From patchwork Mon Oct 30 06:36:39 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159502 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2017900vqb; Sun, 29 Oct 2023 23:37:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHwY5zqTn96clWES9CEMPW764yIF5kLP+5hUEZ28sn3ri9W1KYtu17EVr9HQ7GRyK4WlaHx X-Received: by 2002:a17:902:e848:b0:1cc:4559:ff with SMTP id t8-20020a170902e84800b001cc455900ffmr3184291plg.13.1698647861618; Sun, 29 Oct 2023 23:37:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647861; cv=pass; d=google.com; s=arc-20160816; b=jMmyLpYoAljKQ1bDeE0smF6Q3IZPyDhvpzgwmI2AjqUJs5KabVubCNsYFsLIm0Zx4e SWzqzBMssnVj3mBhhN4YiilGbmtkWhe4Ed9Z7seRj6ITYsAGeb4IhvAcGd2TM1lCwTg4 K8dwKu/VX38fObDtaYbN08tCFSwtUUbEDKb4iEyHuGksVgLNxGD/kCVnIS7eEae3qwXq NkWs56AAsQfCczOKvUZw0kQVC8Ni8wtPzfdwDhK8RGv97roUl4hSAkEDgMaqViW6jgtV CXTtmC/UHR5zOEc/+erboMFbjFYcoTgKVXHtlsllGMNzvSk/7oiEdzUxjclkGYv9PrAW 7QrA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UnM+8+c3f8zskns2iqqpD+1d8gxKI6fKSE+Y0j/KWpY=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=SWdUCj2PhKHUK6RWvMLZqexRwxuhzoqHI/xCvwlOLjqxOs0PsqoOHOkixpsIB/M03K Gclvy7aLVBKonRNPXMhR/B/wO07ei8nSsDqEMl88wh7zJ+BYi9mXivTVsAgGfur3TteA M6qGm80k2CBGAD5vlaN60+suGRkbEuKb8geXGIcscau+PAlAsmYqkxzVbUgWms/2Z/kT oshwge6EYsrj2/slgNe735AKf+DXacDy7AmccaH5ZC6Inp/USTXrRsL98VEMDYLVNKsG jiYTsSwU0YMSvZYdZ5RrmzYiU4u9kWr7FzgncCfYcCgrghW49inu/O4LKioLa+dfAC/U MSZw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Snd1NsVs; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id s18-20020a17090330d200b001c5fa46f0e6si4658315plc.190.2023.10.29.23.37.41 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:37:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Snd1NsVs; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 9D8B980C0347; Sun, 29 Oct 2023 23:37:40 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231723AbjJ3Ghf (ORCPT + 32 others); Mon, 30 Oct 2023 02:37:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231719AbjJ3Gh2 (ORCPT ); Mon, 30 Oct 2023 02:37:28 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2089.outbound.protection.outlook.com [40.107.237.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3BA08AC; Sun, 29 Oct 2023 23:37:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gLlCLmAx5OFTrixDy4229j3UPnb46AlF52zJNc/4L6ufwYJnsmNCRhJfwJ+v9oohPCaUXB02cK9CcarF5/gnLNBx4UIJVoquxB8kft6ZtxlDirXFkTrc7n2xcsZirSJhC/EhvkzhdXMFckZd+GghgUsgJlFbaP8TSiSnYbCOXDmzBXCmP1/rX4oNlnLfZsL7nHrgQvn7v9KXgXqlSqbLLxnR0r15M7Vsb1DENJzT7Pu68JeVj/H1P36MVCOe9ltZa5+SDoG0Yh6PD+uaHvIhkbTTdLx9dCbV9vL8qs+DOvJkqkPH7HJoXydnPSsqkCdQRd5OydlGQit4b0UuYgYH4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UnM+8+c3f8zskns2iqqpD+1d8gxKI6fKSE+Y0j/KWpY=; b=PRDSSMgmhMYIl1pNx0pfupimx97+cb3J5Onpw8IbhfXa7TjCdYIVjgQ7hhA/ANoDs5sZY1vENAsFfAQ6Bw9Y1f2/FWF9jBDSyf1sawzcfu2ypw1ONueCSHVg/oLO+i34QK3XC3+74cfqL8LcwUO/Emm4mKuGqZ7Q1T9AKfWRrlGc332eks4r15BGSIKnm6NRK68M3Prt5iTZE9t0/TpMirEzZC/OUCAhH/OU+c0ZkjgVstXuuhd4X9gtGU843sKupqamy7kgmfn8li0X8h8LYu3sL3K5jnIMxi0QyK2EGw3kxDjZ4wFazJPc0PUcgP/fT0tREw6EPC6XpAcJ6JYMlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UnM+8+c3f8zskns2iqqpD+1d8gxKI6fKSE+Y0j/KWpY=; b=Snd1NsVsrz5QKIcwVWpyuKJHr2eHN3EDNMnhngx7CMvCz0Y6RHT9ad5ivrLFPp3bXGzCYD+Ka2fTPXEuluFMeJYK2s81RTgpEJ8vr6hbJm68qGmjykwZrLQQazFg+U/XaLJ+lo+vEN0avSAaY7162aYpaWxDGMk/Bc9B5ugYHwg= Received: from MN2PR20CA0060.namprd20.prod.outlook.com (2603:10b6:208:235::29) by PH8PR12MB7135.namprd12.prod.outlook.com (2603:10b6:510:22c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.26; Mon, 30 Oct 2023 06:37:21 +0000 Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:235:cafe::21) by MN2PR20CA0060.outlook.office365.com (2603:10b6:208:235::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27 via Frontend Transport; Mon, 30 Oct 2023 06:37:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:37:21 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:37:16 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 01/14] virt: sev-guest: Use AES GCM crypto library Date: Mon, 30 Oct 2023 12:06:39 +0530 Message-ID: <20231030063652.68675-2-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|PH8PR12MB7135:EE_ X-MS-Office365-Filtering-Correlation-Id: 875d04f7-de63-4e25-568d-08dbd912ab6e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: tU3NaMQ+OLnJ5qQty5HI4/JtyrRjCow45+IvRGBzKvI5XvptKbXwexQnQv2fL24LZljNSuIlICLQWVyXwmgDouMQlFE5q9zpsPkW8UOGib2hYaEdQ25sy0AUYe/UlG28OlirsMbhi3SKvsnHh6pqgXg8elt+wLxlp7lhaUzzjdVE20nOxMGKrzZwOPGQ6CRaE63V7vkuP2cm+UhQkdUfymryaLcBgUUaMATngc5Se18g9sNousUUhO9AoU2zqPc0OEJTwvFvJZ0KBvMxsxyikVkjhznTHAYALSl3G3oA8Y+vMitysQaNvhtwlHmOMWMq4v8ZLRU+nkJVQ7Omz/3U3d4fBZkgGaHlGq1IBW5I9JEDl7YAKUSaKDdJjIUZcdFeHF4v70ji+KGC7LNGL8GJfanN0izvbmRGtbcjUBFs6UisJcRZ6jhwAULuJTtG3ud4qkkyJDELC19NfUSJER0HixmJZlaPMehh+RjpKXVRVByXyR/5N79/UWNBdTwOTVrsCvSwIpMXKvs/kB3XYK//hZqkiFxsMpRrbWnVWRewDfLX9yE/CSc9YwI1E410QsGf04MQEeohrcQ4E6gfN8+yv9lHdb8gqkdLW7CGdbKg+BiFnM3NsTDU7qC+YoPdU+4ojUNp5fhIRc58P+TdGEqU6nxlswHSJ98ldrxPSx5i0kalNYdryjgIUmbL+PeDgv8piKc1LVv+tpAbDcD1GlNtOrZZcqHjgS5AhQKVUBNNO/eaTUYR5xuBod1PHVDlH85huJtjEjqlLf2BtARqp1L4GA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(346002)(136003)(396003)(376002)(230922051799003)(82310400011)(451199024)(64100799003)(186009)(1800799009)(40470700004)(36840700001)(46966006)(40460700003)(36756003)(26005)(16526019)(1076003)(81166007)(83380400001)(426003)(336012)(5660300002)(356005)(7416002)(6666004)(7696005)(2616005)(82740400003)(8676002)(8936002)(47076005)(54906003)(316002)(41300700001)(36860700001)(30864003)(40480700001)(478600001)(110136005)(70586007)(70206006)(4326008)(2906002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:37:21.1362 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 875d04f7-de63-4e25-568d-08dbd912ab6e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7135 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:37:40 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161380289640241 X-GMAIL-MSGID: 1781161380289640241 The sev-guest driver encryption code uses Crypto API for SNP guest messaging to interact with AMD Security processor. For enabling SecureTSC, SEV-SNP guests need to send a TSC_INFO request guest message before the smpboot phase starts. Details from the TSC_INFO response will be used to program the VMSA before the secondary CPUs are brought up. The Crypto API is not available this early in the boot phase. In preparation of moving the encryption code out of sev-guest driver to support SecureTSC and make reviewing the diff easier, start using AES GCM library implementation instead of Crypto API. CC: Ard Biesheuvel Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/Kconfig | 4 +- drivers/virt/coco/sev-guest/sev-guest.c | 163 ++++++------------------ drivers/virt/coco/sev-guest/sev-guest.h | 3 + 3 files changed, 44 insertions(+), 126 deletions(-) diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index da2d7ca531f0..bcc760bfb468 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,9 +2,7 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO - select CRYPTO_AEAD2 - select CRYPTO_GCM + select CRYPTO_LIB_AESGCM help SEV-SNP firmware provides the guest a mechanism to communicate with the PSP without risk from a malicious hypervisor who wishes to read, diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 97dbe715e96a..68044c436866 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -16,8 +16,7 @@ #include #include #include -#include -#include +#include #include #include #include @@ -28,24 +27,16 @@ #include "sev-guest.h" #define DEVICE_NAME "sev-guest" -#define AAD_LEN 48 -#define MSG_HDR_VER 1 #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) #define SNP_REQ_RETRY_DELAY (2*HZ) -struct snp_guest_crypto { - struct crypto_aead *tfm; - u8 *iv, *authtag; - int iv_len, a_len; -}; - struct snp_guest_dev { struct device *dev; struct miscdevice misc; void *certs_data; - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; /* request and response are in unencrypted memory */ struct snp_guest_msg *request, *response; @@ -152,132 +143,59 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) +static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) { - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; - crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); - if (!crypto) + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + if (!ctx) return NULL; - crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); - if (IS_ERR(crypto->tfm)) - goto e_free; - - if (crypto_aead_setkey(crypto->tfm, key, keylen)) - goto e_free_crypto; - - crypto->iv_len = crypto_aead_ivsize(crypto->tfm); - crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); - if (!crypto->iv) - goto e_free_crypto; - - if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { - if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { - dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); - goto e_free_iv; - } + if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + pr_err("SNP: crypto init failed\n"); + kfree(ctx); + return NULL; } - crypto->a_len = crypto_aead_authsize(crypto->tfm); - crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); - if (!crypto->authtag) - goto e_free_iv; - - return crypto; - -e_free_iv: - kfree(crypto->iv); -e_free_crypto: - crypto_free_aead(crypto->tfm); -e_free: - kfree(crypto); - - return NULL; -} - -static void deinit_crypto(struct snp_guest_crypto *crypto) -{ - crypto_free_aead(crypto->tfm); - kfree(crypto->iv); - kfree(crypto->authtag); - kfree(crypto); -} - -static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, - u8 *src_buf, u8 *dst_buf, size_t len, bool enc) -{ - struct snp_guest_msg_hdr *hdr = &msg->hdr; - struct scatterlist src[3], dst[3]; - DECLARE_CRYPTO_WAIT(wait); - struct aead_request *req; - int ret; - - req = aead_request_alloc(crypto->tfm, GFP_KERNEL); - if (!req) - return -ENOMEM; - - /* - * AEAD memory operations: - * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ - * | msg header | plaintext | hdr->authtag | - * | bytes 30h - 5Fh | or | | - * | | cipher | | - * +------------------+------------------+----------------+ - */ - sg_init_table(src, 3); - sg_set_buf(&src[0], &hdr->algo, AAD_LEN); - sg_set_buf(&src[1], src_buf, hdr->msg_sz); - sg_set_buf(&src[2], hdr->authtag, crypto->a_len); - - sg_init_table(dst, 3); - sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); - sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); - sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); - - aead_request_set_ad(req, AAD_LEN); - aead_request_set_tfm(req, crypto->tfm); - aead_request_set_callback(req, 0, crypto_req_done, &wait); - - aead_request_set_crypt(req, src, dst, len, crypto->iv); - ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); - - aead_request_free(req); - return ret; + return ctx; } -static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, +static int __enc_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, void *plaintext, size_t len) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_guest_msg_hdr *hdr = &msg->hdr; + u8 iv[GCM_AES_IV_SIZE] = {}; - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + if (WARN_ON((hdr->msg_sz + ctx->authsize) > sizeof(msg->payload))) + return -EBADMSG; - return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + aesgcm_encrypt(ctx, msg->payload, plaintext, len, &hdr->algo, AAD_LEN, + iv, hdr->authtag); + return 0; } -static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, +static int dec_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, void *plaintext, size_t len) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_guest_msg_hdr *hdr = &msg->hdr; + u8 iv[GCM_AES_IV_SIZE] = {}; - /* Build IV with response buffer sequence number */ - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - - return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + if (aesgcm_decrypt(ctx, plaintext, msg->payload, len, &hdr->algo, + AAD_LEN, iv, hdr->authtag)) + return 0; + else + return -EBADMSG; } static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_guest_msg *resp = &snp_dev->secret_response; struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *req_hdr = &req->hdr; struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); @@ -298,11 +216,11 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz)) + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz)) return -EBADMSG; /* Decrypt the payload */ - return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len); + return dec_payload(ctx, resp, payload, resp_hdr->msg_sz); } static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, @@ -329,7 +247,7 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - return __enc_payload(snp_dev, req, payload, sz); + return __enc_payload(snp_dev->ctx, req, payload, sz); } static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, @@ -472,7 +390,6 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_resp *resp; struct snp_report_req req; int rc, resp_len; @@ -490,7 +407,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -511,7 +428,6 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_derived_key_resp resp = {0}; struct snp_derived_key_req req; int rc, resp_len; @@ -528,7 +444,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp.data) + crypto->a_len; + resp_len = sizeof(resp.data) + snp_dev->ctx->authsize; if (sizeof(buf) < resp_len) return -ENOMEM; @@ -552,7 +468,6 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_ext_report_req req; struct snp_report_resp *resp; int ret, npages = 0, resp_len; @@ -590,7 +505,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -802,8 +717,8 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_free_response; ret = -EIO; - snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); - if (!snp_dev->crypto) + snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN); + if (!snp_dev->ctx) goto e_free_cert_data; misc = &snp_dev->misc; @@ -818,11 +733,13 @@ static int __init sev_guest_probe(struct platform_device *pdev) ret = misc_register(misc); if (ret) - goto e_free_cert_data; + goto e_free_ctx; dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); return 0; +e_free_ctx: + kfree(snp_dev->ctx); e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); e_free_response: @@ -841,7 +758,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev) free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); - deinit_crypto(snp_dev->crypto); + kfree(snp_dev->ctx); misc_deregister(&snp_dev->misc); return 0; diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h index 21bda26fdb95..ceb798a404d6 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -13,6 +13,9 @@ #include #define MAX_AUTHTAG_LEN 32 +#define AUTHTAG_LEN 16 +#define AAD_LEN 48 +#define MSG_HDR_VER 1 /* See SNP spec SNP_GUEST_REQUEST section for the structure */ enum msg_type { From patchwork Mon Oct 30 06:36:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159503 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2017905vqb; Sun, 29 Oct 2023 23:37:43 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGG9PtArmYPWi+GL081/zNcg/Ky8AaBfmkqhc3KXJC7J+KSKPBix8FdKN1WbBr8E2WjQFsL X-Received: by 2002:a17:902:c948:b0:1cc:33f1:3f03 with SMTP id i8-20020a170902c94800b001cc33f13f03mr3422721pla.2.1698647862644; Sun, 29 Oct 2023 23:37:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647862; cv=pass; d=google.com; s=arc-20160816; b=fzHC3NtZdBdPD76dzAycJbvoMpNc2ug2/OyALbraXcaqpGLqSZ9L1KgiycK2kq8WDx GLeza31hPqdrJsMRTA7KtqMy3sQHWnBp0CvFigxz/PNObLtjOlZbFE67yfXyYllLdE/m nFbaOF42oKbUxtLfJFsFfwRAfmT0ZBmxjn1k1IeWFUDjYJ5QOPRRhUMJFJhtTRcgLNYK 8R+X+2ojft13mr7BxoFIqgCwyMwu+pH+H2XVVxP2evABkx04Wv7/Aja10G/6cgnhVdU2 6C74S+KZT7eykxwEJ4YypvoL63dxhaRqNiSZR0DB6KawZL6rkMKg0fbSazzkJnnTGwW9 yshg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CuWu5xWIdMzKejTzmmHqo93fvMIeR7QVxrJdwTwWXrg=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=Cd8tcqaDywRarEAOfWibnx/vNcqDRf8BasQncH66loqX4h2SzAFNXRJl4q+dEXH8H9 +HpYY/RLTA/RBUxgZ5C6nLZ4DbTSTs6arKX2plysNrLP/J7568g2Wt5JcexNdEeI/nc9 M5MFd8c8KfaLlLw7VXVvB4a0D+p5cTpN27jk/myr3ujotbJRQCfsXi1l1UqJ/pQbfZgN dbVZCsPHwhAZTUTMafAI6bAdY7spfqSpLRxukEKsoSWxoq93/2hiTet2K4E70RRdzkZY PKkZQvULbrsnCh9LkltfoEsL8oFLCtfKJOBkT5tYbeXXsoEryw4YJ1rVnSZDCywbZtjh i9fQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=jB1e2uUE; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id c13-20020a170902d48d00b001c9c9e6371fsi4718608plg.527.2023.10.29.23.37.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:37:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=jB1e2uUE; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A3C7380BE2FC; Sun, 29 Oct 2023 23:37:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231589AbjJ3Ghh (ORCPT + 32 others); Mon, 30 Oct 2023 02:37:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57026 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231756AbjJ3Ghc (ORCPT ); Mon, 30 Oct 2023 02:37:32 -0400 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2040.outbound.protection.outlook.com [40.107.220.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 90121F2; Sun, 29 Oct 2023 23:37:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=b0UyENvAN8J95+HwPvS6eLX8ibu1kVvEzJ30Yx3vs6CTV76IoCi90lJfUEKg0O4YoV4dyKBp5vSqSxXPbsEEp5pFjLoyH9qor0WlCYgSJb5DRSoEnytD1KI/so3OZNXq6yGaD+oEs/7FptGTrJwM4gPQFDV9cgM1WxGa4h2Kn7j8tHFRCqJZ7umaMbBKfzlsk2whG5oWeO+imiRfPwK6FkuSJmk5YyZuIdSyaNk8taCqirMM9Y/aqccVItpUAeYIyXmq/SUKO+FwZRGZfHbVBXjJQnyiVor6wnizN3gc+N3viOZrJQlbowTwyQp+vnMIiV56pZgyBS/3VD2JihtIpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CuWu5xWIdMzKejTzmmHqo93fvMIeR7QVxrJdwTwWXrg=; b=D2frA3lr0lvZ2NH7Btqu/+K5hHR69m6XHV42AzchBPsziwwuYcyw8ay1bo8dZe8XtWccpxct7REXfnak8jcFjJtN4jDGvVpobEdTYHmg/is9ZH478SNZOkGKku7JlZvjRh5OqYOD6Ie4e75FOsHXDzFV2wJ0jX54059lRNfzryDXWZUCs2XG6Er0FUSTAEKbINTSzRf8rNYYM59zhddSmJ5ugjSlIoYqiIg2ZzIywEbydZDDPdc6bV2Tas0D+t1DVlSehkl74UCikJOPfH/KGQ+v/xk8WJV/uGxI5JZWTlBb0/Z66eECZy73tQdO/9YU4BHwdgF3oq4X+I3EOrwRjg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CuWu5xWIdMzKejTzmmHqo93fvMIeR7QVxrJdwTwWXrg=; b=jB1e2uUELervAlkxiF1fB5ZaCXSoxLSU/g+uBssNYGXvRTYmz2px0JMdsHAkJ5E1o55SMSSVllmWkMmm1dflx8MAxdjVKB7TLuygUtIMlvA3J2CDrTN66v8phmEOXXfRQaCa0+Izv4h6QbXjfhUYH1ugutvJg4Xw526B88RCajM= Received: from BL0PR02CA0080.namprd02.prod.outlook.com (2603:10b6:208:51::21) by SN7PR12MB8146.namprd12.prod.outlook.com (2603:10b6:806:323::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.26; Mon, 30 Oct 2023 06:37:25 +0000 Received: from BL6PEPF0001AB77.namprd02.prod.outlook.com (2603:10b6:208:51:cafe::fc) by BL0PR02CA0080.outlook.office365.com (2603:10b6:208:51::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:37:25 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB77.mail.protection.outlook.com (10.167.242.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:37:25 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:37:21 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 02/14] virt: sev-guest: Move mutex to SNP guest device structure Date: Mon, 30 Oct 2023 12:06:40 +0530 Message-ID: <20231030063652.68675-3-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB77:EE_|SN7PR12MB8146:EE_ X-MS-Office365-Filtering-Correlation-Id: ece7b02c-8dba-49e7-363c-08dbd912ae11 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: p7uQYf/kYXgxE57foITP+Es05GC/8Ydr+ZV+08mPT1FHFJB0ECSCTYVO4enR3/KelkNDjxsfcyvktXX7c4vR9kWBfaEoFpyU7rMtt5du/uOSQ0aibisHupDNKapoUwqPDbNW0COYOXmfGZbbLnDfKZh6HtWgbiT1EJPEbBTuAf3JfnvEKzA2Bpxw0MyuYFHS0AyxbfQiadoQjq0JeYDA9TCI5aPuGnKbCA1/JT0895445l1VlR1JhcNilCWwdsiR2u1/nvEJ5P8b/Sk/+Ve4hmG3orYut3dQyU7CJA7kASwTchV59Fq0rDuDC9ymOa1tkzOw3aFzOHURyFbVWy5mVurRDpocUKvhVWArdGTBntUJ1kJPfCvvGFqsZJSaZrQypbHy/+MI7wJFb7hfbQ3uBhW08jCyzk5OBOaDlnrO8lk+Z6FN7p6SNIzhcuDbai1aJkbYLYMmXeRleaTZ2ZVZv3uLNVvCkt4sNB5YSQPxkmGy0a5ha67LsvGNtnkzDcy8pSQikXZdflbUnfUGAU0Z2qSdXKGzTMKHh+xF0yhfnfT0JQ8F3Nm+vn805JXwhasAOvJ0jaLQFjPVH7ZUtoE8bYcUkjhnpDjchYPEhUYhaXzqCZcp1q1h1OxHRwPFga0TqpOU8mqxD62ieQa4Wh3SKOkP/ImLlcJ9jccDWxgHx2nKIAXfazT3KdG0jxeoRtqqtLrN54VrJ2gDR2cccUK2R2Iv++P/9KFF7LeGDHPLnxY0qvDjUqJJWoaIdOi5latQ5OgGMb4Qusz6Acrs7jno0Q== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(39860400002)(136003)(376002)(396003)(230922051799003)(451199024)(64100799003)(82310400011)(1800799009)(186009)(36840700001)(40470700004)(46966006)(36860700001)(82740400003)(81166007)(40480700001)(356005)(47076005)(478600001)(6666004)(7696005)(4326008)(8936002)(8676002)(54906003)(316002)(7416002)(2906002)(41300700001)(70206006)(110136005)(70586007)(83380400001)(16526019)(336012)(426003)(2616005)(26005)(1076003)(5660300002)(40460700003)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:37:25.5590 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ece7b02c-8dba-49e7-363c-08dbd912ae11 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB77.