From nobody Sun Nov 24 13:42:39 2024 Received: from mail-yb1-f201.google.com (mail-yb1-f201.google.com [209.85.219.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 779C018622 for ; Tue, 5 Nov 2024 01:06:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768776; cv=none; b=qC2jKsBmOK4Xji5xYCK/F/WGfkLLYys9JSnPMRyeLcSDY8Rci5lCBd97mysTsiXXxYqDS3oatrjrWdEDq2eI+Xmfkjsi9YDuzdJa9ptqLUfjBBemW4YBX9EyDz2wOVmhrlzdLxId4fpjWw1lZDXrDbIRgUh9EUZp/GRtQc3MPFk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768776; c=relaxed/simple; bh=Kzdi0RzTuVT4R4Dg9LFcvCPoh0zzneOm7NKP09EYwSU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Dm75CJmwKyxhOn+jFuVdD3MBZfrFQP+f2DpSkyzUNZaep+PNvmYuWMnNu9s5YejycI6xgjukuI3geVqCDFVuSHTjmWIPxCAjCK5y7WpF/NBEqs/TkcdnPw1bwT/F/DJdJOlB7OiWlNb+9vaXN3zaVxKhSmcYu9oLqm4TN76EtAM= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=EfbKMEEW; arc=none smtp.client-ip=209.85.219.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="EfbKMEEW" Received: by mail-yb1-f201.google.com with SMTP id 3f1490d57ef6-e30ceaa5feeso8530997276.2 for ; Mon, 04 Nov 2024 17:06:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768773; x=1731373573; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=qpDF7a5A3aTccPubMOlN8ORp4a2Anb2LX7mvFNgWFxg=; b=EfbKMEEWcow6Jvv5mrxOBXcLAZ6aoaGeoGn+baLceRIAlgpoXYGT8AGglxvq+IPePy WmsrVJBak1eLT0yO87SntPZ7GFbb94c9S313Jx9zr9bqq/Hfg1OSFOnSGyLhf+AeT1uj SnxnrtDgKa0ffH0lH3qqGSC1PZXEV3JwzsDD+UlO54XwhlgRXNKT8ACcmQ4fPJVSSN5r j2ypsf/upID7pMiezDWBfqK/mCNVPtKsQCN+f/Bze1JhWd++tnMlaxAThGNz27JqG+zi 7apyfTXQfWV1qTFuz4ZyV7kUBwjyKHciyzymtFQout1+t5wpO0V/HtIvKIRREdpGoqGB at8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768773; x=1731373573; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=qpDF7a5A3aTccPubMOlN8ORp4a2Anb2LX7mvFNgWFxg=; b=KAAXE0MieCDtj67/UA2z4rV8i446oQU0Gh8U51ChKDwpQgMcdOlyOyB9MSOmTZyI3H 15ftcHMSOF5eZkmV2J0Oa/t15E2xI4MPFFEnSxqZxQnjwHNu+mJ5lk/6RgnpG8iGgrO6 eXQq68xI/ua+TXBfuVvcpTqcgopPbuPJ929Zez/MBUjWMj1fbJZG2LpqquKzHWtCuxxF JYItCzWklmAsQvfEpJSiiGicN6cv+tEYLPs/HvkISJ+V1a95uVJnu7lduL+5++5qWZ9s 5neB2yawL2kXheTWgPTDkxpkhTFVu4ngZMZUOA7PbnuI2Q2AyhfBEQEXoUOqIhfuuNep XkZw== X-Forwarded-Encrypted: i=1; AJvYcCUK5i5u85wEaHmxYtZ+8v/x+laQHiiWdAfKG+ZGgqvSaoNBCZ+sVmQ+OJxDRTxRkrBAquyve4LWGz6mxkw=@vger.kernel.org X-Gm-Message-State: AOJu0YzWuPtk2lDXCVj6JdW5BJEMGQDg+w07u0UXWnJLJVc89UNwiILG N02PBoAGXGIW4v5nO3RkkqlePE37xDb/JXhQX08fkEQGL5V/BbVHmgtoL35rA44MJYlJeRIJcVt o85aNbMN3pS/uwygiYiXbbg== X-Google-Smtp-Source: AGHT+IEQ3QoZttD5CvPaZEByw/wYbzenHWOgazcrDI8nLp1Wph7OSasa8It4OvkgM6y0uzeLKTxOeD9HcmMY9/BBsA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a25:d695:0:b0:e2b:d28f:bf28 with SMTP id 3f1490d57ef6-e3302537c7dmr18862276.2.1730768772981; Mon, 04 Nov 2024 17:06:12 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:48 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-2-dionnaglaze@google.com> Subject: [PATCH v4 1/6] kvm: svm: Fix gctx page leak on invalid inputs From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Michael Roth , Brijesh Singh , Ashish Kalra Cc: Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Ensure that snp gctx page allocation is adequately deallocated on failure during snp_launch_start. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze Acked-by: Sean Christopherson Reviewed-by: Tom Lendacky --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 714c517dd4b72..f6e96ec0a5caa 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (sev->snp_context) return -EINVAL; =20 - sev->snp_context =3D snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; - if (params.flags) return -EINVAL; =20 @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; =20 + sev->snp_context =3D snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); --=20 2.47.0.199.ga7371fff76-goog From nobody Sun Nov 24 13:42:39 2024 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F21941C68F for ; Tue, 5 Nov 2024 01:06:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768777; cv=none; b=ZyFCr+XSI1ymzHLDl+bsdk1xKnJcgEFgYtWXhHpip8MMvjS+6HkN3/+DyOa3QWTF6+sBvjhwHxD6P7igKqUViosRs9U5TeBRB+LC9EkujXA8iNWkYGX28FkTDxhVTavgDtsTVfztG+6PrdFsAaDkFPJ1OX0M1ftUi102rQuUB9Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768777; c=relaxed/simple; bh=uPJS3mnhiD5KP+r9032K22WkeGASPpslcji7zDxZohg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uuohcdZluwIjIQHHyHNqihFSzufh/q0kG76pW8GAM6bs1Fdjw7bDrKHJsjZNZvZR/UqIHe0T483GfwYFfLGR9GXpiHmIhOc3yOV4bd5dBhCXI77x+s8AI/DWw9rKrMFdrz6ZoM9WQZDtJ3nU4eYo5pcFSmgNC1JowjPt7Xselqg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=0dJId63t; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="0dJId63t" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-71e49ae1172so4785232b3a.2 for ; Mon, 04 Nov 2024 17:06:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768775; x=1731373575; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=C69aGsOp2lpKUTUJIlKoxOdLcqIbpxWjUksMkIqKMLQ=; b=0dJId63txokrQGmNz9Je3Oe62KdedauQfHfEJajl01nR7g4CwXmxhLhfWr5dCep2BT lIDTW9r25YM0YFTfV8hvzo4uIT3FiaRXo0BO29jeFTcnheACXeq5DKl1GQzsSqhCYJjM sAIh5MXYkAIlaPKRzxijykyXoY/RvecLx46uCW5TjmDh4N/1ouKo5jdQ+32c09PdgRRT TXkfqV25bsvFHr8LqO7yVLY78vjswb6C+jNOEN6qAz7R7P8la1vq2vsJjH/pQoH8lzei TIvPwQqfp8XGV+7zUpzkikKJ6JUANTAwpmfiu/1JMVZNPP6cRwEGKyblCnQRNgDcJHRi 4y6Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768775; x=1731373575; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=C69aGsOp2lpKUTUJIlKoxOdLcqIbpxWjUksMkIqKMLQ=; b=tyAYt3iXJcV5+Ow2lgs6VTyurKApVLGhVJgSuEfk15E42x30Y3PjP5i43wkN8cL1Nn eyomAv0BZWvF59Jbmsyd7tdWB4ffTO0NqCJalQwSKJxd6oy4FZ7Npgku732fVIPIJCYq yZuppA5lKOQF/CBPz7+6eH+o4PJv6DU/XUyKGtLkcMyFbQv7SKk3I7H+bLgasVClqNw+ E/R/lvnLsTlHvrxiMhdN2qm/tbHYhSdxtk+KEQ6Yyh9RYlJo4T519fZ7SbM9N7MhXcGA qSZZKi3pPfEP58jk9XzVIZZIj4UynvwURtpDrBCkJrKQYO6mHzrJRXevX06o+4lfwcvk NtMw== X-Forwarded-Encrypted: i=1; AJvYcCVy1y1ujF7TF+iZxNV2Il8bsIn/wFQ5NxPYWgKG4SkC6fRF2rX3uOTaZRwE9OoWi8wtTqJu5lWG1zCimK8=@vger.kernel.org X-Gm-Message-State: AOJu0YxnjlYKJ3C3jv8zjrOOEx6w2kubOcVwFmlvj1Bf179j2LUsKJBd q+UhhtR0X+4DBiImF0/4P6uiRJgy5o++Y1+3p9VjPNlz5cWIR2xYUVgwvZVUT7jQ5nBQpryla5V 6fSwrELsigezIC1mlctIJAQ== X-Google-Smtp-Source: AGHT+IEYcurUyDuk6UGh/vVlH4wPfYFJTLCfkxulUr59pdPf9DO6uq1RjaNDS0c4qAJxzK6f+CrS5V5OEHQDpLthYQ== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a62:e708:0:b0:71e:5580:f456 with SMTP id d2e1a72fcca58-7206306de0fmr86607b3a.3.1730768775293; Mon, 04 Nov 2024 17:06:15 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:49 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-3-dionnaglaze@google.com> Subject: [PATCH v4 2/6] firmware_loader: Move module refcounts to allow unloading From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang Cc: Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Alexey Kardashevskiy , Russ Weight Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a kernel module registers a firmware upload API ops set, then it's unable to be moved due to effectively a cyclic reference that the module depends on the upload which depends on the module. Instead, only require the try_module_get when an upload is requested to disallow unloading a module only while the upload is in progress. Fixes: 97730bbb242c ("firmware_loader: Add firmware-upload support") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Tested-by: Ashish Kalra Reviewed-by: Russ Weight Signed-off-by: Dionna Glaze --- drivers/base/firmware_loader/sysfs_upload.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/base/firmware_loader/sysfs_upload.c b/drivers/base/fir= mware_loader/sysfs_upload.c index 829270067d163..7d9c6aef7720a 100644 --- a/drivers/base/firmware_loader/sysfs_upload.c +++ b/drivers/base/firmware_loader/sysfs_upload.c @@ -204,6 +204,7 @@ static void fw_upload_main(struct work_struct *work) fwlp->ops->cleanup(fwl); =20 putdev_exit: + module_put(fwlp->module); put_device(fw_dev->parent); =20 /* @@ -239,6 +240,9 @@ int fw_upload_start(struct fw_sysfs *fw_sysfs) } =20 fwlp =3D fw_sysfs->fw_upload_priv; + if (!try_module_get(fwlp->module)) /* released in fw_upload_main */ + return -EFAULT; + mutex_lock(&fwlp->lock); =20 /* Do not interfere with an on-going fw_upload */ @@ -310,13 +314,10 @@ firmware_upload_register(struct module *module, struc= t device *parent, return ERR_PTR(-EINVAL); } =20 - if (!try_module_get(module)) - return ERR_PTR(-EFAULT); - fw_upload =3D kzalloc(sizeof(*fw_upload), GFP_KERNEL); if (!fw_upload) { ret =3D -ENOMEM; - goto exit_module_put; + goto exit_err; } =20 fw_upload_priv =3D kzalloc(sizeof(*fw_upload_priv), GFP_KERNEL); @@ -358,7 +359,7 @@ firmware_upload_register(struct module *module, struct = device *parent, if (ret) { dev_err(fw_dev, "%s: device_register failed\n", __func__); put_device(fw_dev); - goto exit_module_put; + goto exit_err; } =20 return fw_upload; @@ -372,8 +373,7 @@ firmware_upload_register(struct module *module, struct = device *parent, free_fw_upload: kfree(fw_upload); =20 -exit_module_put: - module_put(module); +exit_err: =20 return ERR_PTR(ret); } @@ -387,7 +387,6 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) { struct fw_sysfs *fw_sysfs =3D fw_upload->priv; struct fw_upload_priv *fw_upload_priv =3D fw_sysfs->fw_upload_priv; - struct module *module =3D fw_upload_priv->module; =20 mutex_lock(&fw_upload_priv->lock); if (fw_upload_priv->progress =3D=3D FW_UPLOAD_PROG_IDLE) { @@ -403,6 +402,5 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) =20 unregister: device_unregister(&fw_sysfs->dev); - module_put(module); } EXPORT_SYMBOL_GPL(firmware_upload_unregister); --=20 2.47.0.199.ga7371fff76-goog From nobody Sun Nov 24 13:42:39 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C78CA2D7B8 for ; Tue, 5 Nov 2024 01:06:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768780; cv=none; b=iXSPPui+yleyyIMJ9ozw91bp0TJhXfN9C+2NGllyq+YaWXPyZnldgDIfhSF/tPo6zT9/C9d6SmHAcNcRXDttYPAHu2ej/Hkrihu1WfrLj0A2PtdHIqSTMNukWj+VEqMdgbNQKTo3cIVCQBphX+t3WoI6bNwjavJy/VDRLb1wZnY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768780; c=relaxed/simple; bh=GkUnsi5SarheVW9NGjkSX5hkjknfFVi+MWiKDvinNVA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Q1RuNusBS7GrLR9CZLqtdgvdZwb8RAyFuXzA7AL47jWAbcSmpFvYmYBXZEYlLxS1WqigBuxATLpApZ46ooTKFeDV0vOzxxFgSQGGiGGD30n0rRTPfk/4c2ly4SGtHgD+iO/TGwk6kzGYIXZedEnDi6sdb8rtop+H/qdTeedUnUQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=d5sOicwM; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="d5sOicwM" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e3705b2883so97839287b3.3 for ; Mon, 04 Nov 2024 17:06:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768778; x=1731373578; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=3V3K/d14Fu8pd45Sc4muOCF75vsjk11/XwXzZj5XgyI=; b=d5sOicwMmIQZPJfbjIukH4QmirLqDcH0ycFeyylaOTMK38kp2qCKE27l9weJRmQxml Gzv5XpoYqliLfXxA+F12NEpLNlE6ETfKEE8wUTtymExKqgeITO/luGTeyQ7AMtnhvlKy IApL2i4wjyPeANwuXmFxi0OtGfBSk2YpzuFrA/qsGnyIEtv7ffJ9n8hCKbEqj4Pu7qPo Z67ztKw1KKfI4o9fRPtCaubDyFBDeAh9j3sZ/imfDXyuHTqg6qxe+iBSQwBt0cV8jUTX /AopLBXIvbdf+zblw8VUvUYPgPj5b7dQu2FpCg8kmL8vo5jSCRFimKnmcdwsPYHJ/RMq V32w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768778; x=1731373578; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3V3K/d14Fu8pd45Sc4muOCF75vsjk11/XwXzZj5XgyI=; b=XsTxJYzPHCn0bzExSWJBCujTs/cOTPfkTZo86H71mYGXJyD1FFauV/7fL8U7sKlAch 21E41wBtyR1bTovBykiFgeSHdJYhwfXYZi02yiJIe7cNpZZ8VW4B1SmAeMb/V1eSU4yG MrNiqmsAa/r5wch+zGmE+Kc6Xu8VQfeqcDOqK/UHsTgD/0Wi5u0id2gFrTDPGT+uRsKE M1NPHabWq5qAeHIG+B+T/MS9/mEWEsfyHBSvhKVKoPWkJHWwV/rvJ1oCJe7VeYUG3gWE