From nobody Sun Nov 24 03:02:26 2024 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5AAF52194BB for ; Thu, 7 Nov 2024 23:28:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022127; cv=none; b=IDAN7OVMSZb5/PQOsbBasFGefKdgjtDFCP0AYb4KJBmBrFNKau9Tj/3UJr8/vocxfmtrdkYqr8QQbXbQ+JPksA3BbYLJlTRbu3tr2F1n8MwU3C73bTuyKYIpyx7bZq6e/ofwpxGx4If8RbF99OxIGvgDZXeajAPQ+UGjMMkBcaA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022127; c=relaxed/simple; bh=Jb7bsAHuq1g+F+AyFt83enXaiVLr1zlWcNhrBiuDpbE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=T95bTDWsg1sfwqYY4y46zDWKAz+BnxbwH0lsJ2RkCFjCQRadPHs6+zqw+MyJ6d6BYK9/R4UgEHpsK9zMocKIijpKrt5aGIb7sWBLDsi//JmqfhKdmgcx9XA5Xkn8kjXFoP1fEb8w8KlDBTOrUT/c/ynRJ+JanjtBGdEvXXDSaH8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=3U/bDQ40; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="3U/bDQ40" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-20c2cffd698so17093815ad.2 for ; Thu, 07 Nov 2024 15:28:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022126; x=1731626926; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=3U/bDQ40TkVzsMt30R0S+Fwm2H/hcT9BAmf+zbuerBFrmg4RFUK0l75Iy0vpqC9MKP 0ELooTvngU95Cs56TPuiqU711QveYtrB5G7ojA9r/KYtFBtOfRdN2tj4qqDSTXObRtxl kNgThL7/O6I4VO3tncIJ8+HVwQEx1c+Z4K/zVvlnWf9Kf3Bcy9NDqmBFJXFbfpPV5tXt VKItVKU4xJQ7r9gq+bpNkS4AJOX0JU0Yx+tjafyEBH+OiCvWMbWl+5Ba0DWM10+VnHi9 BuMvbWg3hCYPtOOmwgg3+y1SBfEm0uiB0hZ2maYWh0Jh/6selCoiC+7X6PV0ygjOrx12 itFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022126; x=1731626926; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=HlVKHZ4Vs8+G0mpHy1zdKq8jdKVfykUUN0DTrNL1IUr8//8AepFQWhL27VkUYQIPfl 7PwqyNInIK8JmweZ6jpFVC4XjAyqp9qA46aqAByeaMprhtvYeLwqb9sE8jZOCbP2sCu7 iHRigz4kYKXvM2trcDNl11IPKRvFVffSglR7AppAdDvJ4h0G5/Bqa/OZNLdnaSUhfqzE mXJRaL8Zah/8Z3c2Q1vyIco3HGTRPNjsRZWc8wAgm++Tlf+N9BfkrfTfFJ+rCFuYJZwX blVWRB7eGVwE9O5FoKswIGeqToCXzaiGCgfRMLdja8SibFLux0OK+X8HP+qcoFWhCDR8 PxYg== X-Gm-Message-State: AOJu0YxZauj56tY6xlOk15J+cs90GcsVSkN/1q1I2kCXCtVoNDkL7w5C bqX4AVVgSrDE0WOh5wLq923HDLjMQ42oiEf9TtL6J6DtruRN7+xhJu6J8SL6EFcNwJNd0WLR6pg N1LQd8kVcxYYiA0vcNct9/NXIkVhxgzywp3uKlNYcvDWY55LMo9wmshPlj1Wylnw+LwBkVg4JCA mUnZ6wuaiZJDVQ1EJ+czB09N9e6YMMu4ZtrFS49m43QV5TgzidKtlkuRoc5pAcMufTXSY= X-Google-Smtp-Source: AGHT+IHFPAiltfAOVNolJAl2h+HhOSP1M/MZxsyy6Dv9FYk8AEUT5WM30aZEucZ6W0XBVDTeoqUU8aas5mUiHtIsXw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:8a87:b0:20b:bc4b:2bc4 with SMTP id d9443c01a7336-2118359a483mr25935ad.10.1731022124362; Thu, 07 Nov 2024 15:28:44 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:41 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-2-dionnaglaze@google.com> Subject: [PATCH v5 01/10] KVM: SVM: Fix gctx page leak on invalid inputs From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Brijesh Singh , Ashish Kalra , Michael Roth Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Ensure that snp gctx page allocation is adequately deallocated on failure during snp_launch_start. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze Acked-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c6c8524859001..357906375ec59 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (sev->snp_context) return -EINVAL; =20 - sev->snp_context =3D snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; - if (params.flags) return -EINVAL; =20 @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; =20 + sev->snp_context =3D snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C473D218D9C for ; Thu, 7 Nov 2024 23:28:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022129; cv=none; b=EvkBBTOdIMO/E9gYE5G3I55UaD6GA6dZEM+gLRnSI/CW6Ru5u7TMMIct7VPEsXrPJuQAp5GRqip/LzWmoQmMrRlaaH6GST48zoClYtxxZG0akZ49aUA5s7scOctmB3TkHCnMe3YOX/sPy2ObO403HztkxulEW8wWVM/L0WYHQ7U= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022129; c=relaxed/simple; bh=ayby78yQOyjOz6ls+yE5cxTfghhQvc3yyzZlL7gs+bU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=E587HyikrAoz6s8cD9vagVyYDupHhPPqEv+GUfZiLok6xgoJD52d88yYd2lI6fcuI/i3V35P8/9d24oCmu16tC5t2NN5R1Oq2sppxa9WuYYTDVRNJ+SOkOXAa8VVNhEaHGC8W4yLcYX+kbA5O3h+9a3IptaBJjbfOQDQYlPhJP4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=rlVqdYI+; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rlVqdYI+" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6ea8d6fb2ffso29411087b3.2 for ; Thu, 07 Nov 2024 15:28:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022127; x=1731626927; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=rlVqdYI+EAwB1xQX211zKzdMzzBynt0ZHcfEUHFPIVYGDZF1ix6tBbhiycTjOX80eK q/AVgh9akdcnnLrZdxRVy/KD2jieeJdtmPmxdeSSv+UjOdT6NmeJrbPGKk9h9yt+9hOt nhBYnbVOQWZryA9O5f7BmjkZ1x1T7g00LegEFlZf9QzMlE9FsNhaM1dIjbs4c25pDByS 7AlFMUpBYIIWD72ed/yHVa5tlUBFyiTudQElYA3+G7AqPbvZ2IxWEUUjncM+8k1XaHlh 70+OLwz+Jazs6dYeSLDchlnS+L3ay0SERffUcwozdbukffjE+XS980VMJBSK2Q+mFFLg lgLA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022127; x=1731626927; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=XMi0Yk2aoTO8LAIDnPAymq/lW61wWXN4eXO/hzYeizaSr+05T+qYmV6ggdTTZuQ/Jf zL5vqaNR+ZZ7xJnE0KG6ZpsIy0rNuNBYsuEJbF2/3ZvOjIxnTs19YUVGotmNMRQ0qOS0 /+HsLIVe4IMLMfl17a8s1+0jeYF43gyWJc8O42tlV8eGpg6VblzmN5grwc1Q+Ue7d/lo 26vE8/YTrTKa07/ymSZuPdg9+l0rLYdcm4/Iu4hCTqycspP9BlHvDGqeKFf1S4JYD01o Z6dYFv8MpEXjquSaZbTHec7z4qjMaS4TZImcg0qsoN5VLe6W+1CDaBzitxHkrDLroT2k 6MZA== X-Gm-Message-State: AOJu0YxL1LafUF2BOceGfVf+4/Dbnxlno7x2GbASw/1YCynZR8xBL76i 3OZP0aisfnLox3PO3Knxf32grL2otT7fKM8rYiI4YKARMpzJeMqtPRMOrpsF96fQJish830HQ8x VR0DMKFAYt6wkyx0V05kOujPqfbcmlYB4Uz6Me3RylxSCjejSVovXS6d5gTkJLnVOLkNEjn03Om zkwomi/Yz39YssuktRNUd3sx5pM/2KfTOqgCYEce7KuzxDfSyor0bPOsBK1ZxX1R/4Yvs= X-Google-Smtp-Source: AGHT+IHZp/clRKmQZ8fJk7ELtkAKGCrs2CU91VNe+31QXmURSkfx5SINiU/puhbXGTHvPt4yQyv2DjU9QK+SpStkvA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:7307:b0:6ea:3c62:17c1 with SMTP id 00721157ae682-6eaddd75f83mr94917b3.1.1731022126529; Thu, 07 Nov 2024 15:28:46 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:42 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-3-dionnaglaze@google.com> Subject: [PATCH v5 02/10] KVM: SVM: Fix snp_context_create error reporting From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Ashish Kalra , Brijesh Singh , Michael Roth Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Failure to allocate should not return -ENOTTY. Command failure has multiple possible error modes. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 357906375ec59..d0e0152aefb32 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2171,7 +2171,7 @@ static void *snp_context_create(struct kvm *kvm, stru= ct kvm_sev_cmd *argp) /* Allocate memory for context page */ context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); if (!context) - return NULL; + return ERR_PTR(-ENOMEM); =20 data.address =3D __psp_pa(context); rc =3D __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &arg= p->error); @@ -2179,7 +2179,7 @@ static void *snp_context_create(struct kvm *kvm, stru= ct kvm_sev_cmd *argp) pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", rc, argp->error); snp_free_firmware_page(context); - return NULL; + return ERR_PTR(rc); } =20 return context; @@ -2227,8 +2227,8 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) return -EINVAL; =20 sev->snp_context =3D snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; + if (IS_ERR(sev->snp_context)) + return PTR_ERR(sev->snp_context); =20 start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-pf1-f202.google.com (mail-pf1-f202.google.com [209.85.210.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F1FD221A4B8 for ; Thu, 7 Nov 2024 23:28:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022130; cv=none; b=QekxmVOJFXuBwkQidWq1/D99gkWPGM11q1aGmSNPPqWVD6erI3h6m2tLX//RUBd8bb6Eqy0bI9fFELOSjf7WCAfFtLgaQEa3MkmAu7q+1kyfGjdAPMcPAM3axTXhSVvyxiZr8D/dC40Y7EWvM7VWyk+R9FMyyOFr8YE3BUcrFA4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022130; c=relaxed/simple; bh=fkSYYUFFU2dhT6w7OYZJxAhhsJkywG0c349xGH09+og=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=A2bu1f495dDCBVUzf4E6KfIyviyLj1mYhw3kVfG0v2YxwRg+UILRHi0PZ0eU/iEnMiHycJcSUZ952kZq3Q6WZ3E8EncTfBpDDtQk0rhPPWoS8PU80ajjAPiPHauBc9LddNBc4RuKsJd/4AHsoXj9rNZRpr0/YROtizO+Ax2jESc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=h07sKV/F; arc=none smtp.client-ip=209.85.210.