWj/Qs2KDQUM2zv48odDuqatgdvqb+53IWyQa4LC5CALTvIvubvy2eo9E9G6rZU eYWVG4ZIm6Y+K0DYbPI2ORGO2krxBpnOV/ypXVV1Cpzzi5yWN7xVeMBMQX2YEcK8r9NLO/ 2vFZEvidXnah5e+KwhGGTDoWCQkvolY= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 07/11] virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case Date: Tue, 21 Feb 2023 12:34:24 +0100 Message-Id: <20230221113428.19324-8-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440421006524102?= X-GMAIL-MSGID: =?utf-8?q?1758440421006524102?= From: "Borislav Petkov (AMD)" snp_issue_guest_request() checks the value returned by the hypervisor in sw_exit_info_2 and returns a different error depending on it. Convert those checks into a switch-case to make it more readable when more error values are going to be checked in the future. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 6a3e1425ba17..d67884fb38c1 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2210,15 +2210,21 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned goto e_put; *fw_err = ghcb->save.sw_exit_info_2; - if (ghcb->save.sw_exit_info_2) { + switch (*fw_err) { + case 0: + break; + + case SNP_GUEST_REQ_INVALID_LEN: /* Number of expected pages are returned in RBX */ - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) { + if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { input->data_npages = ghcb_get_rbx(ghcb); ret = -ENOSPC; - } else { - ret = -EIO; + break; } + fallthrough; + default: + ret = -EIO; + break; } e_put: From patchwork Tue Feb 21 11:34:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59878 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812310wrn; Tue, 21 Feb 2023 03:36:19 -0800 (PST) X-Google-Smtp-Source: AK7set+3wWvszuQ5fDiybDNSyMLpjdtRxDb9pD4nqbXYgT6lujMfi4qV8dhT/P8Gi5Cbv06m5HLc X-Received: by 2002:a17:902:e5c9:b0:19c:171a:d32c with SMTP id u9-20020a170902e5c900b0019c171ad32cmr6038837plf.28.1676979379570; Tue, 21 Feb 2023 03:36:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979379; cv=none; d=google.com; s=arc-20160816; b=xjYkOLz5sh8SlMVTPXvsc4yhByNIYII1NJtXz8P/KJ5LxvtnIQz9TK5tZka1nD0V8J REi+nbU7wBLumQ9fV7p33r5gP6/+m3W5zEweUzs5yVNVzqDLwcGg+4eNpqMhEhM5PlPA UaaZBdO1f3uOeInlLWFPx9+f25PveR+MYRmyXRWD7Ezsz3g1qHufno+yDXMIdyOr+qRR JfZAa7NfMganbkVTygvel45BztE9eIS8bIoYPTeZgpgPsO1VPICoAaNJLac6NY2M2WhI WRP4auEo4sfU5V7wGWzZyP35B6C2fk0oVLpZ0lzgkqo7gBVskimlBIachZy4vTyxf5Pn o20g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IYyR0+BccWAZu5naODrqJjalGeVpYFKs8LsqRBbFls0=; b=UjsV0sJMMTkiPL4JlNnGb5G/Kt3KaU15IWrtgVQVTeXDXfLoDlwFQ7S4JjnIpd3aMO uhMXCDoLsNG5zILIC1QUGvDdUu5qwfizXMjhN8N4JL327Irlj0wgbPzp2l28VeBmPmfY erJPdYYrgNnb4Si9YGOz0liHccbJfF0zwISXflUkL9XChysRuc0hJ+ahAMHZI+sX5c5I miqs/ZCKGUJ52Mm5MPh1DYh8FYfZLxZffeNpLBnNuw0DvGHRG+L2Zx7gkQtewo7tmTko q1TdCe9bFDWDLSLQTCADAmupvMJnWzdY9KCARLSETPo1tpnezayWzPBc1mF+nOh6Wfyk W4Aw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="V/S64JpQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a170903244100b001947ba0ac92si5454062pls.350.2023.02.21.03.36.07; Tue, 21 Feb 2023 03:36:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="V/S64JpQ"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234264AbjBULfE (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58092 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233794AbjBULem (ORCPT ); Tue, 21 Feb 2023 06:34:42 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3781925B93 for ; Tue, 21 Feb 2023 03:34:41 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id D64C31EC067E; Tue, 21 Feb 2023 12:34:39 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979279; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IYyR0+BccWAZu5naODrqJjalGeVpYFKs8LsqRBbFls0=; b=V/S64JpQrPEnqV250KVXVQRNMRPqMIqPonbf6qQxcaH8JO7DLiKIsClOy29TDN/QmOOIox dA5CXj+2i+Q0g6if//P0LcCDz/y2m//YkAP2uGlgN+Kyk+FSgtHWjuib8dSB7QRuTqiPYU oyRua31voVHEt79/UQyFo1pyY4gVakE= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 08/11] crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer Date: Tue, 21 Feb 2023 12:34:25 +0100 Message-Id: <20230221113428.19324-9-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440329830053706?