From patchwork Wed Nov 2 15:18:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 14295 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp3681238wru; Wed, 2 Nov 2022 08:20:24 -0700 (PDT) X-Google-Smtp-Source: AMsMyM65/JACm8W23MwsZsdpW8Lbdb5BV4HrTzj3JePiZB7ZHdEqBwZOzW7+3iqEX1mnZe1P6xIP X-Received: by 2002:a17:902:d64d:b0:186:634e:5517 with SMTP id y13-20020a170902d64d00b00186634e5517mr25127791plh.3.1667402424202; Wed, 02 Nov 2022 08:20:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667402424; cv=none; d=google.com; s=arc-20160816; b=ytTD/suElsF0AbXdjGYCzYyaud1uM8GjNqR7DmN4b8IRKiAU66/MJ23155NtA2tDum j75DomMal1MlMv/ffW9uLObUIJu18S4JqLQmBibxRnZ6tirHv51+iP5Efg2rPoWC3mmV kSoYpc3pg1GkvJRz0UXAlYboveE4z5wm9abQl3BXTOkilyZvVtcqRjRfqrnyGEnl2UXd h+GH4YtjrJiG7+1xBfwKwxEJXw2m5ixp6FUJq/aT12qbV+DcNDfC+9cxwHILSrfWNjAn MyNCKPMl8TbMN7APKNUFjrBBmklfciWdP0IIeq/2SJEk8k7zBkpebkTzCUgWh4/VfZez mVdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=qaiHnucIuESfgaU82SYs4BBLu5lj4TzR9ZvyujAVUhw=; b=RM/E/r+QspzGeYlWANXDQggMX6rHfYSv8Wa7psLXIkCkAg1WPva98QOx9TE4f2vTdx EH4Amd/Si9DUWMpzQclJ6SmoFfHY7XLDA1kMrzuWvY5Q/s7FqXjdDWYxXu5KRa3Dbr8P miC/FA36AlaHJIYaXlxSUQuLp4HMV45p66khcl3CJ2ghKzYdlHyZ0r+AoahwPl9YOV4A ncAlikweHx/D9rLdQgZt77wC7Kgqfmj3Ttdmiv++6dd1LMPW1fqrr56RHlB/zNCXENSQ Xcj1PDKJYst8dRfs4YxBnVgHUfu92EMYuNw2iF6TmNy/D1qHqwKZBFt4mdDrZwk7iNA+ XGXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ks6DEiY7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a7-20020a631a47000000b004639c6797bdsi16877653pgm.307.2022.11.02.08.20.09; Wed, 02 Nov 2022 08:20:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ks6DEiY7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230408AbiKBPTL (ORCPT + 99 others); Wed, 2 Nov 2022 11:19:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58812 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230306AbiKBPSx (ORCPT ); Wed, 2 Nov 2022 11:18:53 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5787EE12 for ; Wed, 2 Nov 2022 08:18:49 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id w191-20020a6382c8000000b0045bf92a0b5aso9655380pgd.22 for ; Wed, 02 Nov 2022 08:18:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qaiHnucIuESfgaU82SYs4BBLu5lj4TzR9ZvyujAVUhw=; b=ks6DEiY7Yjv82ixwPD+aLivrFmZgJi9a6H7mv4TZxFHnfBcEscfr1HjMkr3s1Q8bP0 YC66C654TPJ69cHNKSx7a2UoJEJJ7g6Gv4c3ZevWz0zmyxZNNyM9YjKRE4lC7j3Nw9VZ xzTxMEEYkKLl6EmAI/vhSViP+b3XePn0rvF9X3B0hfB0wauSF52j7MS1gbHNwsN4SQqI uvnLLDqIJg2jayeD1MWWpMPUxB+BYIlwj2uK0l6mphmMC4eEcGPXtuBE4SPXja20hh9C 96PrBNEPSJolYqCA2NXwQx04/zZwjH5vRQDKJxDBQ8a/BQXwAUDGY4O/JPjYh7+gr1Ho Bn5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qaiHnucIuESfgaU82SYs4BBLu5lj4TzR9ZvyujAVUhw=; b=E9UQzz3nDxlTLOQCVXD0O0+AojOwFMZ8h3/krttzz6lShm5P+9OB5IhH2e03l7yCvf PKude57O9lZPIluJrgOdSaQR5wJRYNsgbzEfbtLVGabr02NEXkznQzPAxUK3VqsONwTZ prrqtG8UjnWTdqWOYcHpPJbrnVct4Mt/HmDJkucCWZ2sgSgy+t+BktGY6mqpU3GKesal dwWTaHS97DcvqItzIf2a19420UFk3Txoig3JCmmcJaaLcVE4Cnec6bHn487ntgn0hc1Y fg1VKJeV0LTggFEPdhvLzyUs/SDwPJMxh+prQH2BHt39jlwqfHjwKx+y2pdpBbz5fDBs ZSSg== X-Gm-Message-State: ACrzQf0kuUozVQO5Zx6OaiCe7NCEKcDRR4yxhnttsgWNFQ87HaZ7jVEP pZJqKpIZOSnS0F9SCRvwN3NtAJh8axiPquRJKSSCygKtX9LZFxKEhdB7v6CKYdqWrQbrY511tdO F92gvYe8XrwVW+UnLrCeA3pWA3skfNjXpFy9p3Fj77hRUdb4bTwcXm4+6BzT6ybF/rLgoqe3Jh2 rChIowSeU= X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:10cf:b0:563:34ce:412f with SMTP