The SEV-SNP API specifies a command for hotloading the SEV firmware.
when no SEV or SEV-ES guests are running. The firmware hotloading
support is dependent on the firmware_upload API for better ease-of-use,
and to not necessarily require SEV firmware hotloading support when
building the ccp driver.
For safety, there are steps the kernel should take before allowing a
firmware to be committed:
1. Writeback invalidate all.
2. Data fabric flush.
3. All GCTX pages must be updated successfully with SNP_GUEST_STATUS
The snp_context_create function had the possibility to leak GCTX pages,
so the first patch fixes that bug in KVM. The second patch fixes the
error reporting for snp_context_create.
The ccp driver must continue to be unloadable, so the third patch in
this series fixes a cyclic refcount bug in firmware_loader.
The support for hotloading in ccp introduces new error values that can
be returned to user space, but there was an existing bug with firmware
error code number assignments, so the fourth patch fixes the uapi
definitions while adding the new needed error codes.
The fifth patch adds a new GCTX API for managing SNP context pages and
how they relate to the ASID allocated to the VM. This is needed because
once firmware is hotloaded, all GCTX pages must be updated before the
firmware is committed in order to avoid VM corruption. The ASID
association is to bound the number of pages that ccp must have capacity
to track.
The sixth patch adds SEV_CMD_DOWNLOAD_FIRMWARE_EX support with its
required cache invalidation steps. The command is made accessible not
through the ioctl interface, but with the firmware_upload API to prefer
the more generic API. The upload does _not_ commit the firmware since
there is necessary follow-up logic that should run before commit, and
a separate use of SNP_COMMIT also updates REPORTED_TCB, which might not
be what the operator wants. User space has to coordinate certificate
availability before updating REPORTED_TCB to provide correct behavior
for the extended guest request GHCB API.
When the firmware successfully updates, the GCTX pages are all
refreshed by iterating over the tracked pages from the GTX API.
If any single page's update fails, the drive treats itself as if the
firmware were in a bad state and needs an immediate restore. All
commands that are not DOWNLOAD_FIRMWARE_EX will fail with
RESTORE_REQUIRED, similar to SEV FW on older PSP bootloaders.
The seventh and eight patches are a small cleanup of how to manage
access to the SEV device that follows a similar pattern to kvm. This is
needed to not conflate access permissions with the GCTX API.
The ninth patch switches KVM over to use the new GCTX API.
The last patch avoids platform initialization for KVM VM guests when
vm_type is not legacy SEV/SEV-ES.
The KVM_EXIT for requesting certificates on extended guest request is
not part of this patch series. Any such support must be designed with
races between SNP_COMMIT and servicing extended guest requests such that
the REPORTED_TCB in an attestation_report always correctly corresponds
to the certificates returned by the extended guest request handler.
Changes from v5:
- Fixed attribution for Alexey's error patch.
- Removed the new access-checking method in favor of taking the device
fd in the new API. A follow-up series should clean up the already
existing over-checking of the fd.
- Removed unnecessary name change in kvm.
- Added comment about probe field use in KVM.
- Added more error checking for asid argument values.
- Made GCTX->guest context, asid->ASID changes in comments.
Changes from v4:
- Added a snp_context_create error message fix to KVM.
- Added a PSP error code fix from Alexey Kardashevskiy.
- Changed tracking logic from command inspection to an explicit
guest context API.
- Switched KVM's SNP context management to the new API.
- Separated sev_issue_cmd_external_user's permission logic into a
different function that should be used to instead dominate calls
that derive from external user actions.
- Switched KVM to the new function to complete the deprecation of
sev_issue_cmd_external_user.
- Squashed download_firmware_ex and firmare_upload API instantiation
since the former wasn't self-contained.
Changes from v3:
- Removed added init_args field since it was duplicative of probe.
- Split ccp change into three changes.
- Included Alexey Kardashevskiy's memset(data_ex, 0, sizeof(*data_ex))
fix.
Changes from v2:
- Fix download_firmware_ex struct definition to be the proper size,
and clear to 0 before using. Thanks to Alexey Kardashevskiy.
Changes from v1:
- Fix double-free with incorrect goto label on error.
- checkpatch cleanup.
- firmware_loader comment cleanup and one-use local variable inlining.
Alexey Kardashevskiy (1):
crypto: ccp: Fix uapi definitions of PSP errors
Dionna Glaze (7):
KVM: SVM: Fix gctx page leak on invalid inputs
KVM: SVM: Fix snp_context_create error reporting
firmware_loader: Move module refcounts to allow unloading
crypto: ccp: Add GCTX API to track ASID assignment
crypto: ccp: Add DOWNLOAD_FIRMWARE_EX support
KVM: SVM: Use new ccp GCTX API
KVM: SVM: Delay legacy platform initialization on SNP
arch/x86/kvm/svm/sev.c | 72 ++---
drivers/base/firmware_loader/sysfs_upload.c | 16 +-
drivers/crypto/ccp/Kconfig | 10 +
drivers/crypto/ccp/Makefile | 1 +
drivers/crypto/ccp/sev-dev.c | 186 ++++++++++++-
drivers/crypto/ccp/sev-dev.h | 35 +++
drivers/crypto/ccp/sev-fw.c | 281 ++++++++++++++++++++
include/linux/psp-sev.h | 72 +++++
include/uapi/linux/psp-sev.h | 21 +-
9 files changed, 614 insertions(+), 80 deletions(-)
create mode 100644 drivers/crypto/ccp/sev-fw.c
--
2.47.0.277.g8800431eea-goog