From patchwork Tue Mar 7 19:24:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65843 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2644808wrd; Tue, 7 Mar 2023 12:27:50 -0800 (PST) X-Google-Smtp-Source: AK7set/uKjlmDQr/X1Pb67ytCa9/onrfgb5mXfbanDGczJ8nl3XL0b5HregcbtmU2H35+uDubE/n X-Received: by 2002:a17:90b:4c85:b0:237:97fd:e3ac with SMTP id my5-20020a17090b4c8500b0023797fde3acmr15881183pjb.48.1678220870343; Tue, 07 Mar 2023 12:27:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678220870; cv=none; d=google.com; s=arc-20160816; b=qX2mnuUjJkKdkOLPolGZP5HIWNk+CXCJtC+Rw0Dk1Z2uxiSSCG0ARZovj0hc3Yjgf1 22j45jGhmwmMsCJcN+m0rdgqbeTKCTSnG68rbFf3rjryXxXgZFqdbM7xJddWc8HbA+eD 97EYJCMMSoyD0fGsTS4TW1DYVumlgeCohfD6OLwCjBatL90np2q0dxnUBg1jX4KspT+M 3DJom4R6HRTtf0T+qIfOXr0pXHv6F5SMFnKtLcI+gBHdQNmhjCvfFfKreQIdqvpU8Buq nVZpCIq1idGrKWRs/kePt7N7jHIi2pw5uV/lJ3jA2ozuQMC2KQOmb0DTNQpeTbKspaTS fmyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FVVFMu6+wmGt1AA1meeE7nEqiToclEEsqfV+E6pOD/g=; b=ZX+VEnrclczHq/hrx9acEBzPAWg/6JqQLpQ6evqrYrjT9UQ51w9ltl1bN3M/fdWvpa YaGET0KEswreXthW3PWWXEb06WsnRoZuRP9T/g+BsrW0emcKoIYJh5aaBB5R6X+HqAhG c9/lSujrzCsYv21gU1UT3e2DMf97uwq3HTWp1S9/45D5RYn0OUgBaG6LSouBpJnIjrK9 19qArC1oD5tP2uU2MzodUHzABhzKG7VWpb9uGeiMVJcnb9gW/+QxU4cG8nEUYIvpSCcd +3/elHyDGrhAB6vAmmiAmW/Z7/jyEwkqMP/mmCVECJ1BCO0D/cypGaKRndV7n/Of7R7C qaww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=A5AccOuC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s8-20020a63af48000000b005004287592asi13037105pgo.36.2023.03.07.12.27.37; Tue, 07 Mar 2023 12:27:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=A5AccOuC; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234160AbjCGThy (ORCPT + 99 others); Tue, 7 Mar 2023 14:37:54 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53224 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234126AbjCGThg (ORCPT ); Tue, 7 Mar 2023 14:37:36 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0EBDB8571 for ; Tue, 7 Mar 2023 11:24:58 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AEB461EC068B; Tue, 7 Mar 2023 20:24:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=FVVFMu6+wmGt1AA1meeE7nEqiToclEEsqfV+E6pOD/g=; b=A5AccOuCi9w/Dy2s5r1TkyqAh9rnbW9EcwJGD/DOIrKudKKZ19F9nTRMsBKcm8CjR0Y2eO 5TxDKCrMWwziKCyu6OKCbhbFed58029nAyVAst6yZVveLPaLR54z00aXVjZHnajiCnFYTx 67Zk5woGZ1acuXX4/qou3Iep/7OcbMc= From: Borislav Petkov To: LKML Cc: stable@kernel.org, Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 01/11] crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL Date: Tue, 7 Mar 2023 20:24:39 +0100 Message-Id: <20230307192449.24732-2-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759742127390493372?= X-GMAIL-MSGID: =?utf-8?q?1759742127390493372?= From: Peter Gonda The PSP can return a "firmware error" code of -1 in circumstances where the PSP has not actually been called. To make this protocol unambiguous, name the value SEV_RET_NO_FW_CALL. [ bp: Massage a bit. ] Signed-off-by: Peter Gonda Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Cc: Link: https://lore.kernel.org/r/20221207010210.2563293-2-dionnaglaze@google.com --- Documentation/virt/coco/sev-guest.rst | 4 ++-- drivers/crypto/ccp/sev-dev.c | 8 +++++--- include/uapi/linux/psp-sev.h | 7 +++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index bf593e88cfd9..aa3e4c6a1f90 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -40,8 +40,8 @@ along with a description: The guest ioctl should be issued on a file descriptor of the /dev/sev-guest device. The ioctl accepts struct snp_user_guest_request. The input and output structure is specified through the req_data and resp_data field respectively. If the ioctl fails -to execute due to a firmware error, then fw_err code will be set otherwise the -fw_err will be set to 0x00000000000000ff. +to execute due to a firmware error, then fw_err code will be set. Otherwise, fw_err +will be set to 0x00000000ffffffff, i.e., the lower 32-bits are -1. The firmware checks that the message sequence counter is one greater than the guests message sequence counter. If guest driver fails to increment message diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index e2f25926eb51..823c67a43c38 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -444,10 +444,10 @@ static int __sev_init_ex_locked(int *error) static int __sev_platform_init_locked(int *error) { + int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; struct psp_device *psp = psp_master; - struct sev_device *sev; - int rc = 0, psp_ret = -1; int (*init_function)(int *error); + struct sev_device *sev; if (!psp || !psp->sev_data) return -ENODEV; @@ -475,9 +475,11 @@ static int __sev_platform_init_locked(int *error) * initialization function should succeed by replacing the state * with a reset state. */ - dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); + dev_err(sev->dev, +"SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); rc = init_function(&psp_ret); } + if (error) *error = psp_ret; diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 91b4c63d5cbf..1c9da485318f 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -36,6 +36,13 @@ enum { * SEV Firmware status code */ typedef enum { + /* + * This error code is not in the SEV spec. Its purpose is to convey that + * there was an error that prevented the SEV firmware from being called. + * The SEV API error codes are 16 bits, so the -1 value will not overlap + * with possible values from the specification. + */ + SEV_RET_NO_FW_CALL = -1, SEV_RET_SUCCESS = 0, SEV_RET_INVALID_PLATFORM_STATE, SEV_RET_INVALID_GUEST_STATE, From patchwork Tue Mar 7 19:24:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65821 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631269wrd; Tue, 7 Mar 2023 11:58:21 -0800 (PST) X-Google-Smtp-Source: AK7set+hAb9L4yc7ymJINnFZnQ1rJsmCgreXOCPLvHIe+3DIpZ5S0MQdAb+SuF11qQMvJKuf19k1 X-Received: by 2002:aa7:c1d6:0:b0:4c1:88e:6ac9 with SMTP id d22-20020aa7c1d6000000b004c1088e6ac9mr14491695edp.10.1678219100875; Tue, 07 Mar 2023 11:58:20 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219100; cv=none; d=google.com; s=arc-20160816; b=iP0G0fvgAJcNQTGZgm8TnlIQ0+QRzzz/zydp46zh9EDB7VTdSHnoR1WBLYA5Kwc5O9 gr6gI//Hf29+Fx/q9NLE7QNRop1st8CamaUrrim+xY3/sZR2iPIBcFS8ldRQwp/29y0x lMt2W6xX6NRZDt28nRzKRsS3/W8Ciua87W3verIBo65JwTGuWGNq8ROFlAYS3SdNqVTM GRFzFyQrOn6ur5HwbSbu4njexS6zje/H+GE3ItoXdKFeJUP1TLdf86ak1lsMRxLKxTA7 3tmgOArL5gqOoh2BIfGcjdMGvuu/rhQy+ziVre2zz3dLwDSmu97dhxORic0CqUV89TD0 WUFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KcgkIWNvodDr5x36a9j1+pJT663ai9fqYOsgYzxEZYk=; b=X2GzH2ZL/WB1HEVUuThW4bVM3BN5g5Q1dqDm9BWkT6E9VWmUgy1hGcccqudf9x1O2r BMg6i9abFKiHIfiq1usiezBD6zDk+mcZF5uThrihSQ/gecw51GqqXYLKkts/8ErP6LUu v394yQHx4aWm4LPYy0C+RA1onbviG1PRC9MrRtkPSP1RYCFaq9pRvIwysnYHN3oFRiKM 06kz+kPlnXEt4gS+SQhDve42I9kMvEGQi7Raa+Axgj7XI+Ou1x+vx//FHNvyxN8tKWNO oyl+a7+jlYzegN6Y0KrczFTu2bL0HnnBQkmwEO2LjyBmKRQ2IDpuFiQAzTopTlkQkeoj /lKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=LOGioT+4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id m6-20020aa7c486000000b004acd42c5911si847027edq.241.2023.03.07.11.57.57; Tue, 07 Mar 2023 11:58:20 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=LOGioT+4; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234093AbjCGTiI (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:08 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52294 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234128AbjCGThg (ORCPT ); Tue, 7 Mar 2023 14:37:36 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E15ECB8574 for ; Tue, 7 Mar 2023 11:24:58 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 2A16B1EC068D; Tue, 7 Mar 2023 20:24:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KcgkIWNvodDr5x36a9j1+pJT663ai9fqYOsgYzxEZYk=; b=LOGioT+4S3qPypIbXtjQL01zmmGNuZ20p9ZyCb4TD0Smw3hDmdWZ60WSGcUBj5tJfF1ulJ yPXFX1Jd1AJ3aM/VvY8qdZcrkCo5bAWQYlN09+U0f+Q1eIrfc+e6NRXoQWbTKKu7DjjqXj qmg0s9drt+nvIml2t57kVuYScwGPgcU= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 02/11] virt/coco/sev-guest: Check SEV_SNP attribute at probe time Date: Tue, 7 Mar 2023 20:24:40 +0100 Message-Id: <20230307192449.24732-3-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740272161422714?