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB8146 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:37:41 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161380860764165 X-GMAIL-MSGID: 1781161380860764165 In preparation for providing a new API to the sev-guest driver for sending an SNP guest message, move the SNP command mutex to the snp_guest_dev structure. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 68044c436866..85bda0c72a27 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -35,6 +35,9 @@ struct snp_guest_dev { struct device *dev; struct miscdevice misc; + /* Mutex to serialize the shared buffer access and command handling. */ + struct mutex cmd_mutex; + void *certs_data; struct aesgcm_ctx *ctx; /* request and response are in unencrypted memory */ @@ -98,7 +101,7 @@ static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) { u64 count; - lockdep_assert_held(&snp_cmd_mutex); + lockdep_assert_held(&snp_dev->cmd_mutex); /* Read the current message sequence counter from secrets pages */ count = *snp_dev->os_area_msg_seqno; @@ -394,7 +397,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io struct snp_report_req req; int rc, resp_len; - lockdep_assert_held(&snp_cmd_mutex); + lockdep_assert_held(&snp_dev->cmd_mutex); if (!arg->req_data || !arg->resp_data) return -EINVAL; @@ -434,7 +437,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ u8 buf[64 + 16]; - lockdep_assert_held(&snp_cmd_mutex); + lockdep_assert_held(&snp_dev->cmd_mutex); if (!arg->req_data || !arg->resp_data) return -EINVAL; @@ -472,7 +475,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_report_resp *resp; int ret, npages = 0, resp_len; - lockdep_assert_held(&snp_cmd_mutex); + lockdep_assert_held(&snp_dev->cmd_mutex); if (!arg->req_data || !arg->resp_data) return -EINVAL; @@ -557,12 +560,12 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long if (!input.msg_version) return -EINVAL; - mutex_lock(&snp_cmd_mutex); + mutex_lock(&snp_dev->cmd_mutex); /* Check if the VMPCK is not empty */ if (is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); - mutex_unlock(&snp_cmd_mutex); + mutex_unlock(&snp_dev->cmd_mutex); return -ENOTTY; } @@ -580,7 +583,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long break; } - mutex_unlock(&snp_cmd_mutex); + mutex_unlock(&snp_dev->cmd_mutex); if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; @@ -699,6 +702,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_unmap; } + mutex_init(&snp_dev->cmd_mutex); platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; snp_dev->layout = layout; From patchwork Mon Oct 30 06:36:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159505 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018108vqb; Sun, 29 Oct 2023 23:38:23 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEkBaXrBmsamBjL97ZiGWSd7VLlLtOZ0PM0evHaUqKIQ+xVK99ZhCo+CqfZ0ojjoTuerH9f X-Received: by 2002:a05:6a21:78a4:b0:15e:1351:f33a with SMTP id bf36-20020a056a2178a400b0015e1351f33amr7833743pzc.47.1698647903467; Sun, 29 Oct 2023 23:38:23 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647903; cv=pass; d=google.com; s=arc-20160816; b=PxWtWqTpHr80zD+sUJUltES+DVv/+DBm1pEbKTIxuXa7FT3/c7zUa3cbVMcHU7KeYJ LWhE8h5qERDD/QpHxQI+WnpT9lkJupG8ASQI/oQ97DyKIcAUm0VwgWO8Tt6bWhvA9syM ZD7VQf843JjKDAiS0KvI7vd7cA3TvZZFBSrbZf7E+C/qkPtxJAJNbNiKg0/7saoi9UuZ byxIsOCo5+xT6CBImCOjcx6T6LP1vwZjVRnU6OcTDbnGiLzd/Ak424q1Qqd/5fsXx+hY s/cbSNOJwS7znx4YMrutIaGZEIYg+6CQUUuuvPKzu/teLIGY7/IHf3tCRQA/RJOoI+x1 u4gw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=xtDY/Cbo5PqLUEs7gYmvOhTmBJrfa5I+8NRVgowavig=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=TBuZuFaolZ0g2DuQ8PIjUA2cGJ6lVNPTagQKvjwMOGx4D5EC8B4VyzaDq1i6IZz0uK x1mb0DDK/sMYWWcvmkh98E2gShJA5exLKrcltrY0v/Q1MTbM2y1yAM8/tdwv6R8N51GS h34WXUz1qG+FaWlklV8sHS3paY8/F0THS/gWteuT5BS82t/tDam7Y7PX86cAi6NXC++o vNkJ4FXp6G9MOPRPWCiktkhmVxyIBuheCLh1m4vfuVK9nQ7Hx4kq6o5xnw+mt5+y2NH8 bFsgW56TF6GH82gul9ao8iyyxYtLvj9p4NbbJQ1RfpPotXxyvjeb0AuTdbAJyX8DqeW1 NdkA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=nktWZ6ne; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id jc4-20020a17090325c400b001cc2523cf08si3968467plb.428.2023.10.29.23.38.23 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:38:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=nktWZ6ne; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id 32E868096A76; Sun, 29 Oct 2023 23:38:21 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231736AbjJ3GiO (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55196 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231723AbjJ3GiK (ORCPT ); Mon, 30 Oct 2023 02:38:10 -0400 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2059.outbound.protection.outlook.com [40.107.223.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2380CA7; Sun, 29 Oct 2023 23:38:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=D3Deh/kLSoaViUfgfhSxKGMlvhIvXynCiDpACUiDjgNpj4Y0IqQSkhyDdTawMD8xESBZZKQP0wfMeaW7A8lCPgJO655zb87LNT33qt4f9Gn1YWg/0ihWxBabvaxQxyEqR5ooeq5RiFCaJpLnEVhulVTrY15ynTErqxJIQ61MskgbIFGWq8SG4SEimg+/s/KV+CM9yeCgaKLycb45V/Z/IrHRmU2qgVcWJw9JwwxDFe17dkOtZ9aJDZswpPB04FWkapY1wKysOeNY0fi5Nr8RzAATJuYN5wxkPqCFvXpRQKhchKQ/xPyTldkaDt3eaXoZXDNRlYiJTJW14cgrV19PDg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xtDY/Cbo5PqLUEs7gYmvOhTmBJrfa5I+8NRVgowavig=; b=GVE3R3PA2D4A9ytDlAAWEf16jXCdmFMcKxRCuQVfqAMXSntRh6GLVIRzEqT9BROTVhXrVuPZBcV7WThhbtLzKUo0A/a8qGPTNY62XjAUz7hMmDqLh2lmi568JmJPUy4GPP7ePWqz6pJseV3mYzf09b6/j/R8VO3wJXaFQywwc2I5u5QenKVeMYG8lcuR0asNj2Drz+RxAR3yML4Agv6KErYf4CSBWTfnPgwXBT9YbcIueilbJtNfu0TYoQ5pDWw017Oj3xwJQe5punAc3Qkst1nfbeSve5dRtlDjJ2yYdf3H66W4tRKIvREVIOML7WihppvzKK1Vzl8w95jiUpHDPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xtDY/Cbo5PqLUEs7gYmvOhTmBJrfa5I+8NRVgowavig=; b=nktWZ6neOa9duuFv4KAYl6n/JB4K2xXef+df0p2ZgrpV3o7pO7Yka7Je33PHniBgiXXtoYJHImTxgt/Fnoey25PzfxnhWpL3WkW2iPwcyeAgXz9/54+s7f7y1vEhuFZNi42UGbHZ45XH8D0bgDO97m5kJK28yUoSBErsoXIySg4= Received: from BL1PR13CA0001.namprd13.prod.outlook.com (2603:10b6:208:256::6) by MW5PR12MB5621.namprd12.prod.outlook.com (2603:10b6:303:193::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Mon, 30 Oct 2023 06:38:05 +0000 Received: from BL6PEPF0001AB71.namprd02.prod.outlook.com (2603:10b6:208:256:cafe::2c) by BL1PR13CA0001.outlook.office365.com (2603:10b6:208:256::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:05 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB71.mail.protection.outlook.com (10.167.242.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:05 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:37:25 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 03/14] virt: sev-guest: Replace dev_dbg with pr_debug Date: Mon, 30 Oct 2023 12:06:41 +0530 Message-ID: <20231030063652.68675-4-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB71:EE_|MW5PR12MB5621:EE_ X-MS-Office365-Filtering-Correlation-Id: 4ae6e751-21c7-4b11-b5f9-08dbd912c5fd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KipdYn5V6LFfgskhLo0gR5FvGwFj++4M3lOJo5QKve49THXc33hgHOZGPcCEVukho5IzG3qMig8jfUZ1JL6sV79QQ8CbWr+rT6oxWxTcc69i0upFOCBcXofGs2vhkFApG/1xCoAuIYWDARBUlHZG0gYP4OyqgbKy6GAV4AEGuUVA84Jbu7onFeIJE81ojDGs7kMiwwv7jPtrlBx3nyQV9SgH/hQtcGGNosOCD4yb5YN9+VrXDsC3k1fl4r9RLBEen7ACsQ1B3fZ9ljV/qfBgyzcEiVZMzqJpK6K7EANeQSOzAU5BVYM990+wjJ+xTBerzjDcG0AuMnYXjvsNl4e0Uor1OkxqGa3MT8p21n/A9M9lTI6m5VrI9C7QxeregZxFd/58XyNxnPzO/COhlBYL0W3pwA0jA3N/Lsc0d0+H8dnPyVzZzKzgF8Xvb17p2R6OS7+gJXoxpqREreBPl3oNxOnixSvnYbeYlWkXXAhmer4khAHY94MtYFADb8pu7Za/rr6VfElbBp/s8rotryeETQapG26kYGg9RitFMMQUZUMVNQd6bNkrOmW09l+ECVe0bg8UUDo5JvyRFwneoLjVLwF3ZVv0DdpP//3UtpmaV8S9PcENIC1ymRF7sh045SrL7rssroNfjYAhBaL8Gwl4YgAmmdFb1NjzwAIhID7vwvNFnbnkNIyDosLaXC/YxBulrb+B4J5c+4TDbjQpc6jA8QrOl97AXoVM7SZFP3d33rdRYkPtmwlHGyIezLLZPs1xjnYYpdcvCNmjRZmvNXhH2w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(396003)(136003)(376002)(39860400002)(230922051799003)(82310400011)(64100799003)(186009)(1800799009)(451199024)(46966006)(36840700001)(40470700004)(6666004)(4326008)(8936002)(110136005)(5660300002)(8676002)(70206006)(54906003)(478600001)(1076003)(7696005)(2616005)(16526019)(7416002)(26005)(41300700001)(36860700001)(426003)(336012)(83380400001)(316002)(70586007)(2906002)(47076005)(82740400003)(40460700003)(81166007)(356005)(40480700001)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:05.7122 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4ae6e751-21c7-4b11-b5f9-08dbd912c5fd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB71.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW5PR12MB5621 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:38:21 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161423942725018 X-GMAIL-MSGID: 1781161423942725018 In preparation of moving code to arch/x86/kernel/sev.c, replace dev_dbg with pr_debug. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 85bda0c72a27..49bafd2e9f42 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -200,8 +200,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; struct aesgcm_ctx *ctx = snp_dev->ctx; - dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", - resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); + pr_debug("response [seqno %lld type %d version %d sz %d]\n", + resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, + resp_hdr->msg_sz); /* Copy response from shared memory to encrypted memory. */ memcpy(resp, snp_dev->response, sizeof(*resp)); @@ -247,8 +248,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 if (!hdr->msg_seqno) return -ENOSR; - dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); + pr_debug("request [seqno %lld type %d version %d sz %d]\n", + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); return __enc_payload(snp_dev->ctx, req, payload, sz); } From patchwork Mon Oct 30 06:36:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159511 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018544vqb; Sun, 29 Oct 2023 23:39:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGfWf3I5/q8qu/ibfTC0r/4lexM+0XhvHvs59FlPsXWfBuJCSvbw959zrfR5r686Oh89RgL X-Received: by 2002:a17:902:f10a:b0:1cc:3932:4a87 with SMTP id e10-20020a170902f10a00b001cc39324a87mr1860393plb.56.1698647990738; Sun, 29 Oct 2023 23:39:50 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647990; cv=pass; d=google.com; s=arc-20160816; b=vhugr7lWOP2miTEqjBK5s2nTaBlrZl2wgFQk2fXekle9t6S/N7NNnNzkl0bGytyoxy sWhcrercs7q6VghhYIc5+UDBYeRYvq0EWxUslL4tDkcMf/QyJX+6tqj5zczixYHVtWIA tZWO1APl+CZk2aiK9IJOiB7w/7H3DKOZlbaTx1K5tQITZtOAyxLru61CGPuYJlV3Gfp4 50hpUg0OKhMjWZ6xhySxEFTKnhSSUtOGh6e7VReoeJS0e3t1Zs6XR0XmgF+JY2wh83Mk Bjo+dp1yUmADCG6QQgaCp/64WQz7uCutlRs41YsrXSpBBVs1y5ywFUthVLwGpMHAm/MP ViTw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+Qu8us0rJv+jhvwS7S6PeuVQ8D/EdSOW0XDH+MsZwZA=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=uSGfst0cDiOJ01UzcA1btyvGiWMC+CTE3wNFt2C+UYczaN/HoHWbmmmzqY9zqpIVyF 2yArvY/hF16yJ7EFlqge9UzyH9sylHNeQe1Ztyojgh3Vv661/2ixwn9KEifSo/lWDZg9 qd3hs1hqC+vXw5Sh/HOb5/s7USHIoeiM6klPInmhW75Mx3WiXiIknxFNgmFuLox8JWXW bxiAVE2zJLVJ+qWq6/hRTByf0zdEUshkUBQLWuthFdaeNrOW9wFf5dVP+eI5cGNNF5JV nOzqjhWHELMsW/JSRFL3TIiRlbsfOncaROOHYoAPYdnQr2ao43OOaOFM8VBKPfazQWnt r5gA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=qh3ggaPU; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id a11-20020a170902eccb00b001c9e680c178si2395109plh.394.2023.10.29.23.39.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=qh3ggaPU; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id C34528096B99; Sun, 29 Oct 2023 23:39:38 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231820AbjJ3GiX (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231678AbjJ3GiQ (ORCPT ); Mon, 30 Oct 2023 02:38:16 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2088.outbound.protection.outlook.com [40.107.244.88]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 89757C5; Sun, 29 Oct 2023 23:38:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DMNWx9yAybSWrBz5aIM9CsV7ZDDpJaIg/yNVEICYNxlwdYfwd9XVqiQ6DBVDD3H/2wH/3t5/emhQ+Rgjmo0vOib+F005KH5OkLUt0UjJi4gDNURON54L2RRSaEbj7DpWdNhoKG/He+al+AUcH0/hTkKQqlke+3QtGQixsw8zf8OpePLlgWN1lSi9Mpo9ojxDvT7Oi8mAATnmqeS4XTXESdvpn//mkbm4AjVyePBTDi7dt8ocf0prgCxLnJweDmG+qALMhY7Ta4XkEd2M8IbBtBWpM48CXD3pwHwSGRjrtjEogfCWrtTX895PUBJZx9tTpb9T4RB1exJYgyX19G0RLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+Qu8us0rJv+jhvwS7S6PeuVQ8D/EdSOW0XDH+MsZwZA=; b=YNU1+jspMKZUbX2B3DcUjOJS0XK9fBir7kcvvTfCQ9LhpogywjFdJ4KeO+6JzwHIqXZNM7atu3x6SN2qpUxz9iWZ8R3AmaX61n0dLC8iogMDehhyPfjZLL6mz/6vgpborFdhRFxfdVEExbFsr7DpJU6mAC/zLkjRinhN4KKVcVbFffzeAm9D1plNMQ7Mvccwvf8ygZjl3JtgQ7k9yyFTLBm/VCrtYJB2jTcchlIzP7krGZHYnebHQjmU7QkFFs3LiQS6MqCHkOua/6wkSjJI2Tv+FlbjPF2fJsVw50Xiecdmiye/o12h+MCrg6Iurwv8KdLO5i/6xWlsB6Lqi78FvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Qu8us0rJv+jhvwS7S6PeuVQ8D/EdSOW0XDH+MsZwZA=; b=qh3ggaPU1kGlylQThYb3BQshpdHB6Ehcpd1HqVj1GRSD16Zgi4O4hCelhrZDwY1kbdPIl787iRBeEOPxv9cyZDU74+ba3vMbfF3AobylsuaibktxNzTjsMeJTRLPA7nq91ZARpzR3tPmRU6WIYGW+xfiZo1q2YHDIYkdCPD0Wlg= Received: from BL1PR13CA0299.namprd13.prod.outlook.com (2603:10b6:208:2bc::34) by PH7PR12MB7967.namprd12.prod.outlook.com (2603:10b6:510:273::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Mon, 30 Oct 2023 06:38:10 +0000 Received: from BL6PEPF0001AB78.namprd02.prod.outlook.com (2603:10b6:208:2bc:cafe::ae) by BL1PR13CA0299.outlook.office365.com (2603:10b6:208:2bc::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.14 via Frontend Transport; Mon, 30 Oct 2023 06:38:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB78.mail.protection.outlook.com (10.167.242.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:10 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:05 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 04/14] virt: sev-guest: Add SNP guest request structure Date: Mon, 30 Oct 2023 12:06:42 +0530 Message-ID: <20231030063652.68675-5-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB78:EE_|PH7PR12MB7967:EE_ X-MS-Office365-Filtering-Correlation-Id: c56b6afb-cb7e-4850-edd3-08dbd912c891 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: OlSHF3ceySKs/QnFZXwl6spliWlPJ3QhY/HyQrc7RLS8vSgcaRJZEOxjlmZVn7usuHV/v8ARAb4vTtQXQr+22lAFRJWAILYxM8lEmjeTwUT05Sk71k6c+X5cKu1AayFxePDU3qiK2IhAzt5kvqXvOD5FiQUwnAp6pTR4Pe5eoHkDlaNb7OgzsGh9zZNjm2jEib+Jn1PztXHZ+G0U3SfGGq0fzGPHHyVZ5QiGIL5O3LivHN9WzFENEBgoxX7dTftldXm3KHF+YIPrsw783mMqTHNTg730AC0SzErMPKZJ9taeDCnNWo2GUzx9sBFAdyYFMQ0k/DmPShoib7c/xo9p4Zgwus0L60FiKVLYvjHj7oSwBU5BwwISTOdqwo0gnNnxRW9g3/Eay5fsUvZPwIukzmceI+9E4pssOI0FnlI6FFUHEMIUuSmO42R3rMiEjhJYa21+XLd0otDUyha4Y0LjbjlFPvJYoBerytHhNRtokXa28lpxb2gUvLC5an4nkmEossrUSPAgi4b1ueLayCWENHi8w6GcuWFq3WT+tQyOq/LUBO8AoZrrhcyL+46Fdm+NR2yg58wzMLWKcWdTbRirRf+iJlv2ZRkeAOjXsF0+x61FrLOiMOG1wGagpm+RmHyvJXA1X1Ulf1upjU9AA3lsUK31dOa+8kFjt+YvjaY6CnSqXkvDAEXmBA9XtD/XVmm8rO4XObvkmJ4VQNmVmcXKJlgGQZRJtWt46HreNg5YdIkvLSPPCeAJgUDKgYgIVSfVRTaOso/TwL4iw3WACHtjWA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(39860400002)(136003)(346002)(376002)(230922051799003)(186009)(451199024)(82310400011)(64100799003)(1800799009)(40470700004)(46966006)(36840700001)(82740400003)(83380400001)(40480700001)(40460700003)(47076005)(356005)(36860700001)(81166007)(478600001)(2906002)(30864003)(7416002)(6666004)(7696005)(8676002)(8936002)(4326008)(70586007)(70206006)(110136005)(316002)(54906003)(5660300002)(41300700001)(426003)(336012)(1076003)(16526019)(26005)(2616005)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:10.0233 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c56b6afb-cb7e-4850-edd3-08dbd912c891 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB78.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB7967 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:38 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161515264611084 X-GMAIL-MSGID: 1781161515264611084 Add a snp_guest_req structure to simplify the function arguments. The structure will be used to call the SNP Guest message request API instead of passing a long list of parameters. Signed-off-by: Nikunj A Dadhania --- .../x86/include/asm}/sev-guest.h | 11 ++ arch/x86/include/asm/sev.h | 8 -- arch/x86/kernel/sev.c | 15 ++- drivers/virt/coco/sev-guest/sev-guest.c | 103 +++++++++++------- 4 files changed, 84 insertions(+), 53 deletions(-) rename {drivers/virt/coco/sev-guest => arch/x86/include/asm}/sev-guest.h (80%) diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/arch/x86/include/asm/sev-guest.h similarity index 80% rename from drivers/virt/coco/sev-guest/sev-guest.h rename to arch/x86/include/asm/sev-guest.h index ceb798a404d6..22ef97b55069 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/arch/x86/include/asm/sev-guest.h @@ -63,4 +63,15 @@ struct snp_guest_msg { u8 payload[4000]; } __packed; +struct snp_guest_req { + void *req_buf, *resp_buf, *data; + size_t req_sz, resp_sz, *data_npages; + u64 exit_code; + unsigned int vmpck_id; + u8 msg_version; + u8 msg_type; +}; + +int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio); #endif /* __VIRT_SEVGUEST_H__ */ diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 5b4a1ce3d368..78465a8c7dc6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -97,8 +97,6 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); struct snp_req_data { unsigned long req_gpa; unsigned long resp_gpa; - unsigned long data_gpa; - unsigned int data_npages; }; struct sev_guest_platform_data { @@ -209,7 +207,6 @@ void snp_set_memory_private(unsigned long vaddr, unsigned long npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); @@ -233,11 +230,6 @@ static inline void snp_set_memory_private(unsigned long vaddr, unsigned long npa static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } -static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) -{ - return -ENOTTY; -} - static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 6395bfd87b68..f8caf0a73052 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -28,6 +28,7 @@ #include #include #include +#include #include #include #include @@ -2167,15 +2168,21 @@ static int __init init_sev_config(char *str) } __setup("sev=", init_sev_config); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) +int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; unsigned long flags; struct ghcb *ghcb; + u64 exit_code; int ret; rio->exitinfo2 = SEV_RET_NO_FW_CALL; + if (!req) + return -EINVAL; + + exit_code = req->exit_code; /* * __sev_get_ghcb() needs to run with IRQs disabled because it is using @@ -2192,8 +2199,8 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn vc_ghcb_invalidate(ghcb); if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { - ghcb_set_rax(ghcb, input->data_gpa); - ghcb_set_rbx(ghcb, input->data_npages); + ghcb_set_rax(ghcb, __pa(req->data)); + ghcb_set_rbx(ghcb, *req->data_npages); } ret = sev_es_ghcb_hv_call(ghcb, &ctxt, exit_code, input->req_gpa, input->resp_gpa); @@ -2212,7 +2219,7 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN): /* Number of expected pages are returned in RBX */ if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { - input->data_npages = ghcb_get_rbx(ghcb); + *req->data_npages = ghcb_get_rbx(ghcb); ret = -ENOSPC; break; } diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 49bafd2e9f42..5801dd52ffdf 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -23,8 +23,7 @@ #include #include - -#include "sev-guest.h" +#include #define DEVICE_NAME "sev-guest" @@ -192,7 +191,7 @@ static int dec_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, return -EBADMSG; } -static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) +static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *guest_req) { struct snp_guest_msg *resp = &snp_dev->secret_response; struct snp_guest_msg *req = &snp_dev->secret_request; @@ -220,29 +219,28 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz)) + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > guest_req->resp_sz)) return -EBADMSG; /* Decrypt the payload */ - return dec_payload(ctx, resp, payload, resp_hdr->msg_sz); + return dec_payload(ctx, resp, guest_req->resp_buf, resp_hdr->msg_sz); } -static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, - void *payload, size_t sz) +static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) { - struct snp_guest_msg *req = &snp_dev->secret_request; - struct snp_guest_msg_hdr *hdr = &req->hdr; + struct snp_guest_msg *msg = &snp_dev->secret_request; + struct snp_guest_msg_hdr *hdr = &msg->hdr; - memset(req, 0, sizeof(*req)); + memset(msg, 0, sizeof(*msg)); hdr->algo = SNP_AEAD_AES_256_GCM; hdr->hdr_version = MSG_HDR_VER; hdr->hdr_sz = sizeof(*hdr); - hdr->msg_type = type; - hdr->msg_version = version; + hdr->msg_type = req->msg_type; + hdr->msg_version = req->msg_version; hdr->msg_seqno = seqno; - hdr->msg_vmpck = vmpck_id; - hdr->msg_sz = sz; + hdr->msg_vmpck = req->vmpck_id; + hdr->msg_sz = req->req_sz; /* Verify the sequence number is non-zero */ if (!hdr->msg_seqno) @@ -251,10 +249,10 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 pr_debug("request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - return __enc_payload(snp_dev->ctx, req, payload, sz); + return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz); } -static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, +static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { unsigned long req_start = jiffies; @@ -269,7 +267,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); + rc = snp_issue_guest_request(req, &snp_dev->input, rio); switch (rc) { case -ENOSPC: /* @@ -279,8 +277,8 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = snp_dev->input.data_npages; - exit_code = SVM_VMGEXIT_GUEST_REQUEST; + override_npages = *req->data_npages; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* * Override the error to inform callers the given extended @@ -335,15 +333,13 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, } if (override_npages) - snp_dev->input.data_npages = override_npages; + *req->data_npages = override_npages; return rc; } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, - struct snp_guest_request_ioctl *rio, u8 type, - void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz) +static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) { u64 seqno; int rc; @@ -357,7 +353,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); + rc = enc_payload(snp_dev, seqno, req); if (rc) return rc; @@ -368,7 +364,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, memcpy(snp_dev->request, &snp_dev->secret_request, sizeof(snp_dev->secret_request)); - rc = __handle_guest_request(snp_dev, exit_code, rio); + rc = __handle_guest_request(snp_dev, req, rio); if (rc) { if (rc == -EIO && rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) @@ -377,12 +373,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", rc, rio->exitinfo2); - snp_disable_vmpck(snp_dev); return rc; } - rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); + rc = verify_and_dec_payload(snp_dev, req); if (rc) { dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); snp_disable_vmpck(snp_dev); @@ -394,6 +389,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { + struct snp_guest_req guest_req = {0}; struct snp_report_resp *resp; struct snp_report_req req; int rc, resp_len; @@ -416,9 +412,16 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!resp) return -ENOMEM; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, - SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, - resp_len); + guest_req.msg_version = arg->msg_version; + guest_req.msg_type = SNP_MSG_REPORT_REQ; + guest_req.vmpck_id = vmpck_id; + guest_req.req_buf = &req; + guest_req.req_sz = sizeof(req); + guest_req.resp_buf = resp->data; + guest_req.resp_sz = resp_len; + guest_req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(snp_dev, &guest_req, arg); if (rc) goto e_free; @@ -433,6 +436,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { struct snp_derived_key_resp resp = {0}; + struct snp_guest_req guest_req = {0}; struct snp_derived_key_req req; int rc, resp_len; /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ @@ -455,8 +459,16 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) return -EFAULT; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, - SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len); + guest_req.msg_version = arg->msg_version; + guest_req.msg_type = SNP_MSG_KEY_REQ; + guest_req.vmpck_id = vmpck_id; + guest_req.req_buf = &req; + guest_req.req_sz = sizeof(req); + guest_req.resp_buf = buf; + guest_req.resp_sz = resp_len; + guest_req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(snp_dev, &guest_req, arg); if (rc) return rc; @@ -472,9 +484,11 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { + struct snp_guest_req guest_req = {0}; struct snp_ext_report_req req; struct snp_report_resp *resp; - int ret, npages = 0, resp_len; + int ret, resp_len; + size_t npages = 0; lockdep_assert_held(&snp_dev->cmd_mutex); @@ -514,14 +528,22 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (!resp) return -ENOMEM; - snp_dev->input.data_npages = npages; - ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, - SNP_MSG_REPORT_REQ, &req.data, - sizeof(req.data), resp->data, resp_len); + guest_req.msg_version = arg->msg_version; + guest_req.msg_type = SNP_MSG_REPORT_REQ; + guest_req.vmpck_id = vmpck_id; + guest_req.req_buf = &req.data; + guest_req.req_sz = sizeof(req.data); + guest_req.resp_buf = resp->data; + guest_req.resp_sz = resp_len; + guest_req.exit_code = SVM_VMGEXIT_EXT_GUEST_REQUEST; + guest_req.data = snp_dev->certs_data; + guest_req.data_npages = &npages; + + ret = snp_send_guest_request(snp_dev, &guest_req, arg); /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; + req.certs_len = npages << PAGE_SHIFT; if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) ret = -EFAULT; @@ -530,7 +552,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques if (ret) goto e_free; - if (npages && + if (npages && req.certs_len && copy_to_user((void __user *)req.certs_address, snp_dev->certs_data, req.certs_len)) { ret = -EFAULT; @@ -734,7 +756,6 @@ static int __init sev_guest_probe(struct platform_device *pdev) /* initial the input address for guest request */ snp_dev->input.req_gpa = __pa(snp_dev->request); snp_dev->input.resp_gpa = __pa(snp_dev->response); - snp_dev->input.data_gpa = __pa(snp_dev->certs_data); ret = misc_register(misc); if (ret) From patchwork Mon Oct 30 06:36:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159506 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018190vqb; Sun, 29 Oct 2023 23:38:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IErPf/MKEeZq8j0OYlf0aFQRlf6evWLcNsAD5+fayzMulfiS9Qq8S2T2wKGJcz9+zkf+IP4 X-Received: by 2002:a05:6359:2e01:b0:169:92d:64c5 with SMTP id ro1-20020a0563592e0100b00169092d64c5mr6620997rwb.32.1698647922533; Sun, 29 Oct 2023 23:38:42 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647922; cv=pass; d=google.com; s=arc-20160816; b=XkHu791ixc6nTj1nZy2TdJyE8rO00P5RLBoW5VHaBE/b5PLFLNa9VbNAZ1TzfSAmsk 9Z71BhcpWXlIlX/Dkq/+rsnQpyjM5Qf0amSSPVNSr8S+Xqm8jU9dPWN18shxoxGbUkdV Wq+mNp7B/xh4JkgZO6RDRrWNSL5eMmmlM2MikEEkPw+BKMFzXFhaPMtXaB8A9DO/QXV6 zDCkmAxyT2lZ0dgiyE0yFez7KbbjKf4srURxVxerJd+/oF1pwLadIXVfegV7S71Bnym6 dPOXhis0PU+uE4RxDQhtzTQ2yk9JHOsKnye+0TXw6thp3t8HGGvEOB89OxBRauNjDAwO vIig== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=H5C9YlLNWvr9aZipyWk6dgDei/vUf8ig2OfXDucLg9I=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=d2mA8502psLZY2fc+1/1gsr5CX4lyRk1PYWamcHkSMc4B7zV4MMOYgNeXw1sjF/6YV 5zMaAvQ3HpzonNjZm7simhksfV3ozkarn5eAmMdwOyPFiIbE1Cp124TCubrrunvddCId VulbAFuG9RsNpUt/3DB/UoEvPwD62LviuxEiRJ59roMDCa3iJEVjsbQ26xWBDwTpIMDf purhQWKGQOgDM4Em02GKhQUxi4qSPzL5iBPYRYB+1ptQadpDY7OWG/nqmQ3enVTwykRQ hSpsDERPmS6Md1N73dGBKqZYXP1Vx9Aa51c2b6/mmvp89XLS+NGCNPhyIZRdZK0b2zqi GCZw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=VL9YDlKp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id 76-20020a63024f000000b005b999968b85si899508pgc.666.2023.10.29.23.38.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:38:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=VL9YDlKp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 353E180C034A; Sun, 29 Oct 2023 23:38:41 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231824AbjJ3Gi3 (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53906 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231743AbjJ3GiX (ORCPT ); Mon, 30 Oct 2023 02:38:23 -0400 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2041.outbound.protection.outlook.com [40.107.236.41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D2D9109; Sun, 29 Oct 2023 23:38:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=GCSrC4Csnv/MoH1Re/cL3xh75R2zpptWlZEiY4sRqIDzOhKLk2yKxUAfHYD4IIt1Ei/rnyoj4qG2pQYiqVpLMy38+ERT6HVJGRIGufcJ9AAiICaqeSIKL4ff3oRhqGUxFSJPmzMgCtdsWzVEYdbLgI5OOgZPimHelW5objEs8UMh3g58NH4JAvHBeKrZ9aY8Wnb9kiCZkrVhnSZT6ubnCuqiDXd5ZbBxm6KjuFuT6O4Ugvl2rPFBUebQ9lf46TCWiawzYqSas5VDfo+bMu90VMzsIrimAwipvcG02rKnuLgauSADJNqM4XJNm2ZL2D79ij9EA6KF5ckjMxcQXZ+r6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=H5C9YlLNWvr9aZipyWk6dgDei/vUf8ig2OfXDucLg9I=; b=lSoxohTKZhAxCFItCLIn6JQZHaOTOHZGa1T5iyNI6cT7ddeo5W7NsMXddWZb/KmyohfZbBuJK/pu2HDNztImtq+a2GsRNnYhs4MheRsJpvqZOqh6foJH7MPbj8pdqULJmO1UbEbdTZD8hA0WSneGxqCnQNcU8AeCUJ0mp1RyUhHua+Vt98r337L7AqKPU7Y+gRrrFmF+ghkQwzkxaReStL069yD/4ZzHTpOfi1/vLfUX6nQqaEnIW9u+1iRjcRRWzt+2fNSffldRMdv+dzuNpy77cFqIl+PNyk21ZbJVXkH8gD3Nv3axohdZXe0xP3+zHgq8pqrKj3c9w3oedreeIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H5C9YlLNWvr9aZipyWk6dgDei/vUf8ig2OfXDucLg9I=; b=VL9YDlKpElcWVbfctLJtIBzZnG4gvOpuWh60bVA8P/2PhMG4YTEPDfusCVa6FXFqD+GM+5E+DOC/0CzQGE0XYuHJmTQ4lmuO8rSpa9RlkTQXEo/WNxgkab2i17PrIT7Icak+noTjCpdQvtITebEmthM64Ris+4STnbKx3wPTL+4= Received: from MN2PR20CA0065.namprd20.prod.outlook.com (2603:10b6:208:235::34) by DM4PR12MB6112.namprd12.prod.outlook.com (2603:10b6:8:aa::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.22; Mon, 30 Oct 2023 06:38:14 +0000 Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:235:cafe::6a) by MN2PR20CA0065.outlook.office365.com (2603:10b6:208:235::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:38:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:14 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:09 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct Date: Mon, 30 Oct 2023 12:06:43 +0530 Message-ID: <20231030063652.68675-6-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|DM4PR12MB6112:EE_ X-MS-Office365-Filtering-Correlation-Id: 1725621f-884c-4c5d-5310-08dbd912cb16 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: X2gSu3C29TmlVWgwd88BoUPP5hG5dkERh02HGNft0GNxTgDIzvSc2RCmD1cKMtb0ntyEYiajToW0hZQBLlDiaL7CvDseb+q6RrtTNeEw9Y0PVHgsJ/nG2kiywugggZM1Xtys2UT2I3+JpPGxcHEi/gZz/O4Uy22r8pTk0nzUxfszFM6ASuEEVyBuJEx+i/p65dU136jobyx2mmAQW4ZyVulRt+dOV/ZBreaZ+AlxMqXfFugDyuUERw0SJ84KIXFdoTWg32DlXw7y/3f6IYWKdYcp8XREbrzAT7SDG0RjOlYL+3anONfUxe46i37KKn95Ttx5Te8NDu3bLV2x0vWZGGODfzUGRw05yNYkFLWrBrCxU0emeOqSlVRY1NYM8iGTD5FNxRob9gJ2+RK/YiCenL7j/+99hweTmGo9aRLN0KU6vRvYxcyXGUQkhuBPPxDs/NyHppiY96yjkpxpFqtJc3O6Gb0Rbtq6bH2DD+JpKF2YmSlPQs+t/oypX0SzIpoef6PaYTgOnMuasJH4Hlehd2z/drE9z3Lup8LVGwsX2MQn3LbyviRu8Z7nuAWDKk05vBXw1BSV9OxRXAxE910L2zuE9FoiaGu+yXxoncCFFyh2/nOPRklfUzuK0fdXS6HUq55oXp5kn+YvUREeBI90GlRwGVcaUfEnvOeXz8ozDJKKFfcLr4YxpSGSlSxplTy5h8l0MDR8rq2l1APrrbaoTgugXhnSg/lkA0PP9JCIBsd7nuGlyZ+21nBIcnbU9e6sWl7Ib5X5dhg0QobY8utD5g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(396003)(136003)(346002)(376002)(230922051799003)(186009)(82310400011)(1800799009)(64100799003)(451199024)(40470700004)(46966006)(36840700001)(2906002)(83380400001)(7416002)(47076005)(36860700001)(81166007)(426003)(40480700001)(336012)(5660300002)(1076003)(356005)(2616005)(82740400003)(41300700001)(110136005)(316002)(70586007)(54906003)(40460700003)(6666004)(7696005)(8676002)(16526019)(26005)(478600001)(70206006)(4326008)(8936002)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:14.2465 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1725621f-884c-4c5d-5310-08dbd912cb16 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB6112 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:38:41 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161443844476288 X-GMAIL-MSGID: 1781161443844476288 Drop vmpck and os_area_msg_seqno pointers so that secret page layout does not need to be exposed to the sev-guest driver after the rework. Instead, add helper APIs to access vmpck and os_area_msg_seqno when needed. Also, change function is_vmpck_empty() to snp_is_vmpck_empty() in preparation for moving to sev.c. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.c | 85 ++++++++++++------------- 1 file changed, 42 insertions(+), 43 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 5801dd52ffdf..4dd094c73e2f 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -50,8 +50,7 @@ struct snp_guest_dev { struct snp_secrets_page_layout *layout; struct snp_req_data input; - u32 *os_area_msg_seqno; - u8 *vmpck; + unsigned int vmpck_id; }; static u32 vmpck_id; @@ -61,14 +60,22 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP. /* Mutex to serialize the shared buffer access and command handling. */ static DEFINE_MUTEX(snp_cmd_mutex); -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) +static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev) { - char zero_key[VMPCK_KEY_LEN] = {0}; + return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN; +} - if (snp_dev->vmpck) - return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); +static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev) +{ + return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id; +} - return true; +static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) +{ + char zero_key[VMPCK_KEY_LEN] = {0}; + u8 *key = snp_get_vmpck(snp_dev); + + return !memcmp(key, zero_key, VMPCK_KEY_LEN); } /* @@ -90,20 +97,22 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) */ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) { + u8 *key = snp_get_vmpck(snp_dev); + dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n", - vmpck_id); - memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); - snp_dev->vmpck = NULL; + snp_dev->vmpck_id); + memzero_explicit(key, VMPCK_KEY_LEN); } static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) { + u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev); u64 count; lockdep_assert_held(&snp_dev->cmd_mutex); /* Read the current message sequence counter from secrets pages */ - count = *snp_dev->os_area_msg_seqno; + count = *os_area_msg_seqno; return count + 1; } @@ -131,11 +140,13 @@ static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) { + u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev); + /* * The counter is also incremented by the PSP, so increment it by 2 * and save in secrets page. */ - *snp_dev->os_area_msg_seqno += 2; + *os_area_msg_seqno += 2; } static inline struct snp_guest_dev *to_snp_dev(struct file *file) @@ -145,15 +156,22 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) +static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) { struct aesgcm_ctx *ctx; + u8 *key; + + if (snp_is_vmpck_empty(snp_dev)) { + pr_err("SNP: vmpck id %d is null\n", snp_dev->vmpck_id); + return NULL; + } ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); if (!ctx) return NULL; - if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + key = snp_get_vmpck(snp_dev); + if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { pr_err("SNP: crypto init failed\n"); kfree(ctx); return NULL; @@ -586,7 +604,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long mutex_lock(&snp_dev->cmd_mutex); /* Check if the VMPCK is not empty */ - if (is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); mutex_unlock(&snp_dev->cmd_mutex); return -ENOTTY; @@ -656,32 +674,14 @@ static const struct file_operations snp_guest_fops = { .unlocked_ioctl = snp_guest_ioctl, }; -static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno) +bool snp_assign_vmpck(struct snp_guest_dev *dev, int vmpck_id) { - u8 *key = NULL; + if (WARN_ON(vmpck_id > 3)) + return false; - switch (id) { - case 0: - *seqno = &layout->os_area.msg_seqno_0; - key = layout->vmpck0; - break; - case 1: - *seqno = &layout->os_area.msg_seqno_1; - key = layout->vmpck1; - break; - case 2: - *seqno = &layout->os_area.msg_seqno_2; - key = layout->vmpck2; - break; - case 3: - *seqno = &layout->os_area.msg_seqno_3; - key = layout->vmpck3; - break; - default: - break; - } + dev->vmpck_id = vmpck_id; - return key; + return true; } static int __init sev_guest_probe(struct platform_device *pdev) @@ -713,14 +713,14 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_unmap; ret = -EINVAL; - snp_dev->vmpck = get_vmpck(vmpck_id, layout, &snp_dev->os_area_msg_seqno); - if (!snp_dev->vmpck) { + snp_dev->layout = layout; + if (!snp_assign_vmpck(snp_dev, vmpck_id)) { dev_err(dev, "invalid vmpck id %d\n", vmpck_id); goto e_unmap; } /* Verify that VMPCK is not zero. */ - if (is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev)) { dev_err(dev, "vmpck id %d is null\n", vmpck_id); goto e_unmap; } @@ -728,7 +728,6 @@ static int __init sev_guest_probe(struct platform_device *pdev) mutex_init(&snp_dev->cmd_mutex); platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - snp_dev->layout = layout; /* Allocate the shared page used for the request and response message. */ snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); @@ -744,7 +743,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_free_response; ret = -EIO; - snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN); + snp_dev->ctx = snp_init_crypto(snp_dev); if (!snp_dev->ctx) goto e_free_cert_data; From patchwork Mon Oct 30 06:36:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159516 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018869vqb; Sun, 29 Oct 2023 23:40:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGCM/VNGYWPhQ1deO5F46Q1enZ0++6aDgokxR4ixCR+CIKGPJyt+oLBVkSpY64RyfinuOWV X-Received: by 2002:a17:902:d2cd:b0:1cc:332f:9e4b with SMTP id n13-20020a170902d2cd00b001cc332f9e4bmr6791988plc.1.1698648055077; Sun, 29 Oct 2023 23:40:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698648055; cv=pass; d=google.com; s=arc-20160816; b=YQEuDtUmrxsNlkUndN7b6NKMJKNM5o+3zFlbTHh+S1rOFJfmI+Xa+Uqg1fZ6ZsTYvo XTviraMRx94jJvn70ciVtDbjZOMfFzBW168KeIGtdCprzLcMqewF2BP2t2Kn8M8hBG/D zFVh8FDBrpvtuK3lBBL/6wOg66md0SUAuqFJXczDySlFe+mviIpmdRu4fDM7jcZ1tiXG e/MoDlAO1S3zn1GJ94+Yvw7OgHvcyQUtpQAcarpePeEwbvNaII7KT/3JJX8+W2yVBMQq lAYhBdt9TfPopJveMOIKkRkKstrTG8Iftf8/u5BjpoJSjZggCBNcZmrHpOKqiiPnT7ZC YayA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CGmhI67DeZTozEPOTZr4zamRvVEdOWwEP881PZjnnQc=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=eUnKGl8gycvQwDY5kguBYdhmzPD7iRCY8oJzUd/ZDMJofhP23aDxcuNiBYeZbENnML NM5QasSzK9Xk1in7ZKkbyFBgHMQqsFGyer6Mi18ye8p1gTm7mDte6nADHBpSF34Lp6pp Kk5uq8hKGLXLukNmIU1FGDb3jXPxSvnSPRfIzEKyoYtkkZvi0Yr/kEcOV4X9cO3bulvC erOoepg0BHVkX0zJZZbcz5hmRT1lyEvUpqHYi43Z6CYNoWGJs94iRwcZlOwAMAgV3GrA rcu/yMSiJRxDu3+6RqVmQ56+Bdsez/oS8Nw6Wh01k9XMiBi+7i/SeyjxO1OTtpoK+bGE ik0g== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=wmZ50rkK; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id w11-20020a170902e88b00b001cc4770b98asi1462249plg.357.2023.10.29.23.40.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:40:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=wmZ50rkK; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 537BF807B990; Sun, 29 Oct 2023 23:40:30 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231783AbjJ3Gii (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231725AbjJ3GiZ (ORCPT ); Mon, 30 Oct 2023 02:38:25 -0400 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2055.outbound.protection.outlook.com [40.107.93.55]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 084A2C5; Sun, 29 Oct 2023 23:38:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FMpolhSrjre8oBUuhODoswJJ+OvzpawQi6MzQKtTnFwcwWhnXfCfExrdwU7xzB6ui9CjZZtAx9RLuY9GR3ePomddrqeOCAvLMg1V3tr89CnCZsO1e5QOELjx81O6z3SXHGFS5T11MRwTJBC8ppAUzKrYiA9SnjEQsHMPHohIpyWqL1eLkbycUUB2NONsoip4lVpCfj1By3ysiARVEawqAOf3jEhyRytj5QZ9Qe99+1ZgKp41m62/hIaz1eTfZIZ8GaIJhHVrx+9dGh32dIRP/n6csw29qAZAuBea58aSnuk0YxMXeN+HcYmzUoFWrxvv91hvy9Gp+6Cua0vFRVQ/+Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CGmhI67DeZTozEPOTZr4zamRvVEdOWwEP881PZjnnQc=; b=GfuTvvzlDe6tirU7Hb+E99LQT+4tBlgChkBU4oabZ1DasX4Z3jj7Y6kCHjwdMebrN5Cg5gOLV0mUQ+CYWJMrYlcinHZUwS5p6pO2ExclGq2RM3d6olaGqIVfVF2o/yk1pLU2x07ATxLHwTO4s7gT49/cAXZORPC3Bt157cgodDuvhGUIU6p0dYMzfsz/AqOQgl8ARLFdtmPCT5k2SJeM7JH2W023PR4z8O+KXyZZhvjeWHCJ+ls1KOa/448ZkAjbfeTPTmcsJsS8RphMPFHI60CfKZ6Nrh0YQsQLAAciaSb6XazBythY7P7JHGtsMPcGnSacUY2CZ8EpNgR58C5BFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CGmhI67DeZTozEPOTZr4zamRvVEdOWwEP881PZjnnQc=; b=wmZ50rkKJpyfbubfv5u5CttRVr165FrmoyFPobsKoidB6+pvyCf9Pr1PNAjqewMz9HIGK5oSBilNLGewKO9q6Iyfo/L6jsWduk5AOk2EDvQx9fPHI4Udta6fY6R7w8yiq8Q71ZDiSLbqt2r+nm4VLEz+v6Bb0FuorZpHwt+vraA= Received: from MN2PR20CA0044.namprd20.prod.outlook.com (2603:10b6:208:235::13) by PH7PR12MB5596.namprd12.prod.outlook.com (2603:10b6:510:136::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Mon, 30 Oct 2023 06:38:19 +0000 Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:235:cafe::e2) by MN2PR20CA0044.outlook.office365.com (2603:10b6:208:235::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:38:19 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:19 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:14 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 06/14] x86/sev: Cache the secrets page address Date: Mon, 30 Oct 2023 12:06:44 +0530 Message-ID: <20231030063652.68675-7-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|PH7PR12MB5596:EE_ X-MS-Office365-Filtering-Correlation-Id: 74ed083c-0df2-4b6d-2ffa-08dbd912ce1d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: IO0JT0VJjoyTfLNrmWwx00rG9BpDlOvvBwaoXFYgLxWzjIGsBFh9G658EoPKjTc9bIRxHA0M6Q+T/QnyGUD9UP5Was6/y3pJBd9YDqa4+NZoPX1zMskazSv1vQ87HpLyTXoiTJNgkxtmPvexgLnpu3qB5nQ+eLdTeEzkgLuS9v8qYPUt5spo8eO24SQu6Ccc6d4bieC8uLZcWQJ9EO8LC8RIc4oDDdm0aKxkQ5UJ/q4BbNasXW553ZuJXFUiMeDV4piL1w4W9SbKwT8j6/0Utl6uITIvaFML2CeMaGG2ozpcZ1rYpe6GTQQdxCvHT4L7ULsOicPf5DX09sTaPazdKaNnIrb/zovrwsheurBdtJ40NyeRyJSLyNKu+SjdexucUzQQh0LiMligNow3moQ16mKRnGLZ8iysK7a9cnTsCuJll3gCHBzzeeZbCy/d1AJ4Uc0hVOpzx3w6F4CQD75Ya1GzJ3l7RRj4GBZhahIsdyEWn5NmAPCQLyJziVnTnBEChUD2RGH9fmbQDkdKTa2MwAq72j3bHkYnq9JiwkCg6FLDlu4oHxwQbwEG6rZMQqI+pZrGZPa3rpeFEQK8fbzjjgIJ6FDcn3Bz6SCuVdJ1+GP5v53a1gdr+I8FFovrBfwTABKwdWxNgkZI51WXh1484Pb4mi/bin36wf6EBIM98YBJTkBGSGFTlAOqnnUjhRRf9MWWR1mxG2JU9MYdWFM4tQ7g+5dJgjE5aINi1gcmaS18iaoOVZGl+cp6om/cVOsPx8+YAPNWia6x0LJAjlUmyQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(376002)(396003)(346002)(136003)(230922051799003)(82310400011)(451199024)(186009)(64100799003)(1800799009)(40470700004)(36840700001)(46966006)(40460700003)(110136005)(54906003)(70586007)(70206006)(4326008)(8936002)(8676002)(316002)(7416002)(5660300002)(41300700001)(2906002)(83380400001)(426003)(336012)(356005)(81166007)(47076005)(82740400003)(26005)(16526019)(2616005)(1076003)(36860700001)(478600001)(40480700001)(6666004)(7696005)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:19.3246 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 74ed083c-0df2-4b6d-2ffa-08dbd912ce1d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5596 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:40:30 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161582798983471 X-GMAIL-MSGID: 1781161582798983471 Save the secrets page address during snp_init() from the CC blob. Use secrets_pa instead of calling get_secrets_page() that remaps the CC blob for getting the secrets page every time. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/kernel/sev.c | 52 +++++++++++++------------------------------ 1 file changed, 16 insertions(+), 36 deletions(-) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index f8caf0a73052..fd3b822fa9e7 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -72,6 +72,9 @@ static struct ghcb *boot_ghcb __section(".data"); /* Bitmap of SEV features supported by the hypervisor */ static u64 sev_hv_features __ro_after_init; +/* Secrets page physical address from the CC blob */ +static u64 secrets_pa __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -598,45 +601,16 @@ void noinstr __sev_es_nmi_complete(void) __sev_put_ghcb(&state); } -static u64 __init get_secrets_page(void) -{ - u64 pa_data = boot_params.cc_blob_address; - struct cc_blob_sev_info info; - void *map; - - /* - * The CC blob contains the address of the secrets page, check if the - * blob is present. - */ - if (!pa_data) - return 0; - - map = early_memremap(pa_data, sizeof(info)); - if (!map) { - pr_err("Unable to locate SNP secrets page: failed to map the Confidential Computing blob.\n"); - return 0; - } - memcpy(&info, map, sizeof(info)); - early_memunmap(map, sizeof(info)); - - /* smoke-test the secrets page passed */ - if (!info.secrets_phys || info.secrets_len != PAGE_SIZE) - return 0; - - return info.secrets_phys; -} - static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page_layout *layout; void __iomem *mem; - u64 pa, addr; + u64 addr; - pa = get_secrets_page(); - if (!pa) + if (!secrets_pa) return 0; - mem = ioremap_encrypted(pa, PAGE_SIZE); + mem = ioremap_encrypted(secrets_pa, PAGE_SIZE); if (!mem) { pr_err("Unable to locate AP jump table address: failed to map the SNP secrets page.\n"); return 0; @@ -2083,6 +2057,12 @@ static __init struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp) return cc_info; } +static void __init set_secrets_pa(const struct cc_blob_sev_info *cc_info) +{ + if (cc_info && cc_info->secrets_phys && cc_info->secrets_len == PAGE_SIZE) + secrets_pa = cc_info->secrets_phys; +} + bool __init snp_init(struct boot_params *bp) { struct cc_blob_sev_info *cc_info; @@ -2094,6 +2074,8 @@ bool __init snp_init(struct boot_params *bp) if (!cc_info) return false; + set_secrets_pa(cc_info); + setup_cpuid_table(cc_info); /* @@ -2246,16 +2228,14 @@ static struct platform_device sev_guest_device = { static int __init snp_init_platform_device(void) { struct sev_guest_platform_data data; - u64 gpa; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - gpa = get_secrets_page(); - if (!gpa) + if (!secrets_pa) return -ENODEV; - data.secrets_gpa = gpa; + data.secrets_gpa = secrets_pa; if (platform_device_add_data(&sev_guest_device, &data, sizeof(data))) return -ENODEV; From patchwork Mon Oct 30 06:36:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159513 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018573vqb; Sun, 29 Oct 2023 23:39:57 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEGqj/CxeF/8rXtYHOz9veIxFBVeYAnV+RCz4aM9ByyGr5QOAQmtw9btIpgxCiYoqCSTXVq X-Received: by 2002:a05:6300:8001:b0:160:cf09:8019 with SMTP id an1-20020a056300800100b00160cf098019mr6608571pzc.32.1698647996895; Sun, 29 Oct 2023 23:39:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647996; cv=pass; d=google.com; s=arc-20160816; b=DUR5y8fjxIUqWiUSltnI63XjT989+DlzPNFHOUx/7PZZKTAbmkNt4uplPzcCANxJor vBMmoo3ZfyqBs4R+Lc22RCFkINEIhaSzWTQjJQ7xiPvLfgumYtFgxRjdFNVmp0DR/s6H QqyrNtES4pXrSgHqP0Rq1YBCHSlPkSwTQ6FSiMOEf8OyLh6gnX8/AWtKIn3XIK9XnNRf a2h+Djr30lRkSb2ajNrqAMQfXQfspjOPGXnAtRIPXo8SnY4DXpDt1UYY1Ef2cX76Y5PX 6W3qRhSyM+EYI+9ehDLsGMo3e4F4IVrstGEP9rbPCtuQZnELotAQmvlefW3SxKVg6XVe +tbQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=glpnaVMke0UMMMlcAQio2axbbmAODI6vARcRdyhp90I=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=FPkyT1aphuNb7H/rfIW1MPIcgm9UuM852Vqq4e3kX9rKr8wW2JbR9z1XRPqnHUuwpP IQge/gCNwSNNWcehX5ROIkLr2nMBmt698FA0hsn7kNom7BxRfyJ8CdwHmkTxCvQCrqEC tvfZ6jtPEtdubkFUsLHkPINzP1FBvM0pV7O30usAXRGLEOV/ljc5KTUG8hElfoldaagt FJub8HVHJYMgr2nlR9OVxZJ8EAvWaw67e2b99X3cMcIQUxvxW1oSLWOpB4+LT1Os81LD w8PAT/AdyLaZm1v1mByV/1tliQri8/LEFF6uVupyuTYt3LDRQbp332v5cIygtpVTjlUf 7YzQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=u+Ogj+DH; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id d7-20020a633607000000b005b804d972a2si4656797pga.490.2023.10.29.23.39.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=u+Ogj+DH; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id B3A4D8053C6F; Sun, 29 Oct 2023 23:39:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231835AbjJ3Giv (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231901AbjJ3Gih (ORCPT ); Mon, 30 Oct 2023 02:38:37 -0400 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2054.outbound.protection.outlook.com [40.107.237.54]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DAC00127; Sun, 29 Oct 2023 23:38:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OsaG20PExSnZzE0l1p/6BwcGQ8sAveCdR7n0zxy4zBDM515NLhRVRmnrlopXd60h9DiKwd63XGjiizlC5ou5K2Z593rRcTKBxo3+QSqsz+Bti4YMp1+S93jMj/Vl+PsO/A/c0WP5OjUYrlqUxx7lTx+MYzpEVZcHXIlj/4SGnfwZI46I7khYjLwYT1yBv4tvGtbK6rkzFO9KtBJDJkWf/u80NYsL+qzHCv1VrdhgWW68VU2f/UReE8kIGenN8b/qDFKZHqUU5ynxca2WDKTd9m23fm3Ga72d9aRara+MTBfFAHLy9nQM/fb45IXFpQu1DqkHOTRY1Ec3pzMwYWDJxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=glpnaVMke0UMMMlcAQio2axbbmAODI6vARcRdyhp90I=; b=FjRd47w7Qpp0WtOQ6u2UxIl/oFPC04bK3z8dWtvh/4vq9fKdgC8iQckhuOzYso/FoJSaAbVnLpV9apyvkkuS3wPr1VY+zPpESj9YSdjdj6wyuYFYpbDaOsTmT7OG4K2ihIwjeFVb0EBjPgqIzS4y5JA32TglfADEdiZSIWC3mZ2pKdSO7Vj35ShJh8MfXXV1uRZ3C4JFkwd/WH+yiN1VW/5Gwe4BNe2TTrTaSlTM0rNW96eRL4v1qbWp1AOf/dmP/ylliKHWNb+3fhhJoVe+761J17A/9FLXfk6QPerp7DyNWARxR0H5VR7ua2GNkox+cysRAdnva0fhF39GuLHi/g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=glpnaVMke0UMMMlcAQio2axbbmAODI6vARcRdyhp90I=; b=u+Ogj+DHTzFBPSQ2C2nZsnuPew0s0E6D7eou2cla1Oxj1yqQtQEpFT/TcM7PSR14nCleMASMNgNwyF0fDuTmF+HLpXqoqNJRbSm4eqq8Vb21PwaMkiy57eX9QyquVTma6i7aIGNUgLGzGNi6rBgR1DRcUPUBmeGhISfpymf4UeY= Received: from BL0PR02CA0080.namprd02.prod.outlook.com (2603:10b6:208:51::21) by CH0PR12MB5219.namprd12.prod.outlook.com (2603:10b6:610:d2::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28; Mon, 30 Oct 2023 06:38:24 +0000 Received: from BL6PEPF0001AB77.namprd02.prod.outlook.com (2603:10b6:208:51:cafe::fa) by BL0PR02CA0080.outlook.office365.com (2603:10b6:208:51::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:38:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB77.mail.protection.outlook.com (10.167.242.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:24 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:19 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 07/14] x86/sev: Move and reorganize sev guest request api Date: Mon, 30 Oct 2023 12:06:45 +0530 Message-ID: <20231030063652.68675-8-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB77:EE_|CH0PR12MB5219:EE_ X-MS-Office365-Filtering-Correlation-Id: 45237a59-2fbe-48ac-a89a-08dbd912d102 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: kuVncGA4jfftc5ZowrHvwBPBkTdEGtcS0xW2vamg9yTKzjL+7L0BncJxWFRrqmwVKAzxnFlI3MtMF3YdMj/ywCDGKEh7rksuN8zCZQBq5gVvVnxDhktofE8XmKjg3ikc7Wq1l2nZtJ2GNbywmP0zHYylraOXvigq/RdMXHMkFO8izKEvR206WaPGabwsFh9hSLd857GhgVrSE9Ypb+On58y7bcNpCIzJ3jv88UwABu+rSeZNOysJKMyesZ6o0R3pljEV4JMpfFHywtBQVGJTL8x1vIuls9t+AhUhnEOn7eoKVJDm5Vsst+xHtvf171HmomFEOvzXPdPaHZLjul7o35okdRrLa2rrXkH1b/JhA8FtF1hmi/8OF57yiDJW/V468YMLNnrV4Yt3ZF2Vzxpm1KTOLxJ0+bZz6O8lPXKQiZm6eJskRGx01my1qAv4rzH9k78eAgNOXk3HC/OP1/khzLiT+/BIYtPH1Qgk8xG23ljTF4lePta9o2GyHu1OfNtzniyW29uQHZMwL7DbNlECIw2fwYFmQlcFQWS/okiyYc+hGqBH5a/6tQqEdbFe+n2IjJuLPfP1kSWE4FkaJLetknuLYU0RpcvnEwTX7SetL7KkuU3c8DgUn378G7dhLmhmy84ATOTd3/5A7reBToYdMHcRmWCILavxPHNj5X9QxpXN1/+aVxBszTlBIOEz0a2XR39sr5RKNSMkToHvAr3f1du5cC6HQhYZtd4bwaa2FSxmcUx9W5AoS11GsL++FFnMgeDiXk02KZ+XjUtYYh3JWg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(39860400002)(396003)(376002)(136003)(230922051799003)(64100799003)(186009)(82310400011)(1800799009)(451199024)(40470700004)(36840700001)(46966006)(40480700001)(40460700003)(16526019)(26005)(1076003)(2616005)(478600001)(6666004)(7696005)(36860700001)(83380400001)(336012)(426003)(47076005)(7416002)(2906002)(30864003)(110136005)(70206006)(41300700001)(70586007)(5660300002)(4326008)(8936002)(8676002)(54906003)(316002)(356005)(81166007)(82740400003)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:24.1839 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 45237a59-2fbe-48ac-a89a-08dbd912d102 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB77.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB5219 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161522019695805 X-GMAIL-MSGID: 1781161522019695805 For enabling Secure TSC, SEV-SNP guests need to communicate with the AMD Security Processor early during boot. Many of the required functions are implemented in the sev-guest driver and therefore not available at early boot. Move the required functions and provide an API to the driver to assign key and send guest request. Signed-off-by: Nikunj A Dadhania --- arch/x86/Kconfig | 1 + arch/x86/include/asm/sev-guest.h | 84 +++- arch/x86/include/asm/sev.h | 10 - arch/x86/kernel/sev.c | 466 ++++++++++++++++++++++- drivers/virt/coco/sev-guest/Kconfig | 1 - drivers/virt/coco/sev-guest/sev-guest.c | 486 +----------------------- 6 files changed, 555 insertions(+), 493 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 66bfabae8814..245a18f6910a 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1509,6 +1509,7 @@ config AMD_MEM_ENCRYPT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select UNACCEPTED_MEMORY + select CRYPTO_LIB_AESGCM help Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/arch/x86/include/asm/sev-guest.h b/arch/x86/include/asm/sev-guest.h index 22ef97b55069..e6f94208173d 100644 --- a/arch/x86/include/asm/sev-guest.h +++ b/arch/x86/include/asm/sev-guest.h @@ -11,6 +11,11 @@ #define __VIRT_SEVGUEST_H__ #include +#include +#include + +#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) +#define SNP_REQ_RETRY_DELAY (2*HZ) #define MAX_AUTHTAG_LEN 32 #define AUTHTAG_LEN 16 @@ -58,11 +63,45 @@ struct snp_guest_msg_hdr { u8 rsvd3[35]; } __packed; +/* SNP Guest message request */ +struct snp_req_data { + unsigned long req_gpa; + unsigned long resp_gpa; +}; + struct snp_guest_msg { struct snp_guest_msg_hdr hdr; u8 payload[4000]; } __packed; +struct sev_guest_platform_data { + /* request and response are in unencrypted memory */ + struct snp_guest_msg *request, *response; + + struct snp_secrets_page_layout *layout; + struct snp_req_data input; +}; + +struct snp_guest_dev { + struct device *dev; + struct miscdevice misc; + + /* Mutex to serialize the shared buffer access and command handling. */ + struct mutex cmd_mutex; + + void *certs_data; + struct aesgcm_ctx *ctx; + + /* + * Avoid information leakage by double-buffering shared messages + * in fields that are in regular encrypted memory + */ + struct snp_guest_msg secret_request, secret_response; + + struct sev_guest_platform_data *pdata; + unsigned int vmpck_id; +}; + struct snp_guest_req { void *req_buf, *resp_buf, *data; size_t req_sz, resp_sz, *data_npages; @@ -72,6 +111,47 @@ struct snp_guest_req { u8 msg_type; }; -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio); +int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev); +int snp_send_guest_request(struct snp_guest_dev *dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio); +bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id); +bool snp_is_vmpck_empty(unsigned int vmpck_id); + +static void free_shared_pages(void *buf, size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + int ret; + + if (!buf) + return; + + ret = set_memory_encrypted((unsigned long)buf, npages); + if (ret) { + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + return; + } + + __free_pages(virt_to_page(buf), get_order(sz)); +} + +static void *alloc_shared_pages(size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + struct page *page; + int ret; + + page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); + if (!page) + return NULL; + + ret = set_memory_decrypted((unsigned long)page_address(page), npages); + if (ret) { + pr_err("%s: failed to mark page shared, ret=%d\n", __func__, ret); + __free_pages(page, get_order(sz)); + return NULL; + } + + return page_address(page); +} + #endif /* __VIRT_SEVGUEST_H__ */ diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 78465a8c7dc6..783150458864 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -93,16 +93,6 @@ extern bool handle_vc_boot_ghcb(struct pt_regs *regs); #define RMPADJUST_VMSA_PAGE_BIT BIT(16) -/* SNP Guest message request */ -struct snp_req_data { - unsigned long req_gpa; - unsigned long resp_gpa; -}; - -struct sev_guest_platform_data { - u64 secrets_gpa; -}; - /* * The secrets page contains 96-bytes of reserved field that can be used by * the guest OS. The guest OS uses the area to save the message sequence diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index fd3b822fa9e7..fb3b1feb1b84 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include @@ -941,6 +942,457 @@ static void snp_cleanup_vmsa(struct sev_es_save_area *vmsa) free_page((unsigned long)vmsa); } +static struct sev_guest_platform_data *platform_data; + +static inline u8 *snp_get_vmpck(unsigned int vmpck_id) +{ + if (!platform_data) + return NULL; + + return platform_data->layout->vmpck0 + vmpck_id * VMPCK_KEY_LEN; +} + +static inline u32 *snp_get_os_area_msg_seqno(unsigned int vmpck_id) +{ + if (!platform_data) + return NULL; + + return &platform_data->layout->os_area.msg_seqno_0 + vmpck_id; +} + +bool snp_is_vmpck_empty(unsigned int vmpck_id) +{ + char zero_key[VMPCK_KEY_LEN] = {0}; + u8 *key = snp_get_vmpck(vmpck_id); + + if (key) + return !memcmp(key, zero_key, VMPCK_KEY_LEN); + + return true; +} +EXPORT_SYMBOL_GPL(snp_is_vmpck_empty); + +/* + * If an error is received from the host or AMD Secure Processor (ASP) there + * are two options. Either retry the exact same encrypted request or discontinue + * using the VMPCK. + * + * This is because in the current encryption scheme GHCB v2 uses AES-GCM to + * encrypt the requests. The IV for this scheme is the sequence number. GCM + * cannot tolerate IV reuse. + * + * The ASP FW v1.51 only increments the sequence numbers on a successful + * guest<->ASP back and forth and only accepts messages at its exact sequence + * number. + * + * So if the sequence number were to be reused the encryption scheme is + * vulnerable. If the sequence number were incremented for a fresh IV the ASP + * will reject the request. + */ +static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) +{ + u8 *key = snp_get_vmpck(snp_dev->vmpck_id); + + pr_alert("Disabling vmpck_id %d to prevent IV reuse.\n", snp_dev->vmpck_id); + memzero_explicit(key, VMPCK_KEY_LEN); +} + +static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) +{ + u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev->vmpck_id); + u64 count; + + if (!os_area_msg_seqno) { + pr_err("SNP unable to get message sequence counter\n"); + return 0; + } + + lockdep_assert_held(&snp_dev->cmd_mutex); + + /* Read the current message sequence counter from secrets pages */ + count = *os_area_msg_seqno; + + return count + 1; +} + +/* Return a non-zero on success */ +static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) +{ + u64 count = __snp_get_msg_seqno(snp_dev); + + /* + * The message sequence counter for the SNP guest request is a 64-bit + * value but the version 2 of GHCB specification defines a 32-bit storage + * for it. If the counter exceeds the 32-bit value then return zero. + * The caller should check the return value, but if the caller happens to + * not check the value and use it, then the firmware treats zero as an + * invalid number and will fail the message request. + */ + if (count >= UINT_MAX) { + pr_err("SNP request message sequence counter overflow\n"); + return 0; + } + + return count; +} + +static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) +{ + u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev->vmpck_id); + + if (!os_area_msg_seqno) { + pr_err("SNP unable to get message sequence counter\n"); + return; + } + + /* + * The counter is also incremented by the PSP, so increment it by 2 + * and save in secrets page. + */ + *os_area_msg_seqno += 2; +} + +static struct aesgcm_ctx *snp_init_crypto(unsigned int vmpck_id) +{ + struct aesgcm_ctx *ctx; + u8 *key; + + if (snp_is_vmpck_empty(vmpck_id)) { + pr_err("SNP: vmpck id %d is null\n", vmpck_id); + return NULL; + } + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + if (!ctx) + return NULL; + + key = snp_get_vmpck(vmpck_id); + if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { + pr_err("SNP: crypto init failed\n"); + kfree(ctx); + return NULL; + } + + return ctx; +} + +int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev) +{ + struct sev_guest_platform_data *pdata; + int ret; + + if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) { + pr_err("SNP not supported\n"); + return 0; + } + + if (platform_data) { + pr_debug("SNP platform data already initialized.\n"); + goto create_ctx; + } + + if (!secrets_pa) { + pr_err("SNP no secrets page\n"); + return -ENODEV; + } + + pdata = kzalloc(sizeof(struct sev_guest_platform_data), GFP_KERNEL); + if (!pdata) { + pr_err("SNP alloc failed\n"); + return -ENOMEM; + } + + pdata->layout = (__force void *)ioremap_encrypted(secrets_pa, PAGE_SIZE); + if (!pdata->layout) { + pr_err("Unable to locate AP jump table address: failed to map the SNP secrets page.