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="h07sKV/F" Received: by mail-pf1-f202.google.com with SMTP id d2e1a72fcca58-71e7858820eso1602647b3a.2 for ; Thu, 07 Nov 2024 15:28:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022128; x=1731626928; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=waco7iVOB4xSaLUY84IKzzTbmzK38z3CV8Wi2DuMfOk=; b=h07sKV/FcnyzHzBlKqGvlZcLN/FUKAZpqTMFl69biwPH68JI7YiqDe3tvtzxyfP4S+ l4rBn2xy2FfZcFd08hBE1fEjwxozWLLUkiQaVcmo8zknpez0VSTmBgeDTQvZZo6aP2fo WfJJHrjHHCBfBFQPlYQMi4mvx5b1HIPO46rG1MBJDKbCauEFdxbqnrxJda8uZZrn7vNk Pf+62CrJ5BVxt7YVy6JEe9zLESetDT5Aacbe3LgLa2ISJmCg8l3BlSFE9DNcruRElslq +33zv4Chn8L4wyqKE1KJ6v1k6FTpJwKBZxRcMRCjuZrlpxvuaRxDlgH4OXa8tHTlY+gM am5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022128; x=1731626928; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=waco7iVOB4xSaLUY84IKzzTbmzK38z3CV8Wi2DuMfOk=; b=U6uedLvIrxjh4NYhPw4m0WBrjs4daUA/PR+pjIG44BcnHOS6mz9crBXKurv7Ny9/kB N7OII8N0Ugxx4QrxiXudNpTXy9wJKAp5se2KR7UwUz8WuM4ulemEEJ+2v+q/dwGC0uxy uvqnw3q9TY8tqEEDGbckE1n4JbMe1X/AwiWWDnHwGx2T9ZNtxB/mI3+BYrraJhc6NPKI wmFsEwJWHoYIclL3S27avkS7WHRyWDEoWojiXvBPCcjRLAnL6FdwGAc2hqeJ8xKBq+Ci Pmg3BYWz6hIIyolWD5WLV/iSAoAD16TeSlB5mPat9bsZo9iLcsCuHe0MmM5flWuiZRKZ gC7g== X-Gm-Message-State: AOJu0YyurBojsHTq46kS+jWbAMcfol0QFVkHTa1wxZ6q4qT11gJS7pSN 7Wk8SPcRjujG203mTxWWh5/vlZ3ECEa2yEUnYT0eqNFhxvxFtitfd7Ym5iY9ofVS/yILiVcrTl8 poBf1lqQWYN3c9AOJfKnODoF/PIo2dkJ1ehJEhDr34p1hMKcaf3A6achphLr+8ZQ2PFTElTlePE lK70r1xerKGM0PfYWvdA8k4O+iB68vTVr1QmEqC+gFIHB4CWGwU8J6Ya7DLeWCqNkyZFM= X-Google-Smtp-Source: AGHT+IFktMlgSeVnC8o0GKn2MK1ClKfKNJm/XnNohjmQq7MlNLX7MB3brInoXmrcodjawxwEvJ0rGzMZv0e8oU/vTA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:6a00:768e:b0:71e:6122:d9c with SMTP id d2e1a72fcca58-7241339bbe2mr8635b3a.4.1731022128255; Thu, 07 Nov 2024 15:28:48 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:43 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-4-dionnaglaze@google.com> Subject: [PATCH v5 03/10] firmware_loader: Move module refcounts to allow unloading From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Alexey Kardashevskiy , Russ Weight Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a kernel module registers a firmware upload API ops set, then it's unable to be moved due to effectively a cyclic reference that the module depends on the upload which depends on the module. Instead, only require the try_module_get when an upload is requested to disallow unloading a module only while the upload is in progress. Fixes: 97730bbb242c ("firmware_loader: Add firmware-upload support") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Tested-by: Ashish Kalra Reviewed-by: Russ Weight Signed-off-by: Dionna Glaze --- drivers/base/firmware_loader/sysfs_upload.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/base/firmware_loader/sysfs_upload.c b/drivers/base/fir= mware_loader/sysfs_upload.c index 829270067d163..7d9c6aef7720a 100644 --- a/drivers/base/firmware_loader/sysfs_upload.c +++ b/drivers/base/firmware_loader/sysfs_upload.c @@ -204,6 +204,7 @@ static void fw_upload_main(struct work_struct *work) fwlp->ops->cleanup(fwl); =20 putdev_exit: + module_put(fwlp->module); put_device(fw_dev->parent); =20 /* @@ -239,6 +240,9 @@ int fw_upload_start(struct fw_sysfs *fw_sysfs) } =20 fwlp =3D fw_sysfs->fw_upload_priv; + if (!try_module_get(fwlp->module)) /* released in fw_upload_main */ + return -EFAULT; + mutex_lock(&fwlp->lock); =20 /* Do not interfere with an on-going fw_upload */ @@ -310,13 +314,10 @@ firmware_upload_register(struct module *module, struc= t device *parent, return ERR_PTR(-EINVAL); } =20 - if (!try_module_get(module)) - return ERR_PTR(-EFAULT); - fw_upload =3D kzalloc(sizeof(*fw_upload), GFP_KERNEL); if (!fw_upload) { ret =3D -ENOMEM; - goto exit_module_put; + goto exit_err; } =20 fw_upload_priv =3D kzalloc(sizeof(*fw_upload_priv), GFP_KERNEL); @@ -358,7 +359,7 @@ firmware_upload_register(struct module *module, struct = device *parent, if (ret) { dev_err(fw_dev, "%s: device_register failed\n", __func__); put_device(fw_dev); - goto exit_module_put; + goto exit_err; } =20 return fw_upload; @@ -372,8 +373,7 @@ firmware_upload_register(struct module *module, struct = device *parent, free_fw_upload: kfree(fw_upload); =20 -exit_module_put: - module_put(module); +exit_err: =20 return ERR_PTR(ret); } @@ -387,7 +387,6 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) { struct fw_sysfs *fw_sysfs =3D fw_upload->priv; struct fw_upload_priv *fw_upload_priv =3D fw_sysfs->fw_upload_priv; - struct module *module =3D fw_upload_priv->module; =20 mutex_lock(&fw_upload_priv->lock); if (fw_upload_priv->progress =3D=3D FW_UPLOAD_PROG_IDLE) { @@ -403,6 +402,5 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) =20 unregister: device_unregister(&fw_sysfs->dev); - module_put(module); } EXPORT_SYMBOL_GPL(firmware_upload_unregister); --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 612FA21A712 for ; Thu, 7 Nov 2024 23:28:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022132; cv=none; b=c64vzM4b74Wkb7eoo2OYF9SqpDpcLMU713yaYEqzn+baXKffWQUlRWqfwQMecGhqdp1yC7LDwSS+ftRJD0LgQymrQNRERTkf0v3BPXUsx5nZu0MgqZtmwCiiznR6em3em+ZMuUzprgdWtfo9oyfYvLO5CkBlO7KelcXQoOGuzuU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022132; c=relaxed/simple; bh=lRBqf5twuEZRlunb4SU7u4RsPEMFdFwbD7rStcI1GVM=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VptRA9vBrJsjruACE/Ixe7BFHGR3KY8Womh5W+v44eqiVT/146xHLg3VOfk9ZqrEvEEmrwF3TPlfp9JdOBWRJWpFXvALq5oLH31Uxgc0mmSeQ5STtHY3B+bUzz53VrRNWc0T7Rp3NJklrcKnL0isyQaSbveIQd5ZnYiliPo6Tq4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=MyP2/V3t; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="MyP2/V3t" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2e3d74e5962so1602220a91.0 for ; Thu, 07 Nov 2024 15:28:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022131; x=1731626931; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=R5GIXxcbWN8I/ZRWs7VNYRYcdtYl9gfySVnkJreof1o=; b=MyP2/V3tsnF/kPxEVnh1avO6cI3dTnMi/3iPQQosSPye68UjW0xcfeBL5TczpScKYI 9awxzn2N2q07iwYRYPsgRPzZwYhce5DxW9MXm7Owo7jBEaOW8q7tQdBBUdqL3k4iP9CB DcfCzwZgydhjJE77jj2mrDclB5AxqI9CnRO5cevs83f4Y7n0+AjQeTdjSm5GPcEaKLXe BzUCtR2poJzUkuX5Lv6sRD8h0cL4E8V3gs/vcTJNGEQaso2SZ2dxrMD1DpEnuvnbAEAA enQefNnA5NpX1txJ/ne2oPxxRilaTXUpPIOZcelAl9nDTpfyDALt01xbWS1jk5IsBwyk zTlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022131; x=1731626931; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=R5GIXxcbWN8I/ZRWs7VNYRYcdtYl9gfySVnkJreof1o=; b=RELc9DRFhLz5rAplajPplkCJadZmO+oduOfz8xpoxdGiAVUAnjSHEMcnnLYEhpVm3o qsdcsjwSIqEjNCrph2LXeR5Qn9Ue9rENKK8m4mqju0xMSL+kr85lK6BMAGXZlb8b6LjY PkPOjU7aMw8Rems76WXyFZGr1/tzsSVVhnoBRAvyBDzAOh5cucUbTYcn3h21/h/q8jL5 AyEXUj2NMsKps8nMhy/D5O9YmI91A+HxqHop3OvSdpfhua4m/wDQKlMqQxBFm2IyJgPb g7vh5smyyrTWzHAzJACmXykM/twI1m4f7dqA3+kR5Y/jbjc2V1Lr621Ab3irf0LN4/J1 2MYA== X-Gm-Message-State: AOJu0YxI1MrHeThV3DQan0IiQr9zpsHMM6tWUrv1LknmSVo8PtPuv/Gn IV9rKuIoA0enpptpOlRjHwaM/j7pWdcvUOx2uN3P68BXlVIcrA8G0+QSwnOFdmP5LSbZMILf9iu 6T1jyEN038z/0ThMaGJmg6zOZVXriFNm5tKhzaVvy7pX5fvbm+H57fI7W5cUTr3KhDLinBHavnp kqKyFnVABa4kAtjvRjOCQjAZobgCDGTdXdJknYZo8dIQE+NpZC0x14oD14E5Bf3sIZRR8= X-Google-Smtp-Source: AGHT+IEwOfZDI4F3jRslzGIEdwn06Xqt2NhOKADKScJCrSFXrWa8oRKCWk++dR3cp8p6tEK54xsId3Hhy6ePNZyFVA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:90a:39c3:b0:2e0:a07d:1e61 with SMTP id 98e67ed59e1d1-2e9b16e7a8emr6234a91.2.1731022130343; Thu, 07 Nov 2024 15:28:50 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:44 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-5-dionnaglaze@google.com> Subject: [PATCH v5 04/10] crypto: ccp: Fix uapi definitions of PSP errors From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Ashish Kalra , Tom Lendacky , "Borislav Petkov (AMD)" , Michael Roth , Brijesh Singh Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Dave Hansen , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org From: Alexey Kardashevskiy Signed-off-by: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY =3D 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE =3D 0x0019, + SEV_RET_INVALID_PAGE_STATE =3D 0x001A, + SEV_RET_INVALID_MDATA_ENTRY =3D 0x001B, + SEV_RET_INVALID_PAGE_OWNER =3D 0x001C, + SEV_RET_AEAD_OFLOW =3D 0x001D, + SEV_RET_EXIT_RING_BUFFER =3D 0x001F, + SEV_RET_RMP_INIT_REQUIRED =3D 0x0020, + SEV_RET_BAD_SVN =3D 0x0021, + SEV_RET_BAD_VERSION =3D 0x0022, + SEV_RET_SHUTDOWN_REQUIRED =3D 0x0023, + SEV_RET_UPDATE_FAILED =3D 0x0024, + SEV_RET_RESTORE_REQUIRED =3D 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED =3D 0x0026, + SEV_RET_INVALID_KEY =3D 0x0027, SEV_RET_MAX, } sev_ret_code; =20 --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0C191219C93 for ; Thu, 7 Nov 2024 