[v12,02/19] x86/sev: Handle failures from snp_init()

Message ID	20241009092850.197575-3-nikunj@amd.com (mailing list archive)
State	New, archived
Headers	show Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2078.outbound.protection.outlook.com [40.107.212.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 77DC018CBF9; Wed, 9 Oct 2024 09:29:21 +0000 (UTC) Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C From: Nikunj A Dadhania <nikunj@amd.com> To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>, <x86@kernel.org>, <kvm@vger.kernel.org> CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>, <pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>, <nikunj@amd.com> Subject: [PATCH v12 02/19] x86/sev: Handle failures from snp_init() Date: Wed, 9 Oct 2024 14:58:33 +0530 Message-ID: <20241009092850.197575-3-nikunj@amd.com> In-Reply-To: <20241009092850.197575-1-nikunj@amd.com> References: <20241009092850.197575-1-nikunj@amd.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain
Series	Add Secure TSC support for SNP guests \| expand [v12,00/19] Add Secure TSC support for SNP guests [v12,01/19] virt: sev-guest: Use AES GCM crypto library [v12,02/19] x86/sev: Handle failures from snp_init() [v12,03/19] x86/sev: Cache the secrets page address [v12,04/19] virt: sev-guest: Consolidate SNP guest messaging parameters to a struct [v12,05/19] virt: sev-guest: Reduce the scope of SNP command mutex [v12,06/19] virt: sev-guest: Carve out SNP message context structure [v12,07/19] x86/sev: Carve out and export SNP guest messaging init routines [v12,08/19] x86/sev: Relocate SNP guest messaging routines to common code [v12,09/19] x86/cc: Add CC_ATTR_GUEST_SNP_SECURE_TSC [v12,10/19] x86/sev: Add Secure TSC support for SNP guests [v12,11/19] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests [v12,12/19] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests [v12,13/19] x86/sev: Mark Secure TSC as reliable clocksource [v12,14/19] tsc: Use the GUEST_TSC_FREQ MSR for discovering TSC frequency [v12,15/19] tsc: Upgrade TSC clocksource rating [v12,16/19] x86/kvmclock: Use clock source callback to update kvm sched clock [v12,17/19] x86/kvmclock: Abort SecureTSC enabled guest when kvmclock is selected [v12,18/19] x86/cpu/amd: Do not print FW_BUG for Secure TSC [v12,19/19] x86/sev: Allow Secure TSC feature for SNP guests

Message ID

20241009092850.197575-3-nikunj@amd.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (protection.outlook.com: domain of amd.com designates
 165.204.84.17 as permitted sender) receiver=protection.outlook.com;
 client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C
From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <thomas.lendacky@amd.com>, <bp@alien8.de>,
	<x86@kernel.org>, <kvm@vger.kernel.org>
CC: <mingo@redhat.com>, <tglx@linutronix.de>, <dave.hansen@linux.intel.com>,
	<pgonda@google.com>, <seanjc@google.com>, <pbonzini@redhat.com>,
	<nikunj@amd.com>
Subject: [PATCH v12 02/19] x86/sev: Handle failures from snp_init()
Date: Wed, 9 Oct 2024 14:58:33 +0530
Message-ID: <20241009092850.197575-3-nikunj@amd.com>
In-Reply-To: <20241009092850.197575-1-nikunj@amd.com>
References: <20241009092850.197575-1-nikunj@amd.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Oct 2024 09:29:17.9063
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 be4ccdf3-07dc-4634-0c31-08dce844d93d
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com]
X-MS-Exchange-CrossTenant-AuthSource: 
	BL02EPF00021F68.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB7571

Series

Add Secure TSC support for SNP guests | expand

Commit Message

Nikunj A. Dadhania Oct. 9, 2024, 9:28 a.m. UTC

Address the ignored failures from snp_init() in sme_enable(). Add error
handling for scenarios where snp_init() fails to retrieve the SEV-SNP CC
blob or encounters issues while parsing the CC blob. Ensure that SNP guests
will error out early, preventing delayed error reporting or undefined
behavior.

Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
---
 arch/x86/mm/mem_encrypt_identity.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

Comments

Tom Lendacky Oct. 16, 2024, 4:16 p.m. UTC | #1

On 10/9/24 04:28, Nikunj A Dadhania wrote:
> Address the ignored failures from snp_init() in sme_enable(). Add error
> handling for scenarios where snp_init() fails to retrieve the SEV-SNP CC
> blob or encounters issues while parsing the CC blob. Ensure that SNP guests
> will error out early, preventing delayed error reporting or undefined
> behavior.
> 
> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>

Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
>  arch/x86/mm/mem_encrypt_identity.c | 11 +++++++----
>  1 file changed, 7 insertions(+), 4 deletions(-)
> 
> diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
> index ac33b2263a43..e6c7686f443a 100644
> --- a/arch/x86/mm/mem_encrypt_identity.c
> +++ b/arch/x86/mm/mem_encrypt_identity.c
> @@ -495,10 +495,10 @@ void __head sme_enable(struct boot_params *bp)
>  	unsigned int eax, ebx, ecx, edx;
>  	unsigned long feature_mask;
>  	unsigned long me_mask;
> -	bool snp;
> +	bool snp_en;
>  	u64 msr;
>  
> -	snp = snp_init(bp);
> +	snp_en = snp_init(bp);
>  
>  	/* Check for the SME/SEV support leaf */
>  	eax = 0x80000000;
> @@ -531,8 +531,11 @@ void __head sme_enable(struct boot_params *bp)
>  	RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV);
>  	feature_mask = (msr & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
>  
> -	/* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */
> -	if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED))
> +	/*
> +	 * Any discrepancies between the presence of a CC blob and SNP
> +	 * enablement abort the guest.
> +	 */
> +	if (snp_en ^ !!(msr & MSR_AMD64_SEV_SNP_ENABLED))
>  		snp_abort();
>  
>  	/* Check if memory encryption is enabled */

diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
index ac33b2263a43..e6c7686f443a 100644
--- a/arch/x86/mm/mem_encrypt_identity.c
+++ b/arch/x86/mm/mem_encrypt_identity.c
@@ -495,10 +495,10 @@  void __head sme_enable(struct boot_params *bp)
 	unsigned int eax, ebx, ecx, edx;
 	unsigned long feature_mask;
 	unsigned long me_mask;
-	bool snp;
+	bool snp_en;
 	u64 msr;
 
-	snp = snp_init(bp);
+	snp_en = snp_init(bp);
 
 	/* Check for the SME/SEV support leaf */
 	eax = 0x80000000;
@@ -531,8 +531,11 @@  void __head sme_enable(struct boot_params *bp)
 	RIP_REL_REF(sev_status) = msr = __rdmsr(MSR_AMD64_SEV);
 	feature_mask = (msr & MSR_AMD64_SEV_ENABLED) ? AMD_SEV_BIT : AMD_SME_BIT;
 
-	/* The SEV-SNP CC blob should never be present unless SEV-SNP is enabled. */
-	if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED))
+	/*
+	 * Any discrepancies between the presence of a CC blob and SNP
+	 * enablement abort the guest.
+	 */
+	if (snp_en ^ !!(msr & MSR_AMD64_SEV_SNP_ENABLED))
 		snp_abort();
 
 	/* Check if memory encryption is enabled */

[v12,02/19] x86/sev: Handle failures from snp_init()

Commit Message

Comments

Patch