\n"); + goto e_free_pdata; + } + + ret = -ENOMEM; + /* Allocate the shared page used for the request and response message. */ + pdata->request = alloc_shared_pages(sizeof(struct snp_guest_msg)); + if (!pdata->request) + goto e_unmap; + + pdata->response = alloc_shared_pages(sizeof(struct snp_guest_msg)); + if (!pdata->response) + goto e_free_request; + + /* initial the input address for guest request */ + pdata->input.req_gpa = __pa(pdata->request); + pdata->input.resp_gpa = __pa(pdata->response); + platform_data = pdata; + +create_ctx: + ret = -EIO; + snp_dev->ctx = snp_init_crypto(snp_dev->vmpck_id); + if (!snp_dev->ctx) { + pr_err("SNP init crypto failed\n"); + platform_data = NULL; + goto e_free_response; + } + + snp_dev->pdata = platform_data; + return 0; + +e_free_response: + free_shared_pages(pdata->response, sizeof(struct snp_guest_msg)); +e_free_request: + free_shared_pages(pdata->request, sizeof(struct snp_guest_msg)); +e_unmap: + iounmap(pdata->layout); +e_free_pdata: + kfree(pdata); + + return ret; +} +EXPORT_SYMBOL_GPL(snp_setup_psp_messaging); + +static int __enc_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, + void *plaintext, size_t len) +{ + struct snp_guest_msg_hdr *hdr = &msg->hdr; + u8 iv[GCM_AES_IV_SIZE] = {}; + + if (WARN_ON((hdr->msg_sz + ctx->authsize) > sizeof(msg->payload))) + return -EBADMSG; + + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + aesgcm_encrypt(ctx, msg->payload, plaintext, len, &hdr->algo, AAD_LEN, + iv, hdr->authtag); + return 0; +} + +static int dec_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, + void *plaintext, size_t len) +{ + struct snp_guest_msg_hdr *hdr = &msg->hdr; + u8 iv[GCM_AES_IV_SIZE] = {}; + + memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); + if (aesgcm_decrypt(ctx, plaintext, msg->payload, len, &hdr->algo, + AAD_LEN, iv, hdr->authtag)) + return 0; + else + return -EBADMSG; +} + +static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *guest_req, + struct sev_guest_platform_data *pdata) +{ + struct snp_guest_msg *resp = &snp_dev->secret_response; + struct snp_guest_msg *req = &snp_dev->secret_request; + struct snp_guest_msg_hdr *req_hdr = &req->hdr; + struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + + pr_debug("response [seqno %lld type %d version %d sz %d]\n", + resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, + resp_hdr->msg_sz); + + /* Copy response from shared memory to encrypted memory. */ + memcpy(resp, pdata->response, sizeof(*resp)); + + /* Verify that the sequence counter is incremented by 1 */ + if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) + return -EBADMSG; + + /* Verify response message type and version number. */ + if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || + resp_hdr->msg_version != req_hdr->msg_version) + return -EBADMSG; + + /* + * If the message size is greater than our buffer length then return + * an error. + */ + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > guest_req->resp_sz)) + return -EBADMSG; + + return dec_payload(ctx, resp, guest_req->resp_buf, resp_hdr->msg_sz); +} + +static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) +{ + struct snp_guest_msg *msg = &snp_dev->secret_request; + struct snp_guest_msg_hdr *hdr = &msg->hdr; + + memset(msg, 0, sizeof(*msg)); + + hdr->algo = SNP_AEAD_AES_256_GCM; + hdr->hdr_version = MSG_HDR_VER; + hdr->hdr_sz = sizeof(*hdr); + hdr->msg_type = req->msg_type; + hdr->msg_version = req->msg_version; + hdr->msg_seqno = seqno; + hdr->msg_vmpck = req->vmpck_id; + hdr->msg_sz = req->req_sz; + + /* Verify the sequence number is non-zero */ + if (!hdr->msg_seqno) + return -ENOSR; + + pr_debug("request [seqno %lld type %d version %d sz %d]\n", + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); + + return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz); +} + +static int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio); + +static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio, + struct sev_guest_platform_data *pdata) +{ + unsigned long req_start = jiffies; + unsigned int override_npages = 0; + u64 override_err = 0; + int rc; + +retry_request: + /* + * Call firmware to process the request. In this function the encrypted + * message enters shared memory with the host. So after this call the + * sequence number must be incremented or the VMPCK must be deleted to + * prevent reuse of the IV. + */ + rc = snp_issue_guest_request(req, &pdata->input, rio); + switch (rc) { + case -ENOSPC: + /* + * If the extended guest request fails due to having too + * small of a certificate data buffer, retry the same + * guest request without the extended data request in + * order to increment the sequence number and thus avoid + * IV reuse. + */ + override_npages = *req->data_npages; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + /* + * Override the error to inform callers the given extended + * request buffer size was too small and give the caller the + * required buffer size. + */ + override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); + + /* + * If this call to the firmware succeeds, the sequence number can + * be incremented allowing for continued use of the VMPCK. If + * there is an error reflected in the return value, this value + * is checked further down and the result will be the deletion + * of the VMPCK and the error code being propagated back to the + * user as an ioctl() return code. + */ + goto retry_request; + + /* + * The host may return SNP_GUEST_REQ_ERR_BUSY if the request has been + * throttled. Retry in the driver to avoid returning and reusing the + * message sequence number on a different message. + */ + case -EAGAIN: + if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { + rc = -ETIMEDOUT; + break; + } + schedule_timeout_killable(SNP_REQ_RETRY_DELAY); + goto retry_request; + } + + /* + * Increment the message sequence number. There is no harm in doing + * this now because decryption uses the value stored in the response + * structure and any failure will wipe the VMPCK, preventing further + * use anyway. + */ + snp_inc_msg_seqno(snp_dev); + + if (override_err) { + rio->exitinfo2 = override_err; + + /* + * If an extended guest request was issued and the supplied certificate + * buffer was not large enough, a standard guest request was issued to + * prevent IV reuse. If the standard request was successful, return -EIO + * back to the caller as would have originally been returned. + */ + if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + rc = -EIO; + } + + if (override_npages) + *req->data_npages = override_npages; + + return rc; +} + +int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) +{ + struct sev_guest_platform_data *pdata; + u64 seqno; + int rc; + + if (!snp_dev || !snp_dev->pdata || !req || !rio) + return -ENODEV; + + pdata = snp_dev->pdata; + + /* Get message sequence and verify that its a non-zero */ + seqno = snp_get_msg_seqno(snp_dev); + if (!seqno) + return -EIO; + + /* Clear shared memory's response for the host to populate. */ + memset(pdata->response, 0, sizeof(struct snp_guest_msg)); + + /* Encrypt the userspace provided payload in pdata->secret_request. */ + rc = enc_payload(snp_dev, seqno, req); + if (rc) + return rc; + + /* + * Write the fully encrypted request to the shared unencrypted + * request page. + */ + memcpy(pdata->request, &snp_dev->secret_request, sizeof(snp_dev->secret_request)); + + rc = __handle_guest_request(snp_dev, req, rio, pdata); + if (rc) { + if (rc == -EIO && + rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + return rc; + + pr_alert("Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", + rc, rio->exitinfo2); + snp_disable_vmpck(snp_dev); + return rc; + } + + rc = verify_and_dec_payload(snp_dev, req, pdata); + if (rc) { + pr_alert("Detected unexpected decode failure from ASP. rc: %d\n", rc); + snp_disable_vmpck(snp_dev); + return rc; + } + + return 0; +} +EXPORT_SYMBOL_GPL(snp_send_guest_request); + +bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) +{ + if (WARN_ON(vmpck_id > 3)) + return false; + + dev->vmpck_id = vmpck_id; + + return true; +} +EXPORT_SYMBOL_GPL(snp_assign_vmpck); + static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip) { struct sev_es_save_area *cur_vmsa, *vmsa; @@ -2150,8 +2602,8 @@ static int __init init_sev_config(char *str) } __setup("sev=", init_sev_config); -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio) +static int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2218,7 +2670,6 @@ int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *inpu return ret; } -EXPORT_SYMBOL_GPL(snp_issue_guest_request); static struct platform_device sev_guest_device = { .name = "sev-guest", @@ -2227,18 +2678,9 @@ static struct platform_device sev_guest_device = { static int __init snp_init_platform_device(void) { - struct sev_guest_platform_data data; - if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - if (!secrets_pa) - return -ENODEV; - - data.secrets_gpa = secrets_pa; - if (platform_device_add_data(&sev_guest_device, &data, sizeof(data))) - return -ENODEV; - if (platform_device_register(&sev_guest_device)) return -ENODEV; diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index bcc760bfb468..c130456ad401 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,7 +2,6 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO_LIB_AESGCM help SEV-SNP firmware provides the guest a mechanism to communicate with the PSP without risk from a malicious hypervisor who wishes to read, diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 4dd094c73e2f..062ff12b030e 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -27,32 +27,6 @@ #define DEVICE_NAME "sev-guest" -#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) -#define SNP_REQ_RETRY_DELAY (2*HZ) - -struct snp_guest_dev { - struct device *dev; - struct miscdevice misc; - - /* Mutex to serialize the shared buffer access and command handling. */ - struct mutex cmd_mutex; - - void *certs_data; - struct aesgcm_ctx *ctx; - /* request and response are in unencrypted memory */ - struct snp_guest_msg *request, *response; - - /* - * Avoid information leakage by double-buffering shared messages - * in fields that are in regular encrypted memory. - */ - struct snp_guest_msg secret_request, secret_response; - - struct snp_secrets_page_layout *layout; - struct snp_req_data input; - unsigned int vmpck_id; -}; - static u32 vmpck_id; module_param(vmpck_id, uint, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); @@ -60,95 +34,6 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP. /* Mutex to serialize the shared buffer access and command handling. */ static DEFINE_MUTEX(snp_cmd_mutex); -static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev) -{ - return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN; -} - -static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev) -{ - return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id; -} - -static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) -{ - char zero_key[VMPCK_KEY_LEN] = {0}; - u8 *key = snp_get_vmpck(snp_dev); - - return !memcmp(key, zero_key, VMPCK_KEY_LEN); -} - -/* - * If an error is received from the host or AMD Secure Processor (ASP) there - * are two options. Either retry the exact same encrypted request or discontinue - * using the VMPCK. - * - * This is because in the current encryption scheme GHCB v2 uses AES-GCM to - * encrypt the requests. The IV for this scheme is the sequence number. GCM - * cannot tolerate IV reuse. - * - * The ASP FW v1.51 only increments the sequence numbers on a successful - * guest<->ASP back and forth and only accepts messages at its exact sequence - * number. - * - * So if the sequence number were to be reused the encryption scheme is - * vulnerable. If the sequence number were incremented for a fresh IV the ASP - * will reject the request. - */ -static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) -{ - u8 *key = snp_get_vmpck(snp_dev); - - dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n", - snp_dev->vmpck_id); - memzero_explicit(key, VMPCK_KEY_LEN); -} - -static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) -{ - u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev); - u64 count; - - lockdep_assert_held(&snp_dev->cmd_mutex); - - /* Read the current message sequence counter from secrets pages */ - count = *os_area_msg_seqno; - - return count + 1; -} - -/* Return a non-zero on success */ -static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) -{ - u64 count = __snp_get_msg_seqno(snp_dev); - - /* - * The message sequence counter for the SNP guest request is a 64-bit - * value but the version 2 of GHCB specification defines a 32-bit storage - * for it. If the counter exceeds the 32-bit value then return zero. - * The caller should check the return value, but if the caller happens to - * not check the value and use it, then the firmware treats zero as an - * invalid number and will fail the message request. - */ - if (count >= UINT_MAX) { - dev_err(snp_dev->dev, "request message sequence counter overflow\n"); - return 0; - } - - return count; -} - -static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) -{ - u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev); - - /* - * The counter is also incremented by the PSP, so increment it by 2 - * and save in secrets page. - */ - *os_area_msg_seqno += 2; -} - static inline struct snp_guest_dev *to_snp_dev(struct file *file) { struct miscdevice *dev = file->private_data; @@ -156,255 +41,6 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) -{ - struct aesgcm_ctx *ctx; - u8 *key; - - if (snp_is_vmpck_empty(snp_dev)) { - pr_err("SNP: vmpck id %d is null\n", snp_dev->vmpck_id); - return NULL; - } - - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); - if (!ctx) - return NULL; - - key = snp_get_vmpck(snp_dev); - if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { - pr_err("SNP: crypto init failed\n"); - kfree(ctx); - return NULL; - } - - return ctx; -} - -static int __enc_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_msg_hdr *hdr = &msg->hdr; - u8 iv[GCM_AES_IV_SIZE] = {}; - - if (WARN_ON((hdr->msg_sz + ctx->authsize) > sizeof(msg->payload))) - return -EBADMSG; - - memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - aesgcm_encrypt(ctx, msg->payload, plaintext, len, &hdr->algo, AAD_LEN, - iv, hdr->authtag); - return 0; -} - -static int dec_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_msg_hdr *hdr = &msg->hdr; - u8 iv[GCM_AES_IV_SIZE] = {}; - - memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - if (aesgcm_decrypt(ctx, plaintext, msg->payload, len, &hdr->algo, - AAD_LEN, iv, hdr->authtag)) - return 0; - else - return -EBADMSG; -} - -static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *guest_req) -{ - struct snp_guest_msg *resp = &snp_dev->secret_response; - struct snp_guest_msg *req = &snp_dev->secret_request; - struct snp_guest_msg_hdr *req_hdr = &req->hdr; - struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; - struct aesgcm_ctx *ctx = snp_dev->ctx; - - pr_debug("response [seqno %lld type %d version %d sz %d]\n", - resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, - resp_hdr->msg_sz); - - /* Copy response from shared memory to encrypted memory. */ - memcpy(resp, snp_dev->response, sizeof(*resp)); - - /* Verify that the sequence counter is incremented by 1 */ - if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) - return -EBADMSG; - - /* Verify response message type and version number. */ - if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || - resp_hdr->msg_version != req_hdr->msg_version) - return -EBADMSG; - - /* - * If the message size is greater than our buffer length then return - * an error. - */ - if (unlikely((resp_hdr->msg_sz + ctx->authsize) > guest_req->resp_sz)) - return -EBADMSG; - - /* Decrypt the payload */ - return dec_payload(ctx, resp, guest_req->resp_buf, resp_hdr->msg_sz); -} - -static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) -{ - struct snp_guest_msg *msg = &snp_dev->secret_request; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - - memset(msg, 0, sizeof(*msg)); - - hdr->algo = SNP_AEAD_AES_256_GCM; - hdr->hdr_version = MSG_HDR_VER; - hdr->hdr_sz = sizeof(*hdr); - hdr->msg_type = req->msg_type; - hdr->msg_version = req->msg_version; - hdr->msg_seqno = seqno; - hdr->msg_vmpck = req->vmpck_id; - hdr->msg_sz = req->req_sz; - - /* Verify the sequence number is non-zero */ - if (!hdr->msg_seqno) - return -ENOSR; - - pr_debug("request [seqno %lld type %d version %d sz %d]\n", - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - - return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz); -} - -static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - unsigned long req_start = jiffies; - unsigned int override_npages = 0; - u64 override_err = 0; - int rc; - -retry_request: - /* - * Call firmware to process the request. In this function the encrypted - * message enters shared memory with the host. So after this call the - * sequence number must be incremented or the VMPCK must be deleted to - * prevent reuse of the IV. - */ - rc = snp_issue_guest_request(req, &snp_dev->input, rio); - switch (rc) { - case -ENOSPC: - /* - * If the extended guest request fails due to having too - * small of a certificate data buffer, retry the same - * guest request without the extended data request in - * order to increment the sequence number and thus avoid - * IV reuse. - */ - override_npages = *req->data_npages; - req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; - - /* - * Override the error to inform callers the given extended - * request buffer size was too small and give the caller the - * required buffer size. - */ - override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); - - /* - * If this call to the firmware succeeds, the sequence number can - * be incremented allowing for continued use of the VMPCK. If - * there is an error reflected in the return value, this value - * is checked further down and the result will be the deletion - * of the VMPCK and the error code being propagated back to the - * user as an ioctl() return code. - */ - goto retry_request; - - /* - * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been - * throttled. Retry in the driver to avoid returning and reusing the - * message sequence number on a different message. - */ - case -EAGAIN: - if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { - rc = -ETIMEDOUT; - break; - } - schedule_timeout_killable(SNP_REQ_RETRY_DELAY); - goto retry_request; - } - - /* - * Increment the message sequence number. There is no harm in doing - * this now because decryption uses the value stored in the response - * structure and any failure will wipe the VMPCK, preventing further - * use anyway. - */ - snp_inc_msg_seqno(snp_dev); - - if (override_err) { - rio->exitinfo2 = override_err; - - /* - * If an extended guest request was issued and the supplied certificate - * buffer was not large enough, a standard guest request was issued to - * prevent IV reuse. If the standard request was successful, return -EIO - * back to the caller as would have originally been returned. - */ - if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - rc = -EIO; - } - - if (override_npages) - *req->data_npages = override_npages; - - return rc; -} - -static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - u64 seqno; - int rc; - - /* Get message sequence and verify that its a non-zero */ - seqno = snp_get_msg_seqno(snp_dev); - if (!seqno) - return -EIO; - - /* Clear shared memory's response for the host to populate. */ - memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); - - /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, req); - if (rc) - return rc; - - /* - * Write the fully encrypted request to the shared unencrypted - * request page. - */ - memcpy(snp_dev->request, &snp_dev->secret_request, - sizeof(snp_dev->secret_request)); - - rc = __handle_guest_request(snp_dev, req, rio); - if (rc) { - if (rc == -EIO && - rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - return rc; - - dev_alert(snp_dev->dev, - "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", - rc, rio->exitinfo2); - snp_disable_vmpck(snp_dev); - return rc; - } - - rc = verify_and_dec_payload(snp_dev, req); - if (rc) { - dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); - snp_disable_vmpck(snp_dev); - return rc; - } - - return 0; -} - static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { struct snp_guest_req guest_req = {0}; @@ -604,7 +240,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long mutex_lock(&snp_dev->cmd_mutex); /* Check if the VMPCK is not empty */ - if (snp_is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev->vmpck_id)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); mutex_unlock(&snp_dev->cmd_mutex); return -ENOTTY; @@ -632,147 +268,63 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long return ret; } -static void free_shared_pages(void *buf, size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - int ret; - - if (!buf) - return; - - ret = set_memory_encrypted((unsigned long)buf, npages); - if (ret) { - WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); - return; - } - - __free_pages(virt_to_page(buf), get_order(sz)); -} - -static void *alloc_shared_pages(struct device *dev, size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - struct page *page; - int ret; - - page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); - if (!page) - return NULL; - - ret = set_memory_decrypted((unsigned long)page_address(page), npages); - if (ret) { - dev_err(dev, "failed to mark page shared, ret=%d\n", ret); - __free_pages(page, get_order(sz)); - return NULL; - } - - return page_address(page); -} - static const struct file_operations snp_guest_fops = { .owner = THIS_MODULE, .unlocked_ioctl = snp_guest_ioctl, }; -bool