= X-GMAIL-MSGID: =?utf-8?q?1759740272161422714?= From: "Borislav Petkov (AMD)" No need to check it on every ioctl. And yes, this is a common SEV driver but it does only SNP-specific operations currently. This can be revisited later, when more use cases appear. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 3 --- drivers/virt/coco/sev-guest/sev-guest.c | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 679026a640ef..c644c34372e8 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2183,9 +2183,6 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned struct ghcb *ghcb; int ret; - if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) - return -ENODEV; - if (!fw_err) return -EINVAL; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 7b4e9009f335..ed5d6ae1a144 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -703,6 +703,9 @@ static int __init sev_guest_probe(struct platform_device *pdev) void __iomem *mapping; int ret; + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) + return -ENODEV; + if (!dev->platform_data) return -ENODEV; From patchwork Tue Mar 7 19:24:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65848 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2646730wrd; Tue, 7 Mar 2023 12:32:00 -0800 (PST) X-Google-Smtp-Source: AK7set+nqNUmR414GYOE5FWmDdOl2ZjMOvo1FLBLfbdoTVIq/9E1qTZFBXOtqFbl/+XZyclu+IqO X-Received: by 2002:aa7:da15:0:b0:4ac:c72b:5eb5 with SMTP id r21-20020aa7da15000000b004acc72b5eb5mr14149757eds.40.1678221120099; Tue, 07 Mar 2023 12:32:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678221120; cv=none; d=google.com; s=arc-20160816; b=ycmCE1rYphUDMojJ43EWmuet7ttMM9zTy0RYodRR7qTvzzq6rwB/zSYfBuMwVHPaMw +3Ge4jr5xJ9JztO06GU5qyrGGpPpBRGA4EgNEgsEGUrBihS56c5MlDb+GjG7ghzYwYrv asTYU8OuCWbqU8i7VEciG7zuj5vP5IEbW5b1uZjFZ7SbbOby/ALZ1WVh1SVZecMziuo8 AnW8dydpHV0TMxifoUd4l9Guzo5RRSmcQG5dyn2rjEL1Pz/ReQI1vFpRebgfx9RNPsvh NOfx71R2UFGEjl+IfoHyM9o2YVXGFplPs2KkxspYm4ZrrMygt3JuxAF/sG2z7UKN9Pd/ TVHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+YVJIIGc1QMZZquSCdhv6upEqgdnIu7WrVxw64prdzU=; b=H5RJLdDb5v3bWUzDO1xhd32Bqg8ivdriMI2enAhD+jpeti9SgQY0XkC+IAjnfloaXd uEpp9qYcD/BqZU8WaoUpd8oFPJTju+kFya3dT7ZWMpjGC0PvNwIWMqC6QpDZ0DVTZhfZ qWhMV9E0DAwS3G6yAmmuUuFtiXDo3iyoJ8PqVhbzywrVqLLZsGpGNiHpTyL6mJMivr7U tqhRH0AWRWFTlp1l+HGrcWvOe6zuA2X3UXg2npUNu8H89KjKIV4xohbo3xDBp5UEgl0s RI7j9pQKsJkFwpac16yXjw4tgULTfDl2W0+MDkKI6MW7EkTbkyDSTt9a+8OtucOQSIMU Mgqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=VL0A87YE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h2-20020aa7de02000000b004acc76c1cf4si12380313edv.563.2023.03.07.12.31.35; Tue, 07 Mar 2023 12:32:00 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=VL0A87YE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231393AbjCGTiQ (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234248AbjCGThj (ORCPT ); Tue, 7 Mar 2023 14:37:39 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0795F9965A for ; Tue, 7 Mar 2023 11:24:59 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id AC8731EC068E; Tue, 7 Mar 2023 20:24:57 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=+YVJIIGc1QMZZquSCdhv6upEqgdnIu7WrVxw64prdzU=; b=VL0A87YEm5pDLfCdVu5BShpJ9CV+f9BnxCKrHEaMR9lDs4m+nmdNLnUgeI4YvTB/jsfFgZ HhgNsnGcmowa4VuC8KxLSEivKeD5kAETSNApHuFro2ZSXEd4lOMu7ZFplf6xovG1SMIxBt 2scHBfrHOVeT7GAGlRGhyFyLSo4ejvY= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 03/11] virt/coco/sev-guest: Simplify extended guest request handling Date: Tue, 7 Mar 2023 20:24:41 +0100 Message-Id: <20230307192449.24732-4-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759742389395223996?= X-GMAIL-MSGID: =?utf-8?q?1759742389395223996?= From: "Borislav Petkov (AMD)" Return a specific error code - -ENOSPC - to signal the too small cert data buffer instead of checking exit code and exitinfo2. While at it, hoist the *fw_err assignment in snp_issue_guest_request() so that a proper error value is returned to the callers. [ Tom: check override_err instead of err. ] Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Tom Lendacky Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 11 +++--- drivers/virt/coco/sev-guest/sev-guest.c | 48 +++++++++++++------------ 2 files changed, 32 insertions(+), 27 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index c644c34372e8..6a3e1425ba17 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2209,15 +2209,16 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (ret) goto e_put; + *fw_err = ghcb->save.sw_exit_info_2; if (ghcb->save.sw_exit_info_2) { /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) + ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) { input->data_npages = ghcb_get_rbx(ghcb); - - *fw_err = ghcb->save.sw_exit_info_2; - - ret = -EIO; + ret = -ENOSPC; + } else { + ret = -EIO; + } } e_put: diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index ed5d6ae1a144..e61db0b15b7a 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -322,7 +322,8 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in u8 type, void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, __u64 *fw_err) { - unsigned long err; + unsigned long err, override_err = 0; + unsigned int override_npages = 0; u64 seqno; int rc; @@ -338,6 +339,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (rc) return rc; +retry_request: /* * Call firmware to process the request. In this function the encrypted * message enters shared memory with the host. So after this call the @@ -346,17 +348,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in */ rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - /* - * If the extended guest request fails due to having too small of a - * certificate data buffer, retry the same guest request without the - * extended data request in order to increment the sequence number - * and thus avoid IV reuse. - */ - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - err == SNP_GUEST_REQ_INVALID_LEN) { - const unsigned int certs_npages = snp_dev->input.data_npages; + switch (rc) { + case -ENOSPC: + /* + * If the extended guest request fails due to having too + * small of a certificate data buffer, retry the same + * guest request without the extended data request in + * order to increment the sequence number and thus avoid + * IV reuse. + */ + override_npages = snp_dev->input.data_npages; + exit_code = SVM_VMGEXIT_GUEST_REQUEST; - exit_code = SVM_VMGEXIT_GUEST_REQUEST; + /* + * Override the error to inform callers the given extended + * request buffer size was too small and give the caller the + * required buffer size. + */ + override_err = SNP_GUEST_REQ_INVALID_LEN; /* * If this call to the firmware succeeds, the sequence number can @@ -366,15 +375,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in * of the VMPCK and the error code being propagated back to the * user as an ioctl() return code. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - - /* - * Override the error to inform callers the given extended - * request buffer size was too small and give the caller the - * required buffer size. - */ - err = SNP_GUEST_REQ_INVALID_LEN; - snp_dev->input.data_npages = certs_npages; + goto retry_request; } /* @@ -386,7 +387,10 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in snp_inc_msg_seqno(snp_dev); if (fw_err) - *fw_err = err; + *fw_err = override_err ?: err; + + if (override_npages) + snp_dev->input.data_npages = override_npages; /* * If an extended guest request was issued and the supplied certificate @@ -394,7 +398,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in * prevent IV reuse. If the standard request was successful, return -EIO * back to the caller as would have originally been returned. */ - if (!rc && err == SNP_GUEST_REQ_INVALID_LEN) + if (!rc && override_err == SNP_GUEST_REQ_INVALID_LEN) return -EIO; if (rc) { From patchwork Tue Mar 7 19:24:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65822 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631270wrd; Tue, 7 Mar 2023 11:58:21 -0800 (PST) X-Google-Smtp-Source: AK7set+CI2YgiDKUPtwhjEB+eiWBwWghCHA/xZ3MXUfYdv1axxLpxsdivBAhDBInUojj1bYd8VOW X-Received: by 2002:a17:907:31c3:b0:8af:2d2e:5d31 with SMTP id xf3-20020a17090731c300b008af2d2e5d31mr21052214ejb.31.1678219101243; Tue, 07 Mar 2023 11:58:21 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219101; cv=none; d=google.com; s=arc-20160816; b=0kO5qSVbX2nti7RGHs+ecfxKRd2nuSC7xq3xHdlPPQspb9ypv7aOEm90ygfDxen4p9 0HOLAc5P4cumeQyarhR/Wz8AyE8VTZKrGUEcPsd0ByANzpL+VShLTz3dpZJZJogzt+Yx lXKctEk6e4HvzHTb/asHDNd5phdLw/wdJpRuDHb/VvrPuQqB2/ekHc3o8dalGz7Scd84 hbAQDCgxuHzjRFHIO0hm1K+rHrLePZnd6QP9hwng3mqBlhNIRPqOO4gdYADl9CJ0mggV HD9f09GH0ZRClFeLBPtA2kQt++6nd8rCOuHwfSM36RFW4qaJRO5wuAcxgZrFDUjV9d58 rqCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WcyoixC2EelL7IpGg5rrSKxc8ATNU7FnXy0NB/gPXKs=; b=E7metzVy6nQDV36074XKgLCIDPtCb6BEaxRSPZAB9x4kAqcArq2cDiDaBXZA311fKW 5AKMa0v5qcluRN5IBV8yo/wQ/vIu9klr/RJ7qrqVTqPLf1gvLkaCLR1awK8uwGG4wIYu 6YBG7MkjAbzudhmMZxjabcxyq+5z4y80qnKmKbjYW9Nvt4ymB+48EqWtryO24evqAWwc 4JBHpLqIS0439XeOBjOh+dBD+Th4YMHM022WTh+vcM4pLYBHtphZLLBu+HWxzq4dF4CI yfBZrau+nCfHaDtfwl8QNQhUkoKOq7xJRYYK7e2D1AfObIppoVj++n6A1cLqZQYYSPZ+ sM/A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=YpXdP0Zf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c17-20020a170906d19100b008d3be841ccdsi423244ejz.326.2023.03.07.11.57.57; Tue, 07 Mar 2023 11:58:21 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=YpXdP0Zf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231995AbjCGTiM (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234242AbjCGThj (ORCPT ); Tue, 7 Mar 2023 14:37:39 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 091E6B8624 for ; Tue, 7 Mar 2023 11:24:59 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 2A6651EC068F; Tue, 7 Mar 2023 20:24:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=WcyoixC2EelL7IpGg5rrSKxc8ATNU7FnXy0NB/gPXKs=; b=YpXdP0ZfYnL1cACp6ZkqWwJZe2QsMmfIY4zKeossGJiHp/rw2hmpHwhsKHwKAgo3xLYvcA h3FsHBe/rka5PsA/4/qp2hwCs0/Es3Yyr4vxelGRFGzhw6otPIheJuuqSWdFoJ2ENRVxvZ KUsFF7RN2v9z4W3AwK8SGIirj981q4o= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 04/11] virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() Date: Tue, 7 Mar 2023 20:24:42 +0100 Message-Id: <20230307192449.24732-5-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740272337661957?= X-GMAIL-MSGID: =?utf-8?q?1759740272337661957?= From: "Borislav Petkov (AMD)" Call the function directly instead. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index e61db0b15b7a..a51bd4afd5ab 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -405,7 +405,8 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); - goto disable_vmpck; + snp_disable_vmpck(snp_dev); + return rc; } rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); @@ -413,14 +414,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); - goto disable_vmpck; + snp_disable_vmpck(snp_dev); + return rc; } return 0; - -disable_vmpck: - snp_disable_vmpck(snp_dev); - return rc; } static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) From patchwork Tue Mar 7 19:24:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65842 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2644655wrd; Tue, 7 Mar 2023 12:27:28 -0800 (PST) X-Google-Smtp-Source: AK7set+8SWtJd7V9JZTuh6m0ibn8AfciS+h7MooQWjhq7ZJc8jsQdgcTjFidYqJ84dZ3FCJVauP9 X-Received: by 2002:a17:902:bf06:b0:19c:ff15:5bd8 with SMTP id bi6-20020a170902bf0600b0019cff155bd8mr13056616plb.46.1678220848535; Tue, 07 Mar 2023 12:27:28 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678220848; cv=none; d=google.com; s=arc-20160816; b=losjpXUgtQrhkZ5CUkgJ/av9zQ4fRJAn6hFHt61oO7edxeaWBeHw3/g0u7TkmRabGj XpK9sTsCUqciCqdlaTUFC2kcsMyLgXPwE7QQ41Nq7mbeyrHPS8kOhAPGl8aBFGLr8AHM I5n94YBNv3I+Rd9nnFAd7pgcki47eDNRj8TbyZwYvqJFMz2Uk9VWGKtr9NA355jqB6LY jmdhz6Asl8P7if2+cM/y/hJArQXgkkGnGyhrJnsHtD5Lh0GDtdWWaw2IyiQRpc2Hpwi+ afUcRW1z/ay//TrCLfaF8ayiwWDKSb7mbw5nacE1fq5PM7lgbiSiJPyEvo1ZLogWpAMW nsOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=eQFtBqETFSp+hhhzZz7vM2Ig7VzCSNQThRpT4qgJ7Og=; b=R5uhIiu5VyyPIhWWnkW6HXJYwIJBSwsbm4Ca5DaJMQIlQCDMi4k/3WHSVRxuztfrKs TPSw7M66Le0d6HJhP7qS5V/mTd3yqozljjhY6kj/SQyiqw/7JH1scnH/i6Mt6hSNdDxR +t4wsba5EGKipBpeH9Fe9fzWIBkKyITaqNsljuq41x30CvGgMHrTp462PCJX2aLpoUNx czYmCmLlLNEkNJcrley5rf2RDa8td5APoUgq6gWhcxiaV7W6py+Tvr++tz4yHbuom0E/ RbQKC0wMaDkEajZHyFkvTbkgV82r/C2bE86HuwCAOGltiZTDOjjgo+BA1+WpRdHNrbCQ fobA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gJEpBAyb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kl5-20020a170903074500b0019b7766afdcsi11865314plb.554.2023.03.07.12.27.15; Tue, 07 Mar 2023 12:27:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=gJEpBAyb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234279AbjCGTiY (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:24 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51366 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233901AbjCGThj (ORCPT ); Tue, 7 Mar 2023 14:37:39 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 705AB9966C for ; Tue, 7 Mar 2023 11:25:00 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id C4F461EC0691; Tue, 7 Mar 2023 20:24:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=eQFtBqETFSp+hhhzZz7vM2Ig7VzCSNQThRpT4qgJ7Og=; b=gJEpBAybRJNlcPHBjH7/5s351qIY0T0sci7vxVZC7eGpnLFm2b2QFlEa/Dwe00bnnUX5xM OBld47fMfxq+iJiu0ryfKaPRfXvbMyn2lx8su5OurXghLaR8RqVRgZQ181lEqOkgjR+RD4 /rwYGZuzwOKJrOtqk70WXP2V76iSq5U= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 05/11] virt/coco/sev-guest: Carve out the request issuing logic into a helper Date: Tue, 7 Mar 2023 20:24:43 +0100 Message-Id: <20230307192449.24732-6-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759742104266997229?= X-GMAIL-MSGID: =?utf-8?q?1759742104266997229?= From: "Borislav Petkov (AMD)" This makes the code flow a lot easier to follow. No functional changes. [ Tom: touchups. ] Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Tom Lendacky Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 44 +++++++++++++++---------- 1 file changed, 27 insertions(+), 17 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index a51bd4afd5ab..07dafe22b27a 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -318,27 +318,12 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 return __enc_payload(snp_dev, req, payload, sz); } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, - u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) +static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) { unsigned long err, override_err = 0; unsigned int override_npages = 0; - u64 seqno; int rc; - /* Get message sequence and verify that its a non-zero */ - seqno = snp_get_msg_seqno(snp_dev); - if (!seqno) - return -EIO; - - memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); - - /* Encrypt the userspace provided payload */ - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); - if (rc) - return rc; - retry_request: /* * Call firmware to process the request. In this function the encrypted @@ -347,7 +332,6 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in * prevent reuse of the IV. */ rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - switch (rc) { case -ENOSPC: /* @@ -401,7 +385,33 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (!rc && override_err == SNP_GUEST_REQ_INVALID_LEN) return -EIO; + return