From patchwork Fri Jun 21 12:38:40 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707540 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2084.outbound.protection.outlook.com [40.107.236.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 173871553A4; Fri, 21 Jun 2024 12:39:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973576; cv=fail; b=jrWo/vvMYRZjSdyXtBcsyj8ltcknkhLsNmZg1McBaogWpxYl7SfADfB+Bkg31HuSIyWngycJQ1BzIxvCr0bPgv2YIIu97p/zbr075+hyQfFI3Hj0W+EjZqclhQJ8GAu+hakrEc1RE/VC5jnwJgAGDwoMlcsUAIuHqWkttLcyDHM= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973576; c=relaxed/simple; bh=pH+7Mi1wfOYSzxRx4T4ieBvAXOvgoIDrMt6Lrfo6tAU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qBJw5nJv3XNyflQUG8Hq5RxR0Qyqi9m7pBsyKCjfiidkH4qxo1gWeHRRLHEFHRzL3A2gedO0lRaDvGeI7+F21m61OVm5mPacMxna4beY98X1pZxjTa0OVC9ZD3G2aFDcgKh08Om8pCKecg7woFR0YWNEle4zagFW0dt/Vk6k3Mw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=PRLebZum; arc=fail smtp.client-ip=40.107.236.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="PRLebZum" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KzdqjO1hzHolMBG0Nk/hsLNA9N5VKPBALqYYtujTkFipB9T8o9hojHz/HfNxE+rJkFvOG5U0gVrgyziYV5Yh/3qY3hpOM/cJt+euFoUpWOGY3wDwYFY5uhiGfSMOckwm7qcQNWCACnHEOxEUQsYQA4Dc8cfvJnFiP2dKHINO6v+vofAUWTTOR2HNJOrmX2INy9u3rDAubwrfEq9vKzWfsAmL6h9KML6nwMq3GwKPBp1PNIg8ArV3q6lz9gFvCedveot6a3F/MfXQbgZCXHC5r8aUevO9oRbZv0jQlPu048fRkxY/GzDjK2pktzIaVgeRN+OtCk4w0w+q+IeLqGoWfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LiWC1UbXrzI1siszJ7oYqa20s78OudQadAHAYyf8DR0=; b=l5W/0CjFqYI8oXCfcMj7rGWx7ZNjWR6PrF45X18qvet2yxXPdLfadj3a5eQwkDOBoTanbjMSsPj7speZxwFlEs2NerknYrjAUSCYvEureOujZcanUIgdtE5+6Kl0PO2UY12UeSURwmcVGfL5gSdjheb2b9LqJwhhywdo8+BFUpURv1yl3J18iwVTi0gXVCRjVPALUZ8yNYI25XerBc7oNSbRuutcNYc/URA4emwFahcuDKjlRkI9SUnRTKcmwIVvWv7bHtYMnKsCdq9/BPxJ6yT/Wvp/vbWvuNYUwj2DTRYrgrbR5l73A9OW9HYf0lpxVIOXvljR/sknqjAeQJysdg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LiWC1UbXrzI1siszJ7oYqa20s78OudQadAHAYyf8DR0=; b=PRLebZumbGiVgDGe4/d6WoGVwQ1KE4vytwSAZIQw9c/bh55QDXdmNbYZeAb/WHpIJU0zrwct9tJEiRKCJB4jVMpiUTWKPXNPHNcizVAVj8zhoCHkEUP3m2Q7Zvjn1fSqlxn1YJRwEsDb5QPOAt1EPWWCAq3cDZ77AR8rAhUmGEc= Received: from PH7P220CA0031.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:32b::32) by IA0PR12MB7700.namprd12.prod.outlook.com (2603:10b6:208:430::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:39:30 +0000 Received: from SN1PEPF00036F3C.namprd05.prod.outlook.com (2603:10b6:510:32b:cafe::87) by PH7P220CA0031.outlook.office365.com (2603:10b6:510:32b::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3C.mail.protection.outlook.com (10.167.248.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:29 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:25 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 01/24] virt: sev-guest: Use AES GCM crypto library Date: Fri, 21 Jun 2024 18:08:40 +0530 Message-ID: <20240621123903.2411843-2-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3C:EE_|IA0PR12MB7700:EE_ X-MS-Office365-Filtering-Correlation-Id: 5aef7603-3bbf-4093-de8b-08dc91ef31ce X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|36860700010|1800799021|376011|7416011; X-Microsoft-Antispam-Message-Info: 9CQ71xH+WRg4DdufIDMhKtSQjsNsxnTDxduMxtwO7AGUBgg6RhKTbhHHlfxJ0WmoKdrc23q3AAhhviu7kr+5W1qyTLo/J67VQyZgShMwKByS+lPoP57BpBqmqtrzdWmcCBZ/pZUP90lV9/vmX8IPV2mxFRBJLRCR5ZGh/qwycN29ol5o5XGPlgcykIlHX0fDLRaQaT+CQtyVE7ZIk9M1NdHQPiVrXTcvwbAS6G6DAfUeU4TL3ajIcpaZpAvjGPE3LhSYEhfj0cpscDhpGMUxixoESTa8Qv20uQaGA/eLcy2pjyu2Iipvi+m5f7JA5xHa0n0jTeP/k8lnyhS8d2QFvzlBTy8e7qvr0+tGCHWsRm1MJ0rfIOjdtosfCO2BCdMvVYxibbEBFJJkhPBhFXGrOio1LTv2fQ1ef5x3hu4MRl997vVL2r1FEfIQGBVBV7MHWsxKzqdGEGiGtzpdGur75S0rnWLkMSjQce3Gwip/InbzOQZOQ/urfMmh/8xJIe1gc2WcWX7nwsXPptT3wBArSH6MsAFD/5cxRrp7eP7pDjBbDnYXxaGBfx8NstB7eZYi/9XuCATxvzWs6BEO92VV4tdp+mtNwlWjZ6g41khstyh8qJPp3uuokAXKkAzwBFqHGs0rNZAQiM41aDuAreVQs6Y453BeiXkLaQ0A0UQ3+QB9Y3PGGL6Jkz0IpiTP+3OP+8r6fV7THolGpE/rJwFfe0baejTYnSZi6mf49X5NZGis98+0U88YZDeQEGAyMfY7+GO35rZ2tMSdLyzrHCzc0fuQBE4e4DE0ok2lH/cvEtGr55nVmW7dDklLMijRyGn0TKr+MKFJuDp4ACpLVG/osThSD8O61EPhEQ8hM48tJCAY50tZ4OYATiRFPbAZgixfTsGDsBCz+yYgFPA0AwAaowG5y/bauzhtXAPyQqlpo795rOYE4lhMOosbhr9Y7mf13jsTdXuE7+GO/KjN5tRnPzEbs8Pvw9tOiA/cSEZoIvTclSp8ojFNbTiPAj2mTrQsbhLsPWccQTisXoO3i+rMScSd7J9d+++5J+WJhTin2eXDv+FRgzmcGVVSocJP7rO6us/kLloAjRg/LOshfYVNMvzqi9AVuTqnOkFd7xzAHNih8OD6XdUmyiLvgVYQlTSp/GxrVdfPV6xMiEjB3OUN6e3V2WZV2IH6WzK5563QHVyo34QXcOOcwB+cqsWRDkLnXsAOZH02aQrOp/kalQONi61S83p5HN4nmG5WR/5OIaataj6U0Kan/wLMQcz8EZOuMbobog2jbt33qFPzJHr4dzUu9Zjq3TpEbJuxiiVypsIU9EmxoGkty9mM9UHFSS/c3Pk0wsCkTRcYah+EFT+z3IW7RZPYqYie8qOx9dSliIfL/HwZD5HyHUOBxXN1mww6M2FWuqT6n2GvM5tOWbE60A== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(36860700010)(1800799021)(376011)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:29.6276 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5aef7603-3bbf-4093-de8b-08dc91ef31ce X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3C.