id d15-20020a056a0010cf00b0056334ce412fmr26111677pfu.67.1667402329297; Wed, 02 Nov 2022 08:18:49 -0700 (PDT) Date: Wed, 2 Nov 2022 15:18:33 +0000 In-Reply-To: <20221102151836.1310509-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221102151836.1310509-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.1.273.g43a17bfeac-goog Message-ID: <20221102151836.1310509-2-dionnaglaze@google.com> Subject: [PATCH v5 1/4] ccp: Name -1 return value as SEV_RET_NO_FW_CALL From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Thomas Lendacky , Paolo Bonzini , Joerg Roedel , Ingo Molnar , Andy Lutomirsky X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748398164328106978?= X-GMAIL-MSGID: =?utf-8?q?1748398164328106978?= The PSP can return a "firmware error" code of -1 in circumstances where the PSP is not actually called. To make this protocol unambiguous, we add a constant naming the return value. From: Peter Gonda Cc: Thomas Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Ingo Molnar Cc: Andy Lutomirsky Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 2 +- include/uapi/linux/psp-sev.h | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 06fc7156c04f..97eb3544ab36 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -444,7 +444,7 @@ static int __sev_platform_init_locked(int *error) { struct psp_device *psp = psp_master; struct sev_device *sev; - int rc = 0, psp_ret = -1; + int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; int (*init_function)(int *error); if (!psp || !psp->sev_data) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 91b4c63d5cbf..1ad7f0a7e328 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -36,6 +36,13 @@ enum { * SEV Firmware status code */ typedef enum { + /* + * This error code is not in the SEV spec but is added to convey that + * there was an error that prevented the SEV Firmware from being called. + * This is (u32)-1 since the firmware error code is represented as a + * 32-bit integer. + */ + SEV_RET_NO_FW_CALL = 0xffffffff, SEV_RET_SUCCESS = 0, SEV_RET_INVALID_PLATFORM_STATE, SEV_RET_INVALID_GUEST_STATE, From patchwork Wed Nov 2 15:18:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 14296 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp3681328wru; Wed, 2 Nov 2022 08:20:34 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7Mcalzfzp7RaN9oN6IC278Mu6FPYKcYgQBqsTV4ykzHd0mCxtx8PmcvweGi7K8KuNwOoQt X-Received: by 2002:a17:902:6b04:b0:181:5dc6:5348 with SMTP id o4-20020a1709026b0400b001815dc65348mr25283689plk.69.1667402434206; Wed, 02 Nov 2022 08:20:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667402434; cv=none; d=google.com; s=arc-20160816; b=Tie0BXYrRX6cmX6SD2r+uiVsPcv5T/6TGfdUsv3N1HMH2zI5zOcMm8JsNKK17kBq62 tJtcX2Bxt1XD4JLARCk+SvGRbfllOb9Pl1g5Kyp6F5pyWANj8PkY4Am4PHooBEkZDNpO Abr3r535SK38vgU84TMNx6IU/zb8/eou/S6QnDhSQ2rt5uxKLGxKt7lyoZdwK5u/pPfG mWZ+9I7NgVBlfpLrGAmJZH21oI6ZUY1qVio2UsmmTnoZfJ9l/0EqAZDwjLJDTijK5dvZ kwoBqU8rwnlLN2FWZVNsKkdTchtyHoGJeNU0GoyYw8ze3OBwhtyquAAhbmE/hsgcyoTX IMzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=HMHoFnNXGFOnGHAP/VNY6ptVYxXseOMIKoAz5BRGvX4=; b=Rx4zGzPXH3zPNt9CyiMpGKsgSj/z21C4621SISv0FirjPFzK4mWDscGKNPtnfeNoO/ a22GmaXIjE7bTYZ4Xu3eP9MOvkTOXUeF/yBXEP3qsO2rZrd1IwwbTXCKxzLTJ3Lp/yfg tYoFXcv4ZtCqbImqLgwLjfRrqJmXo1r09jAQAHlkgYlsBsR4IF37cT0zQZVr0KrHhq0J 0EUXk32GEm9VYezmKBd+Th+mC3QAlrhE1xELLo29cab+OB/e+RYgaH9Q0HnB930U2/Xv