From nobody Sat Nov 23 12:28:31 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 29E0A21A6F1 for ; Tue, 12 Nov 2024 23:23:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453784; cv=none; b=asJy25iBug73Nctmk+4Vwc565DfDR7uEnDrVjOBi2kRoqABN+uvWT9d9DdGg1eWQVlQJwGCkK3t2K0mup2C8qvJjypefwnHcxFpiRtFI1XXD66WBU/mUbLqTahTHDbsdNtqK/ye/UsdI31g9/z5ddymDzLLdXgaJo8g6GYEDUiU= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453784; c=relaxed/simple; bh=Jb7bsAHuq1g+F+AyFt83enXaiVLr1zlWcNhrBiuDpbE=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=VqhYII684SaQayivVt+Kd/hxFXV+yONhgFGsm+mCGyzEQ/zyPWcomNjMbR11cDdt04Shg2KUK3VDDFnOHQhkC4KNckaSSgoEzBo6VqWUygGriCcWM/gZvYTyCbNQS/x6tL/XqO4N2CAkU9VS4D/WpMFuLrOyxICQXD1shzYxNxs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=COv6p2yz; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="COv6p2yz" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6eae6aba72fso76318037b3.2 for ; Tue, 12 Nov 2024 15:23:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453782; x=1732058582; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=COv6p2yzzlQ/agU37mZSkJBosG1/nDrIxGPXdeoT1e+f7+nXggvri5hb2ZwVDaaGlm QoEuCCvoaicDqhytpFmmFuyey8qSaGcouhcOpZSOA4YC72CckecZ5BYi9UGy6MTk4iEO KU7399Vut3BQH99gDJUIsY/UY7J6DH9+ZZzdrZvSOhzRNa+/2iYtWh1GDs/dNHiIJ1R+ DTyIaX+C8JHuYWtkVtOK54QPERIAamyKT5JvIjAK6BkpzVTBwU3QR3qflGn8fKvmgdzA N/WJ1xcQWAFjw1Lt/9DmA4E4gjYJogErJ+7XIAjZZ9mKi3bzbtpUBz9vJloTeaNg9c34 xF7Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453782; x=1732058582; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=te/cfPXpVlK1XxYIx1bZceEtuwPH7dTOHve13FO/vjw=; b=O8O4PS+t9cOyJ87iAMTxTg2E++SPu5eYPLJbY3AK2xUn6CgXQiGdOkaJpkYSgtVon3 RhtYrqnMqqtW9H1yVCDM4SMVrarYrm9SYvdPPzWmSB8L1ay71ZMIkv0mI3jBed0UdzbZ 0SL5U06j04TgEfoMJ+flCgWS/CkllRJwukVBxplgtIPz0IVFdnbW1JaQoJ1lRSoHQ8aM /hTfvXPeB8Cw+5hFQzTC1NuIQ9LHANd1qT005LBnpW+NH9kI9H3r8c7hAW1S3mVYRwZa u2SejTQfhN98fj+C02KMtw1KUDAkD0WOcLEz7x5KOaJ6VIKCPayMjHopiOkxQcttCStf Ih3g== X-Gm-Message-State: AOJu0YzpE9emgfvUznTVflNquDu3/uOKwnBRFjgAjGKjrqKdTBUvhZ8P 8rMwAXjdSNhRhmpLrOBbwJnC4LgSJaQeW+TR486TzsnL7mknbj1KCykvIHUVCFLfqplx+hniuK8 xrAVeS2mAfUQW5iP00B3CM2a8xL3AowdDHmoFxkZqaZuplARPATaR9nn1vkLGCwMQa4ixCmqNCR QewmwuvGNIGEQA3gu/6Bj1wfWQ4slz9+4zfJQEAncv6ihrdNKsvzfD1w3r/ODtjNtC6Zg= X-Google-Smtp-Source: AGHT+IH0ZHDJ9RxOoA61xD1ipX9jxEyCm6JJVxkz4PucOgUVx/B+vOpDcYEieZFLPHqw48EsYNAyVJqKyr8eL5q2kw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:3688:b0:6ea:fa4:a365 with SMTP id 00721157ae682-6eaddfec9efmr1445227b3.8.1731453781898; Tue, 12 Nov 2024 15:23:01 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:40 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-2-dionnaglaze@google.com> Subject: [PATCH v6 1/8] KVM: SVM: Fix gctx page leak on invalid inputs From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Brijesh Singh , Michael Roth , Ashish Kalra Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Ensure that snp gctx page allocation is adequately deallocated on failure during snp_launch_start. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze Acked-by: Sean Christopherson --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index c6c8524859001..357906375ec59 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2212,10 +2212,6 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (sev->snp_context) return -EINVAL; =20 - sev->snp_context =3D snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; - if (params.flags) return -EINVAL; =20 @@ -2230,6 +2226,10 @@ static int snp_launch_start(struct kvm *kvm, struct = kvm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; =20 + sev->snp_context =3D snp_context_create(kvm, argp); + if (!sev->snp_context) + return -ENOTTY; + start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; memcpy(start.gosvw, params.gosvw, sizeof(params.gosvw)); --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DCACE21CFA4 for ; Tue, 12 Nov 2024 23:23:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453787; cv=none; b=AUxAJsbNs/NuJ9tO2Dg5t4s3BpH8yBksBa4qLPnLCxO/ZnFxPPFyzIn+gI/QICvBaMqDcYl9/5W5bFz4r1fCnL7JvdJJPGzIKn/IN39GxqSV/rHqpeuQ2ZeAHuBmyNVB4/j1/KqxYH/t4sVXxMRSfWL6Jve7jHQzzkxUHe6oV1o= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453787; c=relaxed/simple; bh=ayby78yQOyjOz6ls+yE5cxTfghhQvc3yyzZlL7gs+bU=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=qDDLc7+oZTIEw0oUFkpwQBqjecUHQDldMa3L3vPdxdBW6C12/c39UvoNXy2H7AcTu2/XRdHj0Cd9EvXwnVGSx7rDvPPeeCsofirNxaSkmDJD3E8aCQnUKeS5JlymR73E7HCuUYnedwaxWf+lHJFhl1hD/71+u+qU8EzhEB3I9ho= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=qKsxBg6K; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="qKsxBg6K" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2e2bb354e91so6498038a91.2 for ; Tue, 12 Nov 2024 15:23:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453785; x=1732058585; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=qKsxBg6KK1KzmbyM0Qc41DcpDFnsE0GF+9Cuu59tvTI93sVv9ldwTQ8gYUTB/lQUgN scdqqDh3wEvmDuaHzVOIvpddU+ghfl63E/8FIMrxDuR1X5iPb3oVEDLZd8s60mOTIsh5 S9LH10gSP4qPwq0olBcEx1YoV6dwVMe6f0dN3X6J3BdjT8IfRYvF8hvsN/XpVZhnftib K3CNOt/g+lPNfsPBbYgPOi6XcCY9pSKCccqyowLLfc7PRMbDN/nxdXtE+6eVkKE52g5+ 08mfOQjmYBpvAWFEPMwTMvCQM21GBLGbLRexMe2h2Kno1gPP+vt7VPv1TPJ9Y390UeFu qt4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453785; x=1732058585; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WmL++hD8fgHMSusvyHDFwqq57StgWysj/njcEHmccMk=; b=L4R8qOq5Bq1b7c5CQZKwAnYQ31uMqr8JiqXKM74fe0+rIYIYjRxLbQM2TMgNabR4Dz h/yLsL+dMsdA/a9zllkcFPZcPJpRZcIfYUhmQJ758zRoYaJ4A9hQEpMK9GwzdIFM2Ckq cn4iio37+lgv7tF2WN380KuHlS/SDUT4OCDvn2JpGseC++XsJ+yYD962ot0SP8yLdpcf BGlMJsSk4L5N55Na443uWjXAWwhAfsrIAAzHVaRz3a52RgS0/Vhs/VB7BKQtBnNqR3HU wH8ZpIOAZ+P/1tFD0FV9/RCO5D27QZ+XHFkmYmhQ1HDe1kRaLlZse8eTdiqCRQop/4q4 zydg== X-Gm-Message-State: AOJu0YyiJ6G0uSbD9dfTxRqcnGncLobX9n7UdKeLCuSRuKkPwwAzpgEb HCfd+Qop1Buz2qxFfOuoSfE0BEAIgk1q+2R9/3OaY65yixOX/KrzX+9Noxq0u7m2/8G0Sozkb0S NEZQNcetip4DCLKgVpKnTSka62TtOgs5onWH2+iP+Q8tfbvaN7qJg9D08fv8kxD+Jfg1kC1A8wq bLdnwb6yr2TYCUswJMamUZqtMdXv9PNLRBN6uszhCIBy39jdJ6dv978wL1/+7kciHCnZE= X-Google-Smtp-Source: AGHT+IEKIx/zzlZD9qfrCEEtWDHbsmZlYa32pBSY0nOxUmKrJ4QniZXwOwxKWzCDaGQhHEeyreWYnDeyUdJT3VYCwQ== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:90b:2ec3:b0:2e2:bb49:1052 with SMTP id 98e67ed59e1d1-2e9e4c7f1aamr70975a91.4.1731453784634; Tue, 12 Nov 2024 15:23:04 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:41 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-3-dionnaglaze@google.com> Subject: [PATCH v6 2/8] KVM: SVM: Fix snp_context_create error reporting From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" , Brijesh Singh , Michael Roth , Ashish Kalra Cc: linux-coco@lists.linux.dev, Dionna Glaze , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , stable@vger.kernel.org, kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Failure to allocate should not return -ENOTTY. Command failure has multiple possible error modes. Fixes: 136d8bc931c8 ("KVM: SEV: Add KVM_SEV_SNP_LAUNCH_START command") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 357906375ec59..d0e0152aefb32 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2171,7 +2171,7 @@ static void *snp_context_create(struct kvm *kvm, stru= ct kvm_sev_cmd *argp) /* Allocate memory for context page */ context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); if (!context) - return NULL; + return ERR_PTR(-ENOMEM); =20 data.address =3D __psp_pa(context); rc =3D __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &arg= p->error); @@ -2179,7 +2179,7 @@ static void *snp_context_create(struct kvm *kvm, stru= ct kvm_sev_cmd *argp) pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", rc, argp->error); snp_free_firmware_page(context); - return NULL; + return ERR_PTR(rc); } =20 return context; @@ -2227,8 +2227,8 