= X-GMAIL-MSGID: =?utf-8?q?1758440329830053706?= From: "Borislav Petkov (AMD)" Add a wrapper instead. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/crypto/ccp/sev-dev.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f60bb73edfda..c54cc8f9a284 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -440,11 +440,18 @@ static int __sev_init_ex_locked(int *error) return __sev_do_cmd_locked(SEV_CMD_INIT_EX, &data, error); } +static inline int __sev_do_init_locked(int *psp_ret) +{ + if (sev_init_ex_buffer) + return __sev_init_ex_locked(psp_ret); + else + return __sev_init_locked(psp_ret); +} + static int __sev_platform_init_locked(int *error) { int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; struct psp_device *psp = psp_master; - int (*init_function)(int *error); struct sev_device *sev; if (!psp || !psp->sev_data) @@ -456,15 +463,12 @@ static int __sev_platform_init_locked(int *error) return 0; if (sev_init_ex_buffer) { - init_function = __sev_init_ex_locked; rc = sev_read_init_ex_file(); if (rc) return rc; - } else { - init_function = __sev_init_locked; } - rc = init_function(&psp_ret); + rc = __sev_do_init_locked(&psp_ret); if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) { /* * Initialization command returned an integrity check failure @@ -475,7 +479,7 @@ static int __sev_platform_init_locked(int *error) */ dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); - rc = init_function(&psp_ret); + rc = __sev_do_init_locked(&psp_ret); } if (error) From patchwork Tue Feb 21 11:34:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59882 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812717wrn; Tue, 21 Feb 2023 03:37:32 -0800 (PST) X-Google-Smtp-Source: AK7set/FyzmUHXzIOM8fpEufqMztIAXCH/kSKiBPO+49JCfg5uzv5edNBSkeN/ShakdHSJDNej1P X-Received: by 2002:a17:902:e84b:b0:19a:fa2f:5588 with SMTP id t11-20020a170902e84b00b0019afa2f5588mr3973103plg.49.1676979452098; Tue, 21 Feb 2023 03:37:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979452; cv=none; d=google.com; s=arc-20160816; b=yW7bSGWIICjgLniym3qvs5VWtVpeaktqeZrnetD5VBDtDfI/EiwrM7YXEG0KLSJeu7 6XueYs84csY+OslmIka7zG0c1CEe34Jgj/KtcJKJYKD4mbkAjxyFV5T4ZLz7ulGKFaHG NthNKhNm/nMY3wcM7letkcxxlzPho5PmCkNRkzmz73fCNYO2Vhfso0dzvirhFRbScY+C ueJFjUIxU5Slop6VEXcOtB1v77UCBWjdQmkA6s1xV2m1df+fh7OqGi+oaoTKaI5JW3vP wiGHZ2WzXRGlL8vpCWhw7JFgTfekhoSGVQQabwtfBT72kZBLXlfvugOpFCdIc2xO/Wf8 0WeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4IxoB32WLSIy6eV1NxkSejZghgVhKqORRCJKoMxnv/Y=; b=pslr4x7ryDvJd2JVHLwFsf15GCMSE1hB5qWFsmA4O8EQ6WbL47I/iDZPH1FxB5OJLa oy0VXs9MUQdz+l0kR/THkJ6ZWteWlE2caqEyHXJ9iBpgNegHRBRNeij+UpWDBZfDvxc2 WfbmoQEj8XBBO9y2/3OAtKxpW7p5A6CYcYHCuldv5NlCO9kjpqS6rvrjaGMqU4pVGqyy mHsffdnSesjFiKuCRmmFTfSF5eReO3P0SnsNnJMqten/idZyi23xjknwJHCmQFBDOFVb Ivo0ZNyS3MTnQqhuL0c8JDchuioCcq/pk8KdsgCvUTzGNFitmsQQ6tWeFJx/+nHSBCHt mQwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=EQmnfjWn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a170903244100b001947ba0ac92si5454062pls.350.2023.02.21.03.37.19; Tue, 21 Feb 2023 03:37:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=EQmnfjWn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233974AbjBULfK (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58152 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233830AbjBULeo (ORCPT ); Tue, 21 Feb 2023 06:34:44 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 17A012686F for ; Tue, 21 Feb 2023 03:34:41 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 5D0451EC0681; Tue, 21 Feb 2023 12:34:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4IxoB32WLSIy6eV1NxkSejZghgVhKqORRCJKoMxnv/Y=; b=EQmnfjWnpopJUzOwY9r1pP0A3wFv+y11v8GCohH+bsoxt5SLtvGLAT/k7wXTEH4xhgILVO Vm/Z7MhxgfkbtpYoIM0X4Gh09S83Tja++c1nPixw+JcCERtjmKFiWdjJI+TiinWv2dQjBF xHVpVl80ErSEKJFyVCHTVHK9zRCeoVo= From: Borislav Petkov To: LKML Cc: Borislav Petkov , Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 09/11] virt/coco/sev-guest: Add throttling awareness Date: Tue, 21 Feb 2023 12:34:26 +0100 Message-Id: <20230221113428.19324-10-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440406065899987?