IbzWdtDPTJUu/Bm6AXmf2e5e14UY7ZfcO/DFBYwvY+lh09oV5N5al8mVuMgQndc5PtdI BoIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=F1neGZJQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 34-20020a630b22000000b0044ed36e4c57si17581071pgl.217.2022.11.02.08.20.20; Wed, 02 Nov 2022 08:20:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=F1neGZJQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230460AbiKBPTR (ORCPT + 99 others); Wed, 2 Nov 2022 11:19:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230249AbiKBPSz (ORCPT ); Wed, 2 Nov 2022 11:18:55 -0400 Received: from mail-pj1-x104a.google.com (mail-pj1-x104a.google.com [IPv6:2607:f8b0:4864:20::104a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8CA6E10555 for ; Wed, 2 Nov 2022 08:18:51 -0700 (PDT) Received: by mail-pj1-x104a.google.com with SMTP id r9-20020a17090a2e8900b0021409b8020cso1781684pjd.0 for ; Wed, 02 Nov 2022 08:18:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=HMHoFnNXGFOnGHAP/VNY6ptVYxXseOMIKoAz5BRGvX4=; b=F1neGZJQJh+XcQN1V567FwoQTGgKI1RIIPQZSlGulHrcZq+/ZMI+51iigU62PFj/ip H8Efch/vDH4ZxXm4FCPOWZExPOruNxBxCsCRQWWs7pDqhFvvSwW735RS5jPkEF5GvbL4 vKSzR7Yc553v2kfoPiv0f0zNWbZTs9JGIBWO/h2mVvNDTS9WFBXcpUQztY1lWd0xaKF9 2M4fnD3LL85cFvUCeHDpdRXoGpK57Sg3NyelnhiTf3aPN5Cpr+XGEI1d32eBsNBAxpDJ ZAvIDm4/IizE+6n03yO2rPMw/B+MVfbMo4H4BwFobxq6IA4NtvnE6BqYZXfXU6P0x3G9 a8fA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HMHoFnNXGFOnGHAP/VNY6ptVYxXseOMIKoAz5BRGvX4=; b=cJu6DB+dTqpGU55T2rTpgdxLyvZIIJ+/k6vFXPwyhcSr0IFTpZi/uk5QUnFiQA/YN8 Uvk2VUk5uvKX+KoXQyJeAAhUL+tp8paclTdJzIajtzXJUZwWJHPXrmTzsYn0yvNhhvGu 2Epg6lebCACmSFJE6krVl/2n25XR1oBb+G6PxjmRdqFwNHnjrmEMtimxBNG5xBEiYy+b 6NDBxXumG6r4oOtwHt//HSbp3poyxWGTKy26T8cxq6QSEq3PfPln/eesJ+tfcC3bnzhU HEf/tHN2Re7bavaQmGjXsqFLf30kNpfZQ89ug+sBzrCn33dvd+HkI1uLCsK4NxXLl2MI 8lww== X-Gm-Message-State: ACrzQf2X15tiUWcPI/LSsOVaRZ6N2LizYiTIj+8xm+NbzxAFN5kEKPx0 0ED9BrmRXxMqzZ1wQbPa6bmAkNDToAYxQ/wduDlpiQWkNyta14FGePMiQm+pBQbsh6D7zRXiYpQ i7x4Uos2jbM+PzrP+FxmRvb82x4QCXmQT2v5CSCy+izs7LAMPb46cBNuCPZ5xoT3ZF5QNw67vEI JRZ1upvbg= X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:903:32ce:b0:187:143f:4c4d with SMTP id i14-20020a17090332ce00b00187143f4c4dmr20605731plr.135.1667402330963; Wed, 02 Nov 2022 08:18:50 -0700 (PDT) Date: Wed, 2 Nov 2022 15:18:34 +0000 In-Reply-To: <20221102151836.1310509-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221102151836.1310509-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.1.273.g43a17bfeac-goog Message-ID: <20221102151836.1310509-3-dionnaglaze@google.com> Subject: [PATCH v5 2/4] x86/sev: Change snp_guest_issue_request's fw_err From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748398175218833510?= X-GMAIL-MSGID: =?utf-8?q?1748398175218833510?= The GHCB specification declares that the firmware error value for a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The upper 32 bits are for the VMM's own error code. The fw_err argument is thus a misnomer, and callers will need access to all 64 bits. The type of unsigned long also causes problems, since sw_exit_info2 is u64 (unsigned long long) vs the argument's previous unsigned long*. The signature change requires the follow-up change to drivers/virt/coco/sev-guest to use the new expected type in order to compile. The firmware might not even be called, so we bookend the call with the no firmware call error and clearing the error. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze --- arch/x86/include/asm/sev.h | 4 ++-- arch/x86/kernel/sev.c | 10 ++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ebc271bb6d8e..05de34d10d89 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -196,7 +196,7 @@ void snp_set_memory_private(unsigned long vaddr, unsigned int npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err); +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, u64 *exitinfo2); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -217,7 +217,7 @@ static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, - unsigned long *fw_err) + u64 *exitinfo2) { return -ENOTTY; } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index a428c62330d3..148f17cb07b5 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include @@ -2175,7 +2176,7 @@ static int __init init_sev_config(char *str) } __setup("sev=", init_sev_config); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned long *fw_err) +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, u64 *exitinfo2) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2186,9 +2187,11 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - if (!fw_err) + if (!exitinfo2) return -EINVAL; + *exitinfo2 = SEV_RET_NO_FW_CALL; + /* * __sev_get_ghcb() needs to run with IRQs disabled because it is using * a per-CPU GHCB. @@ -2212,14 +2215,13 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, unsigned if (ret) goto e_put; + *exitinfo2 = ghcb->save.sw_exit_info_2; if (ghcb->save.sw_exit_info_2) { /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST && ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) input->data_npages = ghcb_get_rbx(ghcb); - *fw_err = ghcb->save.sw_exit_info_2; - ret = -EIO; } From patchwork Wed Nov 2 15:18:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 14297 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp3681648wru; Wed, 2 Nov 2022 08:21:11 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5cfp5aCy6+Tfzh73AwlRqYEGbVpmAN7ypGbCHeD2udAmVGI/tKcZeo1ugj49LXOm9EcT2G X-Received: by 2002:a17:907:aa1:b0:7ad:cd92:a48f with SMTP id bz1-20020a1709070aa100b007adcd92a48fmr17242862ejc.369.1667402470956; Wed, 02 Nov 2022 08:21:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667402470; cv=none; d=google.com; s=arc-20160816; b=Zwsjrzc+5SU3tUX3yV7IlC6dmJ128imoml4g9z4tRjHi5ocVEEFnFuu1FE6wvB1C/z THx0f8DV3/EtzBUwW3N477bSbQFAqGFAPvy8koX+QzjNVbkK9s/W2AahjwqcmfPPNlMt 0f8r8vQIuVNXImL57uHRG0kbIORi2t9bYbP4rP5BMxbADxikiLEbzQ3920E5dbzH0axY WGX0a/gr9BOgx97d5PzIcFv/EM4BY8yGK47PzJ0JdE0b7d3nHScFQaOjcI1VM+90CMaW 8Rsh97mNC3Ei5bNyHiPSrdu/GKrcomc0d5VuUH3UNfpFziYfl0wOZKrsocyayLqWF5Ui s5xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=AavPz2fIPJd5HTECnX2371PWGJ0eVVzEztf+ROklkx8=; b=aBlP7lojBENVMxtsnZKR/2USZFT+t1HrwuRTrjIbPERLRIfNFqZ/35Rsunoqngago7 tDsAFN+Jwwe7dwSAWsH9aNq+6TTqaogXboMK+Z3CA33mWfeXJjRLY9rClRyo2jdcTcqz s18Slw9ZPIm5luSEqs2iPB196eIdk0avhV5+U7KckIRwWYW8DllTE3Ytt3lnnUY0Gfc7 AA4HqzX+YnH1msDN6hN/t8lREPXUA7lU8zDiHPF1Y1mwjncPHZ6AlyFRx4ZcYlBKQsrw 1ifG6qM2aYpBCc4iNYHBoRRpN+YVrCxYSkllMqRnFgKGEWKPE+DbhOIEp7fNVyIYo5Ao 33UA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="VZx/B4fH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id go44-20020a1709070dac00b00780f0b45416si18079912ejc.622.2022.11.02.08.20.46; Wed, 