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7700 The sev-guest driver encryption code uses the crypto API for SNP guest messaging with the AMD Security processor. In order to enable secure TSC, SEV-SNP guests need to send such a TSC_INFO message before the APs are booted. Details from the TSC_INFO response will then be used to program the VMSA before the APs are brought up. However, the crypto API is not available this early in the boot process. In preparation for moving the encryption code out of sev-guest to support secure TSC and to ease review, switch to using the AES GCM library implementation instead. Drop __enc_payload() and dec_payload() helpers as both are small and can be moved to the respective callers. CC: Ard Biesheuvel Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky Tested-by: Peter Gonda Acked-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.h | 3 + drivers/virt/coco/sev-guest/sev-guest.c | 175 ++++++------------------ drivers/virt/coco/sev-guest/Kconfig | 4 +- 3 files changed, 43 insertions(+), 139 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h index 21bda26fdb95..ceb798a404d6 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -13,6 +13,9 @@ #include #define MAX_AUTHTAG_LEN 32 +#define AUTHTAG_LEN 16 +#define AAD_LEN 48 +#define MSG_HDR_VER 1 /* See SNP spec SNP_GUEST_REQUEST section for the structure */ enum msg_type { diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 37522886ae95..dcdbfc5e5af0 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -17,8 +17,7 @@ #include #include #include -#include -#include +#include #include #include #include @@ -33,26 +32,18 @@ #include "sev-guest.h" #define DEVICE_NAME "sev-guest" -#define AAD_LEN 48 -#define MSG_HDR_VER 1 #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) #define SNP_REQ_RETRY_DELAY (2*HZ) #define SVSM_MAX_RETRIES 3 -struct snp_guest_crypto { - struct crypto_aead *tfm; - u8 *iv, *authtag; - int iv_len, a_len; -}; - struct snp_guest_dev { struct device *dev; struct miscdevice misc; void *certs_data; - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; /* request and response are in unencrypted memory */ struct snp_guest_msg *request, *response; @@ -171,132 +162,31 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) +static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) { - struct snp_guest_crypto *crypto; + struct aesgcm_ctx *ctx; - crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); - if (!crypto) + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + if (!ctx) return NULL; - crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); - if (IS_ERR(crypto->tfm)) - goto e_free; - - if (crypto_aead_setkey(crypto->tfm, key, keylen)) - goto e_free_crypto; - - crypto->iv_len = crypto_aead_ivsize(crypto->tfm); - crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); - if (!crypto->iv) - goto e_free_crypto; - - if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { - if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { - dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); - goto e_free_iv; - } + if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + pr_err("Crypto context initialization failed\n"); + kfree(ctx); + return NULL; } - crypto->a_len = crypto_aead_authsize(crypto->tfm); - crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); - if (!crypto->authtag) - goto e_free_iv; - - return crypto; - -e_free_iv: - kfree(crypto->iv); -e_free_crypto: - crypto_free_aead(crypto->tfm); -e_free: - kfree(crypto); - - return NULL; -} - -static void deinit_crypto(struct snp_guest_crypto *crypto) -{ - crypto_free_aead(crypto->tfm); - kfree(crypto->iv); - kfree(crypto->authtag); - kfree(crypto); -} - -static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, - u8 *src_buf, u8 *dst_buf, size_t len, bool enc) -{ - struct snp_guest_msg_hdr *hdr = &msg->hdr; - struct scatterlist src[3], dst[3]; - DECLARE_CRYPTO_WAIT(wait); - struct aead_request *req; - int ret; - - req = aead_request_alloc(crypto->tfm, GFP_KERNEL); - if (!req) - return -ENOMEM; - - /* - * AEAD memory operations: - * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ - * | msg header | plaintext | hdr->authtag | - * | bytes 30h - 5Fh | or | | - * | | cipher | | - * +------------------+------------------+----------------+ - */ - sg_init_table(src, 3); - sg_set_buf(&src[0], &hdr->algo, AAD_LEN); - sg_set_buf(&src[1], src_buf, hdr->msg_sz); - sg_set_buf(&src[2], hdr->authtag, crypto->a_len); - - sg_init_table(dst, 3); - sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); - sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); - sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); - - aead_request_set_ad(req, AAD_LEN); - aead_request_set_tfm(req, crypto->tfm); - aead_request_set_callback(req, 0, crypto_req_done, &wait); - - aead_request_set_crypt(req, src, dst, len, crypto->iv); - ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); - - aead_request_free(req); - return ret; -} - -static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - - return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); -} - -static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, - void *plaintext, size_t len) -{ - struct snp_guest_crypto *crypto = snp_dev->crypto; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - - /* Build IV with response buffer sequence number */ - memset(crypto->iv, 0, crypto->iv_len); - memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); - - return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); + return ctx; } static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_guest_msg *resp = &snp_dev->secret_response; struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *req_hdr = &req->hdr; struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); @@ -317,11 +207,16 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz)) + if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz)) return -EBADMSG; /* Decrypt the payload */ - return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len); + memcpy(iv, &resp_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_hdr->msg_seqno))); + if (!aesgcm_decrypt(ctx, payload, resp->payload, resp_hdr->msg_sz, + &resp_hdr->algo, AAD_LEN, iv, resp_hdr->authtag)) + return -EBADMSG; + + return 0; } static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, @@ -329,6 +224,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 { struct snp_guest_msg *req = &snp_dev->secret_request; struct snp_guest_msg_hdr *hdr = &req->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; memset(req, 0, sizeof(*req)); @@ -348,7 +245,14 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - return __enc_payload(snp_dev, req, payload, sz); + if (WARN_ON((sz + ctx->authsize) > sizeof(req->payload))) + return -EBADMSG; + + memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); + aesgcm_encrypt(ctx, req->payload, payload, sz, &hdr->algo, AAD_LEN, + iv, hdr->authtag); + + return 0; } static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, @@ -496,7 +400,6 @@ struct snp_req_resp { static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_req *req = &snp_dev->req.report; struct snp_report_resp *resp; int rc, resp_len; @@ -514,7 +417,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -536,7 +439,6 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { struct snp_derived_key_req *req = &snp_dev->req.derived_key; - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_derived_key_resp resp = {0}; int rc, resp_len; /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ @@ -552,7 +454,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp.data) + crypto->a_len; + resp_len = sizeof(resp.data) + snp_dev->ctx->authsize; if (sizeof(buf) < resp_len) return -ENOMEM; @@ -579,7 +481,6 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques { struct snp_ext_report_req *req = &snp_dev->req.ext_report; - struct snp_guest_crypto *crypto = snp_dev->crypto; struct snp_report_resp *resp; int ret, npages = 0, resp_len; sockptr_t certs_address; @@ -622,7 +523,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + crypto->a_len; + resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); if (!resp) return -ENOMEM; @@ -1145,8 +1046,8 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_free_response; ret = -EIO; - snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); - if (!snp_dev->crypto) + snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN); + if (!snp_dev->ctx) goto e_free_cert_data; misc = &snp_dev->misc; @@ -1172,11 +1073,13 @@ static int __init sev_guest_probe(struct platform_device *pdev) ret = misc_register(misc); if (ret) - goto e_free_cert_data; + goto e_free_ctx; dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); return 0; +e_free_ctx: + kfree(snp_dev->ctx); e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); e_free_response: @@ -1195,7 +1098,7 @@ static void __exit sev_guest_remove(struct platform_device *pdev) free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); - deinit_crypto(snp_dev->crypto); + kfree(snp_dev->ctx); misc_deregister(&snp_dev->misc); } diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index 1cffc72c41cb..0b772bd921d8 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,9 +2,7 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO - select CRYPTO_AEAD2 - select CRYPTO_GCM + select CRYPTO_LIB_AESGCM select TSM_REPORTS help SEV-SNP firmware provides the guest a mechanism to communicate with From patchwork Fri Jun 21 12:38:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707541 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2079.outbound.protection.outlook.com [40.107.101.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E6136155732; Fri, 21 Jun 2024 12:39:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.79 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973577; cv=fail; b=KFNQyrls9MwGVqgJTK/Rncz99FVjqa8TRqL7YpqieiUC0A8L+lc4jrqgbSAUjVoMBUMCGLlOqk76bpq7yUe6H/Uzq8c5ILTY4YBNpknqXNB4WEr5o0TpbssN+BFOK7UAIomXEKdyxjZ/F9ZU07d3ijCLwLQGnRs3mVdhzt176Ro= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973577; c=relaxed/simple; bh=Wna4lGwKQKv0OGFxdv4VelW+59GoPlAk0D8a2EE8X98=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=CeBez22gp+f9yFGVbF2G3j0RW9fUblTYFNPtQussEqjDkCrXsI2pVbSKLYVeGb8GLji97ooqb1OU3bw4mMs6yCHQV7LJa7KGAsteruuq0PF6+I/V97eu+X3k+9GwujvQ6zd2ekh+d9rfsnPG/gBEEtjKz4heoGzSDSrcc5JYUac= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Lb9Y35iQ; arc=fail smtp.client-ip=40.107.101.79 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Lb9Y35iQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FNLWAeLUe0elN0PzaDm1uXJ0uFtGNF5Os3X76aHIVSiUvqKiztHSI3Ndqi9ROTKej20wGaV9DGhEsq6Jz2BkZ7fmkbFla32w8Dt4dPp4yHJ8wFHQ5ukHbW+/QuVMNadWLZ5TtFg/80+VbuRTGwOkKTsDjDTRctgl3KiPcvWufMzV+C6CbwXGdadN904ir35VXb9xZ2aW5KSEhw4LO6nNHLm4/h7VqooILrdj5tfFAEHxqZx2vVmLrDZQHwtahKMwyVAVDjj8OAvjmdN7dAotYGPlA8G59WwEFveiRq/0l3mF07Q0nKLL7koM8BN3rVTbS4CmHYPBGymdbD3W/sWJgQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=67mx2JNkNDBcCBCSKnQOT6kg9EWXwlovP8NOcK5meDA=; b=Ip+W2M9AO+BfeXQMjy244BvrRza3zoDj6NKpI73zpveB+o55rt3aRZB8tn3oyZ8x40Jk6SNLLJb+9YHVKgvxExUvWzAaS1iL3QkQbce1E8UU/q2uhg5Z7+0ljxDHZ9YlMFYHpbsPF0Bj2Bm3KGy769oYqqQbEWjcdtfl0K5rqVCotDeBJLxeSt7YgRcpz7BqahXq7M37G56Ro7RQ8JvkYQYNmvM7koC3KFLHb/slWtclAZ4dHFhvTuKpAB9qHG9W2260Lc63BZB2WDseGPJTh0eOy/zvPXgiHFwZqQYpoLRFbQsIgxfW1sz92Xsz8fzTvLk7xWgvYyicqQXV4z04Wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=67mx2JNkNDBcCBCSKnQOT6kg9EWXwlovP8NOcK5meDA=; b=Lb9Y35iQZkqX/lLiexLfQGp6VYBsvwghWCm5+CTQeUDD5FYpbhYsrL02JGSziQAc81Gq8atuCRHt1pfaeZzssUvSNb0gVzlh6dSXB58GQnuWxO89mJC0O86n6CI74VShdNh6kROHStI9GpllGFsPCAqiU3qOAfpUG0sH2zxa6vQ= Received: from SN6PR05CA0024.namprd05.prod.outlook.com (2603:10b6:805:de::37) by MN2PR12MB4206.namprd12.prod.outlook.com (2603:10b6:208:1d5::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.20; Fri, 21 Jun 2024 12:39:33 +0000 Received: from SN1PEPF00036F3E.namprd05.prod.outlook.com (2603:10b6:805:de:cafe::6d) by SN6PR05CA0024.outlook.office365.com (2603:10b6:805:de::37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.33 via Frontend Transport; Fri, 21 Jun 2024 12:39:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3E.mail.protection.outlook.com (10.167.248.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:33 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:28 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 02/24] virt: sev-guest: Replace dev_dbg with pr_debug Date: Fri, 21 Jun 2024 18:08:41 +0530 Message-ID: <20240621123903.2411843-3-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3E:EE_|MN2PR12MB4206:EE_ X-MS-Office365-Filtering-Correlation-Id: d77502ac-f2de-48f3-8498-08dc91ef33f9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|376011|7416011|36860700010|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: IKTixGMmxmMVTFqRV8UV9IQ2upD8BjyVveDPqV7cmsYMgQO4QkXcrXOmA0PlNK3Vzo+e9n63+VoKc5F466OoiXlqBmwFL4Hzeg/Ib6yVz9OpT139CWjphshtlCsGliZjXPy43lumC6zMBDQGhVZxhNzBMLXOsy9Pka2N2SZ1b5Z5Mp5H2LQDURD/2yePOnb8GYKUDPn7oD3VtR4MbkQfH4p3OsV4e0/HFMzIv3WcOIHqN/ybZIbTFVFjN9TFbthuEPwgNtVFOuCUOZZX3EEGYj7bo0iLOct8i9RcrRxmG2fFSnXsMvRjQVccZghcr1A/Jd50DwyJWIdMrk5UM90IgxguPnIOA4lrLgZXhL4QJdqHwY4QBcIC5q0IBqorhv/ngb3TuHtICArniLOUoRwVrqX1qy3m583Tm/gSV5QNeb8va3Bp+GEYaxAg7OrAImh5Zz00zJJxf8RMbLANrlBsHDeQYdTyTlcMy5iZZyzgOvAxr8drXc4tWo5hUt589AIca+yeJuYNnqEKLkoCnz3miI92RN3euccKPkpCZPq5z1sk7hCTS+2pDw9o36k53vcn6GaferERyWCV+MRlfoKAGLx06Xl63Gkk5nNCL+yBxwAAnlT+zetXzpMRNzPmDubiqAam6G5WXnXnnBm/FZbpZleuLhVZb0FWUHxo3zEqcsomrKdJ5oBa7tEo4TxZFkRmn7dXrDTB1gREqy/UoTcj5ZOlpanfBWMgtTn9hDbaPVuGuJWQYLBa9w6NvMtwM52gCutdXGhVuFD7epsd89oJ+Fzw7o9nKWP79Yjrwi8ogI9mJgW3gh6oYnPV+dmYw+mTjE9F/Bd5ZaPWRxx8+uvpUdix/te2cAUAfVxFz509Y+yh256jEKB8CV41MPeljHsF1Z9OIgkixUOvbz/CdtlcHGIXn/dCJQAXQgkov4XFHVxeH/JKOzI3lo4BSG5Y/RfomRwmpRtVNKqDZ+TnWrpGm51dyNBvo/JTthogk1ZAjqlTZRw/CifPROmlXWc9x5tK3elLELCCyNDRNLUedTOrcepOJM7VTXpBpcd1aBsOyX4js4ibTbqanp4iYj9Rr43O2PLkL8a6vxhBv0bJn1OKVX1OtWOp0ZQVU1FkIDdd2s8wxOTHiB8eZSQNeUKeRXN/5gAmob+X5WUAUI1k1HtaUUPJq7GyZaEpHzp4WYVAomAUQIQRK9LkghGIHe8kVwASCMmpnDMBDynK9yOvYy6rqnHl+V9OoLDSBUSHXzLRFizMKbNx9Fe3kWIG2+IV0mUnfKRp1IQ4SmGcHmWdmMh4Lf3cWQ16Z0popQ4xX9jwlqcSAAkmEz+Sw13nJAMy++kQOlo/WlABS6y1DRFiT/YbLLsL1zMGkCN8etdNBo7fM1WDWY7qBp2ooYMTJpryDVzG1PsF/MtcprfH47XCXDoHAA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(376011)(7416011)(36860700010)(1800799021)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:33.3094 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d77502ac-f2de-48f3-8498-08dc91ef33f9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4206 In preparation of moving code to arch/x86/coco/sev/core.c, replace dev_dbg with pr_debug. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky Tested-by: Peter Gonda Reviewed-by: Borislav Petkov (AMD) --- drivers/virt/coco/sev-guest/sev-guest.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index dcdbfc5e5af0..831a32e522b2 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -188,8 +188,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, struct aesgcm_ctx *ctx = snp_dev->ctx; u8 iv[GCM_AES_IV_SIZE] = {}; - dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", - resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); + pr_debug("response [seqno %lld type %d version %d sz %d]\n", + resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, + resp_hdr->msg_sz); /* Copy response from shared memory to encrypted memory. */ memcpy(resp, snp_dev->response, sizeof(*resp)); @@ -242,8 +243,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 if (!hdr->msg_seqno) return -ENOSR; - dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); + pr_debug("request [seqno %lld type %d version %d sz %d]\n", + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); if (WARN_ON((sz + ctx->authsize) > sizeof(req->payload))) return -EBADMSG; From patchwork Fri Jun 21 12:38:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707542 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2063.outbound.protection.outlook.com [40.107.92.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5CAD115A84D; Fri, 21 Jun 2024 12:39:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973583; cv=fail; b=YFxjja5Y2qDMe8RIKwBbFkB1Sm4t3B0lwTYHwDrh1yq4zG7o01RZgkHcWKfR0LWk6m4OcwMyDyakJN9dxib9gW7H1z8ISbcaS6BhcT6EMroe8WLQsgiTxVNLB9gfnm+2gbapzyqd9B0SHjhatz4CSg7AbbWhzRraECbv5d0Fwqs= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973583; c=relaxed/simple; bh=eXsVicyoTZJzFjDsBeDEwJy6gb58WZKMczOYBJEKQuk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=p/TOY54+RPfp27G6kBX6BFI9ZVhREerwJqhEapCxwA98cDMH9A1gBKO0HG3S4BdrhRKawLJvZ6huLrqT7WmzF5J7sgPgBL/v/6NqzQkH6KNzW3sLYIeQqOtkeuO4k3CuYVu4fv3rBrgJzyj8PvgqecXqetB9TF8UXxm8W1h/q7Q= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=AWPJ5RWq; arc=fail smtp.client-ip=40.107.92.