= X-GMAIL-MSGID: =?utf-8?q?1758440406065899987?= From: Dionna Glaze A potentially malicious SEV guest can constantly hammer the hypervisor using this driver to send down requests and thus prevent or at least considerably hinder other guests from issuing requests to the secure processor which is a shared platform resource. Therefore, the host is permitted and encouraged to throttle such guest requests. Add the capability to handle the case when the hypervisor throttles excessive numbers of requests issued by the guest. Otherwise, the VM platform communication key will be disabled, preventing the guest from attesting itself. Realistically speaking, a well-behaved guest should not even care about throttling. During its lifetime, it would end up issuing a handful of requests which the hardware can easily handle. This is more to address the case of a malicious guest. Such guest should get throttled and if its VMPCK gets disabled, then that's its own wrongdoing and perhaps that guest even deserves it. To the implementation: the hypervisor signals with SNP_GUEST_REQ_ERR_BUSY that the guest requests should be throttled. That error code is returned in the upper 32-bit half of exitinfo2 and this is part of the GHCB spec v2. So the guest is given a throttling period of 1 minute in which it retries the request every 2 seconds. This is a good default but if it turns out to not pan out in practice, it can be tweaked later. For safety, since the encryption algorithm in GHCBv2 is AES_GCM, control must remain in the kernel to complete the request with the current sequence number. Returning without finishing the request allows the guest to make another request but with different message contents. This is IV reuse, and breaks cryptographic protections. [ bp: Rewrite commit message and do a simplified version. ] Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze Co-developed-by: Borislav Petkov (AMD) Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-2-dionnaglaze@google.com --- arch/x86/include/asm/sev-common.h | 3 ++- arch/x86/kernel/sev.c | 4 ++++ drivers/virt/coco/sev-guest/sev-guest.c | 19 ++++++++++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index b8357d6ecd47..b63be696b776 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -128,8 +128,9 @@ struct snp_psc_desc { struct psc_entry entries[VMGEXIT_PSC_MAX_ENTRY]; } __packed; -/* Guest message request error code */ +/* Guest message request error codes */ #define SNP_GUEST_REQ_INVALID_LEN BIT_ULL(32) +#define SNP_GUEST_REQ_ERR_BUSY BIT_ULL(33) #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index d67884fb38c1..3f664ab277c4 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2214,6 +2214,10 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned case 0: break; + case SNP_GUEST_REQ_ERR_BUSY: + ret = -EAGAIN; + break; + case SNP_GUEST_REQ_INVALID_LEN: /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index d430e2be2a22..da4f6267baad 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -31,6 +31,9 @@ #define AAD_LEN 48 #define MSG_HDR_VER 1 +#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) +#define SNP_REQ_RETRY_DELAY (2*HZ) + struct snp_guest_crypto { struct crypto_aead *tfm; u8 *iv, *authtag; @@ -320,7 +323,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) { - unsigned long err, override_err = 0; + unsigned long err = 0xff, override_err = 0; + unsigned long req_start = jiffies; unsigned int override_npages = 0; int rc; @@ -360,6 +364,19 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * user as an ioctl() return code. */ goto retry_request; + + /* + * The host may return SNP_GUEST_REQ_ERR_EBUSY if the request has been + * throttled. Retry in the driver to avoid returning and reusing the + * message sequence number on a different message. + */ + case -EAGAIN: + if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { + rc = -ETIMEDOUT; + break; + } + schedule_timeout_killable(SNP_REQ_RETRY_DELAY); + goto retry_request; } if (fw_err) From patchwork Tue Feb 21 11:34:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59884 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1812810wrn; Tue, 21 Feb 2023 03:37:47 -0800 (PST) X-Google-Smtp-Source: AK7set8yoAh3RFBDM/XKTBbwMgFFFkdW2sRD4rij6evq8B/fEEsj5D7/EyRMwlrvN1lfBMotNmSx X-Received: by 2002:a17:907:a40d:b0:878:7349:5ce6 with SMTP id sg13-20020a170907a40d00b0087873495ce6mr15195092ejc.71.1676979467771; Tue, 21 Feb 2023 03:37:47 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979467; cv=none; d=google.com; s=arc-20160816; b=OzXpf1mXnA/I+sWfFJzVO3dCqo9MfI3YoEpnM2UXe9eZ0+kMjmYQicV9M69H8PnJii +ewF8qnqZjStMIB83YlgqZ8EC32yWHnPnQRTDZVlV+7/U9OW3ZB+EGURvu0DBs+v6rM/ aK9d4LR8vA9cqXHf+PK8cUXW7h6i5QsWp/WyyPy5ChhBmG69EXS6uJPZw5kZ+gRkWUx8 3a1kJUJJmikg+qNh+wloI8N20swpvwRo5TtGv/HEn83ZyqdSZcOUzqygpkgD1ES5ElNY e4YJfADVU3Q++qwAU9rij9f2FfBpTtnYoooA4+d5Y17oUdcW4u2XWZYr5cXoGGNS6Gml aZSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=dWHBIgi4/PPHoVD+CngkvEQZ9VAcHNq+ytmZl53I++c=; b=Amcw3NdnqeODtFqSA8qNwf3wqqMiGGbprarh6N8pbkkMhlsD1yuAudU+jEj0WthCtu Jl80LtjAJ29Ime3uLzxId8tQQ2JZnAZ0jeIodF67ghjX8sMmxxbje/8fAGqH5Z0GeXnJ 8jZrNgpKjuFVPn0CpUAUMbWh2lFhBdtzun7tB/MBBG+DtaAElrky4cJz/hHz3n/Ucq16 Yem1Ic9+j9Z4sh3uGh4yqTSd6kUKHSETWxEcBvjwlySWUEx9aS4JpxTQqhGZSBD4KEpC ztSY+JaC75HjTcL+Jcs+HbNpxC1lDATGpsLliRoAOAfpHRNonadmc7cPVwltfTors1rI 3nsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Pa3GQzNp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 30-20020a170906209e00b008b1a3d719b4si19612405ejq.202.2023.02.21.03.37.24; Tue, 21 Feb 2023 03:37:47 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=Pa3GQzNp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234115AbjBULfM (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58154 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233832AbjBULeo (ORCPT ); Tue, 21 Feb 2023 06:34:44 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7757526CEC for ; Tue, 21 Feb 2023 03:34:42 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id CF1FA1EC0682; Tue, 21 Feb 2023 12:34:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979280; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dWHBIgi4/PPHoVD+CngkvEQZ9VAcHNq+ytmZl53I++c=; b=Pa3GQzNpCEz5RIlXXbe112ECZiXJnWwMhmAnOK0IZbYyETMd8xNqbPoBdNZ7z7ZtQpZci4 xu457d3A+pT/QFBpwL3XB/XLxKeBhMGkAQdnSTIu9tV0VcMvYZZhhKDHbSkDF0CbU6GS5f ikY0Z0bUIxYDKFvwapn2qeTqIOZqvLc= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 10/11] virt/coco/sev-guest: Double-buffer messages Date: Tue, 21 Feb 2023 12:34:27 +0100 Message-Id: <20230221113428.19324-11-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440421892107310?= X-GMAIL-MSGID: =?utf-8?q?1758440421892107310?= From: Dionna Glaze The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy whole messages in or out as needed before doing any computation on them. Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-3-dionnaglaze@google.com --- drivers/virt/coco/sev-guest/sev-guest.c | 27 +++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index da4f6267baad..6bc1390b54e8 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -46,7 +46,15 @@ struct snp_guest_dev { void *certs_data; struct snp_guest_crypto *crypto; + /* request and response are in unencrypted memory */ struct snp_guest_msg *request, *response; + + /* + * Avoid information leakage by double-buffering shared messages + * in fields that are in regular encrypted memory. + */ + struct snp_guest_msg secret_request, secret_response; + struct snp_secrets_page_layout *layout; struct snp_req_data input; u32 *os_area_msg_seqno; @@ -266,14 +274,17 @@ static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg *resp = snp_dev->response; - struct snp_guest_msg *req = snp_dev->request; + struct snp_guest_msg *resp = &snp_dev->secret_response; + struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *req_hdr = &req->hdr; struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); + /* Copy response from shared memory to encrypted memory. */ + memcpy(resp, snp_dev->response, sizeof(*resp)); + /* Verify that the sequence counter is incremented by 1 */ if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) return -EBADMSG; @@ -297,7 +308,7 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, void *payload, size_t sz) { - struct snp_guest_msg *req = snp_dev->request; + struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *hdr = &req->hdr; memset(req, 0, sizeof(*req)); @@ -400,13 +411,21 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (!seqno) return -EIO; + /* Clear shared memory's response for the host to populate. */ memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); - /* Encrypt the userspace provided payload */ + /* Encrypt the userspace provided payload in snp_dev->secret_request. */ rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); if (rc) return rc; + /* + * Write the fully encrypted request to the shared unencrypted + * request page. + */ + memcpy(snp_dev->request, &snp_dev->secret_request, + sizeof(snp_dev->secret_request)); + rc = __handle_guest_request(snp_dev, exit_code, fw_err); if (rc) { dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); From patchwork Tue Feb 21 11:34:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 59886 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp1813562wrn; Tue, 21 Feb 2023 03:40:07 -0800 (PST) X-Google-Smtp-Source: AK7set8H6m6byW+NeEvvsPx6blt+K36qO+1CLyOO0b3QRG51piL/AtfDsCIdgcSA9F6yV8k8zB8i X-Received: by 2002:a17:906:9497:b0:8b1:9e47:9101 with SMTP id t23-20020a170906949700b008b19e479101mr13993614ejx.12.1676979607395; Tue, 21 Feb 2023 03:40:07 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1676979607; cv=none; d=google.com; s=arc-20160816; b=lwi+CP6YKDy34fWB1xn1a5wa6aOf+APlgVcEgKeZo6K91pcWknx8IukaPAiBiEZVcZ WZ9bLp0g3C3b/esK9kp8S4Xge0X1Y44RODTUygS1VwS73P+7M/h0wjS114iBOk5bhYaf K/KxyrIWAHew8Kru4gieOYYRtJH0wMb2PF7sKUzO/7SHI15Z8uH1TjeICVknDHxZdW9z 7F/FBUwD99krD+hO945R/zwHpDbtPzm/c25hSovkuAFJsADwOUaBxLnU/Vaf96CdfiQX Ld79vAUUgClc7ZqyBDTDqrHucQhNmjv+8o275nR0akUXrWaD8jg2FtR7+bSWbu3QPTsj PSlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SmUs8DwPiZRjavZ2XyRnu2OzNFkfeY5x0Zeji6c7auE=; b=cDqcAMCRXGTBfU3xdTpSVbl+GD9RqLd9FXTtyNuqopWhuqc7n41CiCpbnlEC14+T83 UQd0EDrCkE7M/3H2awZ7jX46vVXTPMTD7qXsDxM8qvWuZRskAeYJJ38VJZAeLWzzmcjZ BxAL+/ebj2rdHSRITj1/fhaJU2QFH4q/VeLJn/lfEujk0VGTcZzXFAQmwmmepWmS8goz 7hrug9bNCkcnl/EeAzp3EgEtGOhJxLUkVslL8W2RmYSbpbrgB5zUky5yoTXiFoLsqJrU OpdCNtM7QPoC2apipubAkuAFi378rlgfWF/GB/mIxChlSomZgRrFE1n0rtrxk40D10RN bfqQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=KAcDfO5b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p22-20020a170907911600b008caedbfc3acsi8919060ejq.419.2023.02.21.03.39.44; Tue, 21 Feb 2023 03:40:07 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=KAcDfO5b; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233863AbjBULfQ (ORCPT + 99 others); Tue, 21 Feb 2023 06:35:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233945AbjBULep (ORCPT ); Tue, 21 Feb 2023 06:34:45 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2658026CFC