02 Nov 2022 08:21:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="VZx/B4fH"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230473AbiKBPTT (ORCPT + 99 others); Wed, 2 Nov 2022 11:19:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230075AbiKBPS4 (ORCPT ); Wed, 2 Nov 2022 11:18:56 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01B46313 for ; Wed, 2 Nov 2022 08:18:52 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id w191-20020a6382c8000000b0045bf92a0b5aso9655446pgd.22 for ; Wed, 02 Nov 2022 08:18:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=AavPz2fIPJd5HTECnX2371PWGJ0eVVzEztf+ROklkx8=; b=VZx/B4fHe5VKpfQ1EWWSzaJLFLB66q59VLDUukhzNaMykE3L+PNSKEJfdLGnw/6cdr pL1pmWnddTsNdT7OweskWXcyOY1TPGf0/5d17ofiJ3ds/I26a66SaQUsAxbvRT86LNr7 xOVpPCUE2d84+MtaKGR6F/N47bJMgdZk2vukv+1/LfJhmcssmi1wGkzBTvIgAA56EQSF KKVXYWevJGjh1038KwyvziVoP9t6n8LelgtjgtLQa63RIn25rsoUduaafAcZuXBUajVi 77jmzzCID+qRue5A/ZqPnH11zQJYu7mgkjDHxgau7uX7z+HrVBPao+TMtE2nxT5+m9HT yC1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=AavPz2fIPJd5HTECnX2371PWGJ0eVVzEztf+ROklkx8=; b=TqIzhz8U4amLNI3KlGddyLBgYcXSbMmejpXg88LYxFNG/QxQ7hcMDLm4cfdNHNPjml u+n+QCwIm4vDYy2L9rPeACYiR/hmcX6I4PTXk5wAq3CvAgcd/s7wRIa9/JwzsA1DDnLW 8jHGwAGmZcBvOD6Ze4/o+fkmrIcZvGKsqvtZbxaOHyF4BenB3kG1/Nz+EXLc++vF8QXr CR74u1KwivSugTBW71tIcapQ6qpiTz20dq/T0Lh0pI5gEXjD/TyHgfv3Pc34tQ11xNGs PFF3jUttMIjkM7hd4jy7X7WldECpbAq3qtm1HLrfpxyw9L5bvQo9iOCsHUDjUzVgorp5 sgbw== X-Gm-Message-State: ACrzQf2Sfls4VYX1+J3bdUaEFHRcFLUbraEyZVH0olHVBU3T4tUeZft9 NuogozOj0NcvmyPaZ2PAz3sDcwF6ehxRAweJwKPNQtKVqLTaRHlZzZUl3Cq+16PqUEfkwr82Zfx aEVHZkgz9imH7dmqhw4g40K7PC981a8NlV6RslkM7Wm0kHb8dWfbvZ+4KdSi+oH6wgGG3VnBFui hSFTGreQc= X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:1822:b0:56b:f29d:cca1 with SMTP id y34-20020a056a00182200b0056bf29dcca1mr25958788pfa.65.1667402332595; Wed, 02 Nov 2022 08:18:52 -0700 (PDT) Date: Wed, 2 Nov 2022 15:18:35 +0000 In-Reply-To: <20221102151836.1310509-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221102151836.1310509-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.1.273.g43a17bfeac-goog Message-ID: <20221102151836.1310509-4-dionnaglaze@google.com> Subject: [PATCH v5 3/4] virt/coco/sev-guest: Remove err in handle_guest_request From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748398213726748698?= X-GMAIL-MSGID: =?utf-8?q?1748398213726748698?= The err variable may not be set in the call to snp_issue_guest_request, yet it is unconditionally written back to fw_err if fw_err is non-null. This is undefined behavior, and currently returns uninitialized kernel stack memory to user space. The fw_err argument is better to just pass through to snp_issue_guest_request, so we do that. Since the issue_request's signature has changed fw_err to exitinfo2, we change the argument name here. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Fixes: fce96cf04430 ("virt: Add SEV-SNP guest driver") Signed-off-by: Dionna Glaze --- drivers/virt/coco/sev-guest/sev-guest.