23:28:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022135; cv=none; b=g6E632kjxhuqx8ev/P3JuUxz1eEOu6dBNkI17eQKwUm4OadORjtM+ZYGrVw0rk9KhJamKHTb3x/n2QIqiZ6TAM99Jg48/fuxjkIOjJAdcUyj+isezUtM2h5PrYrD2Jhi+WLgck3oMXRxxI6SOxn3DA4ey05XyZgVCUncfKCzs9M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022135; c=relaxed/simple; bh=K+mz91F1yF96twer+mf0GLIIgXZi2rB7gU/fVt6MfUs=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FOoPMFZOpqZm+qifIjoK92xhR7sQIMG6RdTFPrHfGeQZ44F2do1KA2c7t7D9uiAUOxN7ND0k3SYsbpixfI45fvWhVH5ZLozmbdaDKPq9/BL9z9NgbsVa7JBo6BLvp4mF/IH20PczHfM0eREhGuUy6IHBK0+PVRYs6810gxHCjSQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=u/47isQX; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="u/47isQX" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6ea8a5e862eso19841777b3.0 for ; Thu, 07 Nov 2024 15:28:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022133; x=1731626933; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=LBA3fBcXFp9Bsca4pv6+EzGK6gmROtQOBEHvya8zy9o=; b=u/47isQXqOUsK9ybbtanXkP07ZVslOAEDcN7SVS17KwdDwOSQRyDpLHlKCopIehPNm 1CBQnDIovfaklREEhVIGtgROeJ4HfHhQGI1cNfAtx/U+2ao9igMEiUqi+eV0wAyqQlkf v1tCa1MPnzGzfuG5+/yfmlkUxeenBW26q9CtbvT5FvDkvLXz0oU24TtpwZUIrK3w8Hz3 P465GbvDPc04FLMFaLv7/yCIeBXClSPr81ZtbVBrDNLyGbL/cC7VYj6eWxPqn718xeBs NDLOizTXYdEDCoBG4u0QXxOlBB3bixSbJp5woOGj7M1W1W4k6Zi0FGc9Qi7KR6VAdX8u 8JSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022133; x=1731626933; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=LBA3fBcXFp9Bsca4pv6+EzGK6gmROtQOBEHvya8zy9o=; b=JO/YBE/5GRE7Ox7D7CqSGYHmnlUEgKFIx/IN+ss7XinwHWjc2IjOXabYMcSnl88MfR TCmZf1sh7hsjrMQHu7Md8Fwo2cUZ4a/51PSCmFTDdWdfu1ow18jYqikCZVDDwksZJph/ r97Lqnz7HdX9C2Tr38Amo2NiI0NOG6Hva+HZ7kFDO5oOd8Oepgob5/L5v3KRsbWdm/s0 prmIuU+1wm3NiLAzoI1qHhdt+I12nwy9Ea87gUpRS+T0bEHlfd6EM1Ru1wvOEawVaMIn HxEMEj8EMNIn9TPOM8TpI87/nbH4IBk+xMKE4jnf7hooe9aKlyoxB5vYWxCxpsM4RGYA nIUA== X-Gm-Message-State: AOJu0Yw4Sv1P2lW+HCwlbbFSJC+nXQdkUDmj/N7O9lxRop2bwp7RgAKj P+YIDui3X+1xweMulxqYhwEjrC/4kG/TYDRi0MR3Ps3zcsnHGuoZq8V2F8pFeOI7PLGjlji6NWw 9OdrqVtEMsIr+h7JpDa882zGDI8qvP3iHzje0uROxjfk9Isco6LAlVuu1SPL9W+gRwyEdUNtHRc Dn9zTyH7NmGYUBTKgM/RqZo0lwm8WIoUSCxm4gJnBq0g/Rzbc/nGPXKRpoL/AYGRBe1Q4= X-Google-Smtp-Source: AGHT+IFNyqKSoQsSCoYlJkBSKnmw23KoFCIBF0JCUO1nRJPI9ElZHcKVMfkjhcgPc9HIK87jTLhabc6SLTCBBfd2aA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:316:b0:620:32ea:e1d4 with SMTP id 00721157ae682-6eade0af8bbmr127717b3.0.1731022132776; Thu, 07 Nov 2024 15:28:52 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:45 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-6-dionnaglaze@google.com> Subject: [PATCH v5 05/10] crypto: ccp: Add GCTX API to track ASID assignment From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In preparation for SEV firmware hotloading support, introduce a new way to create, activate, and decommission GCTX pages such that ccp is has all GCTX pages available to update as needed. Compliance with SEV-SNP API section 3.3 Firmware Updates and 4.1.1 Live Update: before a firmware is committed, all active GCTX pages should be updated with SNP_GUEST_STATUS to ensure their data structure remains consistent for the new firmware version. There can only be CPUID 0x8000001f_EDX-1 many SEV-SNP asids in use at one time, so this map associates asid to gctx in order to track which addresses are active gctx pages that need updating. When an asid and gctx page are decommissioned, the page is removed from tracking for update-purposes. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 107 +++++++++++++++++++++++++++++++++++ drivers/crypto/ccp/sev-dev.h | 8 +++ include/linux/psp-sev.h | 52 +++++++++++++++++ 3 files changed, 167 insertions(+) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index af018afd9cd7f..036e8d5054fcc 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -109,6 +109,10 @@ static void *sev_init_ex_buffer; */ static struct sev_data_range_list *snp_range_list; =20 +/* SEV ASID data tracks resources associated with an ASID to safely manage= operations. */ +struct sev_asid_data *sev_asid_data; +u32 nr_asids, sev_min_asid, sev_max_asid, sev_es_max_asid; + static inline bool sev_version_greater_or_equal(u8 maj, u8 min) { struct sev_device *sev =3D psp_master->sev_data; @@ -1093,6 +1097,81 @@ static int snp_filter_reserved_mem_regions(struct re= source *rs, void *arg) return 0; } =20 +void *sev_snp_create_context(int asid, int *psp_ret) +{ + struct sev_data_snp_addr data =3D {}; + void *context; + int rc; + + if (!sev_asid_data) + return ERR_PTR(-ENODEV); + + /* Can't create a context for a used ASID. */ + if (sev_asid_data[asid].snp_context) + return ERR_PTR(-EBUSY); + + /* Allocate memory for context page */ + context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); + if (!context) + return ERR_PTR(-ENOMEM); + + data.address =3D __psp_pa(context); + rc =3D sev_do_cmd(SEV_CMD_SNP_GCTX_CREATE, &data, psp_ret); + if (rc) { + pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", + rc, *psp_ret); + snp_free_firmware_page(context); + return ERR_PTR(-EIO); + } + + sev_asid_data[asid].snp_context =3D context; + + return context; +} + +int sev_snp_activate_asid(int asid, int *psp_ret) +{ + struct sev_data_snp_activate data =3D {0}; + void *context; + + if (!sev_asid_data) + return -ENODEV; + + context =3D sev_asid_data[asid].snp_context; + if (!context) + return -EINVAL; + + data.gctx_paddr =3D __psp_pa(context); + data.asid =3D asid; + return sev_do_cmd(SEV_CMD_SNP_ACTIVATE, &data, psp_ret); +} + +int sev_snp_guest_decommission(int asid, int *psp_ret) +{ + struct sev_data_snp_addr addr =3D {}; + struct sev_asid_data *data =3D &sev_asid_data[asid]; + int ret; + + if (!sev_asid_data) + return -ENODEV; + + /* If context is not created then do nothing */ + if (!data->snp_context) + return 0; + + /* Do the decommision, which will unbind the ASID from the SNP context */ + addr.address =3D __sme_pa(data->snp_context); + ret =3D sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &addr, NULL); + + if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret)) + return ret; + + snp_free_firmware_page(data->snp_context); + data->snp_context =3D NULL; + + return 0; +} + static int __sev_snp_init_locked(int *error) { struct psp_device *psp =3D psp_master; @@ -1306,6 +1385,27 @@ static int __sev_platform_init_locked(int *error) return 0; } =20 +static int __sev_asid_data_init(void) +{ + u32 eax, ebx; + + if (sev_asid_data) + return 0; + + cpuid(0x8000001f, &eax, &ebx, &sev_max_asid, &sev_min_asid); + if (!sev_max_asid) + return -ENODEV; + + nr_asids =3D sev_max_asid + 1; + sev_es_max_asid =3D sev_min_asid - 1; + + sev_asid_data =3D kcalloc(nr_asids, sizeof(*sev_asid_data), GFP_KERNEL); + if (!sev_asid_data) + return -ENOMEM; + + return 0; +} + static int _sev_platform_init_locked(struct sev_platform_init_args *args) { struct sev_device *sev; @@ -1319,6 +1419,10 @@ static int _sev_platform_init_locked(struct sev_plat= form_init_args *args) if (sev->state =3D=3D SEV_STATE_INIT) return 0; =20 + rc =3D __sev_asid_data_init(); + if (rc) + return rc; + /* * Legacy guests cannot be running while SNP_INIT(_EX) is executing, * so perform SEV-SNP initialization at probe time. @@ -2329,6 +2433,9 @@ static void __sev_firmware_shutdown(struct sev_device= *sev, bool panic) snp_range_list =3D NULL; } =20 + kfree(sev_asid_data); + sev_asid_data =3D NULL; + __sev_snp_shutdown_locked(&error, panic); } =20 diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 3e4e5574e88a3..7d0fdfdda30b6 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -65,4 +65,12 @@ void sev_dev_destroy(struct psp_device *psp); void sev_pci_init(void); void sev_pci_exit(void); =20 +struct sev_asid_data { + void *snp_context; +}; + +/* Extern to be shared with firmware_upload API implementation if configur= ed. */ +extern struct sev_asid_data *sev_asid_data; +extern u32 nr_asids, sev_min_asid, sev_max_asid, sev_es_max_asid; + #endif /* __SEV_DEV_H */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea85850..ac36b5ddf717d 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -942,6 +942,58 @@ int sev_guest_decommission(struct sev_data_decommissio= n *data, int *error); */ int sev_do_cmd(int cmd, void *data, int *psp_ret); =20 +/** + * sev_snp_create_context - allocates an SNP context firmware page + * + * Associates the created context with the ASID that an activation + * call after SNP_LAUNCH_START will commit. The association is needed + * to track active guest context pages to refresh during firmware hotload. + * + * @asid: The ASID allocated to the caller that will be used in a subse= quent SNP_ACTIVATE. + * @psp_ret: sev command return code. + * + * Returns: + * A pointer to the SNP context page, or an ERR_PTR of + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +void *sev_snp_create_context(int asid, int *psp_ret); + +/** + * sev_snp_activate_asid - issues SNP_ACTIVATE for the ASID and associated= guest context page. + * + * @asid: The ASID to activate. + * @psp_ret: sev command return code. + * + * Returns: + * 0 if the SEV device successfully