for ; Tue, 21 Feb 2023 03:34:43 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 4C3CB1EC059E; Tue, 21 Feb 2023 12:34:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1676979281; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=SmUs8DwPiZRjavZ2XyRnu2OzNFkfeY5x0Zeji6c7auE=; b=KAcDfO5bVsWA81G4my6293EtVm+6osi6XDe8fp7DvS531tp16csV6lvkP/F1zTWovqiOlm SXpUHSqw/XIehQtB6a4B+BBeVQHdgTJOHive1o5Qtk4Pd25IqJUbzDQhDiK+c4jfwoLJtb YREjDN380RjxORzPJL5TcFZzTt5Chys= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v2 11/11] x86/sev: Change snp_guest_issue_request()'s fw_err argument Date: Tue, 21 Feb 2023 12:34:28 +0100 Message-Id: <20230221113428.19324-12-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230221113428.19324-1-bp@alien8.de> References: <20230221113428.19324-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1758440568563782825?= X-GMAIL-MSGID: =?utf-8?q?1758440568563782825?= From: Dionna Glaze The GHCB specification declares that the firmware error value for a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The upper 32 bits are for the VMM's own error code. The fw_err argument to snp_guest_issue_request() is thus a misnomer, and callers will need access to all 64 bits. The type of unsigned long also causes problems, since sw_exit_info2 is u64 (unsigned long long) vs the argument's unsigned long*. Change this type for issuing the guest request. Pass the ioctl command struct's error field directly instead of in a local variable, since an incomplete guest request may not set the error code, and uninitialized stack memory would be written back to user space. The firmware might not even be called, so bookend the call with the no firmware call error and clear the error. Since the "fw_err" field is really exitinfo2 split into the upper bits' vmm error code and lower bits' firmware error code, convert the 64 bit value to a union. [ bp: Massage commit message, adjust code. ] Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-5-dionnaglaze@google.com Tested-by: Dionna Glaze --- Documentation/virt/coco/sev-guest.rst | 20 ++++++---- arch/x86/include/asm/sev-common.h | 4 -- arch/x86/include/asm/sev.h | 8 ++-- arch/x86/kernel/sev.c | 15 ++++---- drivers/virt/coco/sev-guest/sev-guest.c | 49 +++++++++++++------------ include/uapi/linux/sev-guest.h | 18 ++++++++- 6 files changed, 68 insertions(+), 46 deletions(-) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index aa3e4c6a1f90..68b0d2363af8 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -37,11 +37,11 @@ along with a description: the return value. General error numbers (-ENOMEM, -EINVAL) are not detailed, but errors with specific meanings are. -The guest ioctl should be issued on a file descriptor of the /dev/sev-guest device. -The ioctl accepts struct snp_user_guest_request. The input and output structure is -specified through the req_data and resp_data field respectively. If the ioctl fails -to execute due to a firmware error, then fw_err code will be set. Otherwise, fw_err -will be set to 0x00000000ffffffff, i.e., the lower 32-bits are -1. +The guest ioctl should be issued on a file descriptor of the /dev/sev-guest +device. The ioctl accepts struct snp_user_guest_request. The input and +output structure is specified through the req_data and resp_data field +respectively. If the ioctl fails to execute due to a firmware error, then +the fw_error code will be set, otherwise fw_error will be set to -1. The firmware checks that the message sequence counter is one greater than the guests message sequence counter. If guest driver fails to increment message @@ -57,8 +57,14 @@ counter (e.g. counter overflow), then -EIO will be returned. __u64 req_data; __u64 resp_data; - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */ + union { + __u64 exitinfo2; + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; 2.1 