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) return -EINVAL; =20 sev->snp_context =3D snp_context_create(kvm, argp); - if (!sev->snp_context) - return -ENOTTY; + if (IS_ERR(sev->snp_context)) + return PTR_ERR(sev->snp_context); =20 start.gctx_paddr =3D __psp_pa(sev->snp_context); start.policy =3D params.policy; --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A251421D215 for ; Tue, 12 Nov 2024 23:23:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453790; cv=none; b=m1TxN4xByiWbYAucwgcwnwCK64kr4mOlvYTn2Ee2LUStkLEpyUFGDH/ot9swlDH3xOeJ7zIu+/PnyYldKc/1212gCd8yRJNSQuc/91KQ6/3F0yyfi3pHI+pdQdDEwedSpTeEzXZgURPYwGnTD+cxHHMFk0l0vrN/G2kFb5uNuKw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453790; c=relaxed/simple; bh=fkSYYUFFU2dhT6w7OYZJxAhhsJkywG0c349xGH09+og=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=iw5eDV8Dow7oCCC5UYx/ujEonZ9SJk1fYLC+wMvHC0j/wr0ombD9sGoI0BsLTwVd/baXX3sVReKCckxJ2Ly8lUeTchtf/mY/lY7CYSjLH8ftG9fx0hDEJdXs/bdSq32Jo6oNeTh3D+FfKMZPp7293qi6iqLb+c70PwE5UiijmMc= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=o050sadq; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="o050sadq" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e7e7568ed3so2805067b3.1 for ; Tue, 12 Nov 2024 15:23:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453787; x=1732058587; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=waco7iVOB4xSaLUY84IKzzTbmzK38z3CV8Wi2DuMfOk=; b=o050sadqo1QrI4MAIphrM+Wrw4rVusq2jJLpkUqTa51z2sq4c+MnzaM9R5ROwKscnb Jw6YeM2t8QiO+XTpd3wVH948Uw6I7U5evQAlwvRkgQZ0vnjHEhOHEualKQuHI41GAKcA ofsUAWzji9qO9COgifNXdpbz4CjeMzEaBc7llDWztlx8Ok0m+ItMtvz463q0dARpS7j1 dvhjJQtcmJGyIim9R7VkZ0y8PFgziBJqggBrJO+FoC/JAy1I73eqQiJZAdJXky6HVPUc Y/UPaXKR9gyxwvrqnxEV9UPxB9pfuTm3Kesa2OQRAsy12J+Cvv3hHJ6Uuxs3hqLZoFNZ dO8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453787; x=1732058587; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=waco7iVOB4xSaLUY84IKzzTbmzK38z3CV8Wi2DuMfOk=; b=vDP9c/WQeRTIZxxfW+Q6vj0mxXID/2euEX7sXpgZlWYojYAKquQbDw0M/3KEYirxfT k6+3Bmy5RizFxBDWGb6BVTePLLHK3gr2+3lwn1sdbzb7VFZVRGvOk0c30Gbi0hD04WDx xJ1lgrSaNBe8NVjqsbbYpclMAtxToKrDzHZM1fEHv52PHgpfOhF15cyLwaAjsvQg38sg G7MIKE1S0ZCNshI4hzwObr/Sx7BDGth5xIxXbieYBEdsAlrhWUf8k5qQgybq/O+dPIbn c8iKTygrh9iuJD+9K1OZG7ymTr2zvgCInLe7QsJNPSJvHsfRxqLKQ3ykh7YtHDSwQbNV ocUg== X-Gm-Message-State: AOJu0YwgWfg4otfjn8Xjuix9zU/MyLWCpSIy21vyVvAQKKPAr3M6012w 5dC5Sc2vyL/WbDuzQKD1cVr49D5h2DAL1FCmfpey5cSfsu8UEcIW2geHy4phR7cnJkmgHhKLWE5 1CYPc9tBFgnZ4JfF61L97r7psLulsUinyVm/RTuaWvZgz3sHfrJDwpFAh77FvssepdWNmUKI9kO OS4dZH0S4f4XSIPftVg2rFikSwgQGbzkFARIc5tZVTXYaUUq3xIDk6U0lUMlk01aa0a5U= X-Google-Smtp-Source: AGHT+IE0qPNehuCJmgZ3Y9jGmKLJIF83WkMtt6X+ytxPHivZrMnOcg1sXwjkCfj06PlKJC8uXCRQCyOSugbOqkdYyw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a25:d04c:0:b0:e2e:317a:d599 with SMTP id 3f1490d57ef6-e337fdb51ccmr99338276.2.1731453787171; Tue, 12 Nov 2024 15:23:07 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:42 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-4-dionnaglaze@google.com> Subject: [PATCH v6 3/8] firmware_loader: Move module refcounts to allow unloading From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Alexey Kardashevskiy , Russ Weight Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" If a kernel module registers a firmware upload API ops set, then it's unable to be moved due to effectively a cyclic reference that the module depends on the upload which depends on the module. Instead, only require the try_module_get when an upload is requested to disallow unloading a module only while the upload is in progress. Fixes: 97730bbb242c ("firmware_loader: Add firmware-upload support") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Tested-by: Ashish Kalra Reviewed-by: Russ Weight Signed-off-by: Dionna Glaze --- drivers/base/firmware_loader/sysfs_upload.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/drivers/base/firmware_loader/sysfs_upload.c b/drivers/base/fir= mware_loader/sysfs_upload.c index 829270067d163..7d9c6aef7720a 100644 --- a/drivers/base/firmware_loader/sysfs_upload.c +++ b/drivers/base/firmware_loader/sysfs_upload.c @@ -204,6 +204,7 @@ static void fw_upload_main(struct work_struct *work) fwlp->ops->cleanup(fwl); =20 putdev_exit: + module_put(fwlp->module); put_device(fw_dev->parent); =20 /* @@ -239,6 +240,9 @@ int fw_upload_start(struct fw_sysfs *fw_sysfs) } =20 fwlp =3D fw_sysfs->fw_upload_priv; + if (!try_module_get(fwlp->module)) /* released in fw_upload_main */ + return -EFAULT; + mutex_lock(&fwlp->lock); =20 /* Do not interfere with an on-going fw_upload */ @@ -310,13 +314,10 @@ firmware_upload_register(struct module *module, struc= t device *parent, return ERR_PTR(-EINVAL); } =20 - if (!try_module_get(module)) - return ERR_PTR(-EFAULT); - fw_upload =3D kzalloc(sizeof(*fw_upload), GFP_KERNEL); if (!fw_upload) { ret =3D -ENOMEM; - goto exit_module_put; + goto exit_err; } =20 fw_upload_priv =3D kzalloc(sizeof(*fw_upload_priv), GFP_KERNEL); @@ -358,7 +359,7 @@ firmware_upload_register(struct module *module, struct = device *parent, if (ret) { dev_err(fw_dev, "%s: device_register failed\n", __func__); put_device(fw_dev); - goto exit_module_put; + goto exit_err; } =20 return fw_upload; @@ -372,8 +373,7 @@ firmware_upload_register(struct module *module, struct = device *parent, free_fw_upload: kfree(fw_upload); =20 -exit_module_put: - module_put(module); +exit_err: =20 return ERR_PTR(ret); } @@ -387,7 +387,6 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) { struct fw_sysfs *fw_sysfs =3D fw_upload->priv; struct fw_upload_priv *fw_upload_priv =3D fw_sysfs->fw_upload_priv; - struct module *module =3D fw_upload_priv->module; =20 mutex_lock(&fw_upload_priv->lock); if (fw_upload_priv->progress =3D=3D FW_UPLOAD_PROG_IDLE) { @@ -403,6 +402,5 @@ void firmware_upload_unregister(struct fw_upload *fw_up= load) =20 unregister: device_unregister(&fw_sysfs->dev); - module_put(module); } EXPORT_SYMBOL_GPL(firmware_upload_unregister); --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94A5321D230 for ; Tue, 12 Nov 2024 23:23:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453793; cv=none; b=a+EnGpSA++SG/dQKfqNAh5OUgJ4gh5yZQE3HWQR3YjRB7UsW0Fy8+t7gQ/unctpFg+5DNvbkUcTET9n+cL9jRDqzTXKYCXj8NbN48G/MmHsK9nCB9/83oZvN/wMcOoSXmjkQIuPlS83OmsoExO59A6PrcCHCAsf+jzJjvhS9LZ0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453793; c=relaxed/simple; bh=1hS42kMCXh2fd2/NsPf3DiCppJSEIF2GD7L2ejW+7Kw=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=FRq99uHG+96jSo3Wv8wsj9NKL1YHGn579fM8od4njylJbV8OZXhKPyWG2n9Y47Gnj1paAGOt9vsIBkaOyMshT8HPokEl0ugf5tjX8sjURgnPYyCTH7+pxhaJ0CVvKocqt5qU9i52EWmkq9XOhDLIrjKnKk3KH/gNnSHI3Pa3gT4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=hwbmFwJZ; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="hwbmFwJZ" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6e6101877abso115123277b3.0 for ; Tue, 12 Nov 2024 15:23:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453790; x=1732058590; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=JK/GSTSvm9liRNiU4g1TG7hfg4UB9r2AkllQ23c8pWk=; b=hwbmFwJZheMTdJGo1HiVCF9wqDcwF5u+FwhtlW3G9ms9LeCYbPC/hPNbpEkAP+5AOL bZA4z4gBwmYgYh4yNv1igCTPNqIQWNLJyoaQQqekSersyJXkl336IsW+sCx0pW/PuyyJ Ho4wXdqS3aG5jP+mcaSoCmsf36bdNQEKKEIt+tyRRuqyTE5GBuahgP3Szky00UZ+sdeS OD9NQO9q1vMNCxdOPP+6nXq+49UH4C+wKRdFI38LDEZYSjyx1ZDwC7BNT1Jb+G8/krQx uD2ALkV22MIOzQo1tkhw3gRfvMQchsvdhjsBhT5EuxXqXPBA9lHU6qG9b/7Wrk4fV5Ql uSJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453790; x=1732058590; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=JK/GSTSvm9liRNiU4g1TG7hfg4UB9r2AkllQ23c8pWk=; b=hOoq0kjPRuddnZE7O/zqHhy1w5H6QuIK/DA54k8oTQmLuBZ6fBTybNErD/ZE0Io8jP 9uJOj2Esx3ZLNxo8E4funCqd85I7u1vSxCgYQofU747IkLHbE/PN4cuErW4wgisFBocO VXr1Wp9lNK38hp9p54IWOIVMJJ+jd7OTsRVwZJNSNPzXnHxCFAx0KoFpuMnKibLJIFkZ Zj/UgmNAhwLnm0fkkr0uRK2Lu7/5NOJDpiVgQ+LX40ioK2OfAxLYqrjQxO4M8b6GSsdM 5BY28tkWlXorYAccQg78YhTWmMaCpTwYTPIk0r34NjRj3LmSeFkEjuBOu7TUY0lEIHvM s0RQ== X-Gm-Message-State: AOJu0YwdKqrzGR6d4cnNaI2yyOvSR51WiRpd272ynaME/DVUANAljXXR T53FN4MhkBQ5yjd/IOR/l1/WUXb72gNMjASJPRXcJjOAqScRCHJ0sLe/UZGhG/uuZcMzhdz1xHa n6j2GGV437veLO71uL9VjkEywqt8iUX0Z1iui2NFR5p4pocuUhLZUqb9jzoBiXL3hCLK1Pf9Ut9 zqT6KRX5J+UNx974KxjgdFOBfz/IjekSvguCMyAtdQ4RRB9E9Nq0Bgj57jGO1vGV7Ccv0= X-Google-Smtp-Source: AGHT+IHGhhefKoRV5e5OubSGAwAM0UWk5yFk6qkA96dyKOOGAJu9z6Gb09Ycpw7kFzXXPso5tbzga53kt7B3No4ObA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a25:a22a:0:b0:e30:b93a:b3e4 with SMTP id 3f1490d57ef6-e337f85f1c8mr43720276.4.1731453790070; Tue, 12 Nov 2024 15:23:10 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:43 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-5-dionnaglaze@google.com> Subject: [PATCH v6 4/8] crypto: ccp: Fix uapi definitions of PSP errors From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Ashish Kalra , Tom Lendacky , Michael Roth , "Borislav Petkov (AMD)" , Brijesh Singh Cc: linux-coco@lists.linux.dev, Alexey Kardashevskiy , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Dave Hansen , John Allen , Herbert Xu , "David S. Miller" , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , stable@vger.kernel.org, Dionna Glaze , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Alexey Kardashevskiy Additions to the error enum after the explicit 0x27 setting for SEV_RET_INVALID_KEY leads to incorrect value assignments. Use explicit values to match the manufacturer specifications more clearly. Fixes: 3a45dc2b419e ("crypto: ccp: Define the SEV-SNP commands") CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy CC: stable@vger.kernel.org Signed-off-by: Alexey Kardashevskiy Signed-off-by: Dionna Glaze Reviewed-by: Tom Lendacky --- include/uapi/linux/psp-sev.h | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 832c15d9155bd..eeb20dfb1fdaa 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -73,13 +73,20 @@ typedef enum { SEV_RET_INVALID_PARAM, SEV_RET_RESOURCE_LIMIT, SEV_RET_SECURE_DATA_INVALID, - SEV_RET_INVALID_KEY =3D 0x27, - SEV_RET_INVALID_PAGE_SIZE, - SEV_RET_INVALID_PAGE_STATE, - SEV_RET_INVALID_MDATA_ENTRY, - SEV_RET_INVALID_PAGE_OWNER, - SEV_RET_INVALID_PAGE_AEAD_OFLOW, - SEV_RET_RMP_INIT_REQUIRED, + SEV_RET_INVALID_PAGE_SIZE =3D 0x0019, + SEV_RET_INVALID_PAGE_STATE =3D 0x001A, + SEV_RET_INVALID_MDATA_ENTRY =3D 0x001B, + SEV_RET_INVALID_PAGE_OWNER =3D 0x001C, + SEV_RET_AEAD_OFLOW =3D 0x001D, + SEV_RET_EXIT_RING_BUFFER =3D 0x001F, + SEV_RET_RMP_INIT_REQUIRED =3D 0x0020, + SEV_RET_BAD_SVN =3D 0x0021, + SEV_RET_BAD_VERSION =3D 0x0022, + SEV_RET_SHUTDOWN_REQUIRED =3D 0x0023, + SEV_RET_UPDATE_FAILED =3D 0x0024, + SEV_RET_RESTORE_REQUIRED =3D 0x0025, + SEV_RET_RMP_INITIALIZATION_FAILED =3D 0x0026, + SEV_RET_INVALID_KEY =3D 0x0027, SEV_RET_MAX, } sev_ret_code; =20 --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-pg1-f202.google.com (mail-pg1-f202.google.com [209.85.215.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9F4D321E11B for ; Tue, 12 Nov 2024 23:23:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.215.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453797; cv=none; b=hosUwCNvCUosJUox7ovDOeOHDETwfn8JIpsKWEboFYKFIMyxL6/vfPWGMcjBX25vc+fKHozuxaIXNp124yEN6/gd0bGQcLswX3PLWuAllhnNed0X/73oxRfZhAaiT1ZfXQswGvYEwkoPfppUj8MQ7RlRvU+AcbmVhpTE8q9s350= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453797; c=relaxed/simple; bh=ZYnveSnHe3FkDFRVZnrqkrTHNRmt3JMbLrbNeGvJt08=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=ktcRJFHnmg4/jXqoWcIMFEoGI30habGHR3r8TMiSTxp9prcIY2KZTRUDdsknk3t5hpprIfW7pOKHi0V9MniJMEZLeqwHDwTC6eQdCv5fs0aYevySCJj4AbhId70DxJaTcjmSwP7cHWu6XweOztdpDe3KrXesZ3XzyavSXKXgUeY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=Iojx+zxy; arc=none smtp.client-ip=209.85.215.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Iojx+zxy" Received: by mail-pg1-f202.google.com with SMTP id 41be03b00d2f7-7eb07db7812so129969a12.0 for ; Tue, 12 Nov 2024 15:23:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453795; x=1732058595; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=USTo4YL/VPH3OMlRJlDOB1h2tpzzB/FL1xLG0AeYaEg=; b=Iojx+zxyLPJwHn9zLs0TnkQyBcHblD7qndeFZb0TCPeYfIfPh2mJlGUMh49odVcgN2 /wxY3UCBspTXUPJJ+SGHNELwpTcoA7SiaJ4stri0R7aotQc+EmxWWV6Z4DQx8enlJnRp lldgqT/b/IyHHsCm8wpwM304elbEGFCTK2BI/jEqvOt9UHaOHIxUVIZbug/ZIIeR8iFm QNM/ASoX3m+05MfNGiWGuh1BmL9BRkosLgi7I9cy6l4nNiw8rE9vEf5MAkkH6wHIIUTR rD2htol9LYJlLd5qFkY5cL5xLJnj/Yfxw2P/hZg67jQebO9Q/fq2yYRVuyhGcO7YVnrE gOtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453795; x=1732058595; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=USTo4YL/VPH3OMlRJlDOB1h2tpzzB/FL1xLG0AeYaEg=; b=nNCc92rTUQDwcMqGlTWH2zZ8+3OyNa2V9Sz0GiyGW4h/1nuJPE2PZSAy3s84XZl7ed gk5x9V5NKcY9KSAo8m0OTo08KisyorBX3jdRZH6sxuG20X9jJj3RWhEZVTflipkYUyRn EJstqFnhGRGQ5FOggx3unQi8nD7UkYsnqKfAIJ84l4mnB3g+a/uIDyQsWQjZ8QAkvY7a yCD1CYGHrVmq5wk4iQ/FYUbRaTJ6TDSRHxo+EUxUP7tHdkBhJ7MtUwQLTcBINDCtGcLN Sw9dKqIkrJfd/28ChUDdNwaC2vayM/4lVzm1ngEROSpxLJSJHQ4iPNHDHFgs8pJHrmlo FhIg== X-Gm-Message-State: AOJu0YwRIAiv2NEbkxaUJsV11uO9Ki93EYfT8oc7llu2x/knC1DYxWj0 6JGLOf8NT/k0cIj6c3ezBwmVBdHA0AN6MtHdrpkrzQ/TI5A/3f2SVhB7EALV8XszckrchD2flSt sCo6fBVplQ5dN7qhORLiMqmMakGTe0VNWGLP7QVrZa4qsQN5c5ZaBjNq24SsvuyEfXqIiD2G0qF SEX4L/TszXhG641bZfmFPtApVOmlAj8pmq+gxKI6yZbdQBta779bzP3N7LXYSpCCZTkAY= X-Google-Smtp-Source: AGHT+IEby86KOt7jOT5/DEApza0kwwIhq4p8JxRYX4qy2k+CNTUtIUvHeGv7sbHFOyCcpJ8TgiN/weldRpPBkDTfbw== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a17:902:e809:b0:20c:6764:6681 with SMTP id d9443c01a7336-211821273camr1743295ad.2.1731453793410; Tue, 12 Nov 2024 15:23:13 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:44 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-6-dionnaglaze@google.com> Subject: [PATCH v6 5/8] crypto: ccp: Add GCTX API to track ASID assignment From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In preparation for SEV firmware hotloading support, introduce a new way to create, activate, and decommission GCTX pages such that ccp is has all GCTX pages available to update as needed. Compliance with SEV-SNP API section 3.3 Firmware Updates and 4.1.1 Live Update: before a firmware is committed, all active GCTX pages should be updated with SNP_GUEST_STATUS to ensure their data structure remains consistent for the new firmware version. There can only be CPUID 0x8000001f_EDX-1 many SEV-SNP asids in use at one time, so this map associates asid to gctx in order to track which addresses are active gctx pages that need updating. When an asid and gctx page are decommissioned, the page is removed from tracking for update-purposes. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/sev-dev.c | 159 ++++++++++++++++++++++++++++++++++- drivers/crypto/ccp/sev-dev.h | 4 + include/linux/psp-sev.h | 55 ++++++++++++ 3 files changed, 217 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index af018afd9cd7f..d8c35b8478ff5 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -8,6 +8,7 @@ */ =20 #include +#include #include #include #include @@ -109,6 +110,10 @@ static void *sev_init_ex_buffer; */ static struct sev_data_range_list *snp_range_list; =20 +/* SEV ASID data tracks resources associated with an ASID to safely manage= operations. */ +struct sev_asid_data *sev_asid_data; +u32 nr_asids, sev_min_asid, sev_es_max_asid; + static inline bool sev_version_greater_or_equal(u8 maj, u8 min) { struct sev_device *sev =3D psp_master->sev_data; @@ -1093,6 +1098,109 @@ static int snp_filter_reserved_mem_regions(struct r= esource *rs, void *arg) return 0; } =20 +static bool sev_check_external_user(int fd); +void *sev_snp_create_context(int fd, int asid, int *psp_ret) +{ + struct sev_data_snp_addr data =3D {}; + void *context; + int rc, error; + + if (!sev_check_external_user(fd)) + return ERR_PTR(-EBADF); + + if (!sev_asid_data) + return ERR_PTR(-ENODEV); + + if (asid < 0 || asid >=3D nr_asids) + return ERR_PTR(-EINVAL); + + /* Can't create a context for a used ASID. */ + if (WARN_ON_ONCE(sev_asid_data[asid].snp_context)) + return ERR_PTR(-EBUSY); + + /* Allocate memory for context page */ + context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); + if (!context) + return ERR_PTR(-ENOMEM); + + data.address =3D __psp_pa(context); + rc =3D sev_do_cmd(SEV_CMD_SNP_GCTX_CREATE, &data, &error); + if (rc) { + pr_warn("Failed to create SEV-SNP context, rc=3D%d fw_error=3D0x%x", + rc, error); + if (psp_ret) + *psp_ret =3D error; + snp_free_firmware_page(context); + return ERR_PTR(-EIO); + } + + sev_asid_data[asid].snp_context =3D context; + + return context; +} +EXPORT_SYMBOL_GPL(sev_snp_create_context); + +int sev_snp_activate_asid(int fd, int asid, int *psp_ret) +{ + struct sev_data_snp_activate data =3D {0}; + void *context; + + if (!sev_check_external_user(fd)) + return -EBADF; + + if (!sev_asid_data) + return -ENODEV; + + if (asid < 0 || asid >=3D nr_asids) + return -EINVAL; + + context =3D sev_asid_data[asid].snp_context; + if (WARN_ON_ONCE(!context)) + return -EINVAL; + + data.gctx_paddr =3D __psp_pa(context); + data.asid =3D asid; + return sev_do_cmd(SEV_CMD_SNP_ACTIVATE, &data, psp_ret); +} +EXPORT_SYMBOL_GPL(sev_snp_activate_asid); + +int sev_snp_guest_decommission(int fd, int asid, int *psp_ret) +{ + struct sev_data_snp_addr addr =3D {}; + struct sev_asid_data *data; + int ret, error; + + if (!sev_check_external_user(fd)) + return -EBADF; + + if (!sev_asid_data) + return -ENODEV; + + if (asid < 0 || asid >=3D nr_asids) + return -EINVAL; + + data =3D &sev_asid_data[asid]; + /* If context is not created then do nothing */ + if (!data->snp_context) + return 0; + + /* Do the decommission, which will unbind the ASID from the SNP context */ + addr.address =3D __sme_pa(data->snp_context); + ret =3D sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &addr, &error); + + if (WARN_ONCE(ret, "Failed to release guest context, rc=3D%d, fw_error=3D= 0x%x", ret, error)) { + if (psp_ret) + *psp_ret =3D error; + return ret; + } + + snp_free_firmware_page(data->snp_context); + data->snp_context =3D NULL; + + return 0; +} +EXPORT_SYMBOL_GPL(sev_snp_guest_decommission); + static int __sev_snp_init_locked(int *error) { struct psp_device *psp =3D psp_master; @@ -1306,6 +1414,27 @@ static int __sev_platform_init_locked(int *error) return 0; } =20 +static int sev_asid_data_init(void) +{ + u32 eax, ebx, ecx; + + if (sev_asid_data) + return 0; + + cpuid(0x8000001f, &eax, &ebx, &ecx, &sev_min_asid); + if (!ecx) + return -ENODEV; + + nr_asids =3D ecx + 1; + sev_es_max_asid =3D sev_min_asid - 1; + + sev_asid_data =3D kcalloc(nr_asids, sizeof(*sev_asid_data), GFP_KERNEL); + if (!sev_asid_data) + return -ENOMEM; + + return 0; +} + static int _sev_platform_init_locked(struct sev_platform_init_args *args) { struct sev_device *sev; @@ -1319,6 +1448,10 @@ static int _sev_platform_init_locked(struct sev_plat= form_init_args *args) if (sev->state =3D=3D SEV_STATE_INIT) return 0; =20 + rc =3D sev_asid_data_init(); + if (rc) + return rc; + /* * Legacy guests cannot be running while SNP_INIT(_EX) is executing, * so perform SEV-SNP initialization at probe time. @@ -2329,6 +2462,9 @@ static void __sev_firmware_shutdown(struct sev_device= *sev, bool panic) snp_range_list =3D NULL; } =20 + kfree(sev_asid_data); + sev_asid_data =3D NULL; + __sev_snp_shutdown_locked(&error, panic); } =20 @@ -2377,10 +2513,31 @@ static struct notifier_block snp_panic_notifier =3D= { .notifier_call =3D snp_shutdown_on_panic, }; =20 +static bool file_is_sev(struct file *filep) +{ + return filep && filep->f_op =3D=3D &sev_fops; +} + +static bool sev_check_external_user(int fd) +{ + struct fd f; + bool ret =3D true; + + f =3D fdget(fd); + if (!fd_file(f)) + return false; + + if (!file_is_sev(fd_file(f))) + ret =3D false; + + fdput(f); + return ret; +} + int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, void *data, int *error) { - if (!filep || filep->f_op !=3D &sev_fops) + if (!file_is_sev(filep)) return -EBADF; =20 return sev_do_cmd(cmd, data, error); diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 3e4e5574e88a3..ccf3ba78d8332 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -65,4 +65,8 @@ void sev_dev_destroy(struct psp_device *psp); void sev_pci_init(void); void sev_pci_exit(void); =20 +struct sev_asid_data { + void *snp_context; +}; + #endif /* __SEV_DEV_H */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea85850..0b3b7707ccb21 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -942,6 +942,61 @@ int sev_guest_decommission(struct sev_data_decommissio= n *data, int *error); */ int sev_do_cmd(int cmd, void *data, int *psp_ret); =20 +/** + * sev_snp_create_context - allocates an SNP context firmware page + * + * Associates the created context with the ASID that an activation + * call after SNP_LAUNCH_START will commit. The association is needed + * to track active guest context pages to refresh during firmware hotload. + * + * @fd: A file descriptor for the SEV device + * @asid: The ASID allocated to the caller that will be used in a subse= quent SNP_ACTIVATE. + * @psp_ret: sev command return code. + * + * Returns: + * A pointer to the SNP context page, or an ERR_PTR of + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +void *sev_snp_create_context(int fd, int asid, int *psp_ret); + +/** + * sev_snp_activate_asid - issues SNP_ACTIVATE for the ASID and associated= guest context page. + * + * @fd: A file descriptor for the SEV device + * @asid: The ASID to activate. + * @psp_ret: sev command return code. + * + * Returns: + * 0 if the SEV device successfully processed the command + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +int sev_snp_activate_asid(int fd, int asid, int *psp_ret); + +/** + * sev_snp_guest_decommission - issues SNP_DECOMMISSION for an ASID's gues= t context page, and frees + * it. + * + * The caller must ensure mutual exclusion with any process that may deact= ivate ASIDs. + * + * @fd: A file descriptor for the SEV device + * @asid: The ASID to activate. + * @psp_ret: sev command return code. + * + * Returns: + * 0 if the SEV device successfully processed the command + * -%ENODEV if the PSP device is not available + * -%ENOTSUPP if PSP device does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if PSP device returned a non-zero return code + */ +int sev_snp_guest_decommission(int fd, int asid, int *psp_ret); + void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6F8AB21C186 for ; Tue, 12 Nov 2024 23:23:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.128.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453800; cv=none; b=Desn5mExXKqtEHJi5Amp9e0/l0B0a7w0S9Tv1vdIvvsT0h+4llgszB/pL3/FuvzCPvSYXtF//37stqwLwFFTC4o8eMTczO78ltU0pWe7q+7PzqFk8BGwGN2/8UJHKr7PuXdcWRvhHWaMgkMnCNd7ziRnRSUsg01E/qbRwll4gPc= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453800; c=relaxed/simple; bh=ub/jeAuKxHgVeYJR7qfIWhbva40qGRoVqnXE5Bdp86E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Dphu1k2Tp+vRp2YL72fL/8QqQD0JcE346dpyZeoD3OujDcLEkD2AcindMhsaq5seANlzyn9/slPs1g93Mb+9+xQTq5ytVbHoXH6vPP//0CVySUZm7/QAD1ZmSejd57n1YmPrvwzSHglJHS0oBL8+KJr4UexFKz6l7i0a7b4UEtw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=2ZaSuw2y; arc=none smtp.client-ip=209.85.128.