] KVM: SEV: fix snp_launch_finish

[[PATCH for v6]] KVM: SEV: fix snp_launch_finish

Posted by Harald Hoyer 3 years, 6 months ago

The `params.auth_key_en` indicator does _not_ specify, whether an
ID_AUTH struct should be sent or not, but, wheter the ID_AUTH struct
contains an author key or not. The firmware always expects an ID_AUTH block.

Link: https://lore.kernel.org/all/cover.1655761627.git.ashish.kalra@amd.com/
Signed-off-by: Harald Hoyer <harald@profian.com>
---
 arch/x86/kvm/svm/sev.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
index 85357dc4d231..5cf4be6a33ba 100644
--- a/arch/x86/kvm/svm/sev.c
+++ b/arch/x86/kvm/svm/sev.c
@@ -2242,17 +2242,18 @@ static int snp_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp)
 
 		data->id_block_en = 1;
 		data->id_block_paddr = __sme_pa(id_block);
-	}
 
-	if (params.auth_key_en) {
 		id_auth = psp_copy_user_blob(params.id_auth_uaddr, KVM_SEV_SNP_ID_AUTH_SIZE);
 		if (IS_ERR(id_auth)) {
 			ret = PTR_ERR(id_auth);
 			goto e_free_id_block;
 		}
 
-		data->auth_key_en = 1;
 		data->id_auth_paddr = __sme_pa(id_auth);
+
+		if (params.auth_key_en) {
+			data->auth_key_en = 1;
+		}
 	}
 
 	data->gctx_paddr = __psp_pa(sev->snp_context);
-- 
2.37.1

Re: [[PATCH for v6]] KVM: SEV: fix snp_launch_finish

Posted by Sean Christopherson 3 years, 6 months ago

On Thu, Sep 08, 2022, Harald Hoyer wrote:
> The `params.auth_key_en` indicator does _not_ specify, whether an
> ID_AUTH struct should be sent or not, but, wheter the ID_AUTH struct
> contains an author key or not. The firmware always expects an ID_AUTH block.
> 
> Link: https://lore.kernel.org/all/cover.1655761627.git.ashish.kalra@amd.com/

Please provide feedback by directly responding to whatever patch/email is buggy.
Or if that's too complicated for some reason (unlikely in this case), provide the
fixup patch to the author *off-list*.

> Signed-off-by: Harald Hoyer <harald@profian.com>
> ---
>  arch/x86/kvm/svm/sev.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c
> index 85357dc4d231..5cf4be6a33ba 100644
> --- a/arch/x86/kvm/svm/sev.c
> +++ b/arch/x86/kvm/svm/sev.c
> @@ -2242,17 +2242,18 @@ static int snp_launch_finish(struct kvm *kvm, struct kvm_sev_cmd *argp)
>  
>  		data->id_block_en = 1;
>  		data->id_block_paddr = __sme_pa(id_block);
> -	}
>  
> -	if (params.auth_key_en) {
>  		id_auth = psp_copy_user_blob(params.id_auth_uaddr, KVM_SEV_SNP_ID_AUTH_SIZE);
>  		if (IS_ERR(id_auth)) {
>  			ret = PTR_ERR(id_auth);
>  			goto e_free_id_block;
>  		}
>  
> -		data->auth_key_en = 1;
>  		data->id_auth_paddr = __sme_pa(id_auth);
> +
> +		if (params.auth_key_en) {

While I'm here though...  Single line if-statements don't need curly braces.

> +			data->auth_key_en = 1;
> +		}
>  	}
>  
>  	data->gctx_paddr = __psp_pa(sev->snp_context);
> -- 
> 2.37.1
>

Re: [[PATCH for v6]] KVM: SEV: fix snp_launch_finish

Posted by Jarkko Sakkinen 3 years, 6 months ago

On Thu, Sep 08, 2022 at 03:11:30PM +0000, Sean Christopherson wrote:
> On Thu, Sep 08, 2022, Harald Hoyer wrote:
> > The `params.auth_key_en` indicator does _not_ specify, whether an
> > ID_AUTH struct should be sent or not, but, wheter the ID_AUTH struct
> > contains an author key or not. The firmware always expects an ID_AUTH block.
> > 
> > Link: https://lore.kernel.org/all/cover.1655761627.git.ashish.kalra@amd.com/
> 
> Please provide feedback by directly responding to whatever patch/email is buggy.
> Or if that's too complicated for some reason (unlikely in this case), provide the
> fixup patch to the author *off-list*.

I'd guess that'd be:

https://lore.kernel.org/all/6a513cf79bf71c479dbd72165faf1d804d77b3af.1655761627.git.ashish.kalra@amd.com/

BR, Jarkko