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="AWPJ5RWq" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XYFAi7TdIuGAtdXSmAEykIe41CCx8ShzS1mUGcAKP3tGJLgzBvQO2bwwgE7/WKvbmpZJUA/fwj09Ucou/qTl+1aEUz2idLdOYv7XGUXaxm67Uo65Ti4l3VUdOEtvyq2GDtD3g9JfJfbeyEBi3LSITtPso13wX9Psut9z6CZ1PQeDiaUiRwQy+Bfm/bQQeeZeXEW6dZ1ruEerARC0JgamxOU9bv1FkuBRh2SmalESrJokHZdo/wF3N9WvOushURzX74lLI2/OSw99E0n4SNJvunVvRkP3SjhvXE/O3lomiXF0yozqN/wFf6CE9xDXzEd0caD3dgEwWcN+EWPtndhJ7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JhZyDfwcuWNEWOyGTq6F+CrJQ5uaP3r+uxgSi4KFk/I=; b=XZU107lvRUP9fc8hW9X3H+p0MPRrsjxsAr4Nea9lzaynL0X3muZf5Oxcq6r9BT51U/sSkiI+Jao0jFMID6wmJVZ6+F1EtQGA8McgKKYfqKX/JZZvWlaJpAaAsXtWDiYmCQM6sHscd6K9u5TYRXF5v1FU2SJIBQalIYUBD/n5Ln8sN8hd1IV0EV6bAwaP0XkLuHpmCsmof123WxqJUgoxaLCb9TlM+jh4qWVTIdQ74UnicNdcn8DvesO8yIKRep51wO61JCC6jR5vgF23wrAF5q+GOdLrMD53rJw7s2L9Q83OWLx9pfwNylgpYbDFvduqphWGbqD7iwDivgRSJt9s2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JhZyDfwcuWNEWOyGTq6F+CrJQ5uaP3r+uxgSi4KFk/I=; b=AWPJ5RWqmnq3R66F1XCfAO4Rorb5MbFBKJ1LoyXsJdnSR5ab5I3W1sMukLRucyma17TStyEwuFRRbD3MEXrc5/TS652rO7+4R7lKoo1NnJnoluyyKgsD+JeI5HXu6wdQUKr8Vv4nNqXd623JK2IGYkyMHU+ddkGzU3ptOIREBco= Received: from PH8PR02CA0001.namprd02.prod.outlook.com (2603:10b6:510:2d0::19) by LV3PR12MB9143.namprd12.prod.outlook.com (2603:10b6:408:19e::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.24; Fri, 21 Jun 2024 12:39:37 +0000 Received: from SN1PEPF00036F43.namprd05.prod.outlook.com (2603:10b6:510:2d0:cafe::90) by PH8PR02CA0001.outlook.office365.com (2603:10b6:510:2d0::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:37 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F43.mail.protection.outlook.com (10.167.248.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:36 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:32 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 03/24] virt: sev-guest: Make payload a variable length array Date: Fri, 21 Jun 2024 18:08:42 +0530 Message-ID: <20240621123903.2411843-4-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F43:EE_|LV3PR12MB9143:EE_ X-MS-Office365-Filtering-Correlation-Id: 93ca2f98-6440-46c6-2fb7-08dc91ef3623 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|1800799021|36860700010|7416011|376011; X-Microsoft-Antispam-Message-Info: rGctCGrOIGBW2dI6NoNMRuX/KWwjB3KdcK7m3au3zy0f4gLBkluHVFduGN0VlYInx113DB0KyZ5n8xbiChaJ6Xshdb5TsPJhclu2oCubhrTfGECjPOqD7QlFxFupeTLGjErjNtydUF9/ZGwc+z4RbwsoFf49la6abf0si36OpujRXsp53aHG/1XWZxsFxS5dyL91uWP5Zz62HZiqVOiKm5+RouAOfUdVsDF01kdEykn9UhoH2TD+HPXu3eepVG6gT5aaWL7JVjkvq3eoScYAm4hIHwBFnY3JM6S3UfOxY7pUej8B8qmm9RnrmUuUiqpR0XSoDMOBHlEfCmR17qeiQGcjZ8bKqtmD/i+JNfuaQZCQwXK9TntyNjWbRBepQtXv2+9bLddoXH/enyOri4c7GTIxjzu7AoYUwHY6as/tK1sxGB/ovo34JDpswvw2iN/EtToCZK3AUVCWiMw1e8I4a8vEQfas5nucj5MCJoK2MOSMg7M0ZEOPbaoiIujGWQ7M6AYj0SXGE9E3zC0ekvUAD4yoG9BK+8XmHbs8zin24vYcwNjPX9ledh6qEmgn6m5qSMKj/L2Z9TKs7aeTRj1aFu9g/fztfUcQazbeYfCKr4vO+Y1SIzEnCUJ3mFTdv5RczID4vihs1Hfp8fXccXAn95hHEJ7JJx9wx5gs7SHuAyfeUd4QszzmIsYMLPlmujXi3zp0Mo4GnDlUVOXNBIHALVn0k5chMWg1Nf07BZhfywHrzX2GJ7FdAkV96WBi0kjtsO19RZ+eRCrtxG1k9KhSX6bZAVE/kw076PeLURa8kBCZbpHQTblykd4XZ6YJGlE2xuwanrS3UeAkCL+ixJWGKQbJ4JTO3fXc9PPgH5QDHxEPgF9KAJbMqdTDYL+lGOpSezHjRXetbSMAv7EA46dCE0pJ08rluEeX/2fv6TN0bT5wrJVWYBNIv+iI5goRPITtF90F5CfbeUrM2g1deSqwtBeK0J2DBYtKBmcqeNbBZyzaW2o2+3+2J3aPaWOnQ3Z3+gq3CM7mU3YpL499h5Etln4aawdoyi5pSRYXrlWi5I/x367bt5RtLZwBx02elTWtkUSL86YZU8D5bX0zb5f+xGH0sQCsDbgE/Y8FODkD8MK7+INzSjW+/pjiKUHQh+9SBI399P3I5SWkFWuJTZbKEWdfTudP3Zkn00pJEXQ4Os4F1KlxL8JITlQwmQjXzho/H1i5XHD4HbAbRQRdbc9kxrpVTXRTjPO3dwJLJopXNLC0EXNMUbLw1ZWKBIN2/D5r12aNx0pyVUWX+tLSpWP16H5ikxhOlzjeHkCRqdduTx+LILJB9y2k98M1dBn3JByqYKKYvvZtxKI3RqiLvwVCOCjrJciG0ELrR6uwt1+BWvyjTtS1/RIdd4RPSIuGBRkh4Y4i6Hp6uxLc5UQkczNC6w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(1800799021)(36860700010)(7416011)(376011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:36.9379 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 93ca2f98-6440-46c6-2fb7-08dc91ef3623 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F43.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV3PR12MB9143 Currently, guest message is PAGE_SIZE bytes and payload is hard-coded to 4000 bytes, assuming snp_guest_msg_hdr structure as 96 bytes. Remove the structure size assumption and hard-coding of payload size and instead use variable length array. While at it, rename the local guest message variables for clarity. Signed-off-by: Nikunj A Dadhania Suggested-by: Tom Lendacky Reviewed-by: Tom Lendacky --- drivers/virt/coco/sev-guest/sev-guest.h | 5 +- drivers/virt/coco/sev-guest/sev-guest.c | 74 +++++++++++++++---------- 2 files changed, 48 insertions(+), 31 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h index ceb798a404d6..97796f658fd3 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -60,7 +60,10 @@ struct snp_guest_msg_hdr { struct snp_guest_msg { struct snp_guest_msg_hdr hdr; - u8 payload[4000]; + u8 payload[]; } __packed; +#define SNP_GUEST_MSG_SIZE 4096 +#define SNP_GUEST_MSG_PAYLOAD_SIZE (SNP_GUEST_MSG_SIZE - sizeof(struct snp_guest_msg)) + #endif /* __VIRT_SEVGUEST_H__ */ diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 831a32e522b2..e8cef42a211d 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -51,7 +51,7 @@ struct snp_guest_dev { * Avoid information leakage by double-buffering shared messages * in fields that are in regular encrypted memory. */ - struct snp_guest_msg secret_request, secret_response; + struct snp_guest_msg *secret_request, *secret_response; struct snp_secrets_page *secrets; struct snp_req_data input; @@ -181,40 +181,40 @@ static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) { - struct snp_guest_msg *resp = &snp_dev->secret_response; - struct snp_guest_msg *req = &snp_dev->secret_request; - struct snp_guest_msg_hdr *req_hdr = &req->hdr; - struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; + struct snp_guest_msg *resp_msg = snp_dev->secret_response; + struct snp_guest_msg *req_msg = snp_dev->secret_request; + struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; + struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; struct aesgcm_ctx *ctx = snp_dev->ctx; u8 iv[GCM_AES_IV_SIZE] = {}; pr_debug("response [seqno %lld type %d version %d sz %d]\n", - resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, - resp_hdr->msg_sz); + resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, + resp_msg_hdr->msg_sz); /* Copy response from shared memory to encrypted memory. */ - memcpy(resp, snp_dev->response, sizeof(*resp)); + memcpy(resp_msg, snp_dev->response, SNP_GUEST_MSG_SIZE); /* Verify that the sequence counter is incremented by 1 */ - if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) + if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) return -EBADMSG; /* Verify response message type and version number. */ - if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || - resp_hdr->msg_version != req_hdr->msg_version) + if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || + resp_msg_hdr->msg_version != req_msg_hdr->msg_version) return -EBADMSG; /* * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz)) + if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > sz)) return -EBADMSG; /* Decrypt the payload */ - memcpy(iv, &resp_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_hdr->msg_seqno))); - if (!aesgcm_decrypt(ctx, payload, resp->payload, resp_hdr->msg_sz, - &resp_hdr->algo, AAD_LEN, iv, resp_hdr->authtag)) + memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); + if (!aesgcm_decrypt(ctx, payload, resp_msg->payload, resp_msg_hdr->msg_sz, + &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) return -EBADMSG; return 0; @@ -223,12 +223,12 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, void *payload, size_t sz) { - struct snp_guest_msg *req = &snp_dev->secret_request; - struct snp_guest_msg_hdr *hdr = &req->hdr; + struct snp_guest_msg *msg = snp_dev->secret_request; + struct snp_guest_msg_hdr *hdr = &msg->hdr; struct aesgcm_ctx *ctx = snp_dev->ctx; u8 iv[GCM_AES_IV_SIZE] = {}; - memset(req, 0, sizeof(*req)); + memset(msg, 0, SNP_GUEST_MSG_SIZE); hdr->algo = SNP_AEAD_AES_256_GCM; hdr->hdr_version = MSG_HDR_VER; @@ -246,11 +246,11 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 pr_debug("request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - if (WARN_ON((sz + ctx->authsize) > sizeof(req->payload))) + if (WARN_ON((sz + ctx->authsize) > SNP_GUEST_MSG_PAYLOAD_SIZE)) return -EBADMSG; memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); - aesgcm_encrypt(ctx, req->payload, payload, sz, &hdr->algo, AAD_LEN, + aesgcm_encrypt(ctx, msg->payload, payload, sz, &hdr->algo, AAD_LEN, iv, hdr->authtag); return 0; @@ -356,7 +356,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, return -EIO; /* Clear shared memory's response for the host to populate. */ - memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); + memset(snp_dev->response, 0, SNP_GUEST_MSG_SIZE); /* Encrypt the userspace provided payload in snp_dev->secret_request. */ rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); @@ -367,8 +367,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * Write the fully encrypted request to the shared unencrypted * request page. */ - memcpy(snp_dev->request, &snp_dev->secret_request, - sizeof(snp_dev->secret_request)); + memcpy(snp_dev->request, &snp_dev->secret_request, SNP_GUEST_MSG_SIZE); rc = __handle_guest_request(snp_dev, exit_code, rio); if (rc) { @@ -1033,12 +1032,21 @@ static int __init sev_guest_probe(struct platform_device *pdev) snp_dev->dev = dev; snp_dev->secrets = secrets; + /* Allocate secret request and response message for double buffering */ + snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_request) + goto e_unmap; + + snp_dev->secret_response = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_response) + goto e_free_secret_req; + /* Allocate the shared page used for the request and response message. */ - snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); + snp_dev->request = alloc_shared_pages(dev, SNP_GUEST_MSG_SIZE); if (!snp_dev->request) - goto e_unmap; + goto e_free_secret_resp; - snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); + snp_dev->response = alloc_shared_pages(dev, SNP_GUEST_MSG_SIZE); if (!snp_dev->response) goto e_free_request; @@ -1084,9 +1092,13 @@ static int __init sev_guest_probe(struct platform_device *pdev) e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); e_free_response: - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); + free_shared_pages(snp_dev->response, SNP_GUEST_MSG_SIZE); e_free_request: - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); + free_shared_pages(snp_dev->request, SNP_GUEST_MSG_SIZE); +e_free_secret_resp: + kfree(snp_dev->secret_response); +e_free_secret_req: + kfree(snp_dev->secret_request); e_unmap: iounmap(mapping); return ret; @@ -1097,8 +1109,10 @@ static void __exit sev_guest_remove(struct platform_device *pdev) struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); + free_shared_pages(snp_dev->response, SNP_GUEST_MSG_SIZE); + free_shared_pages(snp_dev->request, SNP_GUEST_MSG_SIZE); + kfree(snp_dev->secret_response); + kfree(snp_dev->secret_request); kfree(snp_dev->ctx); misc_deregister(&snp_dev->misc); } From patchwork Fri Jun 21 12:38:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707543 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2073.outbound.protection.outlook.com [40.107.212.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E2CBF158A3B; Fri, 21 Jun 2024 12:39:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.73 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973587; cv=fail; b=E00HVpFuEkUAbCeRy8n+Rni0yo72RIr4awS5evIsYNrSL/rUFRXb/64TJ2kT6gevlRxSYabARXJXSTJr9TBNMhPk95Td04goi82aSBLW1QGoPbPMvNgAMOGQOYXCDJz3/nZheyuHYA7d0opOB6dPYBIHqXoA8wOoZETZHS5Rr6o= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973587; c=relaxed/simple; bh=nhopwv1xqw5OSYYxMfzNW4L3eNvdtMNLHjEi6LvRMlg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=XZYEDKTIr2iCGIN4fMuYWsWPh3YzXdwgwCfcO+Fma6Ldl/1qguUX013jfdpb+JtMpT+5xnbSzTtTtszFeK0kl1r0je/O4pZNYwL+iSM2kEoGRy8eJtzIRwjXiAR3Tz5KDkmQKaFckEyjLNURgw7Gm92HrqAjFlRhaoIB40UbDgg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=f1xA5+u1; arc=fail smtp.client-ip=40.107.212.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="f1xA5+u1" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h1dC+vFstS8R2UWH9SXn1tEWwp0lEMg+y9O7ZRCtPgmS//I5V7eaEe/0tRVy1mg0PUygjixos3YoRtluPRRdgMhsOkBD18kTSPEgkK+Wn6NmODmpANsSzxr5FP0yeZw9I/KGElZIzqKOjadvSTNWx+JqLMsk9tEKAjbKvJs0Zow7hp9trcAYThLDazHWW1GWiRC1O9PcrnboZ0EvCimIG0aOl5Bt2lDbq9GHxgB1qHyah47hJ86bvx/Y9GQj/874eq1C860noUpmOtyFWPvnysKZkU3QqeI6e9DdjSe7WPJCzfQxhqaV1Le/4Ge151Ib2B6QEjN/SS4Aey30abMJ5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5nRkgU9Jj+AzG5AkempMdX+VSorFE48Wltl2G7KTzTo=; b=K+LkntPulV67E1+yvaHTxw6qwQjHgsZw6xz7UqX4M7CxUhE3ktMU2boOa2q2uNymKMUlPFGztqPjhsdf+83R65bIVP78QA7sBQ0OqAV2TgjeG96hSGBeobVIeWXRWq9i2tnEP/L89gnwtKcMBmNLRzeFcKDgIBZqBIE7lFMUWyJ5a85HRStgKKNLy3oSZT6kQF+JCnB959xqU7idyDycaCIPaSFT6NrK8d2wuOKbRUs5X8WPyiu6p90IslND6Xaeknc4VwgG0LIaGglgVhS5pk8J7IBQiRHhcX8psuKiw7UHOT/P+ylhcXUfy49ZABFb9p1H4j5Y79OHeYt1TP6B+Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5nRkgU9Jj+AzG5AkempMdX+VSorFE48Wltl2G7KTzTo=; b=f1xA5+u1PWPjbIzTis9ZD5hk+7TVFsYjkuYFCDUVYHCo9mCKKMHg8P7NdBJxnbXJMrNZKV8924o9BA6DoWgesC34BTLhXfmJuKeReEqCgyqCJD/3rQ+aM4XPQEgp+rzn9Om6+NbVps899aeKSi60+3XQI0nVtYhTzVf8zIN8Iro= Received: from PH7P220CA0056.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:32b::14) by CH2PR12MB4103.namprd12.prod.outlook.com (2603:10b6:610:7e::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.24; Fri, 21 Jun 2024 12:39:41 +0000 Received: from SN1PEPF00036F3C.namprd05.prod.outlook.com (2603:10b6:510:32b:cafe::47) by PH7P220CA0056.outlook.office365.com (2603:10b6:510:32b::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3C.mail.protection.outlook.com (10.167.248.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:40 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:36 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 04/24] virt: sev-guest: Add SNP guest request structure Date: Fri, 21 Jun 2024 18:08:43 +0530 Message-ID: <20240621123903.2411843-5-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3C:EE_|CH2PR12MB4103:EE_ X-MS-Office365-Filtering-Correlation-Id: b10a5f25-ea9c-45c6-b90e-08dc91ef387e X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|1800799021|82310400023|36860700010|376011|7416011; X-Microsoft-Antispam-Message-Info: PAwQnfuCzgJKvSzD4+1b9FfPF2PZ/Nql2dv2cYsDOMrMvELBZzH5t8qaY1jsuBZXLe2ea31sh5F1K7h9kkP9mw03meqKRztgfTKh6nJqekEhXxTRrekR85QuKCK13PS1b3zkL07Orfd/wrDOrtgmkyFyGWu2WV6wp8NX0ne81Iy/pqjvV4OfIpZyCf2wMrriokMiqBWkOHHDYsqQomha42LOfH0ge3/H1ngMFkrnnSS6Jar0A0mnP1cIFIO+ibwz5EPPsRuDN/AzqpBomn6J7cZfQTJXmTggdhUbXiSRarDMvVIcuGHdXubP2hQLv0X3UHyswGvnqINCCwH/H5QBIoJ3VsWptWHrcz272ygKkCz3UA1cEquHG8dbPS/jvHE4L3lPJn7S2oJ4MEFHXmrMUAtc11fQ299zh16uNsWr6uFylt2d+eu7PmWFtPBIpIs/tEquE2fSqafUq4QdiwgYPALnpFVpNM9EYKSEObHh7MKWGSVsQeIs/t7GNZQSC3QNMK3Z7DWtSUCYPUC0XaTQSEGTU3uiYI5wKYwo7FbslMIVw9LLWo5oU1+8yEun12zlunDTdjylssXOa8KUFN/lcKaKSkyb+qw96dFhT24VLVRLPOu/HIQorqRIUvsVufqU/Pp5N4IVQWUCyW0qeCGc6h9/QdxNyOMCMDYlTQhyG/XJqMofQJoIXzFkjoLKtBP0YAjb+TcVXWuLWyOZt5qRZ8kdnKpUn56qI4KMFA6FQ6UVpxbb53UfBOEev+fonYojRc8cQXx8O9bvtgBZCiVNODvldyXhRQEUclBatSSFrzKcSUG3I67NfTV6KkYYgEg+bYjuuf8xeerwAldp/7NksiEQT76R1uPUzhWUenl3IPxHtOzHJv2DoLU9006CeRKuS+7Vql0uKqFHj7gejWI1BkuCL8UrtM25mnUDQQneJTnn1tONHKr3zU7l+aT1c//lnQ2kX0n2btDgWXrSiC45TQLduuB1BGv4fPB2+FLh2d3xykabN5p2C9ZcDMtxmc96CmY2YSap6ZsZ/8W8KHrlL5jliezm/PfPhVE8Up5SoI6ga8Oxjp2KsPyEpEXhNevTJCjlwW+N6o0/zfpKk54Pphp3223YwPiZ8HN06xvcOKxL0r8KJOZcVRUDy2120noYWN7TRHdvtGYq52IEfaykSBJVpZwihGSjKjc4H/zvuDqGluNqiE5BHBHDtUQ1IYqs5D5ejHcPOgjKCG3dVGko1ahVdrhGPKstgRrcxdgXzxgKcwaaMNmOV2EdZoh6oUbb8zU7s3LVldlmHMWzEkhbpc8/XJXaG9A3ZQPxPxz8rT+lu7Oj9fsz5EIpcUpmD4exuRLyKIdOCIXNByVB1JerKoKc3LXuNRILzmH+gZszNIw= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(1800799021)(82310400023)(36860700010)(376011)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:40.8620 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b10a5f25-ea9c-45c6-b90e-08dc91ef387e X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3C.