snp_assign_vmpck(struct snp_guest_dev *dev, int vmpck_id) -{ - if (WARN_ON(vmpck_id > 3)) - return false; - - dev->vmpck_id = vmpck_id; - - return true; -} - static int __init sev_guest_probe(struct platform_device *pdev) { - struct snp_secrets_page_layout *layout; - struct sev_guest_platform_data *data; struct device *dev = &pdev->dev; struct snp_guest_dev *snp_dev; struct miscdevice *misc; - void __iomem *mapping; int ret; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - if (!dev->platform_data) - return -ENODEV; - - data = (struct sev_guest_platform_data *)dev->platform_data; - mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); - if (!mapping) - return -ENODEV; - - layout = (__force void *)mapping; - - ret = -ENOMEM; snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); if (!snp_dev) - goto e_unmap; + return -ENOMEM; - ret = -EINVAL; - snp_dev->layout = layout; if (!snp_assign_vmpck(snp_dev, vmpck_id)) { dev_err(dev, "invalid vmpck id %d\n", vmpck_id); - goto e_unmap; + ret = -EINVAL; + goto e_free_snpdev; } - /* Verify that VMPCK is not zero. */ - if (snp_is_vmpck_empty(snp_dev)) { - dev_err(dev, "vmpck id %d is null\n", vmpck_id); - goto e_unmap; + if (snp_setup_psp_messaging(snp_dev)) { + dev_err(dev, "Unable to setup PSP messaging vmpck id %d\n", snp_dev->vmpck_id); + ret = -ENODEV; + goto e_free_snpdev; } mutex_init(&snp_dev->cmd_mutex); platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - /* Allocate the shared page used for the request and response message. */ - snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); - if (!snp_dev->request) - goto e_unmap; - - snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); - if (!snp_dev->response) - goto e_free_request; - - snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); + snp_dev->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); if (!snp_dev->certs_data) - goto e_free_response; - - ret = -EIO; - snp_dev->ctx = snp_init_crypto(snp_dev); - if (!snp_dev->ctx) - goto e_free_cert_data; + goto e_free_ctx; misc = &snp_dev->misc; misc->minor = MISC_DYNAMIC_MINOR; misc->name = DEVICE_NAME; misc->fops = &snp_guest_fops; - /* initial the input address for guest request */ - snp_dev->input.req_gpa = __pa(snp_dev->request); - snp_dev->input.resp_gpa = __pa(snp_dev->response); - ret = misc_register(misc); if (ret) - goto e_free_ctx; + goto e_free_cert_data; - dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); + dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", snp_dev->vmpck_id); return 0; -e_free_ctx: - kfree(snp_dev->ctx); e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); -e_free_response: - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); -e_free_request: - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); -e_unmap: - iounmap(mapping); + e_free_ctx: + kfree(snp_dev->ctx); +e_free_snpdev: + kfree(snp_dev); return ret; } @@ -780,11 +332,9 @@ static int __exit sev_guest_remove(struct platform_device *pdev) { struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); - free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); - kfree(snp_dev->ctx); misc_deregister(&snp_dev->misc); + kfree(snp_dev->ctx); + kfree(snp_dev); return 0; } From patchwork Mon Oct 30 06:36:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159507 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018235vqb; Sun, 29 Oct 2023 23:38:52 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFiRNOptcacIFcKIEdQwWD8c/sLG6YQ7Wrd4b3pXBxKiqyn3IBsQM/qfAYq5Xe3ELQeKTZ1 X-Received: by 2002:a17:902:c211:b0:1c7:8345:f377 with SMTP id 17-20020a170902c21100b001c78345f377mr5776387pll.29.1698647931759; Sun, 29 Oct 2023 23:38:51 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647931; cv=pass; d=google.com; s=arc-20160816; b=cf7aI4ZFwxAXCFmXVPIx5RJeCrxF3lRDkE1xzzfIzpNh8zaa4UWXD9hYfYF44WD4SV 488MG7uC6JFJ8kYDZsNZ1BkZMTrB1L7/cC4y81KwU4Pxkn0rUxA86d8Ss5m8wXru5rVY 32H746PyoNFhCMTpq+nO4aMfr5r/7NRbqQ34N0EIAvkSjQ6ztNDNnMC3Vq7x3/oh2kHm nVFsMa6Fw8r+02shyQ8l2JDeyYmOv0zrsdISAnj0U1YdxPOWiRe/jEd+ZJLCstRYTQxV 9CfT80iuxZ8ZQU4f+D+Dz7BeVZRyV+OGtKDIV13KaBLCWsAMULy3w4m3/LBSTLVEX6X4 cC2Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=alWiO7A6Ev8LgO0RcGXnJcSlOO89CqQ5UkCTINWWERY=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=uwD+j6tEYtL7QWC+ng8k7paVigPIQth6uYK5fJ1IQ6OUN2CGaRBYossLGzcHbu/Ave Ug1AKhNtgT+86Jg3Fos+6Qljjw+gFNBuppzRiVwXZX6Z1ePwXMZcK0LGd+7RNbuX2MMm vMCX7FW2g+EVPOHTMlzos0rTK8qcBlHY4RsojS19kzxCuhjyO6sNzzxIiizYgHVtRORa pWnScxhCU3uckqU0IPRNN9NZGrEAR2vIRXrj8gHfGPkgWcDsZbVmqWECzcuppNIWG3n3 A/D5kjhxCq0NJ3mfzVSWpV7cqAHM3JBnAqLONnkMjGxVFlJVpRyA/wAGBaBSP32ZVTak Amkw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=au4RSatn; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id f15-20020a170902684f00b001b7d2b55d8asi4527301pln.626.2023.10.29.23.38.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:38:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=au4RSatn; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 01F2680C0349; Sun, 29 Oct 2023 23:38:51 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231589AbjJ3Gis (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48166 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231898AbjJ3Gih (ORCPT ); Mon, 30 Oct 2023 02:38:37 -0400 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2059.outbound.protection.outlook.com [40.107.94.59]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BBAD41B5; Sun, 29 Oct 2023 23:38:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AwwZNNj06xZkCeqAr8c+EjzqM9WVDMkfgdBH4J50hYiqgUx3zOm2ihmVQrf+cwHPxOdGsPzzNfHXuuMoimjfyVlXzHqGMJipG31iFCuUCvlQxWoQzyW3UpPEAHQzxfztabTWrsSJXMJP2cwomLDPyS56Tw+Kxr7vtH34ehifWE1AZsUO1BfQToNqhFEQ0FYqVIUja8zWWJEqZj93rS1DYql9+LEiE37+w9u/a3BQldCWOC8YLQJJ1T67OZLOkJGn2LUuRlYo7e+8arNV+Us6RWmqD7Zjyy3GGjmoxzw+yffMG0jygYo/cgblpsbV/Um1xduzDukARQTCm8HNAkhJaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=alWiO7A6Ev8LgO0RcGXnJcSlOO89CqQ5UkCTINWWERY=; b=CV1JXtmRXMxwo1FvWbbbw9/0GmZIWNkNc1/AjFy4nk7Bgw0PXevRdNBl543dgW6JuQll5C/ajbW5tfvqLmnjeti+M4lGuB/Q7iVbAlTe82Ge4eN06NXNx4C4BD694Ar7Gyu6LO9L/V7GMFAV5Zf38DdwZuUqMx9ltT944j0b41bO8tgNm5OLmepxdhJs7jSB2W/2dHMVjfLOLWzfq3vTK79MT91I1F3tfolJa45PtB8hSAlg8gN6bX7oqZu+kgS29jAZkTT3WN2fDInLyoVWiBSvuqdTE+I4f1yQI2oPnXY3HjxIuuSOClIZtbMAXAHKmCY1HZ2L6STnpcihsQRrIA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=alWiO7A6Ev8LgO0RcGXnJcSlOO89CqQ5UkCTINWWERY=; b=au4RSatnctp+vv7xqyT/2umAho7T7Y5raUu3tup063t/CiNUeV7G1HCbNtzyYtDn6dXzeDO9d0JeqUD7UpRy6VciKqjr+AH5/Bgpic9QCq5MsTQaXzE6X1TAvR/rbMbqJjm/ntLIrt1xlqscsme0l0wiDxJm974VZU8NSrFqSq8= Received: from MN2PR20CA0041.namprd20.prod.outlook.com (2603:10b6:208:235::10) by DM4PR12MB5795.namprd12.prod.outlook.com (2603:10b6:8:62::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Mon, 30 Oct 2023 06:38:28 +0000 Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:235:cafe::b9) by MN2PR20CA0041.outlook.office365.com (2603:10b6:208:235::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:38:28 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:28 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:24 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 08/14] x86/mm: Add generic guest initialization hook Date: Mon, 30 Oct 2023 12:06:46 +0530 Message-ID: <20231030063652.68675-9-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|DM4PR12MB5795:EE_ X-MS-Office365-Filtering-Correlation-Id: 720eea35-55da-4c42-b6eb-08dbd912d375 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: w28it64YdJQ7VfX4o358WPJKd1Zw/y7iUODJOEoMjIJW15IdIfU0gXaqDUDe+/Cqx0m8DYqAn12eVKLbvji6vJeOluVCjkV540gRo6qb9rH7Du+ln89LXrN8Yrj8P6Ys55MVK6acSoH4uG8jpk1WNtCAkt2xDkrZHqvtDikiYM0ZxaBE4JoTa5OzB45VsvZ9zFv7yO9IQ+/6hGblIMeE+hm8yDt9ZLRZENXGQx4d3yfEJAV5NLaemhji/Y5L2j1/wbWNoQa5v2q64o20ULYKj1bR+c4YcjLroAXP/fkCQbOWIMXeoMsPBYXhxWVrmwhW8NDcHzcE+DR0wJF3PA1cU1NMN+/zPjNsEA/bwojdLF/xDACDnX4xZE/P7uJCf/8M57Mw47QfFwu5ugN8f3BVrhhlLveSz1EtUqRnC1cySywaoI0loFgr8JgH5WNH3u0Lt04gMD/SrS1D6lQtD5QzOj2kkIRBywHwOjs7D/Tv52N5l2Sq09EZrBNAwmtD++xLNTewss+k/TYc8+SiK5W7c5uFAp3K64hJYM95gcd9KhZLLfiKf4iPGH3pFdT7n6ePQX7jlwdXdWRYRawTXR0+1SbXkQ37TEs654ajKDLuCADcj8cykRcjoN942MdhSxcafkCzBRWXS3kFazZf3qt2r41xSxJNCfFK1KZ2B7eE81UULKXYTYiHhnhHbY3bzRe256aV5JLX1AmBoOkA1qCtcpd4vV+0ZNggTBx9Ww1nj4k8AnLwU9zSJ1W+rS9l5qINHl1Wpg6fkhRcusmRsU9qsKspkkT/JOi6cu1QBRejQoM= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(396003)(346002)(376002)(136003)(230922051799003)(451199024)(64100799003)(1800799009)(186009)(82310400011)(40470700004)(46966006)(36840700001)(2906002)(40460700003)(36860700001)(110136005)(54906003)(70206006)(70586007)(47076005)(81166007)(356005)(82740400003)(316002)(7696005)(26005)(6666004)(478600001)(83380400001)(2616005)(16526019)(1076003)(426003)(336012)(41300700001)(7416002)(5660300002)(8936002)(8676002)(4326008)(40480700001)(36756003)(41533002)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:28.2934 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 720eea35-55da-4c42-b6eb-08dbd912d375 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5795 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:38:51 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161453744598695 X-GMAIL-MSGID: 1781161453744598695 Add generic enc_init guest hook for performing any type of initialization that is vendor specific. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/x86_init.h | 2 ++ arch/x86/kernel/x86_init.c | 2 ++ arch/x86/mm/mem_encrypt.c | 3 +++ 3 files changed, 7 insertions(+) diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h index 5240d88db52a..6a08dcd1f3c4 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h @@ -148,12 +148,14 @@ struct x86_init_acpi { * @enc_status_change_finish Notify HV after the encryption status of a range is changed * @enc_tlb_flush_required Returns true if a TLB flush is needed before changing page encryption status * @enc_cache_flush_required Returns true if a cache flush is needed before changing page encryption status + * @enc_init Prepare and initialize encryption features */ struct x86_guest { bool (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool enc); bool (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc); bool (*enc_tlb_flush_required)(bool enc); bool (*enc_cache_flush_required)(void); + void (*enc_init)(void); }; /** diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c index a37ebd3b4773..a07985a96ca5 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c @@ -136,6 +136,7 @@ static bool enc_status_change_finish_noop(unsigned long vaddr, int npages, bool static bool enc_tlb_flush_required_noop(bool enc) { return false; } static bool enc_cache_flush_required_noop(void) { return false; } static bool is_private_mmio_noop(u64 addr) {return false; } +static void enc_init_noop(void) { } struct x86_platform_ops x86_platform __ro_after_init = { .calibrate_cpu = native_calibrate_cpu_early, @@ -158,6 +159,7 @@ struct x86_platform_ops x86_platform __ro_after_init = { .enc_status_change_finish = enc_status_change_finish_noop, .enc_tlb_flush_required = enc_tlb_flush_required_noop, .enc_cache_flush_required = enc_cache_flush_required_noop, + .enc_init = enc_init_noop, }, }; diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 9f27e14e185f..01abecc9a774 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -84,5 +84,8 @@ void __init mem_encrypt_init(void) /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ swiotlb_update_mem_attributes(); + if (x86_platform.guest.enc_init) + x86_platform.guest.enc_init(); + print_mem_encrypt_feature_info(); } From patchwork Mon Oct 30 06:36:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159510 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018524vqb; Sun, 29 Oct 2023 23:39:48 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHEcmWf6sNSHkuQfWfm0n4zzwST7iHcnzUU/LSNPXfd/2G/CgctuG6m3VzDTQ/4cNpv8Uiv X-Received: by 2002:a05:6871:a4c2:b0:1e9:a8f0:d6b6 with SMTP id wb2-20020a056871a4c200b001e9a8f0d6b6mr10544456oab.39.1698647988780; Sun, 29 Oct 2023 23:39:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647988; cv=pass; d=google.com; s=arc-20160816; b=Ew1l2BWVUZokrzLf+1GiONwHEesuaYYxNJ94Y65WHFDJmXH5BLiMJD5GlptCUKp5zL j/p8rewhGgCBBlt1W7hfYpC6BXhT4Ro4zqQfJQQhZkJtOo438LQGnw4c8XrlbKGlakhD JxmVLPhhLvzFtrk+zliPiRnaJsFG/ZBKuNQ5eE6ogVasH3YTZCQGFknpZ+jiTSwsESNu lUwkRM5oA9kTlCeAigBOd9/ev9oqd2UaKzv2zhVPi5bSirG55CMPNd59h121eXg0fNYa a+gfhnVpiRFroA660YkBApHUCAkPdvQMkJZpYZ3Wz5DuC546KWajZh66XIjcCxu9cok9 HbOA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=bp4jAUO4eKwVXWemSIa0DVAncJYRGB33+fKn4KBC5gA=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=UnmrOVsFuhX+H5gULEyDdJpKbv0NH48JwYhtcbnoAvlaMqDIuwblIU/GphVl5r6qwJ rzVGNcvsy4WRcERYRdu+Yao9YL1qDKK1aj9QAgnAcbSKouw63i2y0BCZgKBS2G7WO0DL RHZausAuGYOl9hnYqz3jjkWWyMGZUv0ad7W1WRlybOXcPT4Lmf0cq8SldHZyD2cJ+gG5 OEwkIUj9Vn4K+lHr90ku9bccJXxy5IZfWsBIYHfvLcXqWyABZ133Ernus078m3yMFv/x 7lFaHnHGEeseTGjoafTYHWHBJ7El4NK9OBcTYNH8sg+oOjKmPAs2lM+cZ/RdIy4Q8S7x t1vw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=NyzccndW; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id s186-20020a632cc3000000b005aad5164a45si4562358pgs.444.2023.10.29.23.39.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=NyzccndW; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 23BAF80620A6; Sun, 29 Oct 2023 23:39:39 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231912AbjJ3Giy (ORCPT + 32 others); Mon, 30 Oct 2023 02:38:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48072 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231846AbjJ3Gim (ORCPT ); Mon, 30 Oct 2023 02:38:42 -0400 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2065.outbound.protection.outlook.com [40.107.101.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C0BF2124; Sun, 29 Oct 2023 23:38:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Ku11pd1BzaR6SYmuUXT8lVfnojZUVc2ZNgt0S9siWTVCp3kMCgZkDSbY3EEDOmNzMqZxwa5rxv347AVQ6egeVPRVS7prmZ9pzPWnJfW1b3QU/FzEs70NhdDMGQgY/mHpapicisNZJQyQSPBnOEC3ScRDQzLoMvNbW+6lkBE6zN9qsL6HUEMfeE4m4FEpNa4Xw0DclyOY9SHb9dI8scnMus3DS8Q5OaoW0Wln6TU0vI2g56bQ8R5ij/hHt5R38nfOLZaAxu4XNdB7ePXxdWZO3MHYv7ZWFYiDtYn3OBETDG4XUbIOSAyT7+B0Fx29it7gKuPacHdCA3dijDzsQyNSAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=bp4jAUO4eKwVXWemSIa0DVAncJYRGB33+fKn4KBC5gA=; b=B9ARgX4YHlON34AsuRvme061ZT441QEdRZBjkpC3BSg1JCw7fJBZMvM45TTcmowxzcIh9SPflZInnqjWYGa4UR0JcF9PnidhyJrxweZv/HKek1mcQLDpTA6dmMmk55C/8Ci9hXt6FBvGoQBlxB+gT4VoxRkth35FdhBRxUgL4S7QWuxh7OqMKvVs8h3mlN6in5x5N7Imm/9f7LrIgQewJ+YH3nrrvL4S20TFRAUElq9svZpEz3RWvcEElJhpIdtlLP+wBqc6efp7+sBjUznuJuugwVIs6+GTg/ALbA4/6Bha4iqEOQlPZ6JcfT0SRE0w4WgMcK0NXdjZVD0SbXCQxg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bp4jAUO4eKwVXWemSIa0DVAncJYRGB33+fKn4KBC5gA=; b=NyzccndWiR4FXAKJ/Sr0CbO3fLlxYg35bWWze0bQpNKeddD9VXLQ4nUsfAKCvDiQoh2Nx6wNuvJY+mM3ue7O55uJKptxybiK3IJvHMWSy/z8x/rZ3dVUCe7Ta8vxr61p6qLZeQPKm/nuSFvcCmBpVn1kVBVkGgADI1cCzzTDHLU= Received: from BL1PR13CA0278.namprd13.prod.outlook.com (2603:10b6:208:2bc::13) by IA0PR12MB7628.namprd12.prod.outlook.com (2603:10b6:208:436::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Mon, 30 Oct 2023 06:38:32 +0000 Received: from BL6PEPF0001AB78.namprd02.prod.outlook.com (2603:10b6:208:2bc:cafe::3c) by BL1PR13CA0278.outlook.office365.com (2603:10b6:208:2bc::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB78.mail.protection.outlook.com (10.167.242.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:32 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:28 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 09/14] x86/sev: Add Secure TSC support for SNP guests Date: Mon, 30 Oct 2023 12:06:47 +0530 Message-ID: <20231030063652.68675-10-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB78:EE_|IA0PR12MB7628:EE_ X-MS-Office365-Filtering-Correlation-Id: d7fdd2b4-4572-441e-1745-08dbd912d5f4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 2PFXBzKyV9bnlC+UyFtLBOK3v8Woup36hYfkr9V3rL167+tyCutFTxL5qeHBYi1Q1J+1ewKudsw/9URi76m4U+FDx0OqPbjrdT+15jCqk+HxtXqiIJRO6ktuzrjm48lnJSyATj3Ubdq4fdYTFGkajCNhL7jTRKiwCND0glBZqYQakyFoQ5H/StnasrOOCpFfKznlUofKT512stuscXKRyfrisd0hmW7rhOCZM6VXaaoSQsaTTcuKGVaGMBipaNkfRUXcLQIzyGaBqPqyF0gLm+e9JXPWuUu9GodHACIOrG2pP1rPnQp3Jg4B6SlY09LDq7FjOTzJTq2RsmfUfFISQKAhWAlHMSPmwdT36KcUCEbuyb8QuXRRSnj0XIGINLx4cvdmQHfTiqtRpf65qSH1U9yi8DJ4pr5i4POS2NIUKFx/DzGi8o4w6+UYbXgg6AxOegygPQwYB/BklaXUuecDMSa1jt5ptkMWb3j4WYq+KBZmTXG1P/80hGCXyFx0Mcc1Iw4tniyRLU4pM6kaUlTWOrjSqAP11XDLMN6KlZG09q1ViNBTahpUMt0kDBY3C7mtG/ce3ocwkMldDFXhQKw/tQ4coyz8RNIjWd2Kh/KQCgSQTerSwqfpajRcEMVbkFQM9yDh2OrAt27OP1VV1dsjSE+THPmI5R0dptuAugAIrDmwnsV1qYQbEmtD7J/qsdMG9RnjEddMopXH6ABwEytRwrP+6Ldsu6hoagsAhnaxYNlOJvl0CwsBlOzPAD/GJ6jj/wD4ULiARy+ZzNI3YxPelQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(136003)(346002)(396003)(39860400002)(230922051799003)(82310400011)(186009)(1800799009)(64100799003)(451199024)(36840700001)(46966006)(40470700004)(2906002)(40460700003)(5660300002)(7416002)(41300700001)(4326008)(8676002)(8936002)(36756003)(40480700001)(82740400003)(316002)(54906003)(36860700001)(47076005)(356005)(81166007)(70206006)(70586007)(110136005)(83380400001)(426003)(16526019)(336012)(2616005)(1076003)(26005)(478600001)(7696005)(6666004)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:32.4770 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d7fdd2b4-4572-441e-1745-08dbd912d5f4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB78.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7628 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:39 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161513358125455 X-GMAIL-MSGID: 1781161513358125455 Add support for Secure TSC in SNP enabled guests. Secure TSC allows guest to securely use RDTSC/RDTSCP instructions as the parameters being used cannot be changed by hypervisor once the guest is launched. During the boot-up of the secondary cpus, SecureTSC enabled guests need to query TSC info from AMD Security Processor. This communication channel is encrypted between the AMD Security Processor and the guest, the hypervisor is just the conduit to deliver the guest messages to the AMD Security Processor. Each message is protected with an AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP Guest messages to communicate with the PSP. Signed-off-by: Nikunj A Dadhania --- arch/x86/coco/core.c | 3 ++ arch/x86/include/asm/sev-guest.h | 18 +++++++ arch/x86/include/asm/sev.h | 2 + arch/x86/include/asm/svm.h | 6 ++- arch/x86/kernel/sev.c | 82 ++++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt_amd.c | 6 +++ include/linux/cc_platform.h | 8 ++++ 7 files changed, 123 insertions(+), 2 deletions(-) diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index eeec9986570e..5d5d4d03c543 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -89,6 +89,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_GUEST_SEV_SNP: return sev_status & MSR_AMD64_SEV_SNP_ENABLED; + case CC_ATTR_GUEST_SECURE_TSC: + return sev_status & MSR_AMD64_SNP_SECURE_TSC; + default: return false; } diff --git a/arch/x86/include/asm/sev-guest.h b/arch/x86/include/asm/sev-guest.h index e6f94208173d..58739173eba9 100644 --- a/arch/x86/include/asm/sev-guest.h +++ b/arch/x86/include/asm/sev-guest.h @@ -39,6 +39,8 @@ enum msg_type { SNP_MSG_ABSORB_RSP, SNP_MSG_VMRK_REQ, SNP_MSG_VMRK_RSP, + SNP_MSG_TSC_INFO_REQ = 17, + SNP_MSG_TSC_INFO_RSP, SNP_MSG_TYPE_MAX }; @@ -111,6 +113,22 @@ struct snp_guest_req { u8 msg_type; }; +struct snp_tsc_info_req { +#define SNP_TSC_INFO_REQ_SZ 128 + /* Must be zero filled */ + u8 rsvd[SNP_TSC_INFO_REQ_SZ]; +} __packed; + +struct snp_tsc_info_resp { + /* Status of TSC_INFO message */ + u32 status; + u32 rsvd1; + u64 tsc_scale; + u64 tsc_offset; + u32 tsc_factor; + u8 rsvd2[100]; +} __packed; + int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev); int snp_send_guest_request(struct snp_guest_dev *dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio); diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 783150458864..038a5a15d937 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -200,6 +200,7 @@ void __init __noreturn snp_abort(void); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); +void __init snp_secure_tsc_prepare(void); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -223,6 +224,7 @@ static inline void snp_abort(void) { } static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { } static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } +static inline void __init snp_secure_tsc_prepare(void) { } #endif #endif diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 3ac0ffc4f3e2..ee35c0488f56 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -414,7 +414,9 @@ struct sev_es_save_area { u8 reserved_0x298[80]; u32 pkru; u32 tsc_aux; - u8 reserved_0x2f0[24]; + u64 tsc_scale; + u64 tsc_offset; + u8 reserved_0x300[8]; u64 rcx; u64 rdx; u64 rbx; @@ -546,7 +548,7 @@ static inline void __unused_size_checks(void) BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298); - BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0); + BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0); diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index fb3b1feb1b84..9468809d02c7 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -76,6 +76,10 @@ static u64 sev_hv_features __ro_after_init; /* Secrets page physical address from the CC blob */ static u64 secrets_pa __ro_after_init; +/* Secure TSC values read using TSC_INFO SNP Guest request */ +static u64 guest_tsc_scale __ro_after_init; +static u64 guest_tsc_offset __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -1393,6 +1397,78 @@ bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) } EXPORT_SYMBOL_GPL(snp_assign_vmpck); +static struct snp_guest_dev tsc_snp_dev __initdata; + +static int __init snp_get_tsc_info(void) +{ + static u8 buf[SNP_TSC_INFO_REQ_SZ + AUTHTAG_LEN]; + struct snp_guest_request_ioctl rio; + struct snp_tsc_info_resp tsc_resp; + struct snp_tsc_info_req tsc_req; + struct snp_guest_req req; + int rc, resp_len; + + /* + * The intermediate response buffer is used while decrypting the + * response payload. Make sure that it has enough space to cover the + * authtag. + */ + resp_len = sizeof(tsc_resp) + AUTHTAG_LEN; + if (sizeof(buf) < resp_len) + return -EINVAL; + + memset(&tsc_req, 0, sizeof(tsc_req)); + memset(&req, 0, sizeof(req)); + memset(&rio, 0, sizeof(rio)); + memset(buf, 0, sizeof(buf)); + + if (!snp_assign_vmpck(&tsc_snp_dev, 0)) + return -EINVAL; + + /* Initialize the PSP channel to send snp messages */ + if (snp_setup_psp_messaging(&tsc_snp_dev)) + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); + + req.msg_version = MSG_HDR_VER; + req.msg_type = SNP_MSG_TSC_INFO_REQ; + req.vmpck_id = tsc_snp_dev.vmpck_id; + req.req_buf = &tsc_req; + req.req_sz = sizeof(tsc_req); + req.resp_buf = buf; + req.resp_sz = resp_len; + req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + rc = snp_send_guest_request(&tsc_snp_dev, &req, &rio); + if (rc) + goto err_req; + + memcpy(&tsc_resp, buf, sizeof(tsc_resp)); + pr_debug("%s: Valid response status %x scale %llx offset %llx factor %x\n", + __func__, tsc_resp.status, tsc_resp.tsc_scale, tsc_resp.tsc_offset, + tsc_resp.tsc_factor); + + guest_tsc_scale = tsc_resp.tsc_scale; + guest_tsc_offset = tsc_resp.tsc_offset; + +err_req: + /* The response buffer contains the sensitive data, explicitly clear it. */ + memzero_explicit(buf, sizeof(buf)); + memzero_explicit(&tsc_resp, sizeof(tsc_resp)); + memzero_explicit(&req, sizeof(req)); + + return rc; +} + +void __init snp_secure_tsc_prepare(void) +{ + if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) + return; + + if (snp_get_tsc_info()) + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED); + + pr_debug("SecureTSC enabled\n"); +} + static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip) { struct sev_es_save_area *cur_vmsa, *vmsa; @@ -1493,6 +1569,12 @@ static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip) vmsa->vmpl = 0; vmsa->sev_features = sev_status >> 2; + /* Setting Secure TSC parameters */ + if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) { + vmsa->tsc_scale = guest_tsc_scale; + vmsa->tsc_offset = guest_tsc_offset; + } + /* Switch the page over to a VMSA page now that it is initialized */ ret = snp_set_vmsa(vmsa, true); if (ret) { diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 6faea41e99b6..9935fc506e99 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -215,6 +215,11 @@ void __init sme_map_bootdata(char *real_mode_data) __sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, true); } +void __init amd_enc_init(void) +{ + snp_secure_tsc_prepare(); +} + void __init sev_setup_arch(void) { phys_addr_t total_mem = memblock_phys_mem_size(); @@ -502,6 +507,7 @@ void __init sme_early_init(void) x86_platform.guest.enc_status_change_finish = amd_enc_status_change_finish; x86_platform.guest.enc_tlb_flush_required = amd_enc_tlb_flush_required; x86_platform.guest.enc_cache_flush_required = amd_enc_cache_flush_required; + x86_platform.guest.enc_init = amd_enc_init; /* * AMD-SEV-ES intercepts the RDMSR to read the X2APIC ID in the diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index cb0d6cd1c12f..e081ca4d5da2 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -90,6 +90,14 @@ enum cc_attr { * Examples include TDX Guest. */ CC_ATTR_HOTPLUG_DISABLED, + + /** + * @CC_ATTR_GUEST_SECURE_TSC: Secure TSC is active. + * + * The platform/OS is running as a guest/virtual machine and actively + * using AMD SEV-SNP Secure TSC feature. + */ + CC_ATTR_GUEST_SECURE_TSC, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM From patchwork Mon Oct 30 06:36:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159512 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018568vqb; Sun, 29 Oct 2023 23:39:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGQbac3tiOvGEo9qa78WtR7MjQCSDzQHrXOPMKZ+u4US3VRS09JClurg3RIE1VEBf1w/JFP X-Received: by 2002:a17:902:db0c:b0:1cc:476c:8974 with SMTP id m12-20020a170902db0c00b001cc476c8974mr3049082plx.0.1698647994836; Sun, 29 Oct 2023 23:39:54 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647994; cv=pass; d=google.com; s=arc-20160816; b=El8jyNEKwVMSy67jmdZw3ADs5ZTLM6aYOXJVe75aUy9B1ZnRXMFS8Zbav6OzV1TvjM 8/gJQxmJEXB12JHsoWp+nO8ItpIFCKeR78kkAhemy5JWWIed9L1ZyGhoervadJNPklPn TBbnhRZALXig7wN76ClyMCOQ6x5poNKhtPQtZX28kOFxYrgWZTEs9iQRFiWsA1fLwC/d 6SzyNEYwBrZz9fugdK4vF9yR2nX646CWohYIP96TnPeYLEo1N5C5h9ttE+D0YBCwGm/7 KE/p+F439c+ve207pBUE2EMbhVGz1LO22RuL3IKIeXwMM5LAOH0y3bc1daYn/8ccxdRt 6K2Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SOpPYnPPYgd8ZYlruYWJfqYAnjA4CKjDFWE63jFS0BU=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=sA4GbeOW/aN15LJhDcB2onqJvWjWdnd7L1StoeLRLJR5lTDC2ryydIB0FlEggXLG5P hgb06vW2iivgwnUm1XI2RuizUeflJTZLpd8CpOeKt9p3cxIgBXjswXNoYKJbjNWC7GN/ Z/0gxKRp1xXdwi3RUJGoAzDhTDUl+i3Vl3PwTxMJ7Ew+LHst5sT5OkQLJgrOi8RZqFAK KdEVQ+xgwPWO4IDykkVrRha5sa7xxupEwsWSCS04WE4kmuFrJwgahzHnaxaipRCltDZn OHT09WrP+xZLBiaGpxOzZ1u5MK4mYx40lkO9+/B/KAVcOih96x8Y67jp6zGZRZ+VDTnv x/sw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=dNSk7sYp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from pete.vger.email (pete.vger.email. [23.128.96.36]) by mx.google.com with ESMTPS id ja21-20020a170902efd500b001bdd0d0530dsi4552197plb.129.2023.10.29.23.39.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) client-ip=23.128.96.36; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=dNSk7sYp; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.36 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 394AC80A68A6; Sun, 29 Oct 2023 23:39:46 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231755AbjJ3GjS (ORCPT + 32 others); Mon, 30 Oct 2023 02:39:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231891AbjJ3Gir (ORCPT ); Mon, 30 Oct 2023 02:38:47 -0400 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2065.outbound.protection.outlook.com [40.107.212.65]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 84E60D57; Sun, 29 Oct 2023 23:38:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Dky7irwTM2ac4p+mMMtmzC6teC9RFTYBad+0DbZDbZ0AaKrxYOgZEZYbPDP1hG9OGvFCbPgvUeDvf8go+wS3Iht0aBvV+9paU1Ek+Q5I0x4b1lKhVZuI4h08wi/V2+rtNSEU4KYqrMkC6UwL/3D0goPtveVp/BN69Tf8/YgcKNMTqmuVlzC3JZfIq6oFz4gRrKo7k0CAI9C5yBpOWKDFS8oi0tDNAnack/YoIlpHOPC0ydShxAXGt2lnhOAj35sK6AxRJwQZws9HG3AwPGsyjh6AcDsiQ7gjbuub5j7ASGeKXgoAqx7WXFrsveINwktk+3R8rEi29l/s6e4iMW51Zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SOpPYnPPYgd8ZYlruYWJfqYAnjA4CKjDFWE63jFS0BU=; b=mMhrZ5bY5aYL3Hygu07HAc/0yGSKeOrh3fiYMoGC0Be6NnateP8ilFW5KhNn1anf9UEcsG3mfFDzCKwPmNV2aFMMSnpPuQ4Bdsj3eH8PtNOMuqwNStEd5ClNniTEmLzcDv++m6qBh0GYtu0frL/hG3/1cuCs5mUQhgOmiv1nzKIcOiQo75VKHEuMPEulF2TtPQBj3aX7E/pYf8SEamjErt64C8uJGR+tID4o+7IpbZtTTjRj8UMWncUnFbjgMvA8NBk9aYZdvTTILILe3pzhNXuDWlJsG+0wM+/UqQk4iCQ803jtQppoxdE7VZdVd2rstMAT/ULFm+d9tjYJgwsrSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SOpPYnPPYgd8ZYlruYWJfqYAnjA4CKjDFWE63jFS0BU=; b=dNSk7sYpUUktu1tGCXdnXXLniumOsyH60q3d1992O/gTwVQ+zbHJXfgUdGAUu3BnOdzJGqfqKq7Jl6pnWyFTxy8BwFs4MvF55KXmiqv686Gcj6+lcFxD8bBcN9ZkpQZ6yBuI8PEYCKmJlBE6DDf7Kct8gfskzWH+wcEzLJYZoYk= Received: from BL0PR02CA0101.namprd02.prod.outlook.com (2603:10b6:208:51::42) by MN0PR12MB6319.namprd12.prod.outlook.com (2603:10b6:208:3c0::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28; Mon, 30 Oct 2023 06:38:36 +0000 Received: from BL6PEPF0001AB77.namprd02.prod.outlook.com (2603:10b6:208:51:cafe::b8) by BL0PR02CA0101.outlook.office365.com (2603:10b6:208:51::42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27 via Frontend Transport; Mon, 30 Oct 2023 06:38:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB77.mail.protection.outlook.com (10.167.242.170) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:36 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:32 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 10/14] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Date: Mon, 30 Oct 2023 12:06:48 +0530 Message-ID: <20231030063652.68675-11-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB77:EE_|MN0PR12MB6319:EE_ X-MS-Office365-Filtering-Correlation-Id: 6d676607-123c-4106-8bd3-08dbd912d860 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /tYNyEsoJAMpYa6UD0ZN5sjX2MhZHN9BUtuNqxNT348m3wU5nnmfyPNYwWP6hk0/XFs8uv/lbjqRtyxbInL8mv7aTPyAwUMrlpNVO8ubq8mIXb2cjEGxttI5KPREYfXWwULPAEgG4FKcEOAqg41TYJiJQ3lx7LZMex5c3B1NkJFTJXgaj/mgMmrud26TN5PPWWNjGvY9ezFqKAOtQwE3jLwEJqGKHVIf+E+ocsYCpM9K47wWE64j31zU7uJhVE60m2DmyLrllP6rhJUX+41EOhQCNWMVbMz4oWhw4ey5pxmw2TVo9Od2bLSzGdoRv6v43ZsCIhwO7PaiBidSvFWkEBMPhC0KUk54tvgeK168ktXr1kcXqapTHYp4NFI2ZiDzpC10o3l2xjiutV0LgTyGKme10daZyPyvmjvFYjB6/EXlnuUpXt5+hYsvjkq2LWWzuCwOHSO9CI8xsVpzfk0WiSG25BPgS8MW2FWQw4Ixd458WrQ5NiJ3OyEdFBe8ki9zzDpE3dE690gkLywANInHDrzcnY/g5e0TqjhogMmP1n0R/sBR0gdqk/OaHQQW3p02Ek3ez9W5/3+LLrmEvK1otkFGfzVGYGxiqdk8jvlsNVeGu3QM0ZW+6HZ6JyawKn/HqaX5SbIwKBZ+NuEKKW8AmHRTx/L9O2t8P0yPCJqmDDDvBjimP5ulhqNDuI0uafhzYG2L2q0TlJLJWyUoJPteM9hq7i9DEa6/8qeQDe035o+qwVNDvAs7gObyP40wVLp5iVx2zlC9xMp8I3YQr2qLxA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(346002)(396003)(39860400002)(136003)(376002)(230922051799003)(1800799009)(186009)(82310400011)(64100799003)(451199024)(40470700004)(46966006)(36840700001)(7696005)(6666004)(478600001)(83380400001)(16526019)(47076005)(26005)(2616005)(1076003)(336012)(426003)(2906002)(5660300002)(7416002)(41300700001)(54906003)(316002)(70206006)(110136005)(4326008)(8676002)(8936002)(70586007)(82740400003)(36860700001)(36756003)(81166007)(356005)(40460700003)(40480700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:36.5433 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6d676607-123c-4106-8bd3-08dbd912d860 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB77.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6319 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:47 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161519570550372 X-GMAIL-MSGID: 1781161519570550372 Secure TSC enabled guests should not write MSR_IA32_TSC(10H) register as the subsequent TSC value reads are undefined. MSR_IA32_TSC related accesses should not exit to the hypervisor for such guests. Accesses to MSR_IA32_TSC needs special handling in the #VC handler for the guests with Secure TSC enabled. Writes to MSR_IA32_TSC should be ignored, and reads of MSR_IA32_TSC should return the result of the RDTSC instruction. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/kernel/sev.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index 9468809d02c7..47e2be38a6bc 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -1711,6 +1711,30 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) /* Is it a WRMSR? */ exit_info_1 = (ctxt->insn.opcode.bytes[1] == 0x30) ? 1 : 0; + /* + * TSC related accesses should not exit to the hypervisor when a + * guest is executing with SecureTSC enabled, so special handling + * is required for accesses of MSR_IA32_TSC: + * + * Writes: Writing to MSR_IA32_TSC can cause subsequent reads + * of the TSC to return undefined values, so ignore all + * writes. + * Reads: Reads of MSR_IA32_TSC should return the current TSC + * value, use the value returned by RDTSC. + */ + if (regs->cx == MSR_IA32_TSC && cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) { + u64 tsc; + + if (exit_info_1) + return ES_OK; + + tsc = rdtsc(); + regs->ax = UINT_MAX & tsc; + regs->dx = UINT_MAX & (tsc >> 32); + + return ES_OK; + } + ghcb_set_rcx(ghcb, regs->cx); if (exit_info_1) { ghcb_set_rax(ghcb, regs->ax); From patchwork Mon Oct 30 06:36:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159508 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018432vqb; Sun, 29 Oct 2023 23:39:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGGkUd37SD7IqzwF9PKJYEBPsMSzI365+Oy6+mx0zCWwWgZFOPGmHYOKCqm3OjwIBXcM37q X-Received: by 2002:a17:90b:3901:b0:280:982:aa9f with SMTP id ob1-20020a17090b390100b002800982aa9fmr11126698pjb.7.1698647974457; Sun, 29 Oct 2023 23:39:34 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647974; cv=pass; d=google.com; s=arc-20160816; b=hdHWUYO3P8nqfII9uU6DCFegpTlU72sNjPKvu1E9sVm9xgatcLYlpfkgvZjVj5/KAj PPs7tB5PeHeEYiY4TfMMwT/0aWNNz3yAix0fsnszQ2Ps9D9m/01mwDtiRnk2sdw6Aq41 aoBBjIaWY7FYcEyi0/NehzlC9oamSNnti3v8ndw3RTqGxJXkUmTfZ316h0Yj5ML0xKVc +egNT7IjzDS+eX5O6veFmmTUrNYcrWfmeIknDPk+/U1BZcWqpx0iXep6flLYcVbaNZpV WiipFT/K8mQzLkKnYy4BZ+zVS+cgXMGWgbtaoq0fCPnpaj92iqeleJKH5E6/wYspysj1 HTYw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=UgD9DpK8J/pJKDXITmBQ3y9a5TY6d+jIq/civj9oco4=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=kB1z6y64r6jjig3w4oUrCzgFLzQX6ZZpiINchcK8ohlH0WdZA7dZvG+mei8Mq4ckt5 RtHmmhYlBHrWN5Eb7uVAw6feqyUwZN8q/yL228LMfL/hp7BKEk1ea8OO9LG8mEJORXC6 09RaEcjFVcH3bHgWdISzfay5Gwxa0fimUhZ0HapFCH0JO7laj+UW/v34K22+vNK0NGRQ GRFzXi5is5IFQLmyFKP7Db7teLkYycKJPEiBNWdv75JSNFQVc8x6Kdreik1QbL3yeu1W qpTF7Q6Mvfqln+/bxd4Uw7dohmgTx4jUr/HsIKihhWrl95JKZVE93Dvymjp1aFn7bt0z e01A== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Nj8YE48D; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [23.128.96.37]) by mx.google.com with ESMTPS id t15-20020a17090ad50f00b0028076e86368si516680pju.144.2023.10.29.23.39.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) client-ip=23.128.96.37; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=Nj8YE48D; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.37 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id A3E0B80C0394; Sun, 29 Oct 2023 23:39:33 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231846AbjJ3GjX (ORCPT + 32 others); Mon, 30 Oct 2023 02:39:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35030 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231895AbjJ3Giy (ORCPT ); Mon, 30 Oct 2023 02:38:54 -0400 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2069.outbound.protection.outlook.com [40.107.92.69]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9C825D4A; Sun, 29 Oct 2023 23:38:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EckQaWDMQ8/JA001HsWQX1kcd6J5+g0Y2yImAHk76vQXF5o7PwG6jKJpbCbqdjNrM0WWHbOHTC0rVkuk5q+YhBR1idpu8G5RIQr3wknVdO8zBigp9j40Vxo4HZO+uFJuEgv6/8qkaq5yYU9afZa6qCBP2t3/VyJYod9KFQ5joYLsmnNt+idng2HR9DPSjGZMTTGZGey0HR7I5gU8L14msF+rYydRVhXvW/NvrbBKzTjOM/GC1s1FZQRsH8cWAj6tJ1GrHQpppwVeMklI7loRTF67A1ChXenDdui53AKw4vLbFJY34BDuVc+NghCR/mA/cNsWYZnXeLPmeNMydThXqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UgD9DpK8J/pJKDXITmBQ3y9a5TY6d+jIq/civj9oco4=; b=N6HSddYUAFQalY0AnpKHshclTU1AvaD3ScMPCxHir+vd4fIAY+ijt7HQu5YfdvBkNfn4mLTF6ZS22lGyz+YjrY4SH6I94hsGvaJp8t/kxRmsQf2RhGrFYNqkT6MuzgjbtO6WgTglR3CA6+x3+E84G6rrzm+Ef/AjhdQ51iBS43ZIkdrHVZidoyCKs3C0bOr1MYwGLYW4N9/yNjamr3CD7rb+pn/BOafYWEpiqgcqZqUCzGoWDNZXyFpITDj2SMCqVY6WeUMiL8ow71RgZOO/tVap49mJTiwmMeTc7+jLZq4ibP0mX2mCDgf6EUSedBk4XfCL5CuAthjM8yGf3ehYIw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UgD9DpK8J/pJKDXITmBQ3y9a5TY6d+jIq/civj9oco4=; b=Nj8YE48Du3miCw6xhJydAAFUDivnSiCvMxQnoQJkBOIBnTRqwh81wcNx+XsJU8eZNHSn7i//SKOm92o+JERFmWsoIns4hYtxHNtjkQWxnZHASCBbo/gFx3/i4JgkcGMXojLScLwFpR/P2scO/tBozSnWWcpKt/xOTNgO8PLl2KQ= Received: from MN2PR20CA0037.namprd20.prod.outlook.com (2603:10b6:208:235::6) by PH8PR12MB6841.namprd12.prod.outlook.com (2603:10b6:510:1c8::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28; Mon, 30 Oct 2023 06:38:41 +0000 Received: from BL6PEPF0001AB73.namprd02.prod.outlook.com (2603:10b6:208:235:cafe::95) by MN2PR20CA0037.outlook.office365.com (2603:10b6:208:235::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:38:40 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB73.mail.protection.outlook.com (10.167.242.166) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:40 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:36 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 11/14] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests Date: Mon, 30 Oct 2023 12:06:49 +0530 Message-ID: <20231030063652.68675-12-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB73:EE_|PH8PR12MB6841:EE_ X-MS-Office365-Filtering-Correlation-Id: 6ea45773-7517-4a44-fec6-08dbd912dad5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UNybn2yb/fdoVElC3FMVDiIWrB7LPlcrGL3jNCCB9Dm6lU0rNQBLB4zdifGImziGkMlCn90hHsq+HrkbKlLSrVUpmqh+HRhku0aUiPGLEth13urF2HE6sfoopJsT/irz/CVwe6vrF518AG9syZLDR7+Pw469M7RPVhRPFp/WeYyBH5l8fzhF6Fh4Y8dzJAG6pL/HHv0s6GTfekCc/oVGHaogmOsD9DQrSSBr0/steg5wF3UK02JdfQhbf/kzqAJGWFRUn+OPgyhT5/TowOz9QEy3fpE0PlS8S/2chigOoHCDqzUs6nyIhGvYFFa7scFJ71FD4Daj1nXkvpUhrWPQyDs2bFR/bNfRESaMNHO5SFyof36e3JmGLEGLMDzvuJES/qgNC1uvLNsRWDBod+t60ffXc9xZvetxl257M+1LKmWRh2WCF2ebZcDiOQBptJVwzF+mFnfNpgV3W3jtDzabOEsIJutv94bzqmClnzL1MZb5UrfOZwoNyjNckO6uF+6a8r/ULyN1eCjNQIAnyRbpC8V7OCp3KWECPcISsas/1R1m1KKpz5VRYt69sfIuXsmBd8SsxYVXY7YwIAePpQl+/BvGnDMcnwev5+9O1iZQzyvvz1vI5aWmUsSVLfL1+IPRS3ZJexRNaSNz3AdIZ50Pmb0xICRxSUt4BMogPqGn9m0Uoy9yVNsigkIkSIhQWVoX9cHK9NbCMPLYBGEeKFr1+5q1wTTjhars6Esr0T0d95/gYAdIMVxKX4YnvghBPTTKq03cW9Rge1N35/6qaC14ZQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(39860400002)(376002)(396003)(346002)(136003)(230922051799003)(82310400011)(451199024)(186009)(64100799003)(1800799009)(40470700004)(36840700001)(46966006)(40460700003)(110136005)(54906003)(70586007)(70206006)(4326008)(8936002)(8676002)(316002)(7416002)(5660300002)(41300700001)(2906002)(426003)(336012)(356005)(81166007)(47076005)(82740400003)(26005)(16526019)(2616005)(1076003)(36860700001)(478600001)(40480700001)(6666004)(7696005)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:40.6840 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6ea45773-7517-4a44-fec6-08dbd912dad5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB73.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6841 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:33 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161498494580288 X-GMAIL-MSGID: 1781161498494580288 The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions are being intercepted. If this should occur and Secure TSC is enabled, terminate guest execution. Signed-off-by: Nikunj A Dadhania --- arch/x86/kernel/sev-shared.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c index ccb0915e84e1..833b0ae38f0b 100644 --- a/arch/x86/kernel/sev-shared.c +++ b/arch/x86/kernel/sev-shared.c @@ -991,6 +991,13 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); enum es_result ret; + /* + * RDTSC and RDTSCP should not be intercepted when Secure TSC is + * enabled. Terminate the SNP guest when the interception is enabled. + */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + return ES_VMM_ERROR; + ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0); if (ret != ES_OK) return ret; From patchwork Mon Oct 30 06:36:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159509 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018457vqb; Sun, 29 Oct 2023 23:39:38 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE48n7y4X50QAIt8eC1m17aKaX7c+NT4lfOgR0invXBZnD76AXMzBvRFx04iMr+aFAy+Ms2 X-Received: by 2002:a17:90a:4a83:b0:280:1d7f:440a with SMTP id f3-20020a17090a4a8300b002801d7f440amr4152849pjh.28.1698647978078; Sun, 29 Oct 2023 23:39:38 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698647978; cv=pass; d=google.com; s=arc-20160816; b=F6q47ep8+TH9UlFav+6bJPpVj6Oo7E7gSLXtnCSCypjhC+tcMpo/2xm/t25zGey0z7 7cMfj/wxkSxsmDo2q/WDqk8dt2rH8nrTnPLUaYvO50EjEJAJgi4rpEaLbCYe8NWTGn1g KK+yUG4rRO1kQXHlGPhAMsseD1fDCwyCFWzTMZ4gCDF8oumsRZ/belmB/cyfKpV7EC63 i3XpVQE5EjOamnzHerED6OUUF1nQklpBW6aLFAYeTXXq9i3Zg8c1MeYfPGND22h4O1HK xOc9n162zi+jo1GYl60Fsj2uCU5HTOq3WtSzC8yEaNxdkU6Fa62SkLl2d7Ojep8n5rwY O0OA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CajR7H0v8b75lpkKFGuIKYljP/FvQJmTNFH361NhMwU=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=OMWmpdOiFD9sPfgPrM2hRjTEeeh6Ehnz+rYLgOb1rLClDbq5eGHcXCxrPiNDJ/ZKHr 7K7sTf4uDr4T4eWFSIcQUZqWQ1OPg+J/94Zejsxv+ZKEpzB08DGRvHNWSmlXB01Egsas bktIpl4aPPTdD8DYWxPq7Lv9n9vzmGPuUHqaAIURPTu9DCTsJ+qdK8UR03JsCu4DGCnh FwadPaPjQE6J5R0gmUSIxnjUclPS8odSI0GDlih49IQABpMDQ+suJ4pcYhZxDRdPobqM O2LBhqRoA+f+bK8aqEAu2nSFG9iZZoX/LUYFPgESYjn2KjoKPIh7zvUkxIEYqk+nZj4y 3IlQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=ZbFewnrC; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id kp16-20020a170903281000b001ca7fab771esi3555650plb.609.2023.10.29.23.39.