processed the command + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +int sev_snp_activate_asid(int asid, int *psp_ret); + +/** + * sev_snp_guest_decommission - issues SNP_DECOMMISSION for an ASID's gues= t context page, and frees + * it. + * + * The caller must ensure mutual exclusion with any process that may deact= ivate ASIDs. + * + * @asid: The ASID to activate. + * @psp_ret: sev command return code. + * + * Returns: + * 0 if the SEV device successfully processed the command + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +int sev_snp_guest_decommission(int asid, int *psp_ret); + void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4CB94219CA1 for ; Thu, 7 Nov 2024 23:28:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022139; cv=none; b=sDmcgUTvQMyEPQNgvYbLRadJ/fpU8Trhc6j1gVB1isI5Md3nC5tKrsNOr9hI3Sf2H/MLzz9VeedSRRThjEY9nTjrjUbkUB8g/EvMBpJ5VE6NpNc4WPNqBABtYZGoVDjyJHvnzyXEqFiW5g9NqwDFlOknHiGlsqfLKctSTXz14fM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022139; c=relaxed/simple; bh=w3t8NcSQiVYaQfeYvSCaf2u6NWnmvxc6sDv1D1acAXg=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Bm2mF22rzKuxNEYYMGZvvkGVM45iXpcD7mCZqa8Ruv0ZbIpTeBJ3kDoYgwOZdQFOxga1Y5/cxIbeFk1tZW2lqk565XQ9OgaTrvfS1ogmqh52exEdgUAo9D5pE7p3Cc6UupQn8edMBRadGuRL5bTmsi7kHWBJIj34XjIWExZ/cao= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=yimFO5U0; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="yimFO5U0" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6ea8a5e862eso19842337b3.0 for ; Thu, 07 Nov 2024 15:28:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022136; x=1731626936; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=evZMQJVjS281y7mgq9nxAoLoqFGzpTjLyXpt70+Vz8s=; b=yimFO5U0MTJLy/JWdJkCgLoS6algMwOsLaNIP7SepwVHmObgH/RdK2iXn3mlpXQ2QL EnJ3e1u6utC2dfLEsS+AicqP+4q32TfUwsrDpJsH+PBq5uFcx92zyhZSYcOkVAEtS0rg sTvlg69Z1WM2D6cbxc/BPvZOy8V2tc/bxq8J2iqZ1suAE360ye2un10394rCVXjyu6E/ pnqb6Fn2E5JHYAicMtqeqB/m1ShkrdBnCfI7NSy+nSE4gQQAJD7EhH5UhbxqzeKmBUFA 9VvNLfu6Pb3PW5b+1zmx8YffdwwY89upE/272qatt05lt7Mtt/rm4EQ7SsyEGpY4Crl1 74PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022136; x=1731626936; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=evZMQJVjS281y7mgq9nxAoLoqFGzpTjLyXpt70+Vz8s=; b=SQHKw53qMs3hGuAwh56SoJ3iQ3xjjnylFAV4ozmq5BX13UmVFIQpmz77s9H22Mg937 Ugvv6pCkH3OXciRByBAJbO5uRNcP3j/jO3rTh6OsL28btUF0UmX3io4Ms0Mz5+HDndVL Ou6HftR82uEMDSKLSf5BWP9FIE5bTDhgJl9WzvK+9D7dLO/eoDr3ZBOOVYW03Ahi86RL u8E4FT3ykMjNdPeqRq+f+6A2JrauonCS9OioiwHb9BDeLXGnC91ZeMNFMj2z47bJYdpA oEUY+Ik8vuIo6QOU8bUUSNhp1cWkH98UluT2CajtcOn2wVUzrYWLqPz38+rXJIZprdXW 6zDA== X-Gm-Message-State: AOJu0YzRjr2/+L3ELDl9ropNOuW7/VsIX4quZ3434+7HDAjz/tkG/y9C 4gcsMQWvSURbUovEshylwFIKoWXAMxH4iPOL0nNQX1nCjP+gAw8rP9tD/E89KpzZZ5gZqkQxFNg n/SDJX2HTVh4aQRhLpij2omKMlK1woTZeQyUqJKYevTfM1IXlxrYmvsiv/MjNMIhAZoDT/D/a1x /7rMxLNsaEUC3BxSpjeRNOnPoQlvRZ7bNiOKhQCn9Tpkh+qB1CrW9SylbvT0Npf7V/v5k= X-Google-Smtp-Source: AGHT+IEiBxXecpAfPF7zI+QvhULCB09LvuRbBRIF4g+L4zEf+jnx5PwIqzjq4HHLbfzMQXezeXScEP4InHgW2gK7Gw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a0d:c302:0:b0:6be:523:af53 with SMTP id 00721157ae682-6eadc114281mr126617b3.3.1731022135974; Thu, 07 Nov 2024 15:28:55 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:46 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-7-dionnaglaze@google.com> Subject: [PATCH v5 06/10] crypto: ccp: Add DOWNLOAD_FIRMWARE_EX support From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ashish Kalra Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In order to support firmware hotloading, the DOWNLOAD_FIRMWARE_EX command must be available. The DOWNLOAD_FIRMWARE_EX command requires cache flushing and introduces new error codes that could be returned to user space. Access to the command is through the firmware_upload API rather than through the ioctl interface to prefer a common interface. On init, the ccp device will make /sys/class/firmware/amd/loading etc firmware upload API attributes available to late-load a SEV-SNP firmware binary. The firmware_upload API errors reported are actionable in the following ways: * FW_UPLOAD_ERR_HW_ERROR: the machine is in an unstable state and must be reset. * FW_UPLOAD_ERR_RW_ERROR: the firmware update went bad but can be recovered by hotloading the previous firmware version. Also used in the case that the kernel used the API wrong (bug). * FW_UPLOAD_ERR_FW_INVALID: user error with the data provided, but no instability is expected and no recovery actions are needed. * FW_UPLOAD_ERR_BUSY: upload attempted at a bad time either due to overload or the machine is in the wrong platform state. synthetic_restore_required: Instead of tracking the status of whether an individual GCTX is safe for use in a firmware command, force all following commands to fail with an error that is indicative of needing a firmware rollback. To test: 1. Build the kernel enabling SEV-SNP as normal and add CONFIG_FW_UPLOAD=3Dy. 2. Add the following to your kernel_cmdline: ccp.psp_init_on_probe=3D0. 3.Get an AMD SEV-SNP firmware sbin appropriate to your Epyc chip model at https://www.amd.com/en/developer/sev.html and extract to get a .sbin file. 4. Run the following with your sbinfile in FW: echo 1 > /sys/class/firmware/snp_dlfw_ex/loading cat "${FW?}" > /sys/class/firmware/snp_dlfw_ex/data echo 0 > /sys/class/firmware/snp_dlfw_ex/loading 5. Verify the firmware update message in dmesg. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/Kconfig | 10 ++ drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/sev-dev.c | 22 +-- drivers/crypto/ccp/sev-dev.h | 27 ++++ drivers/crypto/ccp/sev-fw.c | 267 +++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 17 +++ 6 files changed, 334 insertions(+), 10 deletions(-) create mode 100644 drivers/crypto/ccp/sev-fw.c diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index f394e45e11ab4..40be991f15d28 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -46,6 +46,16 @@ config CRYPTO_DEV_SP_PSP along with software-based Trusted Execution Environment (TEE) to enable third-party trusted applications. =20 +config CRYPTO_DEV_SP_PSP_FW_UPLOAD + bool "Platform Security Processor (PSP) device with firmware hotloading" + default y + depends on CRYPTO_DEV_SP_PSP && FW_LOADER && FW_UPLOAD + help + Provide support for AMD Platform Security Processor firmware. + The PSP firmware can be updated while no SEV or SEV-ES VMs are active. + Users of this feature should be aware of the error modes that indicate + required manual rollback or reset due to instablity. + config CRYPTO_DEV_CCP_DEBUGFS bool "Enable CCP Internals in DebugFS" default n diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile index 394484929dae3..5ce69134ec48b 100644 --- a/drivers/crypto/ccp/Makefile +++ b/drivers/crypto/ccp/Makefile @@ -14,6 +14,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) +=3D psp-dev.o \ platform-access.o \ dbc.o \ hsti.o +ccp-$(CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD) +=3D sev-fw.o =20 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) +=3D ccp-crypto.o ccp-crypto-objs :=3D ccp-crypto-main.o \ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 036e8d5054fcc..498ec8a0deeca 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -227,6 +227,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_= request); case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); + case SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX: return sizeof(struct sev_data_down= load_firmware_ex); default: return 0; } =20 @@ -488,7 +489,7 @@ void snp_free_firmware_page(void *addr) } EXPORT_SYMBOL_GPL(snp_free_firmware_page); =20 -static void *sev_fw_alloc(unsigned long len) +void *sev_fw_alloc(unsigned long len) { struct page *page; =20 @@ -856,6 +857,10 @@ static int __sev_do_cmd_locked(int cmd, void *data, in= t *psp_ret) if (WARN_ON_ONCE(!data !