RuTVJXj6NgNxTyCkLWccELp7ov+UdB3dgmdh9wXd3f700Uaglv3riAj18uWBW07Qbrz2 L2fw== X-Forwarded-Encrypted: i=1; AJvYcCXWEVSrDqMUcsLVtcKwTgDLGjgd3ea+z1cRjlO4Fn3UgfOOo57nAieDeuXGj3vPZ2Gk+WGfZ3tFRrEvB/g=@vger.kernel.org X-Gm-Message-State: AOJu0Yy3KwjhJwJfLsZCTEDzUBqBfjPW/GhdlFmjWcesU2/pDdcJKi2I MmTEplJLCGmjIxPY4ycEK0m54Ot8bmHjuljOv1HT9n+hOcG3/FW67mbpS3rDbYsTdWv5FxKq8bb Lidk0e6aIAlAwGoSxxOIU9w== X-Google-Smtp-Source: AGHT+IHsLGyWDHrXMF2JjSPjIYZ9KRAAjrZkeHUwJIZPYcfCTcUd6Uk6PWcg8l14OxMBiyYtA9ISpQvgEk2QR/J7IQ== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:4510:b0:6e2:1ab6:699a with SMTP id 00721157ae682-6ea64beda72mr987937b3.7.1730768777924; Mon, 04 Nov 2024 17:06:17 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:50 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-4-dionnaglaze@google.com> Subject: [PATCH v4 3/6] crypto: ccp: Track GCTX through sev commands From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ashish Kalra Cc: Dionna Glaze , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In preparation for SEV firmware hotloading support, add bookkeeping structures for GCTX pages that are in use. Compliance with SEV-SNP API section 3.3 Firmware Updates and 4.1.1 Live Update: before a firmware is committed, all active GCTX pages should be updated with SNP_GUEST_STATUS to ensure their data structure remains consistent for the new firmware version. There can only be cpuid_edx(0x8000001f)-1 many SEV-SNP asids in use at one time, so this map associates asid to gctx in order to track which addresses are active gctx pages that need updating. When an asid and gctx page are decommissioned, the page is removed from tracking for update-purposes. Given that GCTX page creation and binding through the SNP_ACTIVATE command are separate, the creation operation also tracks pages that are yet to be bound to an asid. The hotloading support depends on FW_UPLOAD, so the new functions are added in a new file whose object file is conditionally included in the module build. Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/sev-dev.c | 5 ++ drivers/crypto/ccp/sev-dev.h | 15 +++++ drivers/crypto/ccp/sev-fw.c | 117 +++++++++++++++++++++++++++++++++++ 4 files changed, 138 insertions(+) create mode 100644 drivers/crypto/ccp/sev-fw.c diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile index 394484929dae3..b8b5102cc7973 100644 --- a/drivers/crypto/ccp/Makefile +++ b/drivers/crypto/ccp/Makefile @@ -14,6 +14,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) +=3D psp-dev.o \ platform-access.o \ dbc.o \ hsti.o +ccp-$(CONFIG_FW_UPLOAD) +=3D sev-fw.o =20 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) +=3D ccp-crypto.o ccp-crypto-objs :=3D ccp-crypto-main.o \ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9810edbb272d2..9265b6d534bbe 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -982,6 +982,9 @@ static int __sev_do_cmd_locked(int cmd, void *data, int= *psp_ret) print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, buf_len, false); =20 + if (!ret) + snp_cmd_bookkeeping_locked(cmd, sev, data); + return ret; } =20 @@ -1179,6 +1182,8 @@ static int __sev_snp_init_locked(int *error) =20 sev_es_tmr_size =3D SNP_TMR_SIZE; =20 + rc =3D sev_snp_platform_init_firmware_upload(sev); + return rc; } =20 diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 3e4e5574e88a3..28add34484ed1 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -57,6 +57,13 @@ struct sev_device { bool cmd_buf_backup_active; =20 bool snp_initialized; + +#ifdef CONFIG_FW_UPLOAD + u32 last_snp_asid; + u64 *snp_asid_to_gctx_pages_map; + u64 *snp_unbound_gctx_pages; + u32 snp_unbound_gctx_end; +#endif /* CONFIG_FW_UPLOAD */ }; =20 int sev_dev_init(struct psp_device *psp); @@ -65,4 +72,12 @@ void sev_dev_destroy(struct psp_device *psp); void sev_pci_init(void); void sev_pci_exit(void); =20 +#ifdef CONFIG_FW_UPLOAD +void snp_cmd_bookkeeping_locked(int cmd, struct sev_device *sev, void *dat= a); +int sev_snp_platform_init_firmware_upload(struct sev_device *sev); +#else +static inline void snp_cmd_bookkeeping_locked(int cmd, struct sev_device *= sev, void *data) { } +static inline int sev_snp_platform_init_firmware_upload(struct sev_device = *sev) { return 0; } +#endif /* CONFIG_FW_UPLOAD */ + #endif /* __SEV_DEV_H */ diff --git a/drivers/crypto/ccp/sev-fw.c b/drivers/crypto/ccp/sev-fw.c new file mode 100644 index 0000000000000..55a5a572da8f1 --- /dev/null +++ b/drivers/crypto/ccp/sev-fw.c @@ -0,0 +1,117 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure Encrypted Virtualization (SEV) firmware upload API + */ + +#include +#include + +#include + +#include "sev-dev.h" + +/* + * After a gctx is created, it is used by snp_launch_start before getting + * bound to an asid. The launch protocol allocates an asid before creating= a + * matching gctx page, so there should never be more unbound gctx pages th= an + * there are possible SNP asids. + * + * The unbound gctx pages must be updated after executing DOWNLOAD_FIRMWAR= E_EX + * and before committing the firmware. + */ +static void snp_gctx_create_track_locked(struct sev_device *sev, void *dat= a) +{ + struct sev_data_snp_addr *gctx_create =3D data; + + /* This condition should never happen, but is needed for memory safety. */ + if (sev->snp_unbound_gctx_end >=3D sev->last_snp_asid) { + dev_warn(sev->dev, "Too many unbound SNP GCTX pages to track\n"); + return; + } + + sev->snp_unbound_gctx_pages[sev->snp_unbound_gctx_end] =3D gctx_create->a= ddress; + sev->snp_unbound_gctx_end++; +} + +/* + * PREREQUISITE: The snp_activate command was successful, meaning the asid + * is in the acceptable range 1..sev->last_snp_asid. + * + * The gctx_paddr must be in the unbound gctx buffer. + */ +static void snp_activate_track_locked(struct sev_device *sev, void *data) +{ + struct sev_data_snp_activate *data_activate =3D data; + + sev->snp_asid_to_gctx_pages_map[data_activate->asid] =3D data_activate->g= ctx_paddr; + + for (int i =3D 0; i < sev->snp_unbound_gctx_end; i++) { + if (sev->snp_unbound_gctx_pages[i] =3D=3D data_activate->gctx_paddr) { + /* + * Swap the last unbound gctx page with the now-bound + * gctx page to shrink the buffer. + */ + sev->snp_unbound_gctx_end--; + sev->snp_unbound_gctx_pages[i] =3D + sev->snp_unbound_gctx_pages[sev->snp_unbound_gctx_end]; + sev->snp_unbound_gctx_pages[sev->snp_unbound_gctx_end] =3D 0; + break; + } + } +} + +static void snp_decommission_track_locked(struct sev_device *sev, void *da= ta) +{ + struct sev_data_snp_addr *data_decommission =3D data; + + for (int i =3D 1; i <=3D sev->last_snp_asid; i++) { + if (sev->snp_asid_to_gctx_pages_map[i] =3D=3D data_decommission->address= ) { + sev->snp_asid_to_gctx_pages_map[i] =3D 0; + break; + } + } +} + +void snp_cmd_bookkeeping_locked(int cmd, struct sev_device *sev, void *dat= a) +{ + if (!sev->snp_asid_to_gctx_pages_map) + return; + + switch (cmd) { + case SEV_CMD_SNP_GCTX_CREATE: + snp_gctx_create_track_locked(sev, data); + break; + case SEV_CMD_SNP_ACTIVATE: + snp_activate_track_locked(sev, data); + break; + case SEV_CMD_SNP_DECOMMISSION: + snp_decommission_track_locked(sev, data); + break; + default: + break; + } +} + +int sev_snp_platform_init_firmware_upload(struct sev_device *sev) +{ + u32 max_snp_asid; + + /* + * cpuid_edx(0x8000001f) is the minimum SEV ASID, hence the exclusive + * maximum SEV-SNP ASID. Save the inclusive maximum to avoid confusing + * logic elsewhere. + */ + max_snp_asid =3D cpuid_edx(0x8000001f); + sev->last_snp_asid =3D max_snp_asid - 1; + if (sev->last_snp_asid) { + sev->snp_asid_to_gctx_pages_map =3D devm_kmalloc_array( + sev->dev, max_snp_asid * 2, sizeof(u64), GFP_KERNEL | __GFP_ZERO); + sev->snp_unbound_gctx_pages =3D &sev->snp_asid_to_gctx_pages_map[max_snp= _asid]; + if (!sev->snp_asid_to_gctx_pages_map) { + dev_err(sev->dev, + "SEV-SNP: snp_asid_to_gctx_pages_map memory allocation failed\n"); + return -ENOMEM; + } + } + return 0; +} --=20 2.47.0.199.ga7371fff76-goog From nobody Sun Nov 24 13:42:39 2024 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A531E17736 for ; Tue, 5 Nov 2024 01:06:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768782; cv=none; b=I7g+/ZcGvC/nF54uxzBgeEmKxw8sNYJWESzfFhDdGOStEwCBafaJ3fWok6MTstRWZzW580Hq9LZfaWHjmBxDwDi8ivH50ExCGcq5gO6a1vlmQm2BCSIEFCFtGCczqGIdqs2oIYUfA49pHTcW4Oj4a932aV483Lh7erKXU0auTjo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768782; c=relaxed/simple; bh=F9KsuGNfRVaWfy5JiXCjGWEVPTbN7HvrwzW6WxTawKo=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Q1jIOC4196NF27qgt4MFIb0uRr4BHdEc1elXZfjPBCFZ92ScRVGNBGLsvARiRxUftuJCOwFpwvxCnYbBTKXSZWWeLbZq3AwyKKoByiXY8RvnP2RU/p3yaHGk0+SxV7zt/VbJGIr98iZ5zNsryk2De6ZJs5MuUMnwZiWvXZnuDHA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=34/BF39G; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="34/BF39G" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-7202dfaa53fso7241005b3a.0 for ; Mon, 04 Nov 2024 17:06:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768780; x=1731373580; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=sSiJYSmRus7fZQi7bKuuG88mQ3M1Tyd9T7ICanZnujY=; b=34/BF39GrdQqIvBFEQknx+3qUhuhHqy3GOd8NI0Hpmrs2Wmki2nxJj9Jfvs3E4Iql+ uTsIpnU5sjUUCyrwdAjryA1LP6Ks+ID3bO34cD91W/urM3UTYBqqbLKCj2FPj6VAtPbP XzrLoYeQNZOGUB6Uuf46702+fV9PFU66ONbBkLFYQlWmgMUjk2aAXipqFr/4Luj2AOxr UM6fYZZGvZJ8NAG8J7DiLMyy7ZG8xzohpKlTdYu6gQqGPEr/9liuaVUm/soJYqmjllUS Qg981tYfzxVXpMLM2NA1K7UdiNcytCF3T+Ri98gsPbyZsfFDizkiLHjFjLmCstqn2Svl Y7KQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768780; x=1731373580; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sSiJYSmRus7fZQi7bKuuG88mQ3M1Tyd9T7ICanZnujY=; b=hZEP9yOjf3YQ5x1Kg6Z47nR/kleeIBpOh2ISCe1yDReZXFMuV4Ntm2yKaUnuNXCesh ZcpAHo6gTAyOv1EgLDk5jnV/hY04k99rGW2Nk3nKrsV6fK1v8jkcThBqIE9wYbF4alio DRxBGZ/AHxhGgxm9vS89IYr+Rje7REGH34pXb8vfpabHMzS0rM0yoYq06qO0sB/Yyiqt XNbWbYzF/cTT2EVl/JymRm4IbD+jp987EaTbdSXRq4eEvugvXmZfJaHlcfCg1pnaxuDC UD+UK2IKonrUWARnccMF16qeodjBtXKOc30V69FxZl0wzntWnEhKk4vvGZgbp/DErhp+ JkVA== X-Forwarded-Encrypted: i=1; AJvYcCWcaanGqQKdvdeT+22cBFmjhL7O5t6rnGhegzOuetxEa6wtlgrRxeccYcMD4F4hNWwwgEH5xcN/FLqA++I=@vger.kernel.org X-Gm-Message-State: AOJu0YwtFipUjCJW4cx+WAJlibIeWeT7McJqhVx+eCMOt0Cg0XDRuon4 C2In2/YPkBfrIDeNnlmi2qv8ssBtburK64199AKkb5HAYTK0tEXZshR7Jgrj6cCjfbSZvarbTT5 7CBKpQYuACOcdPZo3KUh5oA== X-Google-Smtp-Source: AGHT+IFLF4Fik6CdpaAMrxPSEyun3E3Cq49ZTRi1Eu86gyh4Xr32sstzk9KoDgqUTqbcNbqhbH6ss3ymBzn4bF+eEA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:8581:b0:720:2db7:c7e3 with SMTP id d2e1a72fcca58-720b9a200fbmr155886b3a.0.1730768780089; Mon, 04 Nov 2024 17:06:20 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:51 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-5-dionnaglaze@google.com> Subject: [PATCH v4 4/6] crypto: ccp: Add DOWNLOAD_FIRMWARE_EX support From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: Dionna Glaze , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The DOWNLOAD_FIRMWARE_EX command requires cache flushing and introduces new error codes that could be returned to user space. The function is in sev-dev.c rather than sev-fw.c to avoid exposing the __sev_do_cmd_locked function in the sev-dev.h header. Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 66 +++++++++++++++++++++++++++++++----- include/linux/psp-sev.h | 26 ++++++++++++++ include/uapi/linux/psp-sev.h | 5 +++ 3 files changed, 89 insertions(+), 8 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9265b6d534bbe..32f7b6147905e 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -223,6 +223,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_= request); case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); + case SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX: return sizeof(struct sev_data_down= load_firmware_ex); default: return 0; } =20 @@ -1597,14 +1598,7 @@ static int sev_update_firmware(struct device *dev) return -1; } =20 - /* - * SEV FW expects the physical address given to it to be 32 - * byte aligned. Memory allocated has structure placed at the - * beginning followed by the firmware being passed to the SEV - * FW. Allocate enough memory for data structure + alignment - * padding + SEV FW. - */ - data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), 32); + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), SEV_FW_ALI= GNMENT); =20 order =3D get_order(firmware->size + data_size); p =3D alloc_pages(GFP_KERNEL, order); @@ -1645,6 +1639,62 @@ static int sev_update_firmware(struct device *dev) return ret; } =20 +int sev_snp_download_firmware_ex(struct sev_device *sev, const u8 *data, u= 32 size, int *error) +{ + struct sev_data_download_firmware_ex *data_ex; + int ret, order; + struct page *p; + u64 data_size; + void *fw_dest; + + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware_ex), + SEV_FW_ALIGNMENT); + + order =3D get_order(size + data_size); + p =3D alloc_pages(GFP_KERNEL, order); + if (!p) + return -ENOMEM; + + /* + * Copy firmware data to a kernel allocated contiguous + * memory region. + */ + data_ex =3D page_address(p); + fw_dest =3D page_address(p) + data_size; + memset(data_ex, 0, data_size); + memcpy(fw_dest, data, size); + + data_ex->address =3D __psp_pa(fw_dest); + data_ex->len =3D size; + data_ex->cmdlen =3D sizeof(struct sev_data_download_firmware_ex); + + /* + * SNP_COMMIT should be issued explicitly to commit the updated + * firmware after guest context pages have been updated. + */ + ret =3D sev_do_cmd(SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX, data_ex, error); + + if (ret) + goto free_err; + + __free_pages(p, order); + + /* Need to do a DF_FLUSH after live firmware update */ + wbinvd_on_all_cpus(); + ret =3D __sev_do_cmd_locked(SEV_CMD_SNP_DF_FLUSH, NULL, error); + if (ret) { + dev_dbg(sev->dev, "DF_FLUSH error %d\n", *error); + goto fw_err; + } + + return 0; + +free_err: + __free_pages(p, order); +fw_err: + return ret; +} + static int __sev_snp_shutdown_locked(int *error, bool panic) { struct psp_device *psp =3D psp_master; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea85850..6a08c56cd9771 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -16,6 +16,15 @@ =20 #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ =20 +/* + * SEV FW expects the physical address given to it to be 32 + * byte aligned. Memory allocated has structure placed at the + * beginning followed by the firmware being passed to the SEV + * FW. Allocate enough memory for data structure + alignment + * padding + SEV FW. + */ +#define SEV_FW_ALIGNMENT 32 + /** * SEV platform state */ @@ -185,6 +194,23 @@ struct sev_data_download_firmware { u32 len; /* In */ } __packed; =20 +/** + * struct sev_data_download_firmware_ex - DOWNLOAD_FIRMWARE_EX command par= ameters + * + * @length: length of this command buffer + * @address: physical address of firmware image + * @len: len of the firmware image + * @commit: automatically commit the newly installed image + */ +struct sev_data_download_firmware_ex { + u32 cmdlen; /* In */ + u32 reserved; /* In */ + u64 address; /* In */ + u32 len; /* In */ + u32 commit:1; /* In */ + u32 reserved2:31; /* In */ +} __packed; + /** * struct sev_data_get_id - GET_ID command parameters * diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..936464d4f282a 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -80,6 +80,11 @@ typedef enum { SEV_RET_INVALID_PAGE_OWNER, SEV_RET_INVALID_PAGE_AEAD_OFLOW, SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_BAD_SVN, + SEV_RET_BAD_VERSION, + SEV_RET_SHUTDOWN_REQUIRED, + SEV_RET_UPDATE_FAILED, + SEV_RET_RESTORE_REQUIRED, SEV_RET_MAX, } sev_ret_code; =20 --=20 2.47.0.199.ga7371fff76-goog From nobody Sun Nov 24 13:42:39 2024 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 80A9E3FB3B for ; Tue, 5 Nov 2024 01:06:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768786; cv=none; b=LKqWMeRXGmlLJKv34FiKwmDatinGYECRYWqia8JElObNSKby6raYGWShl6B+2QUCV74UEv3PJoYZzRjgeS7EZu0GMhBAz5AXWtIfXGENqowTtlX/aoSnFI7uyTuZJ0wNNdnBK1RhSJD6gALLPAPx/DtU9Zt8LDOLukHG1bSMVhs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768786; c=relaxed/simple; bh=/IzfL9CvW4m93cDhZ5O7Hz1vXcscHLpo5soYW7LYUBU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=XLldQ1WulR8e3OEayVgD7cwON1BctGMMETQmq6uio7yuG6GmvCpdydZ+FnHPNjqqE40GCV8eCwYnR2qs+V8N6cSk0eocLe9+GOJzc59SoPBZpx1fVo0EhycVL8TgQZR8MX5Je1DFD5O81UPN4vRNXs8cJ13KOjCG9/3/zB7Jshs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bcVxUFe2; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bcVxUFe2" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-720397dcc7cso5762301b3a.0 for ; Mon, 04 Nov 2024 17:06:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768784; x=1731373584; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=iizI1BGS8jbp1EGumTWgpgpNNFPF9nVUpu4CVNWm6HI=; b=bcVxUFe2HfLdEGOHqNYuY+oM9EiPtZSHZCdI4yhDHlqt7Ib3S2ggOJzbvvIc5qPxDe l5RifmJuO1p/Xxjrv84JGyvR8QMGhcuruPJIWduetULWLLmieMREZCh1N/qgu+z42K0W zhTWyQO3rhjgOQVCBbux9wRfS7MLWqLeWVh38HSz19bmdfE8rSxpGMTlZZf+dc5Z6kXb F9MJTiQoNjIA14WiGWcj0s48yZPjm1xjYLBkaPOlxUUMh9FCbsJFpUWex8Egwnbby54H VG6ydXQy8tPuSu17cW8lHlIPB9X7RaoqOWoCV5cGaDHT/SBJ6W+j+CszddL2ThfvtlC+ FWrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768784; x=1731373584; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=iizI1BGS8jbp1EGumTWgpgpNNFPF9nVUpu4CVNWm6HI=; b=m8BOOGF4LpA3ebgS+VXF54qLOQW19KgJLYW1GWmaqxz49ZXUrQfSsWiPv4yCMf/f5D