SNP_GET_REPORT diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index b63be696b776..0759af9b1acf 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -128,10 +128,6 @@ struct snp_psc_desc { struct psc_entry entries[VMGEXIT_PSC_MAX_ENTRY]; } __packed; -/* Guest message request error codes */ -#define SNP_GUEST_REQ_INVALID_LEN BIT_ULL(32) -#define SNP_GUEST_REQ_ERR_BUSY BIT_ULL(33) - #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 #define GHCB_MSR_TERM_REASON_SET_MASK 0xf diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ebc271bb6d8e..30567c72cbd9 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -185,6 +185,9 @@ static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) return rc; } + +struct snp_guest_request_ioctl; + void setup_ghcb(void); void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned int npages); @@ -196,7 +199,7 @@ void snp_set_memory_private(unsigned long vaddr, unsigned int npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err); +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -216,8 +219,7 @@ static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npag static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } -static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, - unsigned long *fw_err) +static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 3f664ab277c4..b031244d6d2d 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #include #include @@ -2175,7 +2177,7 @@ static int __init init_sev_config(char *str) } __setup("sev=", init_sev_config); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err) +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2183,8 +2185,7 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned struct ghcb *ghcb; int ret; - if (!fw_err) - return -EINVAL; + rio->exitinfo2 = SEV_RET_NO_FW_CALL; /* * __sev_get_ghcb() needs to run with IRQs disabled because it is using @@ -2209,16 +2210,16 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (ret) goto e_put; - *fw_err = ghcb->save.sw_exit_info_2; - switch (*fw_err) { + rio->exitinfo2 = ghcb->save.sw_exit_info_2; + switch (rio->exitinfo2) { case 0: break; - case SNP_GUEST_REQ_ERR_BUSY: + case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_BUSY): ret = -EAGAIN; break; - case SNP_GUEST_REQ_INVALID_LEN: + case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN): /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { input->data_npages = ghcb_get_rbx(ghcb); diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 6bc1390b54e8..6b3c1d308353 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -332,11 +332,12 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 return __enc_payload(snp_dev, req, payload, sz); } -static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) +static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, + struct snp_guest_request_ioctl *rio) { - unsigned long err = 0xff, override_err = 0; unsigned long req_start = jiffies; unsigned int override_npages = 0; + u64 override_err = 0; int rc; retry_request: @@ -346,7 +347,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); + rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); switch (rc) { case -ENOSPC: /* @@ -364,7 +365,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * request buffer size was too small and give the caller the * required buffer size. */ - override_err = SNP_GUEST_REQ_INVALID_LEN; + override_err = SNP_GUEST_VMM_ERR_INVALID_LEN << SNP_GUEST_VMM_ERR_SHIFT; /* * If this call to the firmware succeeds, the sequence number can @@ -377,7 +378,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, goto retry_request; /* - * The host may return SNP_GUEST_REQ_ERR_EBUSY if the request has been + * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been * throttled. Retry in the driver to avoid returning and reusing the * message sequence