=3D !buf_len)) return -EINVAL; =20 + ret =3D sev_snp_synthetic_error(sev, psp_ret); + if (ret) + return ret; + /* * Copy the incoming data to driver's scratch buffer as __pa() will not * work for some memory, e.g. vmalloc'd addresses, and @data may not be @@ -1632,7 +1637,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len) } EXPORT_SYMBOL_GPL(psp_copy_user_blob); =20 -static int sev_get_api_version(void) +int sev_get_api_version(void) { struct sev_device *sev =3D psp_master->sev_data; struct sev_user_data_status status; @@ -1707,14 +1712,7 @@ static int sev_update_firmware(struct device *dev) return -1; } =20 - /* - * SEV FW expects the physical address given to it to be 32 - * byte aligned. Memory allocated has structure placed at the - * beginning followed by the firmware being passed to the SEV - * FW. Allocate enough memory for data structure + alignment - * padding + SEV FW. - */ - data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), 32); + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), SEV_FW_ALI= GNMENT); =20 order =3D get_order(firmware->size + data_size); p =3D alloc_pages(GFP_KERNEL, order); @@ -2378,6 +2376,8 @@ int sev_dev_init(struct psp_device *psp) if (ret) goto e_irq; =20 + sev_snp_dev_init_firmware_upload(sev); + dev_notice(dev, "sev enabled\n"); =20 return 0; @@ -2459,6 +2459,8 @@ void sev_dev_destroy(struct psp_device *psp) kref_put(&misc_dev->refcount, sev_exit); =20 psp_clear_sev_irq_handler(psp); + + sev_snp_dev_init_firmware_upload(sev); } =20 static int snp_shutdown_on_panic(struct notifier_block *nb, diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 7d0fdfdda30b6..db65d2c7afe9b 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -29,6 +29,15 @@ #define SEV_CMD_COMPLETE BIT(1) #define SEV_CMDRESP_IOC BIT(0) =20 +/* + * SEV FW expects the physical address given to it to be 32 + * byte aligned. Memory allocated has structure placed at the + * beginning followed by the firmware being passed to the SEV + * FW. Allocate enough memory for data structure + alignment + * padding + SEV FW. + */ +#define SEV_FW_ALIGNMENT 32 + struct sev_misc_dev { struct kref refcount; struct miscdevice misc; @@ -57,6 +66,11 @@ struct sev_device { bool cmd_buf_backup_active; =20 bool snp_initialized; + +#ifdef CONFIG_FW_UPLOAD + struct fw_upload *fwl; + bool fw_cancel; +#endif /* CONFIG_FW_UPLOAD */ }; =20 int sev_dev_init(struct psp_device *psp); @@ -73,4 +87,17 @@ struct sev_asid_data { extern struct sev_asid_data *sev_asid_data; extern u32 nr_asids, sev_min_asid, sev_max_asid, sev_es_max_asid; =20 +void *sev_fw_alloc(unsigned long len); +int sev_get_api_version(void); + +#ifdef CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD +void sev_snp_dev_init_firmware_upload(struct sev_device *sev); +void sev_snp_destroy_firmware_upload(struct sev_device *sev); +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret); +#else +static inline void sev_snp_dev_init_firmware_upload(struct sev_device *sev= ) { } +static inline void sev_snp_destroy_firmware_upload(struct sev_device *sev)= { } +static inline int sev_snp_synthetic_error(struct sev_device *sev, int *psp= _ret) { return 0; } +#endif /* CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD */ + #endif /* __SEV_DEV_H */ diff --git a/drivers/crypto/ccp/sev-fw.c b/drivers/crypto/ccp/sev-fw.c new file mode 100644 index 0000000000000..6a87872174ee5 --- /dev/null +++ b/drivers/crypto/ccp/sev-fw.c @@ -0,0 +1,267 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure Encrypted Virtualization (SEV) firmware upload API + */ + +#include +#include +#include + +#include + +#include "sev-dev.h" + +static bool synthetic_restore_required; + +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret) +{ + if (synthetic_restore_required) { + *psp_ret =3D SEV_RET_RESTORE_REQUIRED; + return -EIO; + } + return 0; +} + +static int sev_snp_download_firmware_ex(struct sev_device *sev, const u8 *= data, u32 size, + int *error) +{ + struct sev_data_download_firmware_ex *data_ex; + int ret, order; + struct page *p; + u64 data_size; + void *fw_dest; + + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware_ex), SEV_FW_= ALIGNMENT); + + order =3D get_order(size + data_size); + p =3D alloc_pages(GFP_KERNEL, order); + if (!p) + return -ENOMEM; + + /* + * Copy firmware data to a kernel allocated contiguous + * memory region. + */ + data_ex =3D page_address(p); + fw_dest =3D page_address(p) + data_size; + memset(data_ex, 0, data_size); + memcpy(fw_dest, data, size); + + data_ex->fw_paddr =3D __psp_pa(fw_dest); + data_ex->fw_len =3D size; + data_ex->length =3D sizeof(struct sev_data_download_firmware_ex); + /* commit is purposefully unset for GCTX update failure to advise rollbac= k */ + + ret =3D sev_do_cmd(SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX, data_ex, error); + + if (ret) + goto free_err; + + /* Need to do a DF_FLUSH after live firmware update */ + wbinvd_on_all_cpus(); + ret =3D sev_do_cmd(SEV_CMD_SNP_DF_FLUSH, NULL, error); + if (ret) + dev_dbg(sev->dev, "DF_FLUSH error %d\n", *error); + +free_err: + __free_pages(p, order); + return ret; +} + +static enum fw_upload_err snp_dlfw_ex_prepare(struct fw_upload *fw_upload, + const u8 *data, u32 size) +{ + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err snp_dlfw_ex_poll_complete(struct fw_upload *fw_u= pload) +{ + return FW_UPLOAD_ERR_NONE; +} + +/* Cancel can be called asynchronously, but DOWNLOAD_FIRMWARE_EX is atomic= and cannot + * be canceled. There is no need to synchronize updates to fw_cancel. + */ +static void snp_dlfw_ex_cancel(struct fw_upload *fw_upload) +{ + /* fw_upload not-NULL guaranteed by firmware_upload API */ + struct sev_device *sev =3D fw_upload->dd_handle; + + sev->fw_cancel =3D true; +} + +static enum fw_upload_err snp_dlfw_ex_err_translate(struct sev_device *sev= , int psp_ret) +{ + dev_dbg(sev->dev, "Failed to update SEV firmware: %#x\n", psp_ret); + /* + * Operation error: + * HW_ERROR: Critical error. Machine needs repairs now. + * RW_ERROR: Severe error. Roll back to the prior version to recover. + * User error: + * FW_INVALID: Bad input for this interface. + * BUSY: Wrong machine state to run download_firmware_ex. + */ + switch (psp_ret) { + case SEV_RET_RESTORE_REQUIRED: + dev_warn(sev->dev, "Firmware updated but unusable\n"); + dev_warn(sev->dev, "Need to do manual firmware rollback!!!\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_SHUTDOWN_REQUIRED: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image cannot be live updated\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_BAD_VERSION: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image is not well formed\n"); + return FW_UPLOAD_ERR_FW_INVALID; + /* SEV-specific errors that can still happen. */ + case SEV_RET_BAD_SIGNATURE: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image signature is bad\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_INVALID_PLATFORM_STATE: + /* Calling at the wrong time. Not a hardware error. */ + dev_warn(sev->dev, "Firmware not updated as SEV in INIT state\n"); + return FW_UPLOAD_ERR_BUSY; + case SEV_RET_HWSEV_RET_UNSAFE: + dev_err(sev->dev, "Firmware is unstable. Reset your machine!!!\n"); + return FW_UPLOAD_ERR_HW_ERROR; + /* Kernel bug cases. */ + case SEV_RET_INVALID_PARAM: + dev_err(sev->dev, "Download-firmware-EX invalid parameter\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_INVALID_ADDRESS: + dev_err(sev->dev, "Download-firmware-EX invalid address\n"); + return FW_UPLOAD_ERR_RW_ERROR; + default: + dev_err(sev->dev, "Unhandled download_firmware_ex err %d\n", psp_ret); + return FW_UPLOAD_ERR_HW_ERROR; + } +} + +static enum fw_upload_err snp_update_guest_statuses(struct sev_device *sev) +{ + struct sev_data_snp_guest_status status_data; + void *snp_guest_status; + enum fw_upload_err ret; + int error; + + /* + * Force an update of guest context pages after SEV firmware + * live update by issuing SNP_GUEST_STATUS on all guest + * context pages. + */ + snp_guest_status =3D sev_fw_alloc(PAGE_SIZE); + if (!snp_guest_status) + return FW_UPLOAD_ERR_INVALID_SIZE; + + /* + * After the last bound asid-to-gctx page is snp_unbound_gctx_end-many + * unbound gctx pages that also need updating. + */ + for (int i =3D 1; i <=3D sev_es_max_asid; i++) { + if (!sev_asid_data[i].snp_context) + continue; + + status_data.gctx_paddr =3D __psp_pa(sev_asid_data[i].snp_context); + status_data.address =3D __psp_pa(snp_guest_status); + ret =3D sev_do_cmd(SEV_CMD_SNP_GUEST_STATUS, &status_data, &error); + if (ret) { + /* + * Handle race with SNP VM being destroyed/decommissoned, + * if guest context page invalid error is returned, + * assume guest has been destroyed. + */ + if (error =3D=3D SEV_RET_INVALID_GUEST) + continue; + synthetic_restore_required =3D true; + dev_err(sev->dev, "SNP GCTX update error requires rollback: %#x\n", + error); + ret =3D FW_UPLOAD_ERR_RW_ERROR; + goto fw_err; + } + } +fw_err: + snp_free_firmware_page(snp_guest_status); + return ret; +} + +static enum fw_upload_err snp_dlfw_ex_write(struct fw_upload *fwl, const u= 8 *data, + u32 offset, u32 size, u32 *written) +{ + /* fwl not-NULL guaranteed by firmware_upload API */ + struct sev_device *sev =3D fwl->dd_handle; + u8 api_major, api_minor, build; + int ret, error; + + if (!sev) + return FW_UPLOAD_ERR_HW_ERROR; + + if (sev->fw_cancel) + return FW_UPLOAD_ERR_CANCELED; + + /* + * SEV firmware update is a one-shot update operation, the write() + * callback to be invoked multiple times for the same update is + * unexpected. + */ + if (offset) + return FW_UPLOAD_ERR_INVALID_SIZE; + + if (sev_get_api_version()) + return FW_UPLOAD_ERR_HW_ERROR; + + api_major =3D sev->api_major; + api_minor =3D sev->api_minor; + build =3D sev->build; + + ret =3D sev_snp_download_firmware_ex(sev, data, size, &error); + if (ret) + return snp_dlfw_ex_err_translate(sev, error); + + ret =3D snp_update_guest_statuses(sev); + if (ret) + return ret; + + sev_get_api_version(); + if (api_major !