e05Lo2Yv37XqBoPgIk6N9940OdddefjLUjkJIRx6bAejqcVUfZ6tmKMSKGL+V0pfrYWr Ld29tA2bNKpRM8ryckaT35yhUsL4wXgAT2TxzTUv/UzZytgqDWy/4YnMAjTha5XskOvc ICdC/Ineg1d+VePLp+ezeZLqwbJ1Ytd5KVT+6f1j4Rqb2pXmGZ2kDT2eZ+uC6CULVRou PJ+rnV60F0f7TRC/+gP7IOa7ry6qRUc18jIraZwwg3MHkpZKSt4IL5gsJm33ejB7f7G2 nj8Q== X-Forwarded-Encrypted: i=1; AJvYcCW6zWL6PSYuj/STm8ay9LHUSijOvxy1KelJWpS39pXArNRQKJxp7bcemi5sn0f6V941KM1vkIo/+jXUxnY=@vger.kernel.org X-Gm-Message-State: AOJu0Yzyz4S4M1bxiaMH4D8jIgvdF1VOxLIxE/gMw3WA4pFZgJmNYE9P 0WnXFj/2go29I+d8AiJR5KrO1a20vLisFKE9CnuwOjAoCoHsAxQjNlEYV5H0mQ+KPn19XUc5Sub GlD4sBP7e/0UApm0pEIIGIg== X-Google-Smtp-Source: AGHT+IFY2IGtbWSAXPxiT/z81FLwvgT0S7GolQL51U68PSsc6CXYDnyycDaDfVb/TTWsrHfpiQKoTO7SLj2Dthj4+A== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:62c6:b0:720:b04d:8fcb with SMTP id d2e1a72fcca58-720b9b5c762mr34056b3a.1.1730768782716; Mon, 04 Nov 2024 17:06:22 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:52 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-6-dionnaglaze@google.com> Subject: [PATCH v4 5/6] crypto: ccp: Use firmware_upload API for SNP firmware From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ashish Kalra Cc: Dionna Glaze , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" On init, the ccp device will make /sys/class/firmware/amd/loading etc firmware upload API attributes available to late-load a SEV-SNP firmware binary. The firmware upload api errors reported are actionable in the following ways: * FW_UPLOAD_ERR_HW_ERROR: the machine is in an unstable state and must be reset. * FW_UPLOAD_ERR_RW_ERROR: the firmware update went bad but can be recovered by hotloading the previous firmware version. Also used in the case that the kernel used the API wrong (bug). * FW_UPLOAD_ERR_FW_INVALID: user error with the data provided, but no instability is expected and no recovery actions are needed. * FW_UPLOAD_ERR_BUSY: upload attempted at a bad time either due to overload or the machine is in the wrong platform state. synthetic_restore_required: Instead of tracking the status of whether an individual GCTX is safe for use in a firmware command, force all following commands to fail with an error that is indicative of needing a firmware rollback. To test: 1. Build the kernel enabling SEV-SNP as normal and add CONFIG_FW_UPLOAD=3Dy. 2. Add the following to your kernel_cmdline: ccp.psp_init_on_probe=3D0. 3.Get an AMD SEV-SNP firmware sbin appropriate to your Epyc chip model at https://www.amd.com/en/developer/sev.html and extract to get a .sbin file. 4. Run the following with your sbinfile in FW: echo 1 > /sys/class/firmware/snp_dlfw_ex/loading cat "${FW?}" > /sys/class/firmware/snp_dlfw_ex/data echo 0 > /sys/class/firmware/snp_dlfw_ex/loading 5. Verify the firmware update message in dmesg. Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Tested-by: Ashish Kalra Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/Kconfig | 2 + drivers/crypto/ccp/sev-dev.c | 12 +- drivers/crypto/ccp/sev-dev.h | 16 +++ drivers/crypto/ccp/sev-fw.c | 213 +++++++++++++++++++++++++++++++++++ 4 files changed, 241 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index f394e45e11ab4..520b1c84d11f4 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -39,6 +39,8 @@ config CRYPTO_DEV_SP_PSP bool "Platform Security Processor (PSP) device" default y depends on CRYPTO_DEV_CCP_DD && X86_64 && AMD_IOMMU + select FW_LOADER + select FW_UPLOAD help Provide support for the AMD Platform Security Processor (PSP). The PSP is a dedicated processor that provides support for key diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 32f7b6147905e..8c73f023b6420 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -485,7 +485,7 @@ void snp_free_firmware_page(void *addr) } EXPORT_SYMBOL_GPL(snp_free_firmware_page); =20 -static void *sev_fw_alloc(unsigned long len) +void *sev_fw_alloc(unsigned long len) { struct page *page; =20 @@ -853,6 +853,10 @@ static int __sev_do_cmd_locked(int cmd, void *data, in= t *psp_ret) if (WARN_ON_ONCE(!data !=3D !buf_len)) return -EINVAL; =20 + ret =3D sev_snp_synthetic_error(sev, psp_ret); + if (ret) + return ret; + /* * Copy the incoming data to driver's scratch buffer as __pa() will not * work for some memory, e.g. vmalloc'd addresses, and @data may not be @@ -1523,7 +1527,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len) } EXPORT_SYMBOL_GPL(psp_copy_user_blob); =20 -static int sev_get_api_version(void) +int sev_get_api_version(void) { struct sev_device *sev =3D psp_master->sev_data; struct sev_user_data_status status; @@ -2320,6 +2324,8 @@ int sev_dev_init(struct psp_device *psp) if (ret) goto e_irq; =20 + sev_snp_dev_init_firmware_upload(sev); + dev_notice(dev, "sev enabled\n"); =20 return 0; @@ -2398,6 +2404,8 @@ void sev_dev_destroy(struct psp_device *psp) kref_put(&misc_dev->refcount, sev_exit); =20 psp_clear_sev_irq_handler(psp); + + sev_snp_dev_init_firmware_upload(sev); } =20 static int snp_shutdown_on_panic(struct notifier_block *nb, diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 28add34484ed1..52a423e7df84f 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -59,7 +59,13 @@ struct sev_device { bool snp_initialized; =20 #ifdef CONFIG_FW_UPLOAD + /* Lock to protect fw_cancel */ + struct mutex fw_lock; + struct fw_upload *fwl; + bool fw_cancel; + u32 last_snp_asid; + bool synthetic_restore_required; u64 *snp_asid_to_gctx_pages_map; u64 *snp_unbound_gctx_pages; u32 snp_unbound_gctx_end; @@ -72,12 +78,22 @@ void sev_dev_destroy(struct psp_device *psp); void sev_pci_init(void); void sev_pci_exit(void); =20 +void *sev_fw_alloc(unsigned long len); +int sev_get_api_version(void); +int sev_snp_download_firmware_ex(struct