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:39:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=ZbFewnrC; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 3ED0380C03AB; Sun, 29 Oct 2023 23:39:37 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231880AbjJ3Gj0 (ORCPT + 32 others); Mon, 30 Oct 2023 02:39:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232049AbjJ3GjD (ORCPT ); Mon, 30 Oct 2023 02:39:03 -0400 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2058.outbound.protection.outlook.com [40.107.243.58]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0AFF010B; Sun, 29 Oct 2023 23:38:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UvcuOqc1zG+17SXElJE6bj405zMTmGU+KhYZNcfQELPeMUbqn0UTyT8wQGLIjXdX3jfHbmGuKVQC57GvBNnVa9midKCsiF0u/N2Ul3/AoNpTPNb/IdNkwKj9thhXOK704XCxNvzH3DZBnjEH9TQDXJE6AA00JaI8dCV35wIQ9D4JHCsGGp7keCQWTEzq2Pj3F9N6/TJcblaM1Drq/V01PMUgJ+z2L2dnIFt776NhhFEvuaworJ7zVA/1TDmVWPTQaI7rtKkeJSESYVCCZQMbvu65GINuzSrlq1eS6Cwq/uA0MnAdJAtnwVg+7a50IPkdJlGQV5QvdS/0ivoEt4WKHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CajR7H0v8b75lpkKFGuIKYljP/FvQJmTNFH361NhMwU=; b=J/bIEIkNglW8FTCXhvR2bDxPo4Aw6sbtPwV/bruij5ab5AQAjMWKU/VQyHPvJpZsPFafa61hVIdw7Er1spYj7GZUuTCZocbM2hRLHxGkxR2NTgfusRVLQeU5Kqy8pey4Ku5miiP2+9HkF92wgglitKV9mOUfgXyR3NUcgZwyN50Ov93HsgLs9tu40Ly/npDMWIJHrFNDqc9J22f/TqVZ8xnSOYeP3HOKOP7iMyrmfL+w58lx9cooqPxP61rPuCso2507QUdn3gd/O1iL+qCyyO8hamb4LOUiU0sTq5zGf0JLefGNerjefJazPebacojShRTomFm32+QnX0vfXOXgGg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CajR7H0v8b75lpkKFGuIKYljP/FvQJmTNFH361NhMwU=; b=ZbFewnrC/JGBY58/4XD63ceuE7sr5b3kGh8kSDOjAkwbdVkC9ejjXRc1Gi1BdsYU5dCaqi24qLrCCGW0L/BGu28tTjIW/cYUHk/PYQPH/csDvz5ufiahABRWibziY9L/aNQUzlhpvG+Mg356rKrN031QnrkpiMdmNqTCtD/mIdM= Received: from BL1PR13CA0004.namprd13.prod.outlook.com (2603:10b6:208:256::9) by DS7PR12MB5863.namprd12.prod.outlook.com (2603:10b6:8:7a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.24; Mon, 30 Oct 2023 06:38:46 +0000 Received: from BL6PEPF0001AB71.namprd02.prod.outlook.com (2603:10b6:208:256:cafe::ab) by BL1PR13CA0004.outlook.office365.com (2603:10b6:208:256::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB71.mail.protection.outlook.com (10.167.242.164) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.22 via Frontend Transport; Mon, 30 Oct 2023 06:38:45 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:40 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 12/14] x86/kvmclock: Skip kvmclock when Secure TSC is available Date: Mon, 30 Oct 2023 12:06:50 +0530 Message-ID: <20231030063652.68675-13-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB71:EE_|DS7PR12MB5863:EE_ X-MS-Office365-Filtering-Correlation-Id: 8ebcc115-74af-441a-1546-08dbd912ddce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: n7/9EJPb0/dwMl/8G7bq1TqmQ9V6w4GFLLRyOhcl8BamSRba+2mURnvUDmliHtaR3Y/JRBfgSjyXIzOq/1Sy82ESctCGsw+deqx1aphv8+yqqhhRmKfapo1VAyynT5UaxzecTatfvTny170apNwTrOKUOWPlM5+NdEQCh0tNf1i1/QxoncZ5PoPHr0yd9PQIv2wzjv2Ek6xmAeliVJZxS19t2MHZ0wg6ufF56EIv7yFltjF2z8xn7hsxN0fcYhfB9GmA9NtF9Z0ySDSfBcADSCWHs9vNdZ4xHNWk29axTxs+domUksj5tkAEEB6g6CaScERYkGKXLW6KgdMl7eaT9Ns9N1zYFVaEU8ruN4cDRhS6behvdzcyfv2lQGSYUWWEkrBI9ddyeDD3y3DF99tlnIJJlZI2lM+vKNbO5wPc3acIFL/4v9nNYsXVqnFGvpGn6TlX7vpRF6if4Aos6BqIDIVroBnZzS36GlZpyM9+aLTrQ/pc+ys2YQsWndzqHCgDVg3FYoM4Oi9H29qSp/l/ra7UYkEiKDLvC2OSiI50GN+BzrHtMh/XhRs1m95u8ba5vO9065SqiL5LfACT3zxgVotbmqkhJ5VTuw+FJntSM+cICdkMOrnwWgx/wE3FNFdD2TIV3VBUqQI9MI278KdRliHq+CkAObQEhmswQtEMi8C9SgcgTsUcvglB4WT5w/0nB6p6t95UgvOGfFGTC3Ul7NzS6Dhe5/uh+SL9bF6du4oOtMXjSyCtazy0X8liJTAXrM2o+JjAgjuusrPcFZx9HA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(396003)(346002)(136003)(39860400002)(230922051799003)(64100799003)(1800799009)(82310400011)(186009)(451199024)(40470700004)(36840700001)(46966006)(6666004)(478600001)(7696005)(70206006)(70586007)(110136005)(26005)(16526019)(336012)(426003)(1076003)(2616005)(41300700001)(2906002)(316002)(4744005)(8676002)(4326008)(8936002)(54906003)(5660300002)(7416002)(36756003)(36860700001)(83380400001)(47076005)(81166007)(356005)(82740400003)(40460700003)(40480700001)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:45.6497 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8ebcc115-74af-441a-1546-08dbd912ddce X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB71.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB5863 X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO, RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:39:37 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161502221642963 X-GMAIL-MSGID: 1781161502221642963 For AMD SNP guests having Secure TSC enabled, skip using the kvmclock. The guest kernel will fallback and use Secure TSC based clocksource. Signed-off-by: Nikunj A Dadhania --- arch/x86/kernel/kvmclock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index fb8f52149be9..779e7311fa6f 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -288,7 +288,7 @@ void __init kvmclock_init(void) { u8 flags; - if (!kvm_para_available() || !kvmclock) + if (!kvm_para_available() || !kvmclock || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) return; if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE2)) { From patchwork Mon Oct 30 06:36:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159515 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018733vqb; Sun, 29 Oct 2023 23:40:28 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHyoPuZ38cgOnd0N81Jlh23RFJoYYGLnidYWl11A7rZRbuo+fJWg8s51o62PfrxvKw4nLbs X-Received: by 2002:a17:90a:b78b:b0:27d:c35:7f3 with SMTP id m11-20020a17090ab78b00b0027d0c3507f3mr6399253pjr.8.1698648028341; Sun, 29 Oct 2023 23:40:28 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698648028; cv=pass; d=google.com; s=arc-20160816; b=it0gkuP1xgcWUAaA01tk8fwQnhsWm9tqn2AQ0hTiih6gRelrcYaBSRIzFXa23cBCFB 7MfUbw7t/ov+dJ+ak09iKLb3ebk+/5z4QvlKKhOYVJDBRGOJ8gdbnjvYrRzcq5A8cH93 8okUDDqQdw8Ku11PEbtufwcAHzNt/S9jTaMQ8IN3gAYjZe0WAn7M3u4sEXKMSFF2jEZH gD+RNfR8ku9UOxPtcskGzR5VzyoJt5zY7uNqRkYe3Z4YloFpQq9YUu7c5z7Oh+Srr8hx 5jf/tOF+AeDTKElBF1s7ZIopXduAo1y8lF46BmPwXmzq7zNnjEqhqlqAhkQvyiFme4wX PjKQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ILqZIkS9mKKLRTC/aYbD3HD/UriMPsQavoeDP1l02pc=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=O9Y57LsTe2ZKbqneay4aen4d1YuuuqvQXN+xdvjDnsPBmakf6uQxpkNX8+V9A9aPfw UWcS6tZm2fEJb6S/L0SXwjK0tXPPUDS0pgql5hB/LQwxQk0rq++vihqzzbi2qzplcBLX VIBYvrnpw3O4qTbY78vAR/LIzEmVbo/gCfOgTfRTQOOGAQHvvqHIGoDv/tr5TDMeVoDx +loBVpmnscPUHbnm1tbmDpkUakCjc1CEBWPwKQ+deYw+D4wp4phADsc1WCqmYfGcpvD8 BWUN9pwuYEt8JJzbqIACxVh9S/LfhPc94xlYsiP5divZEqV2ilJY/ophRRTKzAGJVyg6 duuw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=HH2zhQyQ; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id i5-20020a17090a974500b00278f5fad9b6si1542239pjw.139.2023.10.29.23.40.28 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:40:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=HH2zhQyQ; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 002208087204; Sun, 29 Oct 2023 23:40:25 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231898AbjJ3Gj3 (ORCPT + 32 others); Mon, 30 Oct 2023 02:39:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35618 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232118AbjJ3GjI (ORCPT ); Mon, 30 Oct 2023 02:39:08 -0400 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2089.outbound.protection.outlook.com [40.107.102.89]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D74ABDF; Sun, 29 Oct 2023 23:38:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=m8D7RbWzqqDfwxwNZrfLoIGTGBlgYdu00DBrIISNIwFSoFr9HWAs/mYT12ql09hEvE9xxxO3IzRyh3XOEUoK4mIpJeGjRPQ0mxGays2QhyH+4DhuCvEmZQpje7DHiKBeaOkY8r9M5lY1AIOnCaiTxhZrpRxB/OEWuQouLaL21d13V7UHHOFViXWNpRBJn7Vgf/8uuynNaK0sFh2BX7vQCq2WJqydO/FGZpFy+eheTtUialV1xWihvUt9SwAsrMrpMbJ+irB/Czk7/MTnm/MS4x8jFnm4kwRW2R5Lhno+80mbRgpi699vz+zqBMcWsW+AuuN+hDCHhX6E+653HOQKdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ILqZIkS9mKKLRTC/aYbD3HD/UriMPsQavoeDP1l02pc=; b=cJi9nvvO5RObiqd/KfErLhP06lx67ztjvQMBlfn+D86puSJoow1vzUFMg4gWmE/doEX2Xds74byznSfu2n/IXbAudIVk3ayvRBzzvL82ZtqA4NV0gjjlK6jwC2+xkCV7L+5CHKTd2SrPOaKh1TGAixOCWe6Wp7o7EDY5vFZO9JZqAO+Pjgk6wgj0PPrLDTnzDerXY0b54z+6rFinwRo+XWj8cy686eKhu+aDnvZv2hDpyzbd1b28LaKkKpbVdiLxw/ZvRrkk3UQh0wD/iknJf+5MDQuwIHIKwZxwszE17b9WR9hiFgJ848x5shlFhyuRRrvAJ3DMLfj3VwHUtv0ghg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ILqZIkS9mKKLRTC/aYbD3HD/UriMPsQavoeDP1l02pc=; b=HH2zhQyQjQJmcC/BufQOkOpMHG6yv4oPkXXEVZAl07ayjvzJLa7MnZbrPjFe9JhxHZkS26uHjDyHS5Ys25x5HjUPzKt1A2BLscRrTXCz7uyMvav/241w2HK2pZyESHWEvoknVl9rtZZWZ7uDyIXPxOkXqcYbs9pOoOhDTyjf9do= Received: from BL1PR13CA0300.namprd13.prod.outlook.com (2603:10b6:208:2bc::35) by MN6PR12MB8470.namprd12.prod.outlook.com (2603:10b6:208:46d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.27; Mon, 30 Oct 2023 06:38:49 +0000 Received: from BL6PEPF0001AB78.namprd02.prod.outlook.com (2603:10b6:208:2bc:cafe::59) by BL1PR13CA0300.outlook.office365.com (2603:10b6:208:2bc::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6954.14 via Frontend Transport; Mon, 30 Oct 2023 06:38:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by BL6PEPF0001AB78.mail.protection.outlook.com (10.167.242.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:38:48 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:44 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 13/14] x86/tsc: Mark Secure TSC as reliable clocksource Date: Mon, 30 Oct 2023 12:06:51 +0530 Message-ID: <20231030063652.68675-14-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB78:EE_|MN6PR12MB8470:EE_ X-MS-Office365-Filtering-Correlation-Id: 4d0a6e4d-48a4-4428-dae3-08dbd912dfc9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: C8o/5IE+ZRhA/HdMhEAAMTwcW+okMPBeP3X1QvfVK1CzTX94blqazXjKAXGiGurU/zqxEC+s+E5hBlP1iDPlapmldZpjZZHid5Z7+1EnyYPSvRe7W9LDwpaALO/pNSGYuLHJMCSH8fcPTc1zysXmSNVQVOQCL7AW0uGjhnjAnD/8QmJ8311JfgIlSzURdR2YyYKxpAiWR1z2XMVD1nIOhCiZukoTBL7VNDEgcpjEZSAN+ZsM1IZ1pXAKgdpmvowwNckfPmhmLrc8gvRVwjqaPGUBBobQEv5bkbhn5YIkgKMb1hRs8dAEpzPoHyVzmXHgAiRw2Op5tg6qyhlZEz7OtR9TTbZZxyuCacjn65w43ulUz5MB8NG5PeFEy1QC3rXgfsBKTuW62JnNCYdGPi+03nQ3ATC7eVS8dOVzDHrP3+8ZY5h58DJ4WcfmC7U3zrU0u7Ow1Y0QqEVlv2COGuuSJlRKtOetW1A66cv5zAlrop/tneLKBqnMocO3n/ovG4yesp1fv4zMDuncu7KMAz+uICx1OMcHf3Tj1djZLpgfAawO8orC4UjCDa8PPj1CHUGffxvYeobgAIHuuUceK3nrogQxsDouA1rnRqVyCmoZ9EPkv0plGgLfhRyD+INWuIRL4jorNIaVucQSzw5GvJlf8/b4TPWoTDhHnY2p4IFoKEjsFd2CFGnqo3zdLkTKpoQSVB8bQg9aAjqxJrwER6M6qY+fQ9CPKRB/g8oLCJ6CA+wpjhy6dFqdMrfT9PxoStmQks9OPDSW47Z0IPZIglBLDA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(376002)(396003)(39860400002)(136003)(346002)(230922051799003)(64100799003)(82310400011)(186009)(1800799009)(451199024)(46966006)(36840700001)(40470700004)(7696005)(6666004)(478600001)(83380400001)(16526019)(47076005)(4744005)(26005)(2616005)(1076003)(336012)(426003)(2906002)(5660300002)(7416002)(41300700001)(54906003)(316002)(70206006)(110136005)(4326008)(8676002)(8936002)(70586007)(36860700001)(36756003)(81166007)(356005)(82740400003)(40480700001)(40460700003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:38:48.9775 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4d0a6e4d-48a4-4428-dae3-08dbd912dfc9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: BL6PEPF0001AB78.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN6PR12MB8470 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:40:26 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161555089120824 X-GMAIL-MSGID: 1781161555089120824 AMD SNP guests may have Secure TSC feature enabled. Secure TSC as clocksource is wrongly marked as unstable, mark Secure TSC as reliable. Signed-off-by: Nikunj A Dadhania --- arch/x86/kernel/tsc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c index 15f97c0abc9d..b0a8546d3703 100644 --- a/arch/x86/kernel/tsc.c +++ b/arch/x86/kernel/tsc.c @@ -1241,7 +1241,7 @@ static void __init check_system_tsc_reliable(void) tsc_clocksource_reliable = 1; } #endif - if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE)) + if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE) || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) tsc_clocksource_reliable = 1; /* From patchwork Mon Oct 30 06:36:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 159514 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:d641:0:b0:403:3b70:6f57 with SMTP id cy1csp2018623vqb; Sun, 29 Oct 2023 23:40:05 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGoIPr7MegLOvCt+8rtKGyTmFnQB6ZWpWHhMTkHmOKsqve5FJxP1mLC6KqxO4onl70LINfz X-Received: by 2002:a05:6a20:8f01:b0:15e:707c:904 with SMTP id b1-20020a056a208f0100b0015e707c0904mr8387279pzk.24.1698648005502; Sun, 29 Oct 2023 23:40:05 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1698648005; cv=pass; d=google.com; s=arc-20160816; b=UYJmQE3XA7joQUz12amfIhlfEJLHZ2eVzuz1hjk4EiD17hSJJN0V4U7w2XiOtBk7/O KIPJTfoun8SpNvx7LoaevvbESQHEqBppIBKDPnnBtOZRV7GJBtvvv7gZUyIcipRpuBnO sP7NOIHKFkHOso0ODRE+eEVjtO8Yt58nwoVUDLyXm00N6dmESWtOyldc/BkxrLHUA2LQ lmpOjAhzem0Y5u/shuS0GDnR5dxjs+wDYuSKDBMm5skx9aSSZeTBaW/Mxrbt0qe0aLbA fPtsBOXwlGZz0xtnWJMrnIWpi2lArlTE/m3LdwYeaHUveEJ09nTRj24IxLD5hVdQtAZL Xllw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7S0QfNyZyCPa4u3nkOKUErbZa/aijuE0Cav6TY9y0Jo=; fh=GrBYTfaCmKSBoJ0OQBiloTDpWB/NcGHvBdTqN4MlWVs=; b=Od9hhMeRYoIXtB9ajrUQfLeajn8W2ZuU2g0jiWUGPrDwLr3JvuJmAxdbGZsbVQt5W7 /iwFeeiBAgB+DBXxCGMp+A3wEdwWRB4pXyCWRBHdylcjYCO7aaH7AWuW/yZT83wIw570 gc0OUfoDCmFwgtrD1l75vqYm1UJgeB7ikYSxHQjU5I68dzxl7bVlh2hYMeyySZHg8Dvg Pnb2NLIsS/LYsToa6nDtPeGvl15XoIy7/RYT8DLkzys5Ou73txB8ypwpM9h6GHogOVuz K6p1HaDNDXLy9LsbsK1Dh4OYVt7Di0j12Vn//RiYjKpjUXRE2dWtO0flPPSMDns+Ofkj G6bg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=mw5NEosP; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id o14-20020a656a4e000000b005b934643e39si4531380pgu.599.2023.10.29.23.40.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 29 Oct 2023 23:40:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@amd.com header.s=selector1 header.b=mw5NEosP; arc=pass (i=1 spf=pass spfdomain=amd.com dmarc=pass fromdomain=amd.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amd.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id E5C4080AA25B; Sun, 29 Oct 2023 23:40:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231847AbjJ3Gjt (ORCPT + 32 others); Mon, 30 Oct 2023 02:39:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43614 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232020AbjJ3Gjm (ORCPT ); Mon, 30 Oct 2023 02:39:42 -0400 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2046.outbound.protection.outlook.com [40.107.244.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E548F3; Sun, 29 Oct 2023 23:39:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nkS8hUmfgoQSLmx8FI/zq+MIJrZc+iOqtKZUu0oHy77DjunAxj2+se+lHOh+8mgxZSV4KorOIHzXP7rjIYciWHX2NxD0duA+Xg9fEo6S+CTHykHwOnDHq/ZvmoiF3CxGQD6gcRCr55+KwTaVH/AcPDKMpUIWFLcSUFMZ1jh4pKGKy31zp4vdFZmNR6qd5pfJJi/fTmEeeoKjlUyummf1qEhemdo6o/uWlIcBx88DNtSOxF5a673O/p+WTS0cghy1BGu7ypkj1/RDJeAMG/4ifePGe+HW24tT1H5+k1TUCUPjynJ7WM/HurIOIKRa3e5Vqp2me0ToCEQhsB/r+vDh7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7S0QfNyZyCPa4u3nkOKUErbZa/aijuE0Cav6TY9y0Jo=; b=dEKbUtzBVyAPUqsIoWpl7nZ5a7D0sfprtxuFCU83wSpDMePeIIMS4Nzjko0x3BBPHEcvUfgEREyCVw8e6qfSbE4S0C3i9uPmwwPIxGXempy9u2BU2U8gttISX3VNgyKLAgEmwE/7aYxOVSzp5MJHuFNpe24bFmOtR/oJoNSj76Pcug25z45topn7yqBQ8nENR4+pVoD0OjTGKBqYUPvPZ5Oi8isctazW1myEkSB3AfxTXh07uxC3h+niPjwozBr/vMknFqTD06UTE5M5Ll1S5Wv8Vwaq9NqNLoURArvx3yl85nKDJOlKcZc4pEl4xi1YxGuD07bMmVYnerUhnYloVg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7S0QfNyZyCPa4u3nkOKUErbZa/aijuE0Cav6TY9y0Jo=; b=mw5NEosPzc8OhhPO1ytdra4r0BlYWjdiytGAMn3sDaEdd8bV5AqvBg2A2klNdMZDPHvj16fpV5KCJB7lQ5A/5/NYCaDVyKiJEmfR96WPAYVrQyxTks+ZabFcBN5/tpn75D9e4tpECfPY8WXzyM9SzA44t4GQDfg9i/bXkseBVVg= Received: from CY8PR19CA0046.namprd19.prod.outlook.com (2603:10b6:930:6::10) by DS0PR12MB8041.namprd12.prod.outlook.com (2603:10b6:8:147::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.25; Mon, 30 Oct 2023 06:39:09 +0000 Received: from CY4PEPF0000EDD2.namprd03.prod.outlook.com (2603:10b6:930:6:cafe::71) by CY8PR19CA0046.outlook.office365.com (2603:10b6:930:6::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6933.28 via Frontend Transport; Mon, 30 Oct 2023 06:39:08 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EDD2.mail.protection.outlook.com (10.167.241.206) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.6933.15 via Frontend Transport; Mon, 30 Oct 2023 06:39:08 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.32; Mon, 30 Oct 2023 01:38:48 -0500 From: Nikunj A Dadhania To: , , , CC: , , , , , , , , Subject: [PATCH v5 14/14] x86/sev: Enable Secure TSC for SNP guests Date: Mon, 30 Oct 2023 12:06:52 +0530 Message-ID: <20231030063652.68675-15-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231030063652.68675-1-nikunj@amd.com> References: <20231030063652.68675-1-nikunj@amd.com> MIME-Version: 1.0 X-Originating-IP: [10.180.168.240] X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EDD2:EE_|DS0PR12MB8041:EE_ X-MS-Office365-Filtering-Correlation-Id: 3968ae8b-6668-42eb-64ca-08dbd912eba9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 26/CSPagFGtGSue1wm/NaJtR5R/sHa9keuLy5KZI/zPpe/FQcsogOXKoBMOnvH56my8zIiWIACCu/lcZzr/qtkUwZigwJfH9QFHHnMHlPDSP+GfSG3+4yUlg5TvWpYjPEmyeLmmln2nwFH1ZMjjPBfb2s3bRJtLfPvILC84GjZRZy9y+zjPBMfVR3dwGrQK5zBm2PGgJCWaOzzfwXHoV4XUgQu8PDzPcEWAGIuMGLkj6uRiaBBL44VjQyFIwV8lY62617kyZYHumvKFQFwxIQk+PHlejhANLE3ONqA/jXObexbr7GfbgqNlqjtTBv11E5boKafJZAzdb2PWC9xpI2FntRjoKxFGX85MrHWENkd2URghAZGvuZIBbnuTljEWhB6qeJ/ei2XVIjul71J/rYmI7+8J3QxreijhWffmnGbhxYalXGvIzZ7POtO9XYkXJsKPpREQ2sK3slWPyQwVBMZx1hZbNoorZdvxbPNjBKSr/REGhlhVA8djY11V1QEXQMqLvDYpgBzdYd3pJOd4MNUtJ308RRSl5R1sv8yTn6Dene1AbheIfyC5DLFZgIHyowLXXXEhGl6CMju66tseDubasBbEgJqnwPZHteC6Hc6jWTlxIwImFJVgNMcs2c1ElNOYy74kqofDqYIi7ndCIDv26BknraNKpFcHBGwYCv2a+Aw/jgY9U+0gD+SccWIxmIimfohLsaOtPzrC9Gtx2CMUp/wDjpWFdBcQFQnHINEP90t9O24vLIgrusr0Ipg8ZBOusthphwP9wj2mubUaBfA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230031)(4636009)(396003)(346002)(39860400002)(376002)(136003)(230922051799003)(451199024)(64100799003)(186009)(82310400011)(1800799009)(40470700004)(46966006)(36840700001)(2906002)(40460700003)(36860700001)(54906003)(70586007)(70206006)(47076005)(81166007)(356005)(82740400003)(316002)(478600001)(26005)(7696005)(6666004)(110136005)(83380400001)(2616005)(16526019)(426003)(1076003)(336012)(41300700001)(7416002)(5660300002)(8936002)(8676002)(4326008)(40480700001)(36756003)(36900700001);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2023 06:39:08.8349 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3968ae8b-6668-42eb-64ca-08dbd912eba9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EDD2.namprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8041 X-Spam-Status: No, score=-1.3 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Sun, 29 Oct 2023 23:40:03 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1781161531013304432 X-GMAIL-MSGID: 1781161531013304432 Now that all the required plumbing is done for enabling SNP Secure TSC feature, add Secure TSC to snp features present list. The CC_ATTR_GUEST_SECURE_TSC can be used by the guest to query whether the SNP guest has Secure TSC feature active. Signed-off-by: Nikunj A Dadhania --- arch/x86/boot/compressed/sev.c | 3 ++- arch/x86/mm/mem_encrypt.c | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index 80d76aea1f7b..b1a4bab8ecf1 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -375,7 +375,8 @@ static void enforce_vmpl0(void) * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ -#define SNP_FEATURES_PRESENT MSR_AMD64_SNP_DEBUG_SWAP +#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ + MSR_AMD64_SNP_SECURE_TSC) u64 snp_get_unsupported_features(u64 status) { diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 01abecc9a774..26608b9f2ca7 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -69,8 +69,14 @@ static void print_mem_encrypt_feature_info(void) pr_cont(" SEV-ES"); /* Secure Nested Paging */ - if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) - pr_cont(" SEV-SNP"); + if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) { + pr_cont(" SEV-SNP\n"); + pr_cont("SNP Features active: "); + + /* SNP Secure TSC */ + if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) + pr_cont(" SECURE-TSC"); + } pr_cont("\n"); }