rc; +} + +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, + u8 type, void *req_buf, size_t req_sz, void *resp_buf, + u32 resp_sz, __u64 *fw_err) +{ + u64 seqno; + int rc; + + /* Get message sequence and verify that its a non-zero */ + seqno = snp_get_msg_seqno(snp_dev); + if (!seqno) + return -EIO; + + memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); + + /* Encrypt the userspace provided payload */ + rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); + if (rc) + return rc; + + rc = __handle_guest_request(snp_dev, exit_code, fw_err); if (rc) { + if (rc == -EIO && *fw_err == SNP_GUEST_REQ_INVALID_LEN) + return rc; + dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); From patchwork Tue Mar 7 19:24:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65823 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631330wrd; Tue, 7 Mar 2023 11:58:32 -0800 (PST) X-Google-Smtp-Source: AK7set8iGWbBfKTfcVBu0TlAceG+0giwFuLZquF9UoLkNXjc1nj7RqdN67GCkhSVQueg8i/VxpGA X-Received: by 2002:a05:6402:b0e:b0:4c7:ded2:7251 with SMTP id bm14-20020a0564020b0e00b004c7ded27251mr12705439edb.32.1678219112201; Tue, 07 Mar 2023 11:58:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219112; cv=none; d=google.com; s=arc-20160816; b=EP7GyY+7RPgZ7P85DPea7swxIy6TCfUXHm7wDu/E0X8w2FHJhiz+ZDTek5Udi/NPqm +AMX1SwYItl34Thxon9BH5OkFlCQb+oMzZaiHSV1RXS7tFyhfp1XqWW97J86A+EUOuOY n7anaZFA41XK+mfl4XOxLtwY8zto8Vz08isDq4w0UmUhk4hxUxdF5xOy1GVuOrZfAYnI 9wfwWNEXpSvAcpQgD0fbKinCGCyccAtGAFcBewSTLeRp0rvtdx9y8FH7+tdFKLbZSpMs lGSk48qqX4DK57Qb9cQZFo0u6ncJ8q5nPX+vRWlay0WgXxtzhFHKX2ebIEqkcTSXtxai Q8yA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=4SOdasNpIVZBeTMQZbt7smR8ArnRs5idhx2L3K5sBUU=; b=zX50tYr5pwOfy2WBrISajhZ0qxhieYaMxMOCIjfwfy27Ju7cLI86CagdPaI9YEhtwX +XvxYjDv49ZxhQtueRV/KNGevQ9oBLUmPobZpxsQIVqWKDL1EniVEkZ6/rueazAw32eV sA79DrvsvHUnZNRnr/dS63dFtK/pYtey5+XMla8WMgFZbAtyvwlOsm1o+B8+uZ4QfqZM bxiO/ATV73yrjqyo+Lx7Wt30NXBgAcCeDaTe92EX0NREMWqTLlBbB9/MIt2IlC8kqcBa 2fBKXCdIUXiGz06SoXYa0QpvxN4shajrqwBPjiJ6t2C92wcuJaHRmb4kj6zQT0DBHEg5 Z6qA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=JL1IOWo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i23-20020aa7c717000000b004bd4b029f4fsi12192550edq.297.2023.03.07.11.58.07; Tue, 07 Mar 2023 11:58:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=JL1IOWo6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234278AbjCGTiU (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48990 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231715AbjCGThj (ORCPT ); Tue, 7 Mar 2023 14:37:39 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE3989E309 for ; Tue, 7 Mar 2023 11:25:00 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 3C9831EC069A; Tue, 7 Mar 2023 20:24:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4SOdasNpIVZBeTMQZbt7smR8ArnRs5idhx2L3K5sBUU=; b=JL1IOWo6bD1CXtSfHs86ZooGZBuL5z8YArxAaLYdFTF24OMBQNmbUH6cbj7L00ml+XvVOB M4dwe+mGY0EMhBDUDRpx/jeV4VtUynMLwp4xgbAFtXGkXO77fXYUxXkO88bl7434j3MZm4 8yqPghVvPF9/PCoW5UKutIoPqnXkiMs= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 06/11] virt/coco/sev-guest: Do some code style cleanups Date: Tue, 7 Mar 2023 20:24:44 +0100 Message-Id: <20230307192449.24732-7-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740283686565879?= X-GMAIL-MSGID: =?utf-8?q?1759740283686565879?= From: "Borislav Petkov (AMD)" Remove unnecessary linebreaks, make the code more compact. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 07dafe22b27a..81a53c31ff46 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -412,18 +412,14 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (rc == -EIO && *fw_err == SNP_GUEST_REQ_INVALID_LEN) return rc; - dev_alert(snp_dev->dev, - "Detected error from ASP request. rc: %d, fw_err: %llu\n", - rc, *fw_err); + dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); snp_disable_vmpck(snp_dev); return rc; } rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); if (rc) { - dev_alert(snp_dev->dev, - "Detected unexpected decode failure from ASP. rc: %d\n", - rc); + dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); snp_disable_vmpck(snp_dev); return rc; } From patchwork Tue Mar 7 19:24:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65824 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631452wrd; Tue, 7 Mar 2023 11:58:50 -0800 (PST) X-Google-Smtp-Source: AK7set8OI+HTEcNB7zcMedZVL85wzQWm0nO1SDXFvqmXThAuu/W0SGIHP9dSOFa6GvmMGnfacgjc X-Received: by 2002:aa7:c491:0:b0:4bf:b759:67bc with SMTP id m17-20020aa7c491000000b004bfb75967bcmr14781095edq.6.1678219130645; Tue, 07 Mar 2023 11:58:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219130; cv=none; d=google.com; s=arc-20160816; b=GiEQHLMZIBYIrGynwnSGduAmln2OjqcB/6WaRcNqJUe5sn9pz82Y7CfiDdVdhQf6tr g/FmFwaxw1aUOEzq+23vEspCZil3aTe2D6bUnNT6jLFArTmfH9sV50TgSN5Q6KGaih8j bhn5FsU3G4Vi/AbY+MUThkuQUAifhxTs/Opj9/cpRg6YbLLfxgUi/NUDOogZeuKLKmHK 4tHUN4/dTddK9mxugAQlQHpc6ZPsG6QrCYXx5JtPF3+0rGyrsBcvcVIxvW34UP2YLprx /l8qVzt9C9+ef/pVXULY2emkTUNAGAq+SvFPVCM8DsbpLC7bGwbUyiQB7oAjqXamexas C2qA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=KR4vVsJESSCg86kIVXeeVz75YYrz3rzwdB6btBRiLEY=; b=m7u+icfgyLS6WDUZWEPHcwoGrfBWeLIPUsh0B4kdcHgkjomqeyvVs9Y1ds9J/JjEHX 8qwfdpU4dm+E+4kYNIJ+RMJ4X578ThqX7wT2l2guNMLsKA8wsj3yAj/kR4bwWf/3KA3n MD7ea6OEFlcpzzTvrLljBMdiFxcENuobHyEXtHxB4XxYyHXHR4rzH0JVGeJpL+ctoM0j 1kkWkc0J46aPF6rLT2tf3Tfq/cmiplfXUu0PTUouhuLLRHIzGyA8BHlPrrulY1+7ZyHM Eja804VZ26S7iNrcDsbUipPaHXAAYiHGOt2AOc9cs3GdZGQhBho9Vjsb2cfReBXcZg4V VKAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=BKZLhVL+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n24-20020a05640206d800b004accb663177si12879185edy.330.2023.03.07.11.58.26; Tue, 07 Mar 2023 11:58:50 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=BKZLhVL+; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234287AbjCGTib (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:31 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54480 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234173AbjCGThk (ORCPT ); Tue, 7 Mar 2023 14:37:40 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 57EFDB862C for ; Tue, 7 Mar 2023 11:25:01 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id BE4F71EC06A7; Tue, 7 Mar 2023 20:24:59 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217099; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KR4vVsJESSCg86kIVXeeVz75YYrz3rzwdB6btBRiLEY=; b=BKZLhVL+3GYzcNwfp+LpeD+VNii/UoHvTiUyjiyMJJ03TEqyChGvpkdxgvbOA/B77RPXyq P9z7zBmV6saBzpWcQCfELsHFTMgC5Js6SkplfvWSpxmXoq1Mh38WKKyjI38bwiMJG5rGmI 75q526oRCYxPK8ji45jbYL0k36xUQ68= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 07/11] virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case Date: Tue, 7 Mar 2023 20:24:45 +0100 Message-Id: <20230307192449.24732-8-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740303378230388?= X-GMAIL-MSGID: =?utf-8?q?1759740303378230388?= From: "Borislav Petkov (AMD)" snp_issue_guest_request() checks the value returned by the hypervisor in sw_exit_info_2 and returns a different error depending on it. Convert those checks into a switch-case to make it more readable when more error values are going to be checked in the future. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- arch/x86/kernel/sev.