=3D sev->api_major || api_minor !=3D sev->api_minor || + build !=3D sev->build) { + dev_info(sev->dev, "SEV firmware updated from %d.%d.%d to %d.%d.%d\n", + api_major, api_minor, build, + sev->api_major, sev->api_minor, sev->build); + } else { + dev_info(sev->dev, "SEV firmware same as old %d.%d.%d\n", + api_major, api_minor, build); + } + + *written =3D size; + return FW_UPLOAD_ERR_NONE; +} + +static const struct fw_upload_ops snp_dlfw_ex_ops =3D { + .prepare =3D snp_dlfw_ex_prepare, + .write =3D snp_dlfw_ex_write, + .poll_complete =3D snp_dlfw_ex_poll_complete, + .cancel =3D snp_dlfw_ex_cancel, +}; + +void sev_snp_dev_init_firmware_upload(struct sev_device *sev) +{ + struct fw_upload *fwl; + + fwl =3D firmware_upload_register(THIS_MODULE, sev->dev, "snp_dlfw_ex", &s= np_dlfw_ex_ops, sev); + + if (IS_ERR(fwl)) + dev_err(sev->dev, "SEV firmware upload initialization error %ld\n", PTR_= ERR(fwl)); + else + sev->fwl =3D fwl; +} + +void sev_snp_destroy_firmware_upload(struct sev_device *sev) +{ + if (!sev || !sev->fwl) + return; + + firmware_upload_unregister(sev->fwl); +} + diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index ac36b5ddf717d..b91cbdc208f49 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -185,6 +185,23 @@ struct sev_data_download_firmware { u32 len; /* In */ } __packed; =20 +/** + * struct sev_data_download_firmware_ex - DOWNLOAD_FIRMWARE_EX command par= ameters + * + * @length: length of this command buffer + * @fw_paddr: physical address of firmware image + * @fw_len: len of the firmware image + * @commit: automatically commit the newly installed image + */ +struct sev_data_download_firmware_ex { + u32 length; /* In */ + u32 reserved; /* In */ + u64 fw_paddr; /* In */ + u32 fw_len; /* In */ + u32 commit:1; /* In */ + u32 reserved2:31; /* In */ +} __packed; + /** * struct sev_data_get_id - GET_ID command parameters * --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-yw1-f202.google.com (mail-yw1-f202.google.com [209.85.128.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C5D221C17A for ; Thu, 7 Nov 2024 23:28:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022141; cv=none; b=jkNT9eaxsMLi+Al1eH5MV9nLLhUh9GHCx/rAPthMjbVttwGMInoM+ZnXw2eM+/+OZO0zVEI+CB33T6owOjXb/zD/Tmkz5M52LjLpIuoNfVnIARSoACbTqE/U9xYEsuk1LFFOfT8mFd+2nd5+AGfbQSfmfPPae3APruJcqN52luA= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022141; c=relaxed/simple; bh=GeMVM4Ec+fn//3H9389VcZZMcj62SCQA+XOQ+JtdlTk=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Tsll0LI3IqZI4NW6mqP3fxBf9wejvDI7pAfXWt8TUVgyd9VGK6mCPDRVrF9N+B8KWIUk+8fhNin+yv4ZNzs93Ah7qp8mMz9kX/uEx4WE0gRuwiLAnvAYsgZXxR7KNqn+nB6CNujz/GTG3M0bREqKFveBzANd62v5FbQIW5dxDSg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=JX9FZUk/; arc=none smtp.client-ip=209.85.128.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="JX9FZUk/" Received: by mail-yw1-f202.google.com with SMTP id 00721157ae682-6e6101877abso32637017b3.0 for ; Thu, 07 Nov 2024 15:28:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022138; x=1731626938; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=/mtW86B3DSmlFKT0lotGzdj7a1N3s2uwCyGHDKQX9vU=; b=JX9FZUk/e6j59NxGLo6eMoMD/5JJ1GIZ6T4TqiczfVL7UibG3f1PN5pCvADJ4MhnjS GDJ3eg6ns0z2X2juoctL3TXICjhQNPE/Nayy+BmJS19l0BpAb5WK/9/Gf4ecgkpxV22n ER5LlqX24cy2DbAy8NBG7kLnvFeivLklM9M3HkJSb9txouWmN2I739qR11Hqj0u5FrNi 3m3BccRQexo5+G77PYL4uVjiw1+7bWCnzLEVXttAOiWulXsWxveaAa9cVAZo/w/lIEjg VBPKC/Y+Xtq47hTQLijVBIdmKGTFjQ7DeEVMDvTDLlGPTIF8OdU+PsMkFWPYuUAfATzS HdFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022138; x=1731626938; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=/mtW86B3DSmlFKT0lotGzdj7a1N3s2uwCyGHDKQX9vU=; b=Sqr074PBtff87Y/lHF3ylYhrz5RCY24ASaMxkYlLMennAXREmpxmHHAVOIYrLAC6CQ wvRk+PGmvfecBBslErY2f22u6GimZYn0W19RjBJpKKg7gkeSLVVf58F34KbPoVM9b6Ir W2AZrsnRYbIS32SSTWJOqm0V6C4L3IN+nFG5hsKHZThEY5eLiu4htzIZSN0tip7qq02S qDHtTKO5xtQ8XuRWV9trA7DtbKADpKMM4oo7Zfcc/s8+YezSmbo+g8/TuscZTb57urBo nqVKtSef4nk7agq0jatCky5pgBCHozOHy4gEzu9MBeEJTPOSIuu0c9VbozxDQ+uhvwOw 2uQQ== X-Gm-Message-State: AOJu0YzPKtmH+qrqsCvosqBHLFNGMc6Iu0l0RaqLgS8rNC9vAiIwpAj2 dthC3P3rR2+N46nSm4GEoQ8KDJeGzH1EpCJk0e11piLZ2U67rwTzxwodZSwP7FIN18hz7oxVI3B K1IAZFFJ2aLX5+/n+1TSHEZLQuHLHu66h7oIA/i0pJnI0b8IaaRlFJ4j45kQdzSEH9rUgot0Klo CJwOE1cjQN68S0XbQh32Ut7GWX9mbtR1KgyIKtTrhO+gTD9rmZV8i2uPKDLKLA756uUn0= X-Google-Smtp-Source: AGHT+IHrNNzZrarS/YQjs+xV1rDR0GePDAFsw74nsrSHNCOrLqUNJv5SPe4CSAD/IfeNYkWr5gdo2XMmDenU30uPTw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:3501:b0:62c:f976:a763 with SMTP id 00721157ae682-6eaddd8b094mr187867b3.1.1731022138141; Thu, 07 Nov 2024 15:28:58 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:47 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-8-dionnaglaze@google.com> Subject: [PATCH v5 07/10] crypto: ccp: Add preferred access checking method From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" sev_issue_cmd_external_user is the only function that checks permissions before performing its task. With the new GCTX API, it's important to establish permission once and have that determination dominate later API uses. This is implicitly how ccp has been used by dominating uses of sev_do_cmd by a successful sev_issue_cmd_external_user call. Consider sev_issue_cmd_external_user deprecated by checking if a held file descriptor passes file_is_sev, similar to the file_is_kvm function. This also fixes the header comment that the bad file error code is -%EINVAL when in fact it is -%EBADF. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 13 +++++++++++-- include/linux/psp-sev.h | 11 ++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 498ec8a0deeca..f92e6a222da8a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -8,6 +8,7 @@ */ =20 #include +#include #include #include #include @@ -2486,11 +2487,19 @@ static struct notifier_block snp_panic_notifier =3D= { .notifier_call =3D snp_shutdown_on_panic, }; =20 +bool file_is_sev(struct file *p) +{ + return p && p->f_op =3D=3D &sev_fops; +} +EXPORT_SYMBOL_GPL(file_is_sev); + int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, void *data, int *error) { - if (!filep || filep->f_op !=3D &sev_fops) - return -EBADF; + int rc =3D file_is_sev(filep) ? 0 : -EBADF; + + if (rc) + return rc; =20 return sev_do_cmd(cmd, data, error); } diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index b91cbdc208f49..ed85c0cfcfcbe 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -879,11 +879,18 @@ int sev_platform_status(struct sev_user_data_status *= status, int *error); * -%ENOTSUPP if the SEV does not support SEV * -%ETIMEDOUT if the SEV command timed out * -%EIO if the SEV returned a non-zero return code - * -%EINVAL if the SEV file descriptor is not valid + * -%EBADF if the file pointer is bad or does not grant access */ int sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int *error); =20 +/** + * file_is_sev - returns whether a file pointer is for the SEV device + * + * @filep - SEV device file pointer + */ +bool file_is_sev(struct file *filep); + /** * sev_guest_deactivate - perform SEV DEACTIVATE command * @@ -1039,6 +1046,8 @@ static inline int sev_guest_df_flush(int *error) { re= turn -ENODEV; } static inline int sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *dat= a, int *error) { return -ENODEV; } =20 +static inline bool file_is_sev(struct file *filep) { return false; } + static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return= ERR_PTR(-EINVAL); } =20 static inline void *snp_alloc_firmware_page(gfp_t mask) --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6E7B21C191 for ; Thu, 7 Nov 2024 23:29:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022143; cv=none; b=OQV7gjE8jnkzs5jYIaszEgMfi9spWoSfxDigSojTuJL+djtnY7G8CkKpADoK7G4ds6hY/d1oNKT15Z2Fbcmz+1PEHWw8TmBRDlgm2tlCyxO2ttZkDLlOq0IQ/eAklnRePpJSgP7dDLNJuGx0/U1JktBVlXRqZC6Lj9Y566+91nc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022143; c=relaxed/simple; bh=6WWSW1vJ35TJDlbJJB5qq6nYTs9fwiNRbSVBdPgx3NQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=uu1tBT+1QkiCCZNq/1dbB11wQaF3qldRhx9EUoFlsJQlZUKdin+4ResL93axc0o1hW2FO68sZcUdN6xBD6xaSHTO2FmIRfOi1pF8cB7yohRCQNadc1YUwxjMNLgsc8tanj9/Y6C3msJD3foGzXsW9mq25fhZlvEdJ1XVGXEXSHY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YtI7IYWb; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YtI7IYWb" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-71e467c39a4so1434212b3a.3 