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index f422f9c58ba7..0508c2f46f6b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -303,9 +303,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) + u32 resp_sz, __u64 *exitinfo2) { - unsigned long err; u64 seqno; int rc; @@ -322,9 +321,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in return rc; /* Call firmware to process the request */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); - if (fw_err) - *fw_err = err; + rc = snp_issue_guest_request(exit_code, &snp_dev->input, exitinfo2); if (rc) return rc; From patchwork Wed Nov 2 15:18:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dionna Amalie Glaze X-Patchwork-Id: 14299 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp3682784wru; Wed, 2 Nov 2022 08:23:20 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7mqRSBq2mpVo3874doVtgupXBy0bcqdYurBAJeJo6ipWEdOHaENUdoBsU7Aap1H6IqC2uF X-Received: by 2002:a63:83c6:0:b0:46e:f5ee:e27c with SMTP id h189-20020a6383c6000000b0046ef5eee27cmr21574027pge.603.1667402599817; Wed, 02 Nov 2022 08:23:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667402599; cv=none; d=google.com; s=arc-20160816; b=e/0RBC3VVxlr5XOqNIC023QbFvo+2vEUBQoacoXAW3EDoajeB9qEGNElUr9FummoxY r80V/D6UDmfJD3TVFZxdXCw61M7Fx7egnQwe1ovMvUSolUlwFPLBDjniPDGGUKgN0D7W yscUWG0NrNiETczyU9WP2EfKD0f3pslVhXWl4U1AvYhSwlzj1qRYv/UNlE2c1Kax1Nqd OBPxjZNqmGH1hcltvydYdlsOvrLGoCbk7xOVMIgTV3CaEqOu3ErjvTgOo9tIRLPdZxJK nP6cOXEw7RG4v4sbv7rV4QIhxnTny/CSJo48jDpWZrDTlrKaeraqjpI61jXh3umO0IWl DI4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:from:subject:message-id:references :mime-version:in-reply-to:date:dkim-signature; bh=hsTBbsttl90Fa+N19NVctUh1BzwZcwgswyZuI7qyxHk=; b=SJI5GNaZ5wzACl5O5pYY0GQnctcv1tM+CfVEnhy6eLZH3TyjE3hk/EFtqESwfE/enM K3L2fAC48U7JgRvn51yqJYYZUfPI7TiyqpxQdQyTVOFpwtRtihBr4zLquPo7V6AEnK2R q8YmRa7/+jpZJHphAcgoJdihENvguhVSMa8JA0e9qTyWyWJ4t+sbT5lviBJKP/1W9hEw nbXzMTIw5J9t8cY4390+neKtMBhz5LqFgtK1w1ZDCJkZonK1iCCC68/BU0kvIq5Zoh+P 1GhRpgl4L2xhg4AGcTAsC82NyRtsEmSc3U922556UscqLbzvsNewaSh1wPDgOoQyyv85 z2Hw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=NYrwyTkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i6-20020a635406000000b0046f13b048b6si17238660pgb.168.2022.11.02.08.23.05; Wed, 02 Nov 2022 08:23:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=NYrwyTkA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230330AbiKBPTa (ORCPT + 99 others); Wed, 2 Nov 2022 11:19:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230216AbiKBPS6 (ORCPT ); Wed, 2 Nov 2022 11:18:58 -0400 Received: from mail-pf1-x44a.google.com (mail-pf1-x44a.google.com [IPv6:2607:f8b0:4864:20::44a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DDFC7167E2 for ; Wed, 2 Nov 2022 08:18:54 -0700 (PDT) Received: by mail-pf1-x44a.google.com with SMTP id u3-20020a056a00124300b0056d4ab0c7cbso5270677pfi.7 for ; Wed, 02 Nov 2022 08:18:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=hsTBbsttl90Fa+N19NVctUh1BzwZcwgswyZuI7qyxHk=; b=NYrwyTkAcp/4ElX1vA9LUtq4zvk9flLUJtFdLplOY2Vey+8UYvBYzFPe9J/IqbYjba f9i1mdiFc05FBu6DOHdZpBaFOMLehkwHxZLU5pXqIQwb+8hwNHxzpFvw7pvqVgF1dM+O VNeRzrra+5VeID/LqLW5iANI88adDScQlLnXXPI3aqkFAvkZaxAeWJb6u/Do09dDbF+o e3Q4DuW1FlEhb7uPeeOp5BbDGWmjPnkboJvssNrSSg8CPYnFLZD0/GsP9ytx3TB3ZgEZ NFIR8BjsZTNPkxzNxSvNLA43UqZV2fTWfl/JPKxdwknbSR3IITt0XTHGsvsmFH76wu+/ T0WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hsTBbsttl90Fa+N19NVctUh1BzwZcwgswyZuI7qyxHk=; b=7eXGsTwYcM+IaqzqkAvMtqX/8VOHHcHgQyAkPXqHJywTDgJY3Fw+kpn5ZxWeFQLxsF ChpLreuoLiZwgvXRE9QRCwpUwOJCqYqBCmKNWL/Ua+OJWP6j8iIiBTVUJ83RPl+RlxFT /Yb2p7wEVX3hPUroIWGvDbOzaQ3/0RokyT4hnu5oXn/72ZKM7vJNqKf3eG2bgjgDWv1j NfsZ/to0nrpotblDDwpDTfC0ntPyYVEOb02/PdNdd/sV12yg6bn+WZeWzHNjsdR7J0KP