From nobody Wed Apr 8 01:35:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 604EAFA373D for ; Fri, 21 Oct 2022 17:00:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229993AbiJURAL (ORCPT ); Fri, 21 Oct 2022 13:00:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50958 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229934AbiJURAE (ORCPT ); Fri, 21 Oct 2022 13:00:04 -0400 Received: from mail-yw1-x1149.google.com (mail-yw1-x1149.google.com [IPv6:2607:f8b0:4864:20::1149]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F6D2558C5 for ; Fri, 21 Oct 2022 09:59:52 -0700 (PDT) Received: by mail-yw1-x1149.google.com with SMTP id 00721157ae682-367dc159c2fso34348827b3.19 for ; Fri, 21 Oct 2022 09:59:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=m+6LJgKl0wRgTRLkq4f9veim6S7HXx9ZKXbkLf1zrmQ=; b=IAUiu92eRZoXbbSs2RkIa1od4MS2ZKai3lK1I9O75aKToczZ/VnpZ5z1vxJPMa/GkC 0lZR6s0KSFCVAgw42q/iyvA+kgH4bPDygEOtwmVRuTsGKEsMBFRUYetzcXtvMGluFGsl oIRPkUIp+AaAMleOZpYIYm4+q9lNnERRe31K2FGn/prPllHO4BM6VzlqX/JTedIRXn/g TVsFJnaJx3ZF69jFYpZyw6YK4mL41IWE/4P1ddXk2c0qHtRj8j6fw0AoQdrvpaI34rP4 WL66+HcMTo/T5w05qnW0jiXQlTMkXwyTHlgJbbqfWCuOFHRFxD2mQpcOSJyBL1gCfEvx C27w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=m+6LJgKl0wRgTRLkq4f9veim6S7HXx9ZKXbkLf1zrmQ=; b=yp8szvCtnWYMUUFBitjJAtlpaXCt9sLFXDFHyTJNLXO71il5RPh7bR78t+IM+FWeej QG7lXqUow7WpQgwWTgbz+7TRGORVjRsdBzTX1xwELWY9oLteOhZPm31/qDMV/hC1Y8Sj CcxMaatZ4+YBW2l55TTQKZoKk491E4zrYc6I9uHL8qNgnuYxPvTBVcZsh2kkiOXWBqLZ Ua65z3tg9FBkl8egnV5eBmsHSGXwQ9mO8CzvA6D/Su+x4LdR6qLQFlfmvttWAC5NRyF8 Tr5n83KS+5aJscu5eLI0oM9dUY9xEnUd3ng7xEywjnnbyA88Tckhx0GK36xRQ2IrCKPK Uq6w== X-Gm-Message-State: ACrzQf1kHqhRBOqQvL7/RQzKc1wt1dnb0tSbqyughu4DUZSGF7JPdNno TnejQSjzCJk8cXxEqJ25AGYcbLNJ9YviGJc60Ipikov+ADQ99g3hZifOgP9KynXpk2V2L7LAewE VF9WJZMWgs+GAenwCHblRFWS0sfCnAcxPiSKmuz7HjKRz+SMzkyV6CSu9U5mdEYg0NdMXtpi4Ot 6OOIe/X9g= X-Google-Smtp-Source: AMsMyM5CQH4TFkLl4P/9mkWXy3i+ItjFbQYaMrom0RyvhQqef8RqBnFfeGLST8i6w2fb1FCTGC49V9uXDGyOMCsLeA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a25:be14:0:b0:6be:885f:20bb with SMTP id h20-20020a25be14000000b006be885f20bbmr17567487ybk.480.1666371590674; Fri, 21 Oct 2022 09:59:50 -0700 (PDT) Date: Fri, 21 Oct 2022 16:59:40 +0000 In-Reply-To: <20221021165943.1968044-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221021165943.1968044-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.0.135.g90850a2211-goog Message-ID: <20221021165943.1968044-2-dionnaglaze@google.com> Subject: [PATCH v3 1/4] ccp: Name -1 return value as SEV_RET_NO_FW_CALL From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Thomas Lendacky , Paolo Bonzini , Joerg Roedel , Ingo Molnar , Andy Lutomirsky Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The PSP can return a "firmware error" code of -1 in circumstances where the PSP is not actually called. To make this protocol unambiguous, we add a constant naming the return value. From: Peter Gonda Cc: Thomas Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Ingo Molnar Cc: Andy Lutomirsky Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 2 +- include/uapi/linux/psp-sev.h | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 06fc7156c04f..97eb3544ab36 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -444,7 +444,7 @@ static int __sev_platform_init_locked(int *error) { struct psp_device *psp =3D psp_master; struct sev_device *sev; - int rc =3D 0, psp_ret =3D -1; + int rc =3D 0, psp_ret =3D SEV_RET_NO_FW_CALL; int (*init_function)(int *error); =20 if (!psp || !psp->sev_data) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 91b4c63d5cbf..fb61e083d42e 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -36,6 +36,13 @@ enum { * SEV Firmware status code */ typedef enum { + /* + * This error code is not in the SEV spec but is added to convey that + * there was an error that prevented the SEV Firmware from being called. + * This is (u32)-1 since the firmware error code part of EXIT_INFO_2 is + * the lower 32 bits. + */ + SEV_RET_NO_FW_CALL =3D 0xffffffff, SEV_RET_SUCCESS =3D 0, SEV_RET_INVALID_PLATFORM_STATE, SEV_RET_INVALID_GUEST_STATE, --=20 2.38.0.135.g90850a2211-goog From nobody Wed Apr 8 01:35:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70A98C433FE for ; Fri, 21 Oct 2022 17:00:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229960AbiJURAF (ORCPT ); Fri, 21 Oct 2022 13:00:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50574 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229763AbiJURAC (ORCPT ); Fri, 21 Oct 2022 13:00:02 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A31E851A2C for ; Fri, 21 Oct 2022 09:59:52 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id p3-20020a170902e74300b0018546b77dccso2003175plf.17 for ; Fri, 21 Oct 2022 09:59:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=VPzkRYiEhEJdjJcMQc6JBwHg+TKgr2BSOIUTw0Esdx8=; b=Ve1rHl0wvmEV+BaAo+AZbIjJY+aKHDudtiZg5pxgxHHbv7Q0LZBBxX+1Yiw80ft0dw oY/2D4LjoidfZcWSyCzI2syNgkKzsj2IAzeJr1OOW80f5ZT9JcFnjInJbv86ng3khx20 KbFmr0M4xkf8SFMrlNv8cmgZ3FNM6AibVN1EU5h9lB8rsHb3F8T/A+W+fpLz+ZsHw81i EqP77QJWylrgiUEa9miAw3OSBdvannh2tWWi/8dIc8XARg65nbUBGtRcwF5YFIcY5R/3 aeBM1Z6vjh/F7UxPwOMWf57HtQLAVM3g5gKG/M2jB0nONJynwHMwTpmuhazhaV3UGr52 VY3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=VPzkRYiEhEJdjJcMQc6JBwHg+TKgr2BSOIUTw0Esdx8=; b=CrqoR3C7URS7CY7DshfBCb6fnTck3Km94grg1KFSxAOFBTO9v+HX6ApbO1Eqci+AGl 9cW/hLZPVdsPmN9XRQK3fMTd+VL16ylrABx+yadx/Fyw1ET0srM99d/QvtZWZ+oAgHaq W8OvtFcsJ5HkeO+015SETRoxwCsNpeIgQVs9PQrinSCQwumrNxS5BuSu1PPAmZO2gD0k 67jQBAeszRgnJWSIwU0BuTwnCUM64JGRmHHjiQEyOc3w7hcfW9yA6YuUuJM6fX0RnwH1 idqq+uokPkv29EuZqaS1QLCWOfQRHw5VjVFjP0u6OuYse6KmL14VadguhrxtF5lHvzf5 wAiQ== X-Gm-Message-State: ACrzQf0FQBbxVb3qlb0v3aRCw1FhwxGlABINC87BfKbAxypJpQ0H8xgc y+pKy0x1jYxN4Ym3vzASIWcMa91Im1AGYJScBloTrUAWSAvuLdDNUINYuE8EZz7vwQc/qiEK7il 99Lrsp9oMZDttffXBlkDzjQ0FqNAohLfYB5E1mUK1hfXvfKConv7yaglS+kKYh98XPYxZMk17N2 MnIkymrZc= X-Google-Smtp-Source: AMsMyM7NCrLMS8GdS8uHY/f+MxHXxD95CbgBq+2SDTqbQy1u+eMm83WwjL2+OgnooK9v60giRJXbsFMQhPUd5Q3kvw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:ec83:b0:17c:afb3:d1ec with SMTP id x3-20020a170902ec8300b0017cafb3d1ecmr20014781plg.172.1666371592336; Fri, 21 Oct 2022 09:59:52 -0700 (PDT) Date: Fri, 21 Oct 2022 16:59:41 +0000 In-Reply-To: <20221021165943.1968044-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221021165943.1968044-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.0.135.g90850a2211-goog Message-ID: <20221021165943.1968044-3-dionnaglaze@google.com> Subject: [PATCH v3 2/4] x86/sev: Change snp_guest_issue_request's fw_err From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The GHCB specification declares that the firmware error value for a guest request will be stored in the lower 32 bits of EXIT_INFO_2. The upper 32 bits are for the VMM's own error code. The fw_err argument is thus a misnomer, and callers will need access to all 64 bits. The type of unsigned long also causes problems, since sw_exit_info2 is u64 (unsigned long long) vs the argument's previous unsigned long*. The signature change requires the follow-up change to drivers/virt/coco/sev-guest to use the new expected type in order to compile. The firmware might not even be called, so we bookend the call with the no firmware call error and clearing the error. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Fixes: d5af44dde546 ("x86/sev: Provide support for SNP guest request NAEs") Signed-off-by: Dionna Glaze --- arch/x86/include/asm/sev.h | 4 ++-- arch/x86/kernel/sev.c | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ebc271bb6d8e..8ebd78b6a57c 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -196,7 +196,7 @@ void snp_set_memory_private(unsigned long vaddr, unsign= ed int npages); void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __init __noreturn snp_abort(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, uns= igned long *fw_err); +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, u64= *exitinfo2); #else static inline void sev_es_ist_enter(struct pt_regs *regs) { } static inline void sev_es_ist_exit(void) { } @@ -217,7 +217,7 @@ static inline void snp_set_wakeup_secondary_cpu(void) {= } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_da= ta *input, - unsigned long *fw_err) + unsigned long *exitinfo2) { return -ENOTTY; } diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c index a428c62330d3..5a402df7549e 100644 --- a/arch/x86/kernel/sev.c +++ b/arch/x86/kernel/sev.c @@ -22,6 +22,7 @@ #include #include #include +#include =20 #include #include @@ -2175,7 +2176,7 @@ static int __init init_sev_config(char *str) } __setup("sev=3D", init_sev_config); =20 -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, uns= igned long *fw_err) +int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, u64= *exitinfo2) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2186,9 +2187,11 @@ int snp_issue_guest_request(u64 exit_code, struct sn= p_req_data *input, unsigned if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; =20 - if (!fw_err) + if (!exitinfo2) return -EINVAL; =20 + *exitinfo2 =3D SEV_RET_NO_FW_CALL; + /* * __sev_get_ghcb() needs to run with IRQs disabled because it is using * a per-CPU GHCB. @@ -2218,9 +2221,11 @@ int snp_issue_guest_request(u64 exit_code, struct sn= p_req_data *input, unsigned ghcb->save.sw_exit_info_2 =3D=3D SNP_GUEST_REQ_INVALID_LEN) input->data_npages =3D ghcb_get_rbx(ghcb); =20 - *fw_err =3D ghcb->save.sw_exit_info_2; + *exitinfo2 =3D ghcb->save.sw_exit_info_2; =20 ret =3D -EIO; + } else { + *exitinfo2 =3D 0; } =20 e_put: --=20 2.38.0.135.g90850a2211-goog From nobody Wed Apr 8 01:35:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 30BE4FA373D for ; Fri, 21 Oct 2022 17:00:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230169AbiJURAS (ORCPT ); Fri, 21 Oct 2022 13:00:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229975AbiJURAE (ORCPT ); Fri, 21 Oct 2022 13:00:04 -0400 Received: from mail-pl1-x64a.google.com (mail-pl1-x64a.google.com [IPv6:2607:f8b0:4864:20::64a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 505AE558F4 for ; Fri, 21 Oct 2022 09:59:54 -0700 (PDT) Received: by mail-pl1-x64a.google.com with SMTP id o17-20020a170902d4d100b0018552c4f4bcso1996722plg.13 for ; Fri, 21 Oct 2022 09:59:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=t50s+W2sjRzmfaqPHM8BWoKuylKuq2NrCynpVhPS9Gk=; b=D9gJIDipIbDmmnhQPtT5HvABc6SjejzqBT5yiNYUXkric3SrAQON1oJaySHETkWhRF PX+KXKZ8JyA88v5tE4EMTFFJ56/REmpBVnlywvFa42c+E/x0SheZzLwiWE2jhqQ+ldz/ enUDwkgtlYTXMR/moT5KYh1uSh5HqP4f5+krbjx7kwfdJGvD8LMPgse7XWYz84ecIap3 Gm1jQw7vlBv3YOHYsL+3u0MKUTb4Wr9w9Kl/hnfs7pZzn9geE9pgrSyKDnTu2C10Z9vr 7m2WMljG5b0dphDbKtqSD/H50W5Ti5sTtcWvFUQJcn/fzKGTVFPvaTkkgPtnH78qD43g NoSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=t50s+W2sjRzmfaqPHM8BWoKuylKuq2NrCynpVhPS9Gk=; b=Z84mbLYoaaHWZQaHkhTVpLqYOUqgFTVFYMRIs1sCb0pCFGSpKBQcN0cwBHylTIedwG tnSF81C+Dn6LD/iPXM1v/8ig6D9uBMTLaTkaw5y+Z6JWCj6C44N/SHo7sfjCH2SPJ4Gx QunKNEQFhFD5+i+vjXGPGbbxkut/rnlA9zhtQxCP8jjeIYNWBvEy9Qnn/no6NgOysimm A9Z6XcD44midn81meKuoISjBAQaEDpjmJCzBzG/UTes7w0BCmFQ7+kVL4tZwVAnf0qh6 r074J8pKTH5jZHwxmOLNl6E5AqWFtmH1p7oon0Li9R5g5dEkyUpihODhXZ8jJNYQr0dy poxg== X-Gm-Message-State: ACrzQf0M3EsiZ/lMmAUi9oIbTQ0JPTdLdbtpIrDo0yIkzTuTydrXgP7o b7br5YS2kDVfWZFNp7odBRR1h0WHOfCGNcLPlV4DJhOnotSmb3YowWZx4Pp6S+umrLYc8/bP6s2 arAw2G25RZRhUXaXXXP44HF8eJxSx8lwabJuzK6PqseLRyCBfI8Zjxpftzgcgr+xnr7u+br/T3K 6GdCBLXkQ= X-Google-Smtp-Source: AMsMyM4zZpV9dAcanrqUynT/VJyO6LIMwgrP7u0kvBFaYYHeHm3KSrfk67+lQwgxAr4mTFyMYrpqm2P+vU5fXAEPAg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:e191:b0:181:b25e:9c17 with SMTP id y17-20020a170902e19100b00181b25e9c17mr20441665pla.57.1666371593958; Fri, 21 Oct 2022 09:59:53 -0700 (PDT) Date: Fri, 21 Oct 2022 16:59:42 +0000 In-Reply-To: <20221021165943.1968044-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221021165943.1968044-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.0.135.g90850a2211-goog Message-ID: <20221021165943.1968044-4-dionnaglaze@google.com> Subject: [PATCH v3 3/4] virt/coco/sev-guest: Remove err in handle_guest_request From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The err variable may not be set in the call to snp_issue_guest_request, yet it is unconditionally written back to fw_err if fw_err is non-null. This is undefined behavior, and currently returns uninitialized kernel stack memory to user space. The fw_err argument is better to just pass through to snp_issue_guest_request, so we do that. Since the issue_request's signature has changed fw_err to exitinfo2, we change the argument name here. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Fixes: fce96cf04430 ("virt: Add SEV-SNP guest driver") Signed-off-by: Dionna Glaze --- drivers/virt/coco/sev-guest/sev-guest.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/se= v-guest/sev-guest.c index f422f9c58ba7..0508c2f46f6b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -303,9 +303,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u= 64 seqno, int version, u8 =20 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_co= de, int msg_ver, u8 type, void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz, __u64 *fw_err) + u32 resp_sz, __u64 *exitinfo2) { - unsigned long err; u64 seqno; int rc; =20 @@ -322,9 +321,7 @@ static int handle_guest_request(struct snp_guest_dev *s= np_dev, u64 exit_code, in return rc; =20 /* Call firmware to process the request */ - rc =3D snp_issue_guest_request(exit_code, &snp_dev->input, &err); - if (fw_err) - *fw_err =3D err; + rc =3D snp_issue_guest_request(exit_code, &snp_dev->input, exitinfo2); =20 if (rc) return rc; --=20 2.38.0.135.g90850a2211-goog From nobody Wed Apr 8 01:35:38 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BBEA8FA373D for ; Fri, 21 Oct 2022 17:00:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230118AbiJURAX (ORCPT ); Fri, 21 Oct 2022 13:00:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230054AbiJURAN (ORCPT ); Fri, 21 Oct 2022 13:00:13 -0400 Received: from mail-pg1-x549.google.com (mail-pg1-x549.google.com [IPv6:2607:f8b0:4864:20::549]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 97A085603D for ; Fri, 21 Oct 2022 09:59:56 -0700 (PDT) Received: by mail-pg1-x549.google.com with SMTP id s82-20020a632c55000000b0046b2491aa95so1615040pgs.7 for ; Fri, 21 Oct 2022 09:59:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=dO505Xy9Iu56vKjLdviNHzvPncOQ05EfhM0+fDYGP1k=; b=FFU2BCN+saMvG81c5ljwwxLZW9Rg/pTM6PuXKjVDcrafO80Nr5q1EKQ3MVmcJBTiNZ cSQLSGI3Tl+6MUwr6kngSsT3+lthevNxl2FW72nusDJ56Dez1OFahtdrdyAn77+0zeAH dglUnvnlJDB2n3QMWzc/yZHme2KTNjD5P2OvH1q2yoH5Pm2NHaMTZDmLSsfeYCq51jUA BuudSfVO55MgZqeWXMUC56jfGhiG9SemjaZynM1T+gwcQgzSvVX9TAqvw2FcAiXDPRGY xJ7QvAZ+GkX/cSaMcYfVguBMjJTkyH0xYF3eUgvXweV52j64YsvNChJ6g0k7IF34I3RT 8Qgg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=dO505Xy9Iu56vKjLdviNHzvPncOQ05EfhM0+fDYGP1k=; b=P7nSXHSChrpJjFDwGvQ6ZByuyVAVNIihrLeqlBx9Fanqq2cxrgvSYHK6wW8ycxSTDB 0DXfpUIOCg9l0kG1oy9En1kqilV5Ogo1TCzllRvkeXHEAxtCX6X5IJGU+QukRs2M2XXf Ns/2y0/mnA9J7jepWrQ0ln0wdpPQWWMsoU1bl+kW38fc/+i+jTHrzfLzKb3HwDTALwNZ f2wRRaLSF+sKc1OYeTY9HKw3zfEnTtgUbl+d8cNvSSDGFAKHiukrF3ubm0Z6WD5WLMG0 pbmYRQHf6KwUB64z22BL4kEeNyE1TrXI4bwRc6r6cdT6bbxni1TibJHfJjYdR2URYF9M UR1A== X-Gm-Message-State: ACrzQf1e4FjXKFttdC7svbwzR1gFZtb7U9uvIVKwm4RJ4ljvAy1wi7EK XN+eo167HukacV5ERr19moIdB8a8any0S0byPaUwrDWyXQR04XXDvSOYY3gXWf+u/j/6NyG8aYY vtzPwaOhNpleiwrGR5mj4JB3jjcpVuI0P1MztRCfj/WRqLMb34x6op6mJ9sVpHmASc45DEYftXb 6yT5ek1g4= X-Google-Smtp-Source: AMsMyM6ItkNqnZQ4CmJW2S3yXVjmRSrfg8LdIO09glRF3ObAtc2d3k5zOr4U+nksJtS5q4SSAMkiGq1SGmNv+Pfj0w== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:7f:e700:c0a8:2ee6]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:d70e:b0:178:2d9d:ba7b