sev_device *sev, const u8 *data, u= 32 size, int *error); + #ifdef CONFIG_FW_UPLOAD void snp_cmd_bookkeeping_locked(int cmd, struct sev_device *sev, void *dat= a); int sev_snp_platform_init_firmware_upload(struct sev_device *sev); +void sev_snp_dev_init_firmware_upload(struct sev_device *sev); +void sev_snp_destroy_firmware_upload(struct sev_device *sev); +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret); #else static inline void snp_cmd_bookkeeping_locked(int cmd, struct sev_device *= sev, void *data) { } static inline int sev_snp_platform_init_firmware_upload(struct sev_device = *sev) { return 0; } +static inline void sev_snp_dev_init_firmware_upload(struct sev_device *sev= ) { } +static inline void sev_snp_destroy_firmware_upload(struct sev_device *sev)= { } +static inline int sev_snp_synthetic_error(struct sev_device *sev, int *psp= _ret) { return 0; } #endif /* CONFIG_FW_UPLOAD */ =20 #endif /* __SEV_DEV_H */ diff --git a/drivers/crypto/ccp/sev-fw.c b/drivers/crypto/ccp/sev-fw.c index 55a5a572da8f1..97ce90f2af29a 100644 --- a/drivers/crypto/ccp/sev-fw.c +++ b/drivers/crypto/ccp/sev-fw.c @@ -4,6 +4,7 @@ */ =20 #include +#include #include =20 #include @@ -115,3 +116,215 @@ int sev_snp_platform_init_firmware_upload(struct sev_= device *sev) } return 0; } + +static enum fw_upload_err snp_dlfw_ex_prepare(struct fw_upload *fw_upload, + const u8 *data, u32 size) +{ + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err snp_dlfw_ex_poll_complete(struct fw_upload *fw_u= pload) +{ + return FW_UPLOAD_ERR_NONE; +} + +/* + * This may be called asynchronously with an on-going update. All other + * functions are called sequentially in a single thread. To avoid contenti= on on + * register accesses, only update the cancel_request flag. Other functions= will + * check this flag and handle the cancel request synchronously. + */ +static void snp_dlfw_ex_cancel(struct fw_upload *fw_upload) +{ + struct sev_device *sev =3D fw_upload->dd_handle; + + mutex_lock(&sev->fw_lock); + sev->fw_cancel =3D true; + mutex_unlock(&sev->fw_lock); +} + +static enum fw_upload_err snp_dlfw_ex_err_translate(struct sev_device *sev= , int psp_ret) +{ + dev_dbg(sev->dev, "Failed to update SEV firmware: %#x\n", psp_ret); + /* + * Operation error: + * HW_ERROR: Critical error. Machine needs repairs now. + * RW_ERROR: Severe error. Roll back to the prior version to recover. + * User error: + * FW_INVALID: Bad input for this interface. + * BUSY: Wrong machine state to run download_firmware_ex. + */ + switch (psp_ret) { + case SEV_RET_RESTORE_REQUIRED: + dev_warn(sev->dev, "Firmware updated but unusable\n"); + dev_warn(sev->dev, "Need to do manual firmware rollback!!!\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_SHUTDOWN_REQUIRED: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image cannot be live updated\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_BAD_VERSION: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image is not well formed\n"); + return FW_UPLOAD_ERR_FW_INVALID; + /* SEV-specific errors that can still happen. */ + case SEV_RET_BAD_SIGNATURE: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image signature is bad\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_INVALID_PLATFORM_STATE: + /* Calling at the wrong time. Not a hardware error. */ + dev_warn(sev->dev, "Firmware not updated as SEV in INIT state\n"); + return FW_UPLOAD_ERR_BUSY; + case SEV_RET_HWSEV_RET_UNSAFE: + dev_err(sev->dev, "Firmware is unstable. Reset your machine!!!\n"); + return FW_UPLOAD_ERR_HW_ERROR; + /* Kernel bug cases. */ + case SEV_RET_INVALID_PARAM: + dev_err(sev->dev, "Download-firmware-EX invalid parameter\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_INVALID_ADDRESS: + dev_err(sev->dev, "Download-firmware-EX invalid address\n"); + return FW_UPLOAD_ERR_RW_ERROR; + default: + dev_err(sev->dev, "Unhandled download_firmware_ex err %d\n", psp_ret); + return FW_UPLOAD_ERR_HW_ERROR; + } +} + +static enum fw_upload_err snp_update_guest_statuses(struct sev_device *sev) +{ + struct sev_data_snp_guest_status status_data; + void *snp_guest_status; + enum fw_upload_err ret; + int error; + + /* + * Force an update of guest context pages after SEV firmware + * live update by issuing SNP_GUEST_STATUS on all guest + * context pages. + */ + snp_guest_status =3D sev_fw_alloc(PAGE_SIZE); + if (!snp_guest_status) + return FW_UPLOAD_ERR_INVALID_SIZE; + + /* + * After the last bound asid-to-gctx page is snp_unbound_gctx_end-many + * unbound gctx pages that also need updating. + */ + for (int i =3D 1; i <=3D sev->last_snp_asid + sev->snp_unbound_gctx_end; = i++) { + if (sev->snp_asid_to_gctx_pages_map[i]) { + status_data.gctx_paddr =3D sev->snp_asid_to_gctx_pages_map[i]; + status_data.address =3D __psp_pa(snp_guest_status); + ret =3D sev_do_cmd(SEV_CMD_SNP_GUEST_STATUS, &status_data, &error); + if (ret) { + /* + * Handle race with SNP VM being destroyed/decommissoned, + * if guest context page invalid error is returned, + * assume guest has been destroyed. + */ + if (error =3D=3D SEV_RET_INVALID_GUEST) + continue; + sev->synthetic_restore_required =3D true; + dev_err(sev->dev, "SNP GCTX update error: %#x\n", error); + dev_err(sev->dev, "Roll back SNP firmware!