ja7B3eVvKiovf3CfpBQ/FUBoYVILU+2DcI86dsuVNCdtNPDmrrTNM2/74KY7056mwYKj pTtw== X-Gm-Message-State: ACrzQf02M0DaU7Jn+NMFw/KrUoq95uVOXbCZ0jNDZnHYgF7gaTTDwNAz WctJUo9KgDmn7qvGb+eZpPk8gHzrWqow9zpRGaZbSfAAbdGy5C3Z/eVzV4k1Is5IpGeEiIUpv+V 2Oj3gnctdRzjgBcniOX3qeyLuupTOasJGI4Wqdj1RNlc+kMJ9T0ClpQ4Y/RXd85KIZxSTfeYhy6 PEAkg2mm8= X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:860a:b0:186:7eab:afa2 with SMTP id f10-20020a170902860a00b001867eabafa2mr25212259plo.46.1667402334319; Wed, 02 Nov 2022 08:18:54 -0700 (PDT) Date: Wed, 2 Nov 2022 15:18:36 +0000 In-Reply-To: <20221102151836.1310509-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221102151836.1310509-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.1.273.g43a17bfeac-goog Message-ID: <20221102151836.1310509-5-dionnaglaze@google.com> Subject: [PATCH v5 4/4] virt/coco/sev-guest: interpret VMM errors from guest request From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen X-Spam-Status: No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1748398348341539045?= X-GMAIL-MSGID: =?utf-8?q?1748398348341539045?= The GHCB specification states that the upper 32 bits of exitinfo2 are for the VMM's error codes. The sev-guest ABI has already locked in that the fw_err status of the input will be 64 bits, and that BIT_ULL(32) means that the extended guest request's data buffer was too small, so we have to keep that ABI. We can still interpret the upper 32 bits of exitinfo2 for the user anyway in case the request gets throttled. For safety, since the encryption algorithm in GHCBv2 is AES_GCM, we cannot return to user space without having completed the request with the current sequence number. If we were to return and the guest were to make another request but with different message contents, then that would be IV reuse. When throttled, the driver will reschedule itself and then try again after sleeping half its ratelimit time to avoid a big wait queue. The ioctl may block indefinitely, but that has always been the case when deferring these requests to the host. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Signed-off-by: Dionna Glaze --- drivers/virt/coco/sev-guest/sev-guest.c | 50 ++++++++++++++++++++++--- include/uapi/linux/sev-guest.h | 18 ++++++++- 2 files changed, 60 insertions(+), 8 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 0508c2f46f6b..43e110ad4aa9 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include @@ -48,12 +49,22 @@ struct snp_guest_dev { struct snp_req_data input; u32 *os_area_msg_seqno; u8 *vmpck; + + struct ratelimit_state rs; }; static u32 vmpck_id; module_param(vmpck_id, uint, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); +static int rate_hz = 2; +module_param(rate_hz, int, 0444); +MODULE_PARM_DESC(vmpck_id, "The rate limit frequency to limit requests to."); + +static int rate_burst = 1; +module_param(rate_burst, int, 0444); +MODULE_PARM_DESC(rate_burst, "The rate limit burst amount to limit requests to."); + /* Mutex to serialize the shared buffer access and command handling. */ static DEFINE_MUTEX(snp_cmd_mutex); @@ -305,6 +316,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in u8 type, void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, __u64 *exitinfo2) { + unsigned int vmm_err; u64 seqno; int rc; @@ -320,9 +332,33 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in if (rc) return rc; +retry: + /* + * Rate limit commands internally since the host can also throttle, and + * we don't want to create a tight request spin that could end up + * getting this VM throttled more heavily. + */ + if (!