with SMTP id w14-20020a170902d70e00b001782d9dba7bmr20349417ply.90.1666371595675; Fri, 21 Oct 2022 09:59:55 -0700 (PDT) Date: Fri, 21 Oct 2022 16:59:43 +0000 In-Reply-To: <20221021165943.1968044-1-dionnaglaze@google.com> Mime-Version: 1.0 References: <20221021165943.1968044-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.38.0.135.g90850a2211-goog Message-ID: <20221021165943.1968044-5-dionnaglaze@google.com> Subject: [PATCH v3 4/4] virt/coco/sev-guest: interpret VMM errors from guest request From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org Cc: Dionna Glaze , Tom Lendacky , Paolo Bonzini , Joerg Roedel , Peter Gonda , Thomas Gleixner , Dave Hansen Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The GHCB specification states that the upper 32 bits of exitinfo2 are for the VMM's error codes. The sev-guest ABI has already locked in that the fw_err status of the input will be 64 bits, and that BIT_ULL(32) means that the extended guest request's data buffer was too small, so we have to keep that ABI. We can still interpret the upper 32 bits of exitinfo2 for the user anyway in case the request gets throttled. For safety, since the encryption algorithm in GHCBv2 is AES_GCM, we cannot return to user space without having completed the request with the current sequence number. If we were to return and the guest were to make another request but with different message contents, then that would be IV reuse. When throttled, the driver will reschedule itself and then try again. The ioctl may block indefinitely, but that has always been the case when deferring these requests to the host. Cc: Tom Lendacky Cc: Paolo Bonzini Cc: Joerg Roedel Cc: Peter Gonda Cc: Thomas Gleixner Cc: Dave Hansen Signed-off-by: Dionna Glaze --- drivers/virt/coco/sev-guest/sev-guest.c | 32 ++++++++++++++++++++----- include/uapi/linux/sev-guest.h | 18 ++++++++++++-- 2 files changed, 42 insertions(+), 8 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/se= v-guest/sev-guest.c index 0508c2f46f6b..7abf4c3daa6d 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -305,9 +305,12 @@ static int handle_guest_request(struct snp_guest_dev *= snp_dev, u64 exit_code, in u8 type, void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, __u64 *exitinfo2) { + unsigned int vmm_err; u64 seqno; int rc; =20 + might_resched(); + /* Get message sequence and verify that its a non-zero */ seqno =3D snp_get_msg_seqno(snp_dev); if (!seqno) @@ -320,9 +323,26 @@ static int handle_guest_request(struct snp_guest_dev *= snp_dev, u64 exit_code, in if (rc) return rc; =20 +retry: /* Call firmware to process the request */ rc =3D snp_issue_guest_request(exit_code, &snp_dev->input, exitinfo2); =20 + vmm_err =3D *exitinfo2 >> SNP_GUEST_VMM_ERR_SHIFT; + /* + * The host may return EBUSY if the request has been throttled. + * We retry in the driver to avoid returning and reusing the message + * sequence number on a different message. + */ + if (vmm_err =3D=3D SNP_GUEST_VMM_ERR_BUSY) { + cond_resched(); + goto retry; + } + + if (vmm_err && vmm_err !