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH2PR12MB4103 Add a snp_guest_req structure to simplify the function arguments. This structure will be used to call the SNP Guest message request API instead of passing a long list of parameters. Update the snp_issue_guest_request() prototype to include the new guest request structure and move all the sev-guest.h header content to sev.h. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 77 ++++++++++- drivers/virt/coco/sev-guest/sev-guest.h | 69 ---------- arch/x86/coco/sev/core.c | 15 ++- drivers/virt/coco/sev-guest/sev-guest.c | 169 +++++++++++++----------- 4 files changed, 176 insertions(+), 154 deletions(-) delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index ac5886ce252e..2ac899adcbf6 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -112,8 +112,6 @@ struct rmp_state { struct snp_req_data { unsigned long req_gpa; unsigned long resp_gpa; - unsigned long data_gpa; - unsigned int data_npages; }; struct sev_guest_platform_data { @@ -138,6 +136,75 @@ struct secrets_os_area { } __packed; #define VMPCK_KEY_LEN 32 +#define MAX_AUTHTAG_LEN 32 +#define AUTHTAG_LEN 16 +#define AAD_LEN 48 +#define MSG_HDR_VER 1 + +/* See SNP spec SNP_GUEST_REQUEST section for the structure */ +enum msg_type { + SNP_MSG_TYPE_INVALID = 0, + SNP_MSG_CPUID_REQ, + SNP_MSG_CPUID_RSP, + SNP_MSG_KEY_REQ, + SNP_MSG_KEY_RSP, + SNP_MSG_REPORT_REQ, + SNP_MSG_REPORT_RSP, + SNP_MSG_EXPORT_REQ, + SNP_MSG_EXPORT_RSP, + SNP_MSG_IMPORT_REQ, + SNP_MSG_IMPORT_RSP, + SNP_MSG_ABSORB_REQ, + SNP_MSG_ABSORB_RSP, + SNP_MSG_VMRK_REQ, + SNP_MSG_VMRK_RSP, + + SNP_MSG_TYPE_MAX +}; + +enum aead_algo { + SNP_AEAD_INVALID, + SNP_AEAD_AES_256_GCM, +}; + +struct snp_guest_msg_hdr { + u8 authtag[MAX_AUTHTAG_LEN]; + u64 msg_seqno; + u8 rsvd1[8]; + u8 algo; + u8 hdr_version; + u16 hdr_sz; + u8 msg_type; + u8 msg_version; + u16 msg_sz; + u32 rsvd2; + u8 msg_vmpck; + u8 rsvd3[35]; +} __packed; + +struct snp_guest_msg { + struct snp_guest_msg_hdr hdr; + u8 payload[]; +} __packed; + +#define SNP_GUEST_MSG_SIZE 4096 +#define SNP_GUEST_MSG_PAYLOAD_SIZE (SNP_GUEST_MSG_SIZE - sizeof(struct snp_guest_msg)) + +struct snp_guest_req { + void *req_buf; + size_t req_sz; + + void *resp_buf; + size_t resp_sz; + + void *data; + size_t data_npages; + + u64 exit_code; + unsigned int vmpck_id; + u8 msg_version; + u8 msg_type; +}; /* See the SNP spec version 0.9 for secrets page format */ struct snp_secrets_page { @@ -341,7 +408,8 @@ void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); void snp_dmi_setup(void); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio); +int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -371,7 +439,8 @@ static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline void snp_dmi_setup(void) { } -static inline int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) +static inline int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { return -ENOTTY; } diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h deleted file mode 100644 index 97796f658fd3..000000000000 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ /dev/null @@ -1,69 +0,0 @@ -/* SPDX-License-Identifier: GPL-2.0-only */ -/* - * Copyright (C) 2021 Advanced Micro Devices, Inc. - * - * Author: Brijesh Singh - * - * SEV-SNP API spec is available at https://developer.amd.com/sev - */ - -#ifndef __VIRT_SEVGUEST_H__ -#define __VIRT_SEVGUEST_H__ - -#include - -#define MAX_AUTHTAG_LEN 32 -#define AUTHTAG_LEN 16 -#define AAD_LEN 48 -#define MSG_HDR_VER 1 - -/* See SNP spec SNP_GUEST_REQUEST section for the structure */ -enum msg_type { - SNP_MSG_TYPE_INVALID = 0, - SNP_MSG_CPUID_REQ, - SNP_MSG_CPUID_RSP, - SNP_MSG_KEY_REQ, - SNP_MSG_KEY_RSP, - SNP_MSG_REPORT_REQ, - SNP_MSG_REPORT_RSP, - SNP_MSG_EXPORT_REQ, - SNP_MSG_EXPORT_RSP, - SNP_MSG_IMPORT_REQ, - SNP_MSG_IMPORT_RSP, - SNP_MSG_ABSORB_REQ, - SNP_MSG_ABSORB_RSP, - SNP_MSG_VMRK_REQ, - SNP_MSG_VMRK_RSP, - - SNP_MSG_TYPE_MAX -}; - -enum aead_algo { - SNP_AEAD_INVALID, - SNP_AEAD_AES_256_GCM, -}; - -struct snp_guest_msg_hdr { - u8 authtag[MAX_AUTHTAG_LEN]; - u64 msg_seqno; - u8 rsvd1[8]; - u8 algo; - u8 hdr_version; - u16 hdr_sz; - u8 msg_type; - u8 msg_version; - u16 msg_sz; - u32 rsvd2; - u8 msg_vmpck; - u8 rsvd3[35]; -} __packed; - -struct snp_guest_msg { - struct snp_guest_msg_hdr hdr; - u8 payload[]; -} __packed; - -#define SNP_GUEST_MSG_SIZE 4096 -#define SNP_GUEST_MSG_PAYLOAD_SIZE (SNP_GUEST_MSG_SIZE - sizeof(struct snp_guest_msg)) - -#endif /* __VIRT_SEVGUEST_H__ */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 082d61d85dfc..d3c70604aba8 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2441,7 +2441,8 @@ int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, } EXPORT_SYMBOL_GPL(snp_issue_svsm_attest_req); -int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct snp_guest_request_ioctl *rio) +