__ratelimit(&snp_dev->rs)) { + sleep_timeout_interruptible((rate_hz * HZ) / 2); + goto retry; + } /* Call firmware to process the request */ rc = snp_issue_guest_request(exit_code, &snp_dev->input, exitinfo2); + vmm_err = *exitinfo2 >> SNP_GUEST_VMM_ERR_SHIFT; + /* + * The host may return EBUSY if the request has been throttled. + * We retry in the driver to avoid returning and reusing the message + * sequence number on a different message. + */ + if (vmm_err == SNP_GUEST_VMM_ERR_BUSY) + goto retry; + + if (vmm_err && vmm_err != SNP_GUEST_VMM_ERR_INVALID_LEN) { + pr_err("sev-guest: host returned unknown error code: %d\n", + vmm_err); + return -EINVAL; + } if (rc) return rc; @@ -375,7 +411,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, - resp_len, &arg->fw_err); + resp_len, &arg->exitinfo2); if (rc) goto e_free; @@ -415,7 +451,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len, - &arg->fw_err); + &arg->exitinfo2); if (rc) return rc; @@ -477,10 +513,10 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques snp_dev->input.data_npages = npages; ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version, SNP_MSG_REPORT_REQ, &req.data, - sizeof(req.data), resp->data, resp_len, &arg->fw_err); + sizeof(req.data), resp->data, resp_len, &arg->exitinfo2); /* If certs length is invalid then copy the returned length */ - if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) { + if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) @@ -515,7 +551,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long if (copy_from_user(&input, argp, sizeof(input))) return -EFAULT; - input.fw_err = 0xff; + input.exitinfo2 = SEV_RET_NO_FW_CALL; /* Message version must be non-zero */ if (!input.msg_version) @@ -546,7 +582,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long mutex_unlock(&snp_cmd_mutex); - if (input.fw_err && copy_to_user(argp, &input, sizeof(input))) + if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; return ret; @@ -696,6 +732,8 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (ret) goto e_free_cert_data; + ratelimit_state_init(&snp_dev->rs, rate_hz * HZ, rate_burst); + dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); return 0; diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 256aaeff7e65..8e4144aa78c9 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -52,8 +52,15 @@ struct snp_guest_request_ioctl { __u64 req_data; __u64 resp_data; - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */ + union { + __u64 exitinfo2; + __u64 fw_err; /* Name deprecated in favor of others */ + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; struct snp_ext_report_req { @@ -77,4 +84,11 @@ struct snp_ext_report_req { /* Get SNP extended report as defined in the GHCB specification version 2. */ #define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl) +/* Guest message request EXIT_INFO_2 constants */ +#define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) +#define SNP_GUEST_VMM_ERR_SHIFT 32 + +#define SNP_GUEST_VMM_ERR_INVALID_LEN 1 +#define SNP_GUEST_VMM_ERR_BUSY 2 + #endif /* __UAPI_LINUX_SEV_GUEST_H_ */