=3D SNP_GUEST_VMM_ERR_INVALID_LEN) { + pr_err("sev-guest: host returned unknown error code: %d\n", + vmm_err); + return -EINVAL; + } if (rc) return rc; =20 @@ -375,7 +395,7 @@ static int get_report(struct snp_guest_dev *snp_dev, st= ruct snp_guest_request_io =20 rc =3D handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_= version, SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, - resp_len, &arg->fw_err); + resp_len, &arg->exitinfo2); if (rc) goto e_free; =20 @@ -415,7 +435,7 @@ static int get_derived_key(struct snp_guest_dev *snp_de= v, struct snp_guest_reque =20 rc =3D handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_= version, SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len, - &arg->fw_err); + &arg->exitinfo2); if (rc) return rc; =20 @@ -477,10 +497,10 @@ static int get_ext_report(struct snp_guest_dev *snp_d= ev, struct snp_guest_reques snp_dev->input.data_npages =3D npages; ret =3D handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg-= >msg_version, SNP_MSG_REPORT_REQ, &req.data, - sizeof(req.data), resp->data, resp_len, &arg->fw_err); + sizeof(req.data), resp->data, resp_len, &arg->exitinfo2); =20 /* If certs length is invalid then copy the returned length */ - if (arg->fw_err =3D=3D SNP_GUEST_REQ_INVALID_LEN) { + if (arg->vmm_error =3D=3D SNP_GUEST_VMM_ERR_INVALID_LEN) { req.certs_len =3D snp_dev->input.data_npages << PAGE_SHIFT; =20 if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) @@ -515,7 +535,7 @@ static long snp_guest_ioctl(struct file *file, unsigned= int ioctl, unsigned long if (copy_from_user(&input, argp, sizeof(input))) return -EFAULT; =20 - input.fw_err =3D 0xff; + input.exitinfo2 =3D SEV_RET_NO_FW_CALL; =20 /* Message version must be non-zero */ if (!input.msg_version) @@ -546,7 +566,7 @@ static long snp_guest_ioctl(struct file *file, unsigned= int ioctl, unsigned long =20 mutex_unlock(&snp_cmd_mutex); =20 - if (input.fw_err && copy_to_user(argp, &input, sizeof(input))) + if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; =20 return ret; diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h index 256aaeff7e65..8e4144aa78c9 100644 --- a/include/uapi/linux/sev-guest.h +++ b/include/uapi/linux/sev-guest.h @@ -52,8 +52,15 @@ struct snp_guest_request_ioctl { __u64 req_data; __u64 resp_data; =20 - /* firmware error code on failure (see psp-sev.h) */ - __u64 fw_err; + /* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-s= ev.h) */ + union { + __u64 exitinfo2; + __u64 fw_err; /* Name deprecated in favor of others */ + struct { + __u32 fw_error; + __u32 vmm_error; + }; + }; }; =20 struct snp_ext_report_req { @@ -77,4 +84,11 @@ struct snp_ext_report_req { /* Get SNP extended report as defined in the GHCB specification version 2.= */ #define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_g= uest_request_ioctl) =20 +/* Guest message request EXIT_INFO_2 constants */ +#define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0) +#define SNP_GUEST_VMM_ERR_SHIFT 32 + +#define SNP_GUEST_VMM_ERR_INVALID_LEN 1 +#define SNP_GUEST_VMM_ERR_BUSY 2 + #endif /* __UAPI_LINUX_SEV_GUEST_H_ */ --=20 2.38.0.135.g90850a2211-goog