number on a different message. */ @@ -390,8 +391,8 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, goto retry_request; } - if (fw_err) - *fw_err = override_err ?: err; + if (override_err) + rio->exitinfo2 = override_err; if (override_npages) snp_dev->input.data_npages = override_npages; @@ -399,9 +400,10 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, return rc; } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, - u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, + struct snp_guest_request_ioctl *rio, u8 type, + void *req_buf, size_t req_sz, void *resp_buf, + u32 resp_sz) { u64 seqno; int rc; @@ -415,7 +417,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); + rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); if (rc) return rc; @@ -426,9 +428,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in memcpy(snp_dev->request, &snp_dev->secret_request, sizeof(snp_dev->secret_request)); - rc = __handle_guest_request(snp_dev, exit_code, fw_err); + rc = __handle_guest_request(snp_dev, exit_code, rio); if (rc) { - dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); + dev_alert(snp_dev->dev, + "Detected error from ASP request. rc: %d, exitinfo2: %llu\n", + rc, rio->exitinfo2); snp_disable_vmpck(snp_dev); return rc; } @@ -471,9 +475,9 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!resp) return -ENOMEM; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, + rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, - resp_len, &arg->fw_err); + resp_len); if (rc) goto e_free; @@ -511,9 +515,8 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) return -EFAULT; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, - SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len, - &arg->fw_err); + rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, + SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len); if (rc) return rc; @@ -573,12 +576,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques return -ENOMEM; snp_dev->input.data_npages = npages; - ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version, + ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, &req.data, - sizeof(req.data), resp->data, resp_len, &arg->fw_err); + sizeof(req.data), resp->data, resp_len); /* If certs length is invalid then copy the returned length */ - if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) { + if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) @@ -613,7 +616,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long if (copy_from_user(&input, argp, sizeof(input))) return -EFAULT; - input.fw_err = 0xff; + input.exitinfo2 = 0xff; /* Message version must be non-zero */ if (!input.msg_version) @@ -644,7 +647,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long mutex_unlock(&snp_cmd_mutex); - if (input.fw_err && copy_to_user(argp, &input, sizeof(input))) + if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; return ret; diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 256aaeff7e65..b25b728281ca 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -52,8 +52,14 @@ struct snp_guest_request_ioctl { __u64 req_data; __u64 resp_data; - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */ + union { + __u64 exitinfo2; + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; struct snp_ext_report_req { @@ -77,4 +83,12 @@ struct snp_ext_report_req { /* Get SNP extended report as defined in the GHCB specification version 2. */ #define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl) +/* Guest message request EXIT_INFO_2 constants */ +#define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) +#define SNP_GUEST_VMM_ERR_SHIFT 32 +#define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT) + +#define SNP_GUEST_VMM_ERR_INVALID_LEN BIT(0) +#define SNP_GUEST_VMM_ERR_BUSY BIT(1) + #endif /* __UAPI_LINUX_SEV_GUEST_H_ */