\n"); + snp_free_firmware_page(snp_guest_status); + ret =3D FW_UPLOAD_ERR_RW_ERROR; + goto fw_err; + } + } + } +fw_err: + snp_free_firmware_page(snp_guest_status); + return ret; +} + +static enum fw_upload_err snp_dlfw_ex_write(struct fw_upload *fwl, const u= 8 *data, + u32 offset, u32 size, u32 *written) +{ + struct sev_device *sev =3D fwl->dd_handle; + u8 api_major, api_minor, build; + int ret, error; + bool cancel; + + if (!sev) + return FW_UPLOAD_ERR_HW_ERROR; + + mutex_lock(&sev->fw_lock); + cancel =3D sev->fw_cancel; + mutex_unlock(&sev->fw_lock); + + if (cancel) + return FW_UPLOAD_ERR_CANCELED; + + /* + * SEV firmware update is a one-shot update operation, the write() + * callback to be invoked multiple times for the same update is + * unexpected. + */ + if (offset) + return FW_UPLOAD_ERR_INVALID_SIZE; + + if (sev_get_api_version()) + return FW_UPLOAD_ERR_HW_ERROR; + + api_major =3D sev->api_major; + api_minor =3D sev->api_minor; + build =3D sev->build; + + ret =3D sev_snp_download_firmware_ex(sev, data, size, &error); + if (ret) + return snp_dlfw_ex_err_translate(sev, error); + + ret =3D snp_update_guest_statuses(sev); + if (ret) + return ret; + + sev_get_api_version(); + if (api_major !=3D sev->api_major || api_minor !=3D sev->api_minor || + build !=3D sev->build) { + dev_info(sev->dev, "SEV firmware updated from %d.%d.%d to %d.%d.%d\n", + api_major, api_minor, build, + sev->api_major, sev->api_minor, sev->build); + } else { + dev_info(sev->dev, "SEV firmware same as old %d.%d.%d\n", + api_major, api_minor, build); + } + + *written =3D size; + return FW_UPLOAD_ERR_NONE; +} + +static const struct fw_upload_ops snp_dlfw_ex_ops =3D { + .prepare =3D snp_dlfw_ex_prepare, + .write =3D snp_dlfw_ex_write, + .poll_complete =3D snp_dlfw_ex_poll_complete, + .cancel =3D snp_dlfw_ex_cancel, +}; + +void sev_snp_dev_init_firmware_upload(struct sev_device *sev) +{ + struct fw_upload *fwl; + + fwl =3D firmware_upload_register(THIS_MODULE, sev->dev, "snp_dlfw_ex", &s= np_dlfw_ex_ops, sev); + + if (IS_ERR(fwl)) + dev_err(sev->dev, "SEV firmware upload initialization error %ld\n", PTR_= ERR(fwl)); + + sev->fwl =3D fwl; + mutex_init(&sev->fw_lock); +} + +void sev_snp_destroy_firmware_upload(struct sev_device *sev) +{ + firmware_upload_unregister(sev->fwl); +} + +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret) +{ + if (sev->synthetic_restore_required) { + *psp_ret =3D SEV_RET_RESTORE_REQUIRED; + return -EIO; + } + return 0; +} --=20 2.47.0.199.ga7371fff76-goog From nobody Sun Nov 24 13:42:39 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 875121BF37 for ; Tue, 5 Nov 2024 01:06:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768788; cv=none; b=ACOWVs2cLlD/CNGnRlQxst2e6Ib/v/7fGkwI+Lxs1TQY4y8qwX/vXxfzFqQ8lMoPv97E0FiQwBm4EaMYuFqiea6b4rOH22dzpQ0yVedLn62ihtWAfwpk0FnNquD1hhq1Gyg887D0P+iDwMaHZwPaHLsyMjP6RKTGFfyoSa4Acm8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1730768788; c=relaxed/simple; bh=PrkZM6Xy8UF0mEloWiv1/ygTi//WCDu6vFaQAcQxgaY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VBDv2dwMN8ClT8VFuhR2dlndCT7UrA+ZksEZ8sSLARij6AbsfnU8pvMGND6+G0Q+6uJ5GDyIn8hyQzKzqCZSdhfkLTdz3Kdvebdcb/yvgupB8jZWzO9eh+tdUNj30THxH4hDmZvWrvCfh0Yp8DotCQHUOctFTBPFZQLKMNDbIsE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=O+dDM6zL; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="O+dDM6zL" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6eaa08a6fdbso21006017b3.3 for ; Mon, 04 Nov 2024 17:06:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1730768786; x=1731373586; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JS3XxluJTES3Wiur3lmc4TEkrd8MuXF3kmtmu8pwE5Y=; b=O+dDM6zLw62e/tcs6Q7rF+NuDoPAnnY/2Vhfa9sUZQnZFrEx1tZTg7OjYSmGPvmwfw 44Q+9fdXv4I+kzh4ipsZ/mxRWwUMD6fvwFZ0bb9zIPypP2C7gqmfpRoab5ooLcR3xXZP vIaCaTeg1EPLv0ssuMoiL/C0n0CtBL/tNbdNdvXEBLQ1SfDA9pwdBRSBhTS3+jE5iKue kmx3o3f6EBrjXOrdbQ3Z4D8nuxy0XCbvOg9L9Kt8k71+f+MYcRkb1IyhvClDfPaSxbRG gTVZFTCAO3JLi0dbGhbTvKTQv0v9o9zDTjFz43bTzsBj6dRAXmi88JmOJdeeU2mfedsy zDKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1730768786; x=1731373586; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JS3XxluJTES3Wiur3lmc4TEkrd8MuXF3kmtmu8pwE5Y=; b=CvNW1R1K9Nlznfq3regfq5HvmFVY6Kpg+IOTjFkg2Wvft3lOzRwWF/5M1Vcvp6abuT Ak0unXb6cjKwXLmvqHFsSZrxuwEeoOBVMynraG6UJQrbVpMVozOOphueTWg3R+8+9Q22 K7MfigjTeSbU1/q6XqnAtAADpHto1beng/r8UJx6fkBKCnBQkg6gUXZ+/fiM+7ZFzB7+ TEwpOuCY96cr/E8fbOOuiriQq9STzL6qAkyp/13dqOfkK5gciVR7qfSUAec2MAhBMYXu FBPmKJgmRS8siX0m8dwP3RTW24fzf/44al7Dz42Qji2YryIzK8Au3Evacfy0kl0qhXIK n71w== X-Forwarded-Encrypted: i=1; AJvYcCVbQjruUYAHIvbpTIXU30pDjm+qeJU6kcbTQj8w/LvluzGv9JgYmd2r7N01zjxLgSpVK0J70taboia40IE=@vger.kernel.org X-Gm-Message-State: AOJu0YyTtSPgFiCfOhuUDEv2PpvatfL0N/V8oYw2hKc2jXj7/2WST0c0 CUcHmvW0cul7oWI3lq5G2cqgedwferY4FJGpGgjhx+xEeo0yoc7GfazAj2H/v1YExw/QL/pzHu4 5tk/s7ekKZonmIOmg/pgvLA== X-Google-Smtp-Source: AGHT+IFO2JgTdSt2JVSAlE6aLJiAl18hccyke07Vi/GlLOEcPNFzRu1IUPbLnPUPUc1RIzAgyPoMizpEQTsA/tZYFg== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a81:a8c6:0:b0:6ea:7c90:41f2 with SMTP id 00721157ae682-6ea7c904377mr279887b3.6.1730768785769; Mon, 04 Nov 2024 17:06:25 -0800 (PST) Date: Tue, 5 Nov 2024 01:05:53 +0000 In-Reply-To: <20241105010558.1266699-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241105010558.1266699-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.199.ga7371fff76-goog Message-ID: <20241105010558.1266699-7-dionnaglaze@google.com> Subject: [PATCH v4 6/6] KVM: SVM: Delay legacy platform initialization on SNP From: Dionna Glaze To: x86@kernel.org, linux-kernel@vger.kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When no SEV or SEV-ES guests are active, then the firmware can be updated while (SEV-SNP) VM guests are active. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Ashish Kalra Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index f6e96ec0a5caa..3c2079ba7c76f 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -444,7 +444,7 @@ static int __sev_guest_init(struct kvm *kvm, struct kvm= _sev_cmd *argp, if (ret) goto e_no_asid; =20 - init_args.probe =3D false; + init_args.probe =3D vm_type !=3D KVM_X86_SEV_VM && vm_type !=3D KVM_X86_S= EV_ES_VM; ret =3D sev_platform_init(&init_args); if (ret) goto e_free; --=20 2.47.0.199.ga7371fff76-goog