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 6a3e1425ba17..d67884fb38c1 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2210,15 +2210,21 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned goto e_put; *fw_err = ghcb->save.sw_exit_info_2; - if (ghcb->save.sw_exit_info_2) { + switch (*fw_err) { + case 0: + break; + + case SNP_GUEST_REQ_INVALID_LEN: /* Number of expected pages are returned in RBX */ - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && - ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) { + if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { input->data_npages = ghcb_get_rbx(ghcb); ret = -ENOSPC; - } else { - ret = -EIO; + break; } + fallthrough; + default: + ret = -EIO; + break; } e_put: From patchwork Tue Mar 7 19:24:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65826 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631477wrd; Tue, 7 Mar 2023 11:58:54 -0800 (PST) X-Google-Smtp-Source: AK7set/XZdob5Y2ubOfxpaycyEhFV9l0fDYg/40w6fYHeuHJmf1IpW10Q5SpEFj6WXk+WVdnxV+q X-Received: by 2002:a17:907:97d3:b0:883:b1b4:e798 with SMTP id js19-20020a17090797d300b00883b1b4e798mr19081382ejc.10.1678219133872; Tue, 07 Mar 2023 11:58:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219133; cv=none; d=google.com; s=arc-20160816; b=tLPuKsyymCoyVvgJs4tjnlVpefjoS0bob6+gT11uzIkVXrZe9bGRrOoWaU5gkriPXQ rn9s5Ii8DVGnL+VY7gTkzhlTgEKJ8IT7mFdew2bc3pnxzSM2NGwJoR0+e0zEy3CiRvnh Py+v7Qym9vTJrU3mHFlfzWiAeVnrWk4ZQpvhj/f4DZsC3z0ukimcA2tZvwYrALyTi92V p9LGck1I5wZ1YJHFOZ99HNhQIH14BuwFbKV9IXo1ndvU7nvl4j87piAbEokYLqBxZZFW NGDl7iLYeLlPtRJSYiZ9KZ08/3IteNZZ++kXMFn68CfTc2aGRQifLDRe8eGDAI+O9i/W Nh4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=soKezYnhw5pTtt4MplxefN2gCrw0tw5YIT2mULQOOCY=; b=PkU1JkaK8EcHEeXVff1RptYO6uwP0qNSPV7XQdEzd1hyhpfT4SUMWJds5CzYbhf+K+ le9Xlf5PGjfSa/J0Y14dusLQQmdgOOp1voVq2MUyAl2jY15ZYgPKOws4xnoSVQmjUdI7 QkqYgzVzdeHvMvqCtWHgKV/UZi7cWVbH1cHzFCKtZBtBtSbb7BjDf+mwTo2NnCga2QPw Njy+ExTVc5B+UkKRCCOV9cJYCgYeePPZOLWRI1MaO01B6fLcOBBfY8tAqQqCs9O/7een 0QABql1C/agkfUO/HfpaUjZk6n80z1A4RbUEIzp9ERb/YAWdw+FWguY3+4pFtssiF7T0 Yo2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=lPE90LFE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j14-20020a170906278e00b008f8929efcf4si1543561ejc.108.2023.03.07.11.58.28; Tue, 07 Mar 2023 11:58:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=lPE90LFE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234187AbjCGTie (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:34 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53344 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234178AbjCGThl (ORCPT ); Tue, 7 Mar 2023 14:37:41 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F305E9E308 for ; Tue, 7 Mar 2023 11:25:01 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 38F531EC06A9; Tue, 7 Mar 2023 20:25:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=soKezYnhw5pTtt4MplxefN2gCrw0tw5YIT2mULQOOCY=; b=lPE90LFEnso6TYhFHvYrMt0vmOu84pt745Ja5CZmEea4mDKaDdR90wZC382VZdZkHRNwyN zaIG9zni7MIWC0yJdfTOafMq8Q0AS97Jr9uBlhn3D7UNl5KkPbF+rWwsYhWqL50mGoHnqi nS/r4ELrrys8Vq1VYSLlUlx7aZpEZ2A= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 08/11] crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer Date: Tue, 7 Mar 2023 20:24:46 +0100 Message-Id: <20230307192449.24732-9-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740306300327380?= X-GMAIL-MSGID: =?utf-8?q?1759740306300327380?= From: "Borislav Petkov (AMD)" Add a wrapper instead. No functional changes. Signed-off-by: Borislav Petkov (AMD) --- drivers/crypto/ccp/sev-dev.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 823c67a43c38..e346c00b132a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -442,11 +442,18 @@ static int __sev_init_ex_locked(int *error) return __sev_do_cmd_locked(SEV_CMD_INIT_EX, &data, error); } +static inline int __sev_do_init_locked(int *psp_ret) +{ + if (sev_init_ex_buffer) + return __sev_init_ex_locked(psp_ret); + else + return __sev_init_locked(psp_ret); +} + static int __sev_platform_init_locked(int *error) { int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; struct psp_device *psp = psp_master; - int (*init_function)(int *error); struct sev_device *sev; if (!psp || !psp->sev_data) @@ -458,15 +465,12 @@ static int __sev_platform_init_locked(int *error) return 0; if (sev_init_ex_buffer) { - init_function = __sev_init_ex_locked; rc = sev_read_init_ex_file(); if (rc) return rc; - } else { - init_function = __sev_init_locked; } - rc = init_function(&psp_ret); + rc = __sev_do_init_locked(&psp_ret); if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) { /* * Initialization command returned an integrity check failure @@ -477,7 +481,7 @@ static int __sev_platform_init_locked(int *error) */ dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); - rc = init_function(&psp_ret); + rc = __sev_do_init_locked(&psp_ret); } if (error) From patchwork Tue Mar 7 19:24:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65825 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631471wrd; Tue, 7 Mar 2023 11:58:53 -0800 (PST) X-Google-Smtp-Source: AK7set9n/EeZUAcD2ZWOdR/3Ozpy9inaquAMFThadw1En3V5AmOPFGh+pz/K01CHTKSsOVPuyafI X-Received: by 2002:a17:906:b242:b0:8af:305b:76af with SMTP id ce2-20020a170906b24200b008af305b76afmr13920916ejb.33.1678219133134; Tue, 07 Mar 2023 11:58:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219133; cv=none; d=google.com; s=arc-20160816; b=jBU1SKd58eb3Ouj0f3ScRI5HgsRU58ZQGHPgFtlB7pED53Qz+oh5iWplYgYNcB8Lwm vocXW8JWvj+jlihamCNUDtfPJj8kpCGz3XB6tyq6ELztXEbpOB7Q4DLN6ZxHc+NNNik/ lyMftNLd757y98kOE22weJsGYB86fOUfr2pkrU4nO/UZ1QGSnngWZAjZ5jWioR0YvT8O 1GP3VeTWCt76NpjrVHX84sz+3vDXDBey6y5KQEyuypv26q9LudM/iUDFNbMeTulP3PpF xfqJNfe6h7K5N2Rp1Rcz70zZ3ZFYr/cU7NeSfGtQs+c86W96mdNB7oXM+2gWxrSEbW8C W59A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Hrnqg02hbwlPWfzHVKt8aCTMzmIQepyCvzKZ2v/oxvw=; b=ndUTlQruLCtYscPt2SXIoqadEHCuH1W6D2opAjGH864VFbnF1mj/g3BhNDkwwztWrh ba79AFARkz4XX3cEQ+C9v0fft9S/hAorxNIO0MaQohiCvLZYlLf1EXS9zDBTKjUy+LMi G7vFHK6aIenZ6UaUw32xZs/LY16iLER8jT7PhPAPAfXj/xS5WYjoM8qAGoiFd/BUPm4X HuAJC2ujErhEgw7763LB//k3U0MwRi1kQwpqinXoXGoqy++XbSrxB/ePG+vf6CSzgyJx Q9kC+TLPsd4KClS/alvb8fEoOcphV14RkGGCT4g8759SX2bCsszyTF57nOQt+u0kG37n 5iIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=n6uNy4YX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa7-20020a1709076d0700b008b9b135aee9si2284222ejc.350.2023.03.07.11.58.28; Tue, 07 Mar 2023 11:58:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=n6uNy4YX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234296AbjCGTii (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:38 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52150 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234179AbjCGThl (ORCPT ); Tue, 7 Mar 2023 14:37:41 -0500 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 18020B8F29 for ; Tue, 7 Mar 2023 11:25:02 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 9D32E1EC06BA; Tue, 7 Mar 2023 20:25:00 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217100; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Hrnqg02hbwlPWfzHVKt8aCTMzmIQepyCvzKZ2v/oxvw=; b=n6uNy4YXZ+PdiY8sz9J9491QnE/Yx8ujmGt9T81Vf9yEqooB3L7y2dHkXNyNVe9XPVpu/r pevN1lgIc7QyEacGB2xWZ8yKPorAu/8hol2OBotwQt16n3U8uJz1DecraP77Qf5uy/WmY5 pkUH5LI2XdnxS/Vj+G1+Ra4HYOr+GhQ= From: Borislav Petkov To: LKML Cc: Borislav Petkov , Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 09/11] virt/coco/sev-guest: Add throttling awareness Date: Tue, 7 Mar 2023 20:24:47 +0100 Message-Id: <20230307192449.24732-10-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740306013551542?= X-GMAIL-MSGID: =?utf-8?q?1759740306013551542?