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="2ZaSuw2y" Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-6ea86f1df79so115335357b3.1 for ; Tue, 12 Nov 2024 15:23:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453797; x=1732058597; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=ke0lLdlr1kk9jFT9Y4ArnxwOQ/foP1O5UmzGSVbFNLU=; b=2ZaSuw2yeFSc64GPCHXQ6b9YJwPToj5chgpdlNqrMj6gx+czLTBL4Tvmd5oYqXOZH0 pb8dKbpTiSWfhF6Dx2oUxOINrQ9WOn7sOXPXZDVAgb+zOlqkpocAKLk60z62LdOtHVzm 6GZfNzgIQxmpco4inXn1sCRc1NAGBjSwGG79mG02Wcl1QoIjH8leKWk4ocqCvqdGv9Ui ebIvyK2+vkk2vtpex+Ztd5Zyt1rJEqKIBRUCMSNn13ZoohAbZ87UCat3oP1RVhE+9EY9 GFsNgW8ehLPz6dVUcxZHRV1ug9HmK8i4FXbaRU0OdKeOSbTZN06zKg+SpiiYA2v4LrWs q4kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453797; x=1732058597; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ke0lLdlr1kk9jFT9Y4ArnxwOQ/foP1O5UmzGSVbFNLU=; b=oCVt8YoyqsWRD7NSS4q6P4VUUwLpHn7MsoCpzixxaiRV/EeHiGn+B0bWA+U1LBj+6V 2w5DCvaxMvs2mOsDatcgCxpiilVTYxPZEXIK6VEdNGiBj3JalXUYt2tCtsQQwj2rbkG4 kuBuOkHx9w//NGAyxjDg5gGX+09plkpuv2C2dC52qbk1TEIMhTKmTYuRvBJnUK4IA6LH 7tbfryUvNk0pU9gCULlIERTrqa6Brfgizhl4raQI3IzXz8LHaZ3JfRKJ/O8j0WVsB1XN GvC7ZzxLiyuTv6How+nRMwRmIV5McVjbLtHfA+h0GSGH1arNs9wx9WLWmY7MMI8V3rV6 vjsQ== X-Gm-Message-State: AOJu0YzaJS8lZkC3T/li33Yy48Rx3XynQzSZAUpKDxJC39y8FC6NwSZl OiFhPWVmBTK5H115ekDsmEJYaM3HLhHZ4nAAX6T5Dk9+anzL8LxDMtLJcHEsPgPPSNG5Nez4FTo nu6JuNXm8zN5cVKtmpyvipEhzovLoStXCCfw/Fx316pYqtehHzFoAxqWBP6dKqc7Ls7/vsB9jv3 iZsFyoGtRZufTg/G20C68RH7Pq1k2h9AfjxbwD/UUsz/6envho0adB4VOV1BXEQIKqlWM= X-Google-Smtp-Source: AGHT+IE9XrR6GjaQBHvQS5sK7gytB+L9sUsf5ZrG6EKKcAz5P+cTOu/VMoAAZDFGSEeppHcPeADdJdGGCa104awGmA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:690c:1c:b0:6e3:b08:92c7 with SMTP id 00721157ae682-6eaddc1ed85mr3462377b3.0.1731453797357; Tue, 12 Nov 2024 15:23:17 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:45 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-7-dionnaglaze@google.com> Subject: [PATCH v6 6/8] crypto: ccp: Add DOWNLOAD_FIRMWARE_EX support From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Ashish Kalra Cc: linux-coco@lists.linux.dev, Dionna Glaze , Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , linux-crypto@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In order to support firmware hotloading, the DOWNLOAD_FIRMWARE_EX command must be available. The DOWNLOAD_FIRMWARE_EX command requires cache flushing and introduces new error codes that could be returned to user space. Access to the command is through the firmware_upload API rather than through the ioctl interface to prefer a common interface. On init, the ccp device will make /sys/class/firmware/amd/loading etc firmware upload API attributes available to late-load a SEV-SNP firmware binary. The firmware_upload API errors reported are actionable in the following ways: * FW_UPLOAD_ERR_HW_ERROR: the machine is in an unstable state and must be reset. * FW_UPLOAD_ERR_RW_ERROR: the firmware update went bad but can be recovered by hotloading the previous firmware version. Also used in the case that the kernel used the API wrong (bug). * FW_UPLOAD_ERR_FW_INVALID: user error with the data provided, but no instability is expected and no recovery actions are needed. * FW_UPLOAD_ERR_BUSY: upload attempted at a bad time either due to overload or the machine is in the wrong platform state. synthetic_restore_required: Instead of tracking the status of whether an individual GCTX is safe for use in a firmware command, force all following commands to fail with an error that is indicative of needing a firmware rollback. To test: 1. Build the kernel enabling SEV-SNP as normal and add CONFIG_FW_UPLOAD=3Dy. 2. Add the following to your kernel_cmdline: ccp.psp_init_on_probe=3D0. 3.Get an AMD SEV-SNP firmware sbin appropriate to your Epyc chip model at https://www.amd.com/en/developer/sev.html and extract to get a .sbin file. 4. Run the following with your sbinfile in FW: echo 1 > /sys/class/firmware/snp_dlfw_ex/loading cat "${FW?}" > /sys/class/firmware/snp_dlfw_ex/data echo 0 > /sys/class/firmware/snp_dlfw_ex/loading 5. Verify the firmware update message in dmesg. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Signed-off-by: Dionna Glaze --- drivers/crypto/ccp/Kconfig | 10 ++ drivers/crypto/ccp/Makefile | 1 + drivers/crypto/ccp/sev-dev.c | 27 ++-- drivers/crypto/ccp/sev-dev.h | 31 ++++ drivers/crypto/ccp/sev-fw.c | 281 +++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 17 +++ 6 files changed, 357 insertions(+), 10 deletions(-) create mode 100644 drivers/crypto/ccp/sev-fw.c diff --git a/drivers/crypto/ccp/Kconfig b/drivers/crypto/ccp/Kconfig index f394e45e11ab4..40be991f15d28 100644 --- a/drivers/crypto/ccp/Kconfig +++ b/drivers/crypto/ccp/Kconfig @@ -46,6 +46,16 @@ config CRYPTO_DEV_SP_PSP along with software-based Trusted Execution Environment (TEE) to enable third-party trusted applications. =20 +config CRYPTO_DEV_SP_PSP_FW_UPLOAD + bool "Platform Security Processor (PSP) device with firmware hotloading" + default y + depends on CRYPTO_DEV_SP_PSP && FW_LOADER && FW_UPLOAD + help + Provide support for AMD Platform Security Processor firmware. + The PSP firmware can be updated while no SEV or SEV-ES VMs are active. + Users of this feature should be aware of the error modes that indicate + required manual rollback or reset due to instablity. + config CRYPTO_DEV_CCP_DEBUGFS bool "Enable CCP Internals in DebugFS" default n diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile index 394484929dae3..5ce69134ec48b 100644 --- a/drivers/crypto/ccp/Makefile +++ b/drivers/crypto/ccp/Makefile @@ -14,6 +14,7 @@ ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) +=3D psp-dev.o \ platform-access.o \ dbc.o \ hsti.o +ccp-$(CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD) +=3D sev-fw.o =20 obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) +=3D ccp-crypto.o ccp-crypto-objs :=3D ccp-crypto-main.o \ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index d8c35b8478ff5..a8f5e35ab8a0a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -228,6 +228,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_= request); case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); + case SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX: return sizeof(struct sev_data_down= load_firmware_ex); default: return 0; } =20 @@ -489,7 +490,7 @@ void snp_free_firmware_page(void *addr) } EXPORT_SYMBOL_GPL(snp_free_firmware_page); =20 -static void *sev_fw_alloc(unsigned long len) +void *sev_fw_alloc(unsigned long len) { struct page *page; =20 @@ -857,6 +858,15 @@ static int __sev_do_cmd_locked(int cmd, void *data, in= t *psp_ret) if (WARN_ON_ONCE(!data !=3D !buf_len)) return -EINVAL; =20 + /* Firmware hotloading can fail to update some guest context pages, in wh= ich case + * user space should roll back the firmware instead of committing it. Thi= s is already + * a firmware error code called RESTORE_REQUIRED, so report that error if= VMs would + * be corrupted if user space were to commit the firmware. + */ + ret =3D sev_snp_synthetic_error(sev, psp_ret); + if (ret) + return ret; + /* * Copy the incoming data to driver's scratch buffer as __pa() will not * work for some memory, e.g. vmalloc'd addresses, and @data may not be @@ -1661,7 +1671,7 @@ void *psp_copy_user_blob(u64 uaddr, u32 len) } EXPORT_SYMBOL_GPL(psp_copy_user_blob); =20 -static int sev_get_api_version(void) +int sev_get_api_version(void) { struct sev_device *sev =3D psp_master->sev_data; struct sev_user_data_status status; @@ -1736,14 +1746,7 @@ static int sev_update_firmware(struct device *dev) return -1; } =20 - /* - * SEV FW expects the physical address given to it to be 32 - * byte aligned. Memory allocated has structure placed at the - * beginning followed by the firmware being passed to the SEV - * FW. Allocate enough memory for data structure + alignment - * padding + SEV FW. - */ - data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), 32); + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware), SEV_FW_ALI= GNMENT); =20 order =3D get_order(firmware->size + data_size); p =3D alloc_pages(GFP_KERNEL, order); @@ -2407,6 +2410,8 @@ int sev_dev_init(struct psp_device *psp) if (ret) goto e_irq; =20 + snp_init_firmware_upload(sev); + dev_notice(dev, "sev enabled\n"); =20 return 0; @@ -2488,6 +2493,8 @@ void sev_dev_destroy(struct psp_device *psp) kref_put(&misc_dev->refcount, sev_exit); =20 psp_clear_sev_irq_handler(psp); + + snp_destroy_firmware_upload(sev); } =20 static int snp_shutdown_on_panic(struct notifier_block *nb, diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index ccf3ba78d8332..2417bcce97848 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -29,6 +29,15 @@ #define SEV_CMD_COMPLETE BIT(1) #define SEV_CMDRESP_IOC BIT(0) =20 +/* + * SEV FW expects the physical address given to it to be 32 + * byte aligned. Memory allocated has structure placed at the + * beginning followed by the firmware being passed to the SEV + * FW. Allocate enough memory for data structure + alignment + * padding + SEV FW. + */ +#define SEV_FW_ALIGNMENT 32 + struct sev_misc_dev { struct kref refcount; struct miscdevice misc; @@ -57,6 +66,11 @@ struct sev_device { bool cmd_buf_backup_active; =20 bool snp_initialized; + +#ifdef CONFIG_FW_UPLOAD + struct fw_upload *fwl; + bool fw_cancel; +#endif /* CONFIG_FW_UPLOAD */ }; =20 int sev_dev_init(struct psp_device *psp); @@ -69,4 +83,21 @@ struct sev_asid_data { void *snp_context; }; =20 +/* Extern to be shared with firmware_upload API implementation if configur= ed. */ +extern struct sev_asid_data *sev_asid_data; +extern u32 nr_asids, sev_min_asid, sev_max_asid, sev_es_max_asid; + +void *sev_fw_alloc(unsigned long len); +int sev_get_api_version(void); + +#ifdef CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD +void snp_init_firmware_upload(struct sev_device *sev); +void snp_destroy_firmware_upload(struct sev_device *sev); +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret); +#else +static inline void snp_init_firmware_upload(struct sev_device *sev) { } +static inline void snp_destroy_firmware_upload(struct sev_device *sev) { } +static inline int sev_snp_synthetic_error(struct sev_device *sev, int *psp= _ret) { return 0; } +#endif /* CONFIG_CRYPTO_DEV_SP_PSP_FW_UPLOAD */ + #endif /* __SEV_DEV_H */ diff --git a/drivers/crypto/ccp/sev-fw.c b/drivers/crypto/ccp/sev-fw.c new file mode 100644 index 0000000000000..327feb846e5be --- /dev/null +++ b/drivers/crypto/ccp/sev-fw.c @@ -0,0 +1,281 @@ +// SPDX-License-Identifier: GPL-2.0-only +/* + * AMD Secure Encrypted Virtualization (SEV) firmware upload API + */ + +#include +#include +#include + +#include + +#include "sev-dev.h" + +static bool synthetic_restore_required; + +int sev_snp_synthetic_error(struct sev_device *sev, int *psp_ret) +{ + if (synthetic_restore_required) { + *psp_ret =3D SEV_RET_RESTORE_REQUIRED; + return -EIO; + } + + return 0; +} + +static int sev_snp_download_firmware_ex(struct sev_device *sev, const u8 *= data, u32 size, + int *error) +{ + struct sev_data_download_firmware_ex *data_ex; + int ret, order; + struct page *p; + u64 data_size; + void *fw_dest; + + data_size =3D ALIGN(sizeof(struct sev_data_download_firmware_ex), SEV_FW_= ALIGNMENT); + + order =3D get_order(size + data_size); + p =3D alloc_pages(GFP_KERNEL, order); + if (!p) + return -ENOMEM; + + /* + * Copy firmware data to a kernel allocated contiguous + * memory region. + */ + data_ex =3D page_address(p); + fw_dest =3D page_address(p) + data_size; + memset(data_ex, 0, data_size); + memcpy(fw_dest, data, size); + + /* commit is purposefully unset for GCTX update failure to advise rollbac= k */ + data_ex->fw_paddr =3D __psp_pa(fw_dest); + data_ex->fw_len =3D size; + data_ex->length =3D sizeof(struct sev_data_download_firmware_ex); + + ret =3D sev_do_cmd(SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX, data_ex, error); + + if (ret) + goto free_err; + + /* Need to do a DF_FLUSH after live firmware update */ + wbinvd_on_all_cpus(); + ret =3D sev_do_cmd(SEV_CMD_SNP_DF_FLUSH, NULL, error); + if (ret) + dev_dbg(sev->dev, "DF_FLUSH error %d\n", *error); + +free_err: + __free_pages(p, order); + return ret; +} + +static enum fw_upload_err snp_dlfw_ex_prepare(struct fw_upload *fw_upload, + const u8 *data, u32 size) +{ + struct sev_device *sev =3D fw_upload->dd_handle; + + sev->fw_cancel =3D false; + return FW_UPLOAD_ERR_NONE; +} + +static enum fw_upload_err snp_dlfw_ex_poll_complete(struct fw_upload *fw_u= pload) +{ + return FW_UPLOAD_ERR_NONE; +} + +/* Cancel can be called asynchronously, but DOWNLOAD_FIRMWARE_EX is atomic= and cannot + * be canceled. There is no need to synchronize updates to fw_cancel. + */ +static void snp_dlfw_ex_cancel(struct fw_upload *fw_upload) +{ + /* fw_upload not-NULL guaranteed by firmware_upload API */ + struct sev_device *sev =3D fw_upload->dd_handle; + + sev->fw_cancel =3D true; +} + +static enum fw_upload_err snp_dlfw_ex_err_translate(struct sev_device *sev= , int psp_ret) +{ + dev_dbg(sev->dev, "Failed to update SEV firmware: %#x\n", psp_ret); + + /* + * Operation error: + * HW_ERROR: Critical error. Machine needs repairs now. + * RW_ERROR: Severe error. Roll back to the prior version to recover. + * User error: + * FW_INVALID: Bad input for this interface. + * BUSY: Wrong machine state to run download_firmware_ex. + */ + switch (psp_ret) { + case SEV_RET_RESTORE_REQUIRED: + dev_warn(sev->dev, "Firmware updated but unusable. Rollback!!!\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_SHUTDOWN_REQUIRED: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image cannot be live updated\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_BAD_VERSION: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image is not well formed\n"); + return FW_UPLOAD_ERR_FW_INVALID; + /* SEV-specific errors that can still happen. */ + case SEV_RET_BAD_SIGNATURE: + /* No state changes made. Not a hardware error. */ + dev_warn(sev->dev, "Firmware image signature is bad\n"); + return FW_UPLOAD_ERR_FW_INVALID; + case SEV_RET_INVALID_PLATFORM_STATE: + /* Calling at the wrong time. Not a hardware error. */ + dev_warn(sev->dev, "Firmware not updated as SEV in INIT state\n"); + return FW_UPLOAD_ERR_BUSY; + case SEV_RET_HWSEV_RET_UNSAFE: + dev_err(sev->dev, "Firmware is unstable. Reset your machine!!!\n"); + return FW_UPLOAD_ERR_HW_ERROR; + /* Kernel bug cases. */ + case SEV_RET_INVALID_PARAM: + dev_err(sev->dev, "Download-firmware-EX invalid parameter\n"); + return FW_UPLOAD_ERR_RW_ERROR; + case SEV_RET_INVALID_ADDRESS: + dev_err(sev->dev, "Download-firmware-EX invalid address\n"); + return FW_UPLOAD_ERR_RW_ERROR; + default: + dev_err(sev->dev, "Unhandled download_firmware_ex err %d\n", psp_ret); + return FW_UPLOAD_ERR_HW_ERROR; + } +} + +static enum fw_upload_err snp_update_guest_contexts(struct sev_device *sev) +{ + struct sev_data_snp_guest_status status_data; + void *snp_guest_status; + enum fw_upload_err ret =3D FW_UPLOAD_ERR_NONE; + int rc, error; + + /* + * Force an update of guest context pages after SEV firmware + * live update by issuing SNP_GUEST_STATUS on all guest + * context pages. + */ + snp_guest_status =3D sev_fw_alloc(PAGE_SIZE); + if (!snp_guest_status) + return FW_UPLOAD_ERR_INVALID_SIZE; + + for (int i =3D 1; i <=3D sev_es_max_asid; i++) { + if (!sev_asid_data[i].snp_context) + continue; + + status_data.gctx_paddr =3D __psp_pa(sev_asid_data[i].snp_context); + status_data.address =3D __psp_pa(snp_guest_status); + rc =3D sev_do_cmd(SEV_CMD_SNP_GUEST_STATUS, &status_data, &error); + if (!rc) + continue; + + /* + * Handle race with SNP VM being destroyed/decommissoned, + * if guest context page invalid error is returned, + * assume guest has been destroyed. + */ + if (error =3D=3D SEV_RET_INVALID_GUEST) + continue; + + /* Guest context page update failure should force userspace to rollback, + * so make all non-DOWNLOAD_FIRMWARE_EX commands fail with RESTORE_REQUI= RED. + * This emulates the behavior of the firmware on an older PSP bootloader= version + * that couldn't auto-restore on DOWNLOAD_FIRMWARE_EX failure. However, = the error + * is still relevant to this follow-up guest update failure. + */ + synthetic_restore_required =3D true; + dev_err(sev->dev, + "SNP guest context update error, rc=3D%d, fw_error=3D0x%x. Rollback!!!