for ; Thu, 07 Nov 2024 15:29:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022141; x=1731626941; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Vd/jtJnQGf9IB3+kXNQoV6T2je6UfO6DAehiOVa2s+o=; b=YtI7IYWbxz0wp037eCTsyTBErWdpDANmiVWnweA6SzI4EL1AopONYPddvWRBUrLTAn SVMnTFRU/TWyudTp639uodx21lM5cweJImyamx1MwunPYAWRIqG5AyPgZIi4IZ/Mzcmz +W0NJ/rX1kD6v4J+WvRFCiA7WpGtqcgJM/l8x0vUcO/rko+/ic3MywTCdScx8h6Z308X uE4GIEJ0ZbZA+pxrJ6hJZrf4BcnFPEkK4xqSYfcE++WJZDstNFxndFDjQyW8knxEPcEL Osf1OP44WWRiy0K8+5fPOgCz8rjZOb9QpbZGHhFug13/5Tyz/3rcaGga/ScvZGXNl07+ daSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022141; x=1731626941; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Vd/jtJnQGf9IB3+kXNQoV6T2je6UfO6DAehiOVa2s+o=; b=tRrlNXovRVdkJUX0anca/0VZLNUpAri1h7Tuf7y9g2kRmwRrHHQ6jHvEAbpckmKlUR xt1JDGhirK+4NVRoNdRba4+anfhqePCF89Ln3qHDLVvdvTsG/xqw0Bv/inWk0uJMGM5u yz4gi56lpp4XVj5MkGCSDVBaalbScDI9qFs32UDATMjRkFW9qmOfqCqydhgHsQSTmv5b VQkok7RAsKUVr1ogAdc0tzvrUdmkHI2fUi+jFVhchq62FkTMhXKWzCm/6jW6zAsp093i HL5/qn+gOTo1uzEJZUH96g1mq7t3aMKc6MugDixomNR79C6XCFoq0BX024JbUjxP2bdg pKJA== X-Gm-Message-State: AOJu0YwPSZyzvQ0Vn9AMzAnKCDLHLNg7k3AD4nEt3h3+TBZ8ThCKfJCj fPfprc5b3svnhCOPfrXc7ZFHSZxGvOubX9eXHJ+fBIVXWfadH0o43blk+ePzgxClxyDq/BC4zNj SD8BlZ/H/J8TV5KOVuOzcyjitrd2REyWWIb+Js9fJKTF4Uz0kvLR0Z30F3mEsAt53bHjCufs/cs Moescd6YBVfUvQ7lDMVE9dLTg3+5qjnKQ5WFo7iYZvRWNDeZYOwvkqmsXeaciDntCM2lI= X-Google-Smtp-Source: AGHT+IG3FN+utE5DtZk1yqn4OdrPXgq7d6fljLLlDC+Gkt63/91sIHkgMPRqozoEz65kcTQskewlqi/wialMoW0yqA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a62:b401:0:b0:71e:5f55:86f1 with SMTP id d2e1a72fcca58-724133cd470mr5045b3a.5.1731022140524; Thu, 07 Nov 2024 15:29:00 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:48 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-9-dionnaglaze@google.com> Subject: [PATCH v5 08/10] KVM: SVM: move sev_issue_cmd_external_user to new API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org, linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" ccp now prefers all calls from external drivers to dominate all calls into the driver on behalf of a user with a successful sev_check_external_user call. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 18 +++++++++++++++--- drivers/crypto/ccp/sev-dev.c | 12 ------------ include/linux/psp-sev.h | 27 --------------------------- 3 files changed, 15 insertions(+), 42 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0e0152aefb32..cea41b8cdabe4 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -528,21 +528,33 @@ static int sev_bind_asid(struct kvm *kvm, unsigned in= t handle, int *error) return ret; } =20 -static int __sev_issue_cmd(int fd, int id, void *data, int *error) +static int sev_check_external_user(int fd) { struct fd f; - int ret; + int ret =3D 0; =20 f =3D fdget(fd); if (!fd_file(f)) return -EBADF; =20 - ret =3D sev_issue_cmd_external_user(fd_file(f), id, data, error); + if (!file_is_sev(fd_file(f))) + ret =3D -EBADF; =20 fdput(f); return ret; } =20 +static int __sev_issue_cmd(int fd, int id, void *data, int *error) +{ + int ret; + + ret =3D sev_check_external_user(fd); + if (ret) + return ret; + + return sev_do_cmd(id, data, error); +} + static int sev_issue_cmd(struct kvm *kvm, int id, void *data, int *error) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f92e6a222da8a..67f6425b7ed07 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -2493,18 +2493,6 @@ bool file_is_sev(struct file *p) } EXPORT_SYMBOL_GPL(file_is_sev); =20 -int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, - void *data, int *error) -{ - int rc =3D file_is_sev(filep) ? 0 : -EBADF; - - if (rc) - return rc; - - return sev_do_cmd(cmd, data, error); -} -EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); - void sev_pci_init(void) { struct sev_device *sev =3D psp_master->sev_data; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index ed85c0cfcfcbe..b4164d3600702 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -860,30 +860,6 @@ int sev_platform_init(struct sev_platform_init_args *a= rgs); */ int sev_platform_status(struct sev_user_data_status *status, int *error); =20 -/** - * sev_issue_cmd_external_user - issue SEV command by other driver with a = file - * handle. - * - * This function can be used by other drivers to issue a SEV command on - * behalf of userspace. The caller must pass a valid SEV file descriptor - * so that we know that it has access to SEV device. - * - * @filep - SEV device file pointer - * @cmd - command to issue - * @data - command buffer - * @error: SEV command return code - * - * Returns: - * 0 if the SEV successfully processed the command - * -%ENODEV if the SEV device is not available - * -%ENOTSUPP if the SEV does not support SEV - * -%ETIMEDOUT if the SEV command timed out - * -%EIO if the SEV returned a non-zero return code - * -%EBADF if the file pointer is bad or does not grant access - */ -int sev_issue_cmd_external_user(struct file *filep, unsigned int id, - void *data, int *error); - /** * file_is_sev - returns whether a file pointer is for the SEV device * @@ -1043,9 +1019,6 @@ sev_guest_activate(struct sev_data_activate *data, in= t *error) { return -ENODEV; =20 static inline int sev_guest_df_flush(int *error) { return -ENODEV; } =20 -static inline int -sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *dat= a, int *error) { return -ENODEV; } - static inline bool file_is_sev(struct file *filep) { return false; } =20 static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return= ERR_PTR(-EINVAL); } --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F412F21F4DF for ; Thu, 7 Nov 2024 23:29:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022146; cv=none; b=Mi1PnXD2NSwtAMSrFaDhwLufQtdekQpAXI9fJfjOHiy0wJj6UPe5vJz/CFkurSVBUFdJRTDjPPmAtSmM/TtYht7fTPT4HVBHw85Gy7+OX3BoiLyOVchdprpMk1MI5jOWryRG97AzFSh7tgg6s9OqiPrErmZ75iw6XM6aqQ2cyhI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022146; c=relaxed/simple; bh=1I6XFvUtmCom2RZyjUxF7YPvoFnwsK/7UmqVzImMUPU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=YVuOzbtmQooFGbMdN9xCnPwsQV4mnQlv12kCI70etUnU3DXOPeGeog2/R5Ra8Txk22iKNiDI0lKJn2JSXQlqR8pJuB1l48fdjjkHYNYi3VSh1aIUUNKU93pqfDoHneppuFnOyBbuUmxB/HBelkWUj61/qEgyqg+VqN8C8iPSTTE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=f3gS7kkl; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="f3gS7kkl" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-20e6dc85472so12862715ad.3 for ; Thu, 07 Nov 2024 15:29:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022144; x=1731626944; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=6Qcg1fuqFpd6J4LqEu191n3/4PbMXxCo3T2JUFbEGZc=; b=f3gS7kklo+ARcLiDCjspMxfjG6HlPZbtskZCS+c2eFPiV9eY9Ucf9km/6lLDPpME7T MSayyhebrQrPQ7m8vqeYzJMP40bgyiBpD9YAOHmL0BptEYwLDzAMbY1EcaWNcL/6xmhT G1zi0pruAlJF3LarvYxzV3tBGEkI5oyVWHCcR4V1LaIWApPtyELOx92tnIxwaQ2rbOAq YqGZRJ1HKsvWGWEXwTgSqYlF4jnNXnFTfk+aWXJQiM2ktFBIPVr7Odt+I77svIQqzQy6 B75MgK9aKlnQu9efYM8ID2s0BGCO9MvtvVkKO2Xpz8ZK8yewnm68k2UB2b4Kr2kTuJ6Q NB+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022144; x=1731626944; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6Qcg1fuqFpd6J4LqEu191n3/4PbMXxCo3T2JUFbEGZc=; b=Z5g3aT7YNIP5sYnJ998PgjwJdrW2B4a1joPcAx0VceMpZv5yYwWCo7DnyY6NNmr9K8 +2HZTUeRLynuXWXFeCvpVNW3HuRiji6RSbF7tQCHuwimHTL0w/xSXv11osiBqfvrlKh2 p2x8CxIWoO45X521ueRf4kEd1HPsVc3OmYbO/DW3hLp+wTYOEuz2kh3uAvI11cmNtcpM Bpg6FzasU6NrUp5g+hPl/HzJmCzRtHTDQOt28gdQhE2sPqWLLRw0FKim0hz23rnKRD28 aYV3Ib5/rItxxNVKsw/KOsfIPcJypHIqI+qMY/2zVvLRK3dLAUzFThR/oXZmSgGKK3sG q3gw== X-Gm-Message-State: AOJu0YxWcdUSttw9AoEeeVc06v1ixfOjUqC7H+A7Fz35MiwjyqhibfZ/ 9BoYq6cpJReUZzjOz8E4tmtf5nH4q+MLZ5QMBRlnm4CLRu7iYJwczqZXOlRxz2UBbykHRvjYeqF z2uNAn1UMswtIdM9FjOwbImzB1Gr5Ksq9P8XNpCDHwybnNYfKL27skgLjga/ephn0RTplxukz4D AheiDK4F8vulYAZn8Ynlx7+1xXttCkloIgfQ98voxezaNqp6PX5R5BVYD4dpQO3NR3GZ4= X-Google-Smtp-Source: AGHT+IGwHbIEmNZ/RBKktF+iIBZkwlEOgQl3w9w6Ss/EO+FVqyDtTE308o2deCvUylBHP84P1pav03ZGURiZtPBoiw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:6b48:b0:211:4a37:bfed with SMTP id d9443c01a7336-211834f5ea4mr13955ad.4.1731022142705; Thu, 07 Nov 2024 15:29:02 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:49 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-10-dionnaglaze@google.com> Subject: [PATCH v5 09/10] KVM: SVM: Use new ccp GCTX API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Guest context pages should be near 1-to-1 with allocated ASIDs. With the GCTX API, the ccp driver is better able to associate guest context pages with the ASID that is/will be bound to it. This is important to the firmware hotloading implementation to not corrupt any running VM's guest context page before userspace commits a new firmware. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 74 ++++++++++++------------------------------ 1 file changed, 20 insertions(+), 54 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index cea41b8cdabe4..d7cef84750b33 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -89,7 +89,7 @@ static unsigned int nr_asids; static unsigned long *sev_asid_bitmap; static unsigned long *sev_reclaim_asid_bitmap; =20 -static int snp_decommission_context(struct kvm *kvm); +static int kvm_decommission_snp_context(struct kvm *kvm); =20 struct enc_region { struct list_head list; @@ -2168,51 +2168,12 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val) } } =20 -/* - * The guest context contains all the information, keys and metadata - * associated with the guest that the firmware tracks to implement SEV - * and SNP features. The firmware stores the guest context in hypervisor - * provide page via the SNP_GCTX_CREATE command. - */ -static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) -{ - struct sev_data_snp_addr data =3D {}; - void *context; - int rc; - - /* Allocate memory for context page */ - context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); - if (!context) - return ERR_PTR(-ENOMEM); - - data.address =3D __psp_pa(context); - rc =3D __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &arg= p->error); - if (rc) { - pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", - rc, argp->error); - snp_free_firmware_page(context); - return ERR_PTR(rc); - } - - return context; -} - -static int snp_bind_asid(struct kvm *kvm, int *error) -{ - struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_activate data =3D {0}; - - data.gctx_paddr =3D __psp_pa(sev->snp_context); - data.asid =3D sev_get_asid(kvm); - return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); -} - static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; struct sev_data_snp_launch_start start =3D {0}; struct kvm_sev_snp_launch_start params; - int rc; + int rc, asid; =20 if (!sev_snp_guest(kvm)) return -ENOTTY; @@ -2238,14 +2199,19 @@ static int snp_launch_start(struct kvm *kvm, struct= kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; =20 - sev->snp_context =3D snp_context_create(kvm, argp); + rc =3D sev_check_external_user(argp->sev_fd); + if (rc) + return rc; + + asid =3D sev_get_asid(kvm); + sev->snp_context =3D sev_snp_create_context(asid, &argp->error); if (IS_ERR(sev->snp_context)) return PTR_ERR(sev->snp_context); =20 start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); - rc =3D __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_LAUNCH_START, &start, &a= rgp->error); + rc =3D sev_do_cmd(SEV_CMD_SNP_LAUNCH_START, &start, &argp->error); if (rc) { pr_debug("%s: SEV_CMD_SNP_LAUNCH_START firmware command failed, rc %d\n", __func__, rc); @@ -2253,7 +2219,7 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) } =20 sev->fd =3D argp->sev_fd; - rc =3D snp_bind_asid(kvm, &argp->error); + rc =3D sev_snp_activate_asid(asid, &argp->error); if (rc) { pr_debug("%s: Failed to bind ASID to SEV-SNP context, rc %d\n", __func__, rc); @@ -2263,7 +2229,7 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) return 0; =20 e_free_context: - snp_decommission_context(kvm); + kvm_decommission_snp_context(kvm); =20 return rc; } @@ -2874,26 +2840,26 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, u= nsigned int source_fd) return ret; } =20 -static int snp_decommission_context(struct kvm *kvm) +static int kvm_decommission_snp_context(struct kvm *kvm) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_addr data =3D {}; - int ret; + int ret, error; =20 /* If context is not created then do nothing */ if (!sev->snp_context) return 0; =20 - /* Do the decommision, which will unbind the ASID from the SNP context */ - data.address =3D __sme_pa(sev->snp_context); + /* + * Do the decommision, which will unbind the ASID from the SNP context + * and free the context page. + */ down_write(&sev_deactivate_lock); - ret =3D sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL); + ret =3D sev_snp_guest_decommission(sev->asid, &error); up_write(&sev_deactivate_lock); =20 - if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret)) + if (WARN_ONCE(ret, "Failed to release guest context, ret %d fw err %d", r= et, error)) return ret; =20 - snp_free_firmware_page(sev->snp_context); sev->snp_context =3D NULL; =20 return 0; @@ -2947,7 +2913,7 @@ void sev_vm_destroy(struct kvm *kvm) * Decomission handles unbinding of the ASID. If it fails for * some unexpected reason, just leak the ASID. */ - if (snp_decommission_context(kvm)) + if (kvm_decommission_snp_context(kvm)) return; } else { sev_unbind_asid(kvm, sev->handle); --=20 2.47.0.277.g8800431eea-goog From nobody Sun Nov 24 03:02:26 2024 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5B7B221FD9A for ; Thu, 7 Nov 2024 23:29:06 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022147; cv=none; b=p9CuIe7gIIrKDvXJe8+xGKpoT1aOnEoi5Tr/UfYWJH72jBsnjAVAYbrSKivrPSiYe02H7fwBbcFrapb2VHPq3cI8d3ftHKZ1tUXiCK+wAZUcr/bYUEGfqZc6KIrmHHNFsdNlCGPvSQLyEMzsFsJVwXz0U5hMrmT1tJvnUHMbTi0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731022147; c=relaxed/simple; bh=oDf5npMGctxHpj3CKUaehkTMFi9Hydj7j17liXjYHhE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=JaQKnFeypQyab/mneEqzvSfWUw2EWOuTUYqZtQhnMorqp2gA4LVgAt+C+SmYrZfb/73IGhZ9jg8KTpgAyNDCyttabadpw8Y6daP9MENS5Trj3IUlyITlQdboaIhzjUxPL6KqdQUa97oGsLgrkAp3p5ZsHye7Z+Xnk3K42kHwID4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=lztmseW3; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="lztmseW3" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e293150c2c6so3145520276.1 for ; Thu, 07 Nov 2024 15:29:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731022145; x=1731626945; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=F4EqUUsFU0J919p2J42QwMUZuZnKtrumICd6dLkgNZs=; b=lztmseW3v4NV8M40L8TXDId30L5uTXMtKkJTJsPaVGqh0i7hb8DSLwPaKUHhcysbM4 JG8picOmuQZHHYtfNrsm/Izm+xO0Au9dsuWGvMB5omHTtm4JcLQpA+dlGS+4AicwKXK4 3F2zqeYZwaV5IJ+nGem4Hu5H8x71IRWiHOdZop7FJX4SKEi3Jdmglio6SMApLodSIO+S naQlYbB2t4zd6wMUZgwL2qYTITNkdkGCfidmvIACUciqqUqLNI66INETKiV+ifxseT5I xQ9Xy+hOBJxFY0f6M1v3GQIZq5ysp4D0KGXjVWPMaMgTHsy7vrO0z3OPLZs1cd2e+qUP mb8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731022145; x=1731626945; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=F4EqUUsFU0J919p2J42QwMUZuZnKtrumICd6dLkgNZs=; b=MZ/hyKURjbMb0rGbzCO2aaNyRxbtYDAoLzTzu+Q9YoA8MjrCwoEoxWkp4fAs6mjhFy fcWdG0NsezU/8W7Tul4YACR28X996s9mbBqoszJOV1GDGR/mBuOTfE285+NA8iRTGHpB dE7e4l+FxArMpA7rDvraJVbPhp62ztXG0LqRrh8j4SdyBtGaFdf06ZqVfaj5lrJLBXnC kzGvZ2oNc3EH9UnfK1z8Wk0zEQwd5MTQMK19+ZPf+VJYY4GpeZES8JC2BUJyDWQPxdwg QUVmxImVWqyCf1hU9OkNXHYyEsmgOyGd+OkCq9fFf5hur2Yrd4F2W+QCj+SJtJxVH2MA 8aSg== X-Gm-Message-State: AOJu0Yy6EKyqiaOCMmSy985JE2YVzS3V4M+JLqAAGbOLsm1QVFkbtYA6 wlBXOJREyg/e2+ExzxL2d95N1MTT76ylQdd1rxRHvk6V3oAM0XFv+IAO1GbzdB9y5zvb1SR5uau UHReQVcyk4xqYJXhkqhExVmIs82yuCs/eXAdtBBJd+VxUnHVM3YMmLe8RYaIjJ352cXTzMePBmX LDoh4GLRJ5sPjN8PAuODe7ln/rEmx7Kt5RNDy2IuaksCu+aBYUS0yKOLd5cSkxH4jLvzA= X-Google-Smtp-Source: AGHT+IGrBfMJ43qCU7+eNDzkJD2pCLgwnrrbQ3tGEDXhIoI6iYi0P5BCV+iCp8PyeRrxNd5WKW1AEJAk1vzAol0aBw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a25:add3:0:b0:e30:c43a:d36b with SMTP id 3f1490d57ef6-e337f8ed8b0mr579276.10.1731022144758; Thu, 07 Nov 2024 15:29:04 -0800 (PST) Date: Thu, 7 Nov 2024 23:24:50 +0000 In-Reply-To: <20241107232457.4059785-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241107232457.4059785-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241107232457.4059785-11-dionnaglaze@google.com> Subject: [PATCH v5 10/10] KVM: SVM: Delay legacy platform initialization on SNP From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When no SEV or SEV-ES guests are active, then the firmware can be updated while (SEV-SNP) VM guests are active. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Ashish Kalra Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d7cef84750b33..0d57a0a6b30fc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -444,7 +444,11 @@ static int __sev_guest_init(struct kvm *kvm, struct kv= m_sev_cmd *argp, if (ret) goto e_no_asid; =20 - init_args.probe =3D false; + /* + * Probe will skip SEV/SEV-ES platform initialization in order for + * SNP firmware hotloading to be available when SEV-SNP VMs are running. + */ + init_args.probe =3D vm_type !=3D KVM_X86_SEV_VM && vm_type !=3D KVM_X86_S= EV_ES_VM; ret =3D sev_platform_init(&init_args); if (ret) goto e_free; --=20 2.47.0.277.g8800431eea-goog