= From: Dionna Glaze A potentially malicious SEV guest can constantly hammer the hypervisor using this driver to send down requests and thus prevent or at least considerably hinder other guests from issuing requests to the secure processor which is a shared platform resource. Therefore, the host is permitted and encouraged to throttle such guest requests. Add the capability to handle the case when the hypervisor throttles excessive numbers of requests issued by the guest. Otherwise, the VM platform communication key will be disabled, preventing the guest from attesting itself. Realistically speaking, a well-behaved guest should not even care about throttling. During its lifetime, it would end up issuing a handful of requests which the hardware can easily handle. This is more to address the case of a malicious guest. Such guest should get throttled and if its VMPCK gets disabled, then that's its own wrongdoing and perhaps that guest even deserves it. To the implementation: the hypervisor signals with SNP_GUEST_REQ_ERR_BUSY that the guest requests should be throttled. That error code is returned in the upper 32-bit half of exitinfo2 and this is part of the GHCB spec v2. So the guest is given a throttling period of 1 minute in which it retries the request every 2 seconds. This is a good default but if it turns out to not pan out in practice, it can be tweaked later. For safety, since the encryption algorithm in GHCBv2 is AES_GCM, control must remain in the kernel to complete the request with the current sequence number. Returning without finishing the request allows the guest to make another request but with different message contents. This is IV reuse, and breaks cryptographic protections. [ bp: Rewrite commit message and do a simplified version. ] Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze Co-developed-by: Borislav Petkov (AMD) Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-2-dionnaglaze@google.com --- arch/x86/include/asm/sev-common.h | 3 ++- arch/x86/kernel/sev.c | 4 ++++ drivers/virt/coco/sev-guest/sev-guest.c | 19 ++++++++++++++++++- 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index b8357d6ecd47..b63be696b776 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -128,8 +128,9 @@ struct snp_psc_desc { struct psc_entry entries[VMGEXIT_PSC_MAX_ENTRY]; } __packed; -/* Guest message request error code */ +/* Guest message request error codes */ #define SNP_GUEST_REQ_INVALID_LEN BIT_ULL(32) +#define SNP_GUEST_REQ_ERR_BUSY BIT_ULL(33) #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index d67884fb38c1..3f664ab277c4 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -2214,6 +2214,10 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned case 0: break; + case SNP_GUEST_REQ_ERR_BUSY: + ret = -EAGAIN; + break; + case SNP_GUEST_REQ_INVALID_LEN: /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 81a53c31ff46..46f1a8d558b0 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -31,6 +31,9 @@ #define AAD_LEN 48 #define MSG_HDR_VER 1 +#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) +#define SNP_REQ_RETRY_DELAY (2*HZ) + struct snp_guest_crypto { struct crypto_aead *tfm; u8 *iv, *authtag; @@ -320,7 +323,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) { - unsigned long err, override_err = 0; + unsigned long err = 0xff, override_err = 0; + unsigned long req_start = jiffies; unsigned int override_npages = 0; int rc; @@ -360,6 +364,19 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * user as an ioctl() return code. */ goto retry_request; + + /* + * The host may return SNP_GUEST_REQ_ERR_EBUSY if the request has been + * throttled. Retry in the driver to avoid returning and reusing the + * message sequence number on a different message. + */ + case -EAGAIN: + if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { + rc = -ETIMEDOUT; + break; + } + schedule_timeout_killable(SNP_REQ_RETRY_DELAY); + goto retry_request; } /* From patchwork Tue Mar 7 19:24:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65836 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2642522wrd; Tue, 7 Mar 2023 12:22:29 -0800 (PST) X-Google-Smtp-Source: AK7set9T6uZnNj+G0hdbzr+a0nqI4LRLKf5jbcsXXuTjnEkrjG3z8Kge8aXsM+IAcEXljcoWlxUz X-Received: by 2002:a17:906:fcb9:b0:8b2:7564:dfd7 with SMTP id qw25-20020a170906fcb900b008b27564dfd7mr14925180ejb.61.1678220549265; Tue, 07 Mar 2023 12:22:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678220549; cv=none; d=google.com; s=arc-20160816; b=OgodsSXrgthwjgvCMp0XkrTVRefgX/r0dD2Rn/gVdNRMbcOZujWgod4vpAHhMTZ9cA c2xxeG3i21SgIVOU2gwg5/Gu2rvnRPqiBKuPGLmRQ3UBluzyQN7+Dbz/k5KdtcloTdi0 cdz6S2KvifxZlTn+3hyBxNegN7d7oy6iZkGdXXGqOhZbRVMYwk4B5Y7URVSur3OuIsLl q7WRnYFh05RqV3pQQ1iL+7Vp8AO2OfoiHXuxXYqSS4zFO/fpctPsK4k1KxAVTa3hPyKR 8CvyeZArNc9Tkz7d8wf4GWbq/QiaEeNeMFNh5oFann7UESx7UFsH0fB+plNC1j6wpkis b7rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=gSs80yh0DjTeBBgJyw8SUIiy0yTuPDLDQy0HhlQzc2I=; b=a6/Y+/UuvsizKWOSjLkzNkcS4iw6HXLXYD74S/UqGjWUe4obt0N95duZY7yyb7o++A izfOMzdGRbHpZ8WOFey1DXIJ1YRaKdZUe/ZTbOGMwCi8D2IEqE39jBBAfXWcRJlQ7A42 kfz9Q3czC9NUjb/2mRIrvkEz2y0PuzkDUdaQiGwjNyFo0NInPql2v5KdSD9ipVv1EFzR gojx1h/jiz5vyQXDsKAj0TKeS0DD4Y822xdDa2WtqyRP9gVQu7gs9sifnHXj7TQtndwT goD4eGbEdw2AOXvZVlkZ5PNKd1gGAo0bqiGdD9GfspSeqWqyg89tomsCBmBmMzxfe74v aWRg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="CJGDOi/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c17-20020a170906d19100b008d3be841ccdsi502557ejz.326.2023.03.07.12.22.05; Tue, 07 Mar 2023 12:22:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="CJGDOi/A"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229684AbjCGTim (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234183AbjCGThn (ORCPT ); Tue, 7 Mar 2023 14:37:43 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D7C7B9E312 for ; Tue, 7 Mar 2023 11:25:02 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 1B77D1EC06C1; Tue, 7 Mar 2023 20:25:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gSs80yh0DjTeBBgJyw8SUIiy0yTuPDLDQy0HhlQzc2I=; b=CJGDOi/Al5NbWq2cbyNRicnIDTfoE7ymfBPCyg5fRK646hkBAX9tir7f2An4VjwbEQbr3y QJwFPTZew9d9tSky7lObNgas1HXchJbCtUfRNSfWsjx3Lvb6DCUtgxocHIEKLC6RgMFzB4 OpCxX11agZ3mBzIewjFHASVFuR+l8Ys= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 10/11] virt/coco/sev-guest: Double-buffer messages Date: Tue, 7 Mar 2023 20:24:48 +0100 Message-Id: <20230307192449.24732-11-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759741790984579799?= X-GMAIL-MSGID: =?utf-8?q?1759741790984579799?= From: Dionna Glaze The encryption algorithms read and write directly to shared unencrypted memory, which may leak information as well as permit the host to tamper with the message integrity. Instead, copy whole messages in or out as needed before doing any computation on them. Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-3-dionnaglaze@google.com --- drivers/virt/coco/sev-guest/sev-guest.c | 27 +++++++++++++++++++++---- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 46f1a8d558b0..0c7b47acba2a 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -46,7 +46,15 @@ struct snp_guest_dev { void *certs_data; struct snp_guest_crypto *crypto; + /* request and response are in unencrypted memory */ struct snp_guest_msg *request, *response; + + /* + * Avoid information leakage by double-buffering shared messages + * in fields that are in regular encrypted memory. + */ + struct snp_guest_msg secret_request, secret_response; + struct snp_secrets_page_layout *layout; struct snp_req_data input; u32 *os_area_msg_seqno; @@ -266,14 +274,17 @@ static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg *resp = snp_dev->response; - struct snp_guest_msg *req = snp_dev->request; + struct snp_guest_msg *resp = &snp_dev->secret_response; + struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *req_hdr = &req->hdr; struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); + /* Copy response from shared memory to encrypted memory. */ + memcpy(resp, snp_dev->response, sizeof(*resp)); + /* Verify that the sequence counter is incremented by 1 */ if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) return -EBADMSG; @@ -297,7 +308,7 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, void *payload, size_t sz) { - struct snp_guest_msg *req = snp_dev->request; + struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *hdr = &req->hdr; memset(req, 0, sizeof(*req)); @@ -417,13 +428,21 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (!seqno) return -EIO; + /* Clear shared memory's response for the host to populate. */ memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); - /* Encrypt