\= n", + rc, error); + ret =3D FW_UPLOAD_ERR_RW_ERROR; + break; + } + + snp_free_firmware_page(snp_guest_status); + return ret; +} + +static enum fw_upload_err snp_dlfw_ex_write(struct fw_upload *fwl, const u= 8 *data, + u32 offset, u32 size, u32 *written) +{ + /* fwl not-NULL guaranteed by firmware_upload API, and sev is non-NULL by= precondition to + * snp_init_firmware_upload. + */ + struct sev_device *sev =3D fwl->dd_handle; + u8 api_major, api_minor, build; + int ret, error; + + if (!sev) + return FW_UPLOAD_ERR_HW_ERROR; + + if (sev->fw_cancel) + return FW_UPLOAD_ERR_CANCELED; + + /* + * SEV firmware update is a one-shot update operation, the write() + * callback to be invoked multiple times for the same update is + * unexpected. + */ + if (offset) + return FW_UPLOAD_ERR_INVALID_SIZE; + + if (sev_get_api_version()) + return FW_UPLOAD_ERR_HW_ERROR; + + api_major =3D sev->api_major; + api_minor =3D sev->api_minor; + build =3D sev->build; + + ret =3D sev_snp_download_firmware_ex(sev, data, size, &error); + if (ret) + return snp_dlfw_ex_err_translate(sev, error); + + ret =3D snp_update_guest_contexts(sev); + if (ret) + return ret; + + sev_get_api_version(); + if (api_major !=3D sev->api_major || api_minor !=3D sev->api_minor || + build !=3D sev->build) { + dev_info(sev->dev, "SEV firmware updated from %d.%d.%d to %d.%d.%d\n", + api_major, api_minor, build, + sev->api_major, sev->api_minor, sev->build); + } else { + dev_info(sev->dev, "SEV firmware not updated, same as current version %d= .%d.%d\n", + api_major, api_minor, build); + } + + *written =3D size; + + return FW_UPLOAD_ERR_NONE; +} + +static const struct fw_upload_ops snp_dlfw_ex_ops =3D { + .prepare =3D snp_dlfw_ex_prepare, + .write =3D snp_dlfw_ex_write, + .poll_complete =3D snp_dlfw_ex_poll_complete, + .cancel =3D snp_dlfw_ex_cancel, +}; + +/* PREREQUISITE: sev is non-NULL */ +void snp_init_firmware_upload(struct sev_device *sev) +{ + struct fw_upload *fwl; + + fwl =3D firmware_upload_register(THIS_MODULE, sev->dev, "snp_dlfw_ex", &s= np_dlfw_ex_ops, sev); + if (IS_ERR(fwl)) { + dev_err(sev->dev, "SEV firmware upload initialization error %ld\n", PTR_= ERR(fwl)); + return; + } + + sev->fwl =3D fwl; +} + +/* PREREQUISITE: sev is non-NULL */ +void snp_destroy_firmware_upload(struct sev_device *sev) +{ + if (!sev->fwl) + return; + + firmware_upload_unregister(sev->fwl); +} diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 0b3b7707ccb21..9ad941e36bb63 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -185,6 +185,23 @@ struct sev_data_download_firmware { u32 len; /* In */ } __packed; =20 +/** + * struct sev_data_download_firmware_ex - DOWNLOAD_FIRMWARE_EX command par= ameters + * + * @length: length of this command buffer + * @fw_paddr: physical address of firmware image + * @fw_len: len of the firmware image + * @commit: automatically commit the newly installed image + */ +struct sev_data_download_firmware_ex { + u32 length; /* In */ + u32 reserved; /* In */ + u64 fw_paddr; /* In */ + u32 fw_len; /* In */ + u32 commit:1; /* In */ + u32 reserved2:31; /* In */ +} __packed; + /** * struct sev_data_get_id - GET_ID command parameters * --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-yb1-f202.google.com (mail-yb1-f202.google.com [209.85.219.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7806E21C18F for ; Tue, 12 Nov 2024 23:23:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453803; cv=none; b=dcUEpY61Bb5Oger83Z0pAXgWmYcF18vcw+qD6U51SBOLReVp9Q/C7c/eJMnPwwN3bmi7IPyI7GeLzQ4kQZT4MaiEMLn2RjZeUMUZ6P4+29CU4nh/T6wVKBmNnW2Ye4vGm9J1vVkfzmB2SvDAnlsnRGC+OHGLHcXxiEiQVarWOhE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453803; c=relaxed/simple; bh=nrQ932Y51OSd35PUGLLbau3Ik/xAjs0b/JpSV31X09E=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dK+gdEaQD9CnyYlf6P5rZmVZeUwyy7pbP7fKtS2ZwVMuPvF+qbF8MJ7OwdTibK+6ln7jjiz9WZw89Y+Z5ANTj9RvxGQX7nUabOer5bEUBd+6a1wqTrAuHPIAjzW6TIz3FmyaSLHJXTImVsAN2ywsZ2t0nImjPdnrHdM1z6czNHQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=YP0vFrgg; arc=none smtp.client-ip=209.85.219.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="YP0vFrgg" Received: by mail-yb1-f202.google.com with SMTP id 3f1490d57ef6-e02fff66a83so9836526276.0 for ; Tue, 12 Nov 2024 15:23:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453800; x=1732058600; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=Bt+/i8WOI79fmEsLhJLm2DSvIqfPWJS+0C7yUqoIIto=; b=YP0vFrgg2SAOHtUbdnkmodfrms4ov+Yd2zQ8Ngou9kTROtOCkOS6zZDf/G0bDbp/yy Izb2c3TGG1GqKu5ENaRlI5RRssUCwaRifKckUZPFI5ucxCrn8LqPt9iE4i/y2Jv4Yj3n /7T1SFucX1vjrXpGsOPt/+0Kr7WlaEyBUeA23VOsVtoYItLNWSudK00/IUpoDe+TuBR6 kC6sBtlFb8jS1xIaaG1pt6k0kxs8rDR5lipbBciE8Vp+AhVyPlKJ383MnHJ0InUToTCb tu2zQWS8HlARffU2I94s2tvRoWl3u0pKuQNNH7i+vBQ60q0Q5cnTsXlm++us8OpkVA8T tOEQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453800; x=1732058600; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Bt+/i8WOI79fmEsLhJLm2DSvIqfPWJS+0C7yUqoIIto=; b=MXSv0RTLfOCUbRAcaR8bqsSxCdxv+OSD2um84QmMfnOXdr1zNOSTnyMgKvXLKRc/lA bRH8AaemvGoN7+oaD+xwOmMZSNIV52XqIV9j3ezPVB5QjXF0sPuPCrav3MHgELgdBF9R F62hshVJ2sZXbe4haZLU5nSAdvMx86SUtIJwEljsNYpxxQxx2oSTTimjxCeNoHsdnF9Z wPwa9NnPL9qzNKk7MqhRJ/c5l9DrU7KugaOdcX7rPwYQYRVcggIQn849xHNB2nZscemt 6XKzf7mP0gE/ey6WgkEATDKXozImk0/X1W+fDGyyPTf0Tsji/JaQGZHRUL5Jru3EGqXF WXTw== X-Gm-Message-State: AOJu0Yx9wtEW8ahMjVHQkh55N6F8kVtyL5FXCrs64Wz3unwRErSIdp/Y vu8/fOYMqR9yFRdJbnYKmWH68jX+Gd9mi3Qb8gd0QLs3y4nN+fjeXf7C9wNpfZ+vNz378m8Vvnm qp5CyDIqci3dt0sEMPPOalhMzs3UNKV7prIDuIsWmBhWOflEcwvyXvRYwoVHWFQLCZYAUdf554V nSGynO4xGSxlwApouKN78VbFxw2RlZ1ZgMiTUS0RKABaGDmXLuF7LiI1gUWBfU1SK6MMg= X-Google-Smtp-Source: AGHT+IFdlks+cHVJJN0Pm1E8tmmOb+T06jth8P3+F/l88/NwWk3D7aE601eTKR+ZXuZ8P7m48FGAuSVd9gtK10Y6+A== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a05:6902:1342:b0:e2b:da82:f695 with SMTP id 3f1490d57ef6-e35ed2520d6mr631276.6.1731453799997; Tue, 12 Nov 2024 15:23:19 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:46 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-8-dionnaglaze@google.com> Subject: [PATCH v6 7/8] KVM: SVM: Use new ccp GCTX API From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Guest context pages should be near 1-to-1 with allocated ASIDs. With the GCTX API, the ccp driver is better able to associate guest context pages with the ASID that is/will be bound to it. This is important to the firmware hotloading implementation to not corrupt any running VM's guest context page before userspace commits a new firmware. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 60 ++++++++---------------------------------- 1 file changed, 11 insertions(+), 49 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index d0e0152aefb32..5e6d1f1c14dfd 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -2156,51 +2156,12 @@ int sev_dev_get_attr(u32 group, u64 attr, u64 *val) } } =20 -/* - * The guest context contains all the information, keys and metadata - * associated with the guest that the firmware tracks to implement SEV - * and SNP features. The firmware stores the guest context in hypervisor - * provide page via the SNP_GCTX_CREATE command. - */ -static void *snp_context_create(struct kvm *kvm, struct kvm_sev_cmd *argp) -{ - struct sev_data_snp_addr data =3D {}; - void *context; - int rc; - - /* Allocate memory for context page */ - context =3D snp_alloc_firmware_page(GFP_KERNEL_ACCOUNT); - if (!context) - return ERR_PTR(-ENOMEM); - - data.address =3D __psp_pa(context); - rc =3D __sev_issue_cmd(argp->sev_fd, SEV_CMD_SNP_GCTX_CREATE, &data, &arg= p->error); - if (rc) { - pr_warn("Failed to create SEV-SNP context, rc %d fw_error %d", - rc, argp->error); - snp_free_firmware_page(context); - return ERR_PTR(rc); - } - - return context; -} - -static int snp_bind_asid(struct kvm *kvm, int *error) -{ - struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_activate data =3D {0}; - - data.gctx_paddr =3D __psp_pa(sev->snp_context); - data.asid =3D sev_get_asid(kvm); - return sev_issue_cmd(kvm, SEV_CMD_SNP_ACTIVATE, &data, error); -} - static int snp_launch_start(struct kvm *kvm, struct kvm_sev_cmd *argp) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; struct sev_data_snp_launch_start start =3D {0}; struct kvm_sev_snp_launch_start params; - int rc; + int rc, asid; =20 if (!sev_snp_guest(kvm)) return -ENOTTY; @@ -2226,7 +2187,8 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) if (params.policy & SNP_POLICY_MASK_SINGLE_SOCKET) return -EINVAL; =20 - sev->snp_context =3D snp_context_create(kvm, argp); + asid =3D sev_get_asid(kvm); + sev->snp_context =3D sev_snp_create_context(argp->sev_fd, asid, &argp->er= ror); if (IS_ERR(sev->snp_context)) return PTR_ERR(sev->snp_context); =20 @@ -2241,7 +2203,7 @@ static int snp_launch_start(struct kvm *kvm, struct k= vm_sev_cmd *argp) } =20 sev->fd =3D argp->sev_fd; - rc =3D snp_bind_asid(kvm, &argp->error); + rc =3D sev_snp_activate_asid(sev->fd, asid, &argp->error); if (rc) { pr_debug("%s: Failed to bind ASID to SEV-SNP context, rc %d\n", __func__, rc); @@ -2865,23 +2827,23 @@ int sev_vm_copy_enc_context_from(struct kvm *kvm, u= nsigned int source_fd) static int snp_decommission_context(struct kvm *kvm) { struct kvm_sev_info *sev =3D &to_kvm_svm(kvm)->sev_info; - struct sev_data_snp_addr data =3D {}; - int ret; + int ret, error; =20 /* If context is not created then do nothing */ if (!sev->snp_context) return 0; =20 - /* Do the decommision, which will unbind the ASID from the SNP context */ - data.address =3D __sme_pa(sev->snp_context); + /* + * Do the decommision, which will unbind the ASID from the SNP context + * and free the context page. + */ down_write(&sev_deactivate_lock); - ret =3D sev_do_cmd(SEV_CMD_SNP_DECOMMISSION, &data, NULL); + ret =3D sev_snp_guest_decommission(sev->fd, sev->asid, &error); up_write(&sev_deactivate_lock); =20 - if (WARN_ONCE(ret, "Failed to release guest context, ret %d", ret)) + if (WARN_ONCE(ret, "Failed to release guest context, ret %d fw err %d", r= et, error)) return ret; =20 - snp_free_firmware_page(sev->snp_context); sev->snp_context =3D NULL; =20 return 0; --=20 2.47.0.277.g8800431eea-goog From nobody Sat Nov 23 12:28:31 2024 Received: from mail-pf1-f201.google.com (mail-pf1-f201.google.com [209.85.210.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 94D5D21EBAC for ; Tue, 12 Nov 2024 23:23:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453810; cv=none; b=XbCqL3taUzQzPfcZ2yJaDyyGYGKLpfGEeZ1MK9RPD1SKubgBu9Lre4L2ue+FHFjRpdIMn/cM5Rt/OPJFMGOOoYDGyZr2seGTbKlv9/fBw6D+gMDAGdNHT2QR1Gov5gjIK60p6eSunm4ts5cXstHTyjj27hq5UzVnCWaFDtJWuDI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731453810; c=relaxed/simple; bh=YSlU6X6JKLSeLbKMBuH/mDkE4l3HevChh3sRmgLUBXI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=u0LI4VxH3EPjOqIWRRPQJ3k91axpwodpbxWbJcVqmUBAKJdWpF2KMHLVrRb1yul33s13x29SkzfstjG0RSoGJyTNU7K5szmDrQhK6ZMf9Q1teA4D9Uo7BTQHARMMH9iulzI8X8+NTs0gVKvwFdo4F+Ot3q3KxH4x9dDuJJ3xa/Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=1O9C3TMG; arc=none smtp.client-ip=209.85.210.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--dionnaglaze.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="1O9C3TMG" Received: by mail-pf1-f201.google.com with SMTP id d2e1a72fcca58-71e578061ffso7341124b3a.1 for ; Tue, 12 Nov 2024 15:23:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1731453806; x=1732058606; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=OuDWJG60RHXCqzpUFxAGPdqK8IqvXAJsitjiTXr/4nE=; b=1O9C3TMG+iTQoIKcUXKvgnQLeCkN6Oz7UldGVF3DN5ta0TRKP0ukY4L5HYWj4IImgt kHquRf26fByKDfTVtJn3i+vrsjKdbtz8i4bnmkmJd26+3FnVa14681KtWbsLyRIXkBpw 1padD4NhaVsPFNXRQk7XTLWxtSt4uDCoyTa9f8TrDS9uExPvVvTMZmSMh6Vq8InmJ3oZ E/MEfbbnlFjQLTp221EwPsoS4ZS2npAZN9ybf+jHVq/UaNgdO6Nc+9YaeacDdICEiC8f vAKTUkjIaE5e1GqJ2dQAMaRR6T80wAjjqYXSGtiKQVyFloaF4thBqtwZvFvZ2t0zrFnT bcpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1731453806; x=1732058606; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=OuDWJG60RHXCqzpUFxAGPdqK8IqvXAJsitjiTXr/4nE=; b=IO3bJnRojvM/61Np8Iup6gCIXWKmIxJ6zr2vL4QXzole6WFWCDVRzg1cwXUTUoPFlw djpRGMfxrScaO2Tz7TfpZC6RMX09MfZ0nPmaDp5vw13E0Rt4PyF5zjiE6eNkNQLTszLL VNfbfhAXhrsKqGw9m+FMYFxoTzQXg3VgKI1tsqkDdXDNvWvK0Tmfzit6/Qk3yiItSjgB RZYZeA85W45lp1SbORsweYdVRI7GAzxbaRoGDhACsM3aKCMIadWk/hnB4F+1QeaqprWv Ae5jacafMWGYvkn6o0ElXl1E5OyhOUOmwPSB0Zjx9Fiqn7CIu6V0qecWdKgfkVYXcNIH LTww== X-Gm-Message-State: AOJu0YzSIr5cVoRLt6S/PMzX6maw+ZkMOBbTwVvZ9NQh+uDQmFbVwB/Z Ww3s6VQr/+6w2bX8+dSfLN8z34ddESSIYN1njVYn7q4VkSaCvjH3b97qSoqBjcl42Fp+ZW4hOK9 wmsPPIcL9Gea6YpkRWg75jyLMqBAFMrUTKNnI9Ey2bVeBu+Fu71NfTHWsB4cGMLnvq2TVD0uDIj /96wjz5oYIK9avWEVfAn+R84P69hgXsIqq189kN71dDTRkQDilG26MvA3J7OkymOelWrY= X-Google-Smtp-Source: AGHT+IE6zPnpQVIS7blTj/Vhu9TTjYHNmJoBXH4WGKbfY0DY+2UePrQxclpNCjF7vH3HqWjU/xgzhv/gANZuiZaWCA== X-Received: from dionnaglaze.c.googlers.com ([fda3:e722:ac3:cc00:36:e7b8:ac13:c9e8]) (user=dionnaglaze job=sendgmr) by 2002:a62:ee0d:0:b0:720:2e1a:de with SMTP id d2e1a72fcca58-7244a4fcc54mr33020b3a.1.1731453804651; Tue, 12 Nov 2024 15:23:24 -0800 (PST) Date: Tue, 12 Nov 2024 23:22:47 +0000 In-Reply-To: <20241112232253.3379178-1-dionnaglaze@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20241112232253.3379178-1-dionnaglaze@google.com> X-Mailer: git-send-email 2.47.0.277.g8800431eea-goog Message-ID: <20241112232253.3379178-9-dionnaglaze@google.com> Subject: [PATCH v6 8/8] KVM: SVM: Delay legacy platform initialization on SNP From: Dionna Glaze To: linux-kernel@vger.kernel.org, x86@kernel.org, Sean Christopherson , Paolo Bonzini , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , "H. Peter Anvin" Cc: linux-coco@lists.linux.dev, Dionna Glaze , Ashish Kalra , Tom Lendacky , John Allen , Herbert Xu , "David S. Miller" , Michael Roth , Luis Chamberlain , Russ Weight , Danilo Krummrich , Greg Kroah-Hartman , "Rafael J. Wysocki" , Tianfei zhang , Alexey Kardashevskiy , kvm@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" When no SEV or SEV-ES guests are active, then the firmware can be updated while (SEV-SNP) VM guests are active. CC: Sean Christopherson CC: Paolo Bonzini CC: Thomas Gleixner CC: Ingo Molnar CC: Borislav Petkov CC: Dave Hansen CC: Ashish Kalra CC: Tom Lendacky CC: John Allen CC: Herbert Xu CC: "David S. Miller" CC: Michael Roth CC: Luis Chamberlain CC: Russ Weight CC: Danilo Krummrich CC: Greg Kroah-Hartman CC: "Rafael J. Wysocki" CC: Tianfei zhang CC: Alexey Kardashevskiy Co-developed-by: Ashish Kalra Signed-off-by: Ashish Kalra Reviewed-by: Ashish Kalra Signed-off-by: Dionna Glaze --- arch/x86/kvm/svm/sev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 5e6d1f1c14dfd..507ed87749f55 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -444,7 +444,11 @@ static int __sev_guest_init(struct kvm *kvm, struct kv= m_sev_cmd *argp, if (ret) goto e_no_asid; =20 - init_args.probe =3D false; + /* + * Setting probe will skip SEV/SEV-ES platform initialization for an SEV-= SNP guest in order + * for SNP firmware hotloading to be available when only SEV-SNP VMs are = running. + */ + init_args.probe =3D vm_type !=3D KVM_X86_SEV_VM && vm_type !=3D KVM_X86_S= EV_ES_VM; ret =3D sev_platform_init(&init_args); if (ret) goto e_free; --=20 2.47.0.277.g8800431eea-goog