the userspace provided payload */ + /* Encrypt the userspace provided payload in snp_dev->secret_request. */ rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); if (rc) return rc; + /* + * Write the fully encrypted request to the shared unencrypted + * request page. + */ + memcpy(snp_dev->request, &snp_dev->secret_request, + sizeof(snp_dev->secret_request)); + rc = __handle_guest_request(snp_dev, exit_code, fw_err); if (rc) { if (rc == -EIO && *fw_err == SNP_GUEST_REQ_INVALID_LEN) From patchwork Tue Mar 7 19:24:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 65827 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:5915:0:0:0:0:0 with SMTP id v21csp2631528wrd; Tue, 7 Mar 2023 11:59:01 -0800 (PST) X-Google-Smtp-Source: AK7set/Dwvad38I/b8oU6FJqLO077r9n5rMi8iWtOaBo+V4j39MDV2pawmlv6hoYZLn2NDiqw+hV X-Received: by 2002:aa7:d9c2:0:b0:4aa:aaf6:e6be with SMTP id v2-20020aa7d9c2000000b004aaaaf6e6bemr13536908eds.7.1678219141248; Tue, 07 Mar 2023 11:59:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1678219141; cv=none; d=google.com; s=arc-20160816; b=fStq6WswiLuF2p7IkMTcBDuisZZx2st18RhQx2gJGNKzmlNBjuSD9Dwrw0Go5GcGjr osE+ch6PEDnZsdIPN1CFKLp4xClivosy0+ElQXcUmo1rSMW5RDjYq3pApOMokBqG9WsR qm9hOfO5DBXgt7YiF+ebS2syZvTHPrwKni1xHVTDr93hAB0J4LwcbWpYuIYpPpKdau/p 3OVSjnT/9ujT+xtzklYezT1b6DsuLW7pFGp7Z4GXwWSikmtlLYnPkcdMbaOSrCIylIdb YqOwh3Qn9L3Q5Qg/TWnd21u6EnmDUw7MX0vSCXh8nnnSfeVMk6CW5o4FYsGheITOv3tN wcnQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TNKIiIj3pHAuHmxKmpnRZbFWb4E9VnJkylODdrqvao4=; b=u/JMpGVofXbFK8rFphFVxcmD3HJlNzWwiQ7TXVtGLrbJvLtQ+0tiJLBYKoTujR6iCd bHFnq4z4BZHeVOKXAIrvKO2JxuVptxvSIS3tniNmoKde+LWQACfUjVsIRCA5rEUId4By vGmcXTqJT+xEd8WWP3Us+smUlJWhi1X/xHiy2HvX8ldZou8fSKSg5AVR2fbwpOmq19Eu SstuIRJx6IdWltDnsmk/gaxuZBh48m6ajzm7ys9LcD/4pbbZL6wOZNDLWjrX9b0rFrVJ /UzS8xORx+040ONvMJ8CbUCQ4877Biw3von5GMkayKLXfTq4F2DBAVVBGiuyuErelELW 7u8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=KvPg3msw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r5-20020aa7c145000000b004bfaddc283esi3194919edp.144.2023.03.07.11.58.36; Tue, 07 Mar 2023 11:59:01 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b=KvPg3msw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234302AbjCGTis (ORCPT + 99 others); Tue, 7 Mar 2023 14:38:48 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231620AbjCGThq (ORCPT ); Tue, 7 Mar 2023 14:37:46 -0500 Received: from mail.skyhub.de (mail.skyhub.de [IPv6:2a01:4f8:190:11c2::b:1457]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 05EDDB9C81 for ; Tue, 7 Mar 2023 11:25:03 -0800 (PST) Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 8D5CE1EC06C2; Tue, 7 Mar 2023 20:25:01 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1678217101; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TNKIiIj3pHAuHmxKmpnRZbFWb4E9VnJkylODdrqvao4=; b=KvPg3mswwypBBuYGovS11SoEcOyRJYmCX6wqe6VX3rFgvKvGtLrr8xIQKa4H38d2M7GhK1 j8hwZHpjzZiRHPzWiTWF0OLxcHi6LCjhtU5nWuHzggqJngMGbHecXwXk1Z2tyPZPj1eEPS dELTtj15U8AbwgvlrddjbC52IdPkKGo= From: Borislav Petkov To: LKML Cc: Dionna Glaze , Joerg Roedel , Michael Roth , Nikunj A Dadhania , Peter Gonda , Tom Lendacky , linux-coco@lists.linux.dev, x86@kernel.org Subject: [PATCH -v3 11/11] x86/sev: Change snp_guest_issue_request()'s fw_err argument Date: Tue, 7 Mar 2023 20:24:49 +0100 Message-Id: <20230307192449.24732-12-bp@alien8.de> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230307192449.24732-1-bp@alien8.de> References: <20230307192449.24732-1-bp@alien8.de> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1759740314421303173?= X-GMAIL-MSGID: =?utf-8?q?1759740314421303173?= From: Dionna Glaze The GHCB specification declares that the firmware error value for a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The upper 32 bits are for the VMM's own error code. The fw_err argument to snp_guest_issue_request() is thus a misnomer, and callers will need access to all 64 bits. The type of unsigned long also causes problems, since sw_exit_info2 is u64 (unsigned long long) vs the argument's unsigned long*. Change this type for issuing the guest request. Pass the ioctl command struct's error field directly instead of in a local variable, since an incomplete guest request may not set the error code, and uninitialized stack memory would be written back to user space. The firmware might not even be called, so bookend the call with the no firmware call error and clear the error. Since the "fw_err" field is really exitinfo2 split into the upper bits' vmm error code and lower bits' firmware error code, convert the 64 bit value to a union. [ bp: - Massage commit message - adjust code - Fix a build issue as Reported-by: kernel test robot Link: https://lore.kernel.org/oe-kbuild-all/202303070609.vX6wp2Af-lkp@intel.com - print exitinfo2 in hex Tom: - Correct -EIO exit case. ] Signed-off-by: Dionna Glaze Signed-off-by: Borislav Petkov (AMD) Signed-off-by: Tom Lendacky Signed-off-by: Borislav Petkov (AMD) Link: https://lore.kernel.org/r/20230214164638.1189804-5-dionnaglaze@google.com --- Documentation/virt/coco/sev-guest.rst | 20 ++++--- arch/x86/include/asm/sev-common.h | 4 -- arch/x86/include/asm/sev.h | 10 ++-- arch/x86/kernel/sev.c | 15 +++--- drivers/virt/coco/sev-guest/sev-guest.c | 71 +++++++++++++------------ include/uapi/linux/sev-guest.h | 18 ++++++- 6 files changed, 82 insertions(+), 56 deletions(-) diff --git a/Documentation/virt/coco/sev-guest.rst b/Documentation/virt/coco/sev-guest.rst index aa3e4c6a1f90..68b0d2363af8 100644 --- a/Documentation/virt/coco/sev-guest.rst +++ b/Documentation/virt/coco/sev-guest.rst @@ -37,11 +37,11 @@ along with a description: the return value. General error numbers (-ENOMEM, -EINVAL) are not detailed, but errors with specific meanings are. -The guest ioctl should be issued on a file descriptor of the /dev/sev-guest device. -The ioctl accepts struct snp_user_guest_request. The input and output structure is -specified through the req_data and resp_data field respectively. If the ioctl fails -to execute due to a firmware error, then fw_err code will be set. Otherwise, fw_err -will be set to 0x00000000ffffffff, i.e., the lower 32-bits are -1. +The guest ioctl should be issued on a file descriptor of the /dev/sev-guest +device. The ioctl accepts struct snp_user_guest_request. The input and +output structure is specified through the req_data and resp_data field +respectively. If the ioctl fails to execute due to a firmware error, then +the fw_error code will be set, otherwise fw_error will be set to -1. The firmware checks that the message sequence counter is one greater than the guests message sequence counter. If guest driver fails to increment message @@ -57,8 +57,14 @@ counter (e.g. counter overflow), then -EIO will be returned. __u64 req_data; __u64 resp_data; - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */ + union { + __u64 exitinfo2; + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; 2.1 SNP_GET_REPORT diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index b63be696b776..0759af9b1acf 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -128,10 +128,6 @@ struct snp_psc_desc { struct psc_entry entries[VMGEXIT_PSC_MAX_ENTRY]; } __packed; -/* Guest message request error codes */ -#define SNP_GUEST_REQ_INVALID_LEN BIT_ULL(32) -#define SNP_GUEST_REQ_ERR_BUSY BIT_ULL(33) - #define GHCB_MSR_TERM_REQ 0x100 #define GHCB_MSR_TERM_REASON_SET_POS 12 #define GHCB_MSR_TERM_REASON_SET_MASK 0xf diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ebc271bb6d8e..13dc2a9d23c1 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -9,6 +9,8 @@ #define __ASM_ENCRYPTED_STATE_H #include +#include + #include #include #include @@ -185,6 +187,9 @@ static inline int pvalidate(unsigned long vaddr, bool rmp_psize, bool validate) return rc; } + +struct snp_guest_request_ioctl; + void setup_ghcb(void); void __init early_snp_set_memory_private(unsigned long vaddr, unsigned long paddr, unsigned int npages); @@ -196,7 +201,7 @@ void snp_set_memory_private(unsigned long vaddr, unsigned int npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err); +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -216,8 +221,7 @@ static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npag static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } -static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, - unsigned long *fw_err) +static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { return -ENOTTY; } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 3f664ab277c4..b031244d6d2d 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #include #include @@ -2175,7 +2177,7 @@ static int __init init_sev_config(char *str) } __setup("sev=", init_sev_config); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err) +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2183,8 +2185,7 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned struct ghcb *ghcb; int ret; - if (!fw_err) - return -EINVAL; + rio->exitinfo2 = SEV_RET_NO_FW_CALL; /* * __sev_get_ghcb() needs to run with IRQs disabled because it is using @@ -2209,16 +2210,16 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (ret) goto e_put; - *fw_err = ghcb->save.sw_exit_info_2; - switch (*fw_err) { + rio->exitinfo2 = ghcb->save.sw_exit_info_2; + switch (rio->exitinfo2) { case 0: break; - case SNP_GUEST_REQ_ERR_BUSY: + case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_BUSY): ret = -EAGAIN; break; - case SNP_GUEST_REQ_INVALID_LEN: + case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN): /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { input->data_npages = ghcb_get_rbx(ghcb); diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 0c7b47acba2a..2764ede9b256 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -332,11 +332,12 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 return __enc_payload(snp_dev, req, payload, sz); } -static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err) +static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, + struct snp_guest_request_ioctl *rio) { - unsigned long err = 0xff, override_err = 0; unsigned long req_start = jiffies; unsigned int override_npages = 0; + u64 override_err = 0; int rc; retry_request: @@ -346,7 +347,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); + rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); switch (rc) { case -ENOSPC: /* @@ -364,7 +365,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * request buffer size was too small and give the caller the * required buffer size. */ - override_err = SNP_GUEST_REQ_INVALID_LEN; + override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); /* * If this call to the firmware succeeds, the sequence number can @@ -377,7 +378,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, goto retry_request; /* - * The host may return SNP_GUEST_REQ_ERR_EBUSY if the request has been + * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been * throttled. Retry in the driver to avoid returning and reusing the * message sequence number on a different message. */ @@ -398,27 +399,28 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, */ snp_inc_msg_seqno(snp_dev); - if (fw_err) - *fw_err = override_err ?: err; + if (override_err) { + rio->exitinfo2 = override_err; + + /* If an extended guest request was issued and the supplied certificate + * buffer was not large enough, a standard guest request was issued to + * prevent IV reuse. If the standard request was successful, return -EIO + * back to the caller as would have originally been returned. + */ + if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + rc = -EIO; + } if (override_npages) snp_dev->input.data_npages = override_npages; - /* - * If an extended guest request was issued and the supplied certificate - * buffer was not large enough, a standard guest request was issued to - * prevent IV reuse. If the standard request was successful, return -EIO - * back to the caller as would have originally been returned. - */ - if (!rc && override_err == SNP_GUEST_REQ_INVALID_LEN) - return -EIO; - return rc; } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, - u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, + struct snp_guest_request_ioctl *rio, u8 type, + void *req_buf, size_t req_sz, void *resp_buf, + u32 resp_sz) { u64 seqno; int rc; @@ -432,7 +434,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); + rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); if (rc) return rc; @@ -443,12 +445,16 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in memcpy(snp_dev->request, &snp_dev->secret_request, sizeof(snp_dev->secret_request)); - rc = __handle_guest_request(snp_dev, exit_code, fw_err); + rc = __handle_guest_request(snp_dev, exit_code, rio); if (rc) { - if (rc == -EIO && *fw_err == SNP_GUEST_REQ_INVALID_LEN) + if (rc == -EIO && + rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) return rc; - dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err); + dev_alert(snp_dev->dev, + "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", + rc, rio->exitinfo2); + snp_disable_vmpck(snp_dev); return rc; } @@ -488,9 +494,9 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!resp) return -ENOMEM; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, + rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, - resp_len, &arg->fw_err); + resp_len); if (rc) goto e_free; @@ -528,9 +534,8 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) return -EFAULT; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, - SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len, - &arg->fw_err); + rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, + SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len); if (rc) return rc; @@ -590,12 +595,12 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques return -ENOMEM; snp_dev->input.data_npages = npages; - ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version, + ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, &req.data, - sizeof(req.data), resp->data, resp_len, &arg->fw_err); + sizeof(req.data), resp->data, resp_len); /* If certs length is invalid then copy the returned length */ - if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) { + if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) @@ -630,7 +635,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long if (copy_from_user(&input, argp, sizeof(input))) return -EFAULT; - input.fw_err = 0xff; + input.exitinfo2 = 0xff; /* Message version must be non-zero */ if (!input.msg_version) @@ -661,7 +666,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long mutex_unlock(&snp_cmd_mutex); - if (input.fw_err && copy_to_user(argp, &input, sizeof(input))) + if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; return ret; diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 256aaeff7e65..2aa39112cf8d 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -52,8 +52,14 @@ struct snp_guest_request_ioctl { __u64 req_data; __u64 resp_data; - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */ + union { + __u64 exitinfo2; + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; struct snp_ext_report_req { @@ -77,4 +83,12 @@ struct snp_ext_report_req { /* Get SNP extended report as defined in the GHCB specification version 2. */ #define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl) +/* Guest message request EXIT_INFO_2 constants */ +#define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) +#define SNP_GUEST_VMM_ERR_SHIFT 32 +#define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT) + +#define SNP_GUEST_VMM_ERR_INVALID_LEN 1 +#define SNP_GUEST_VMM_ERR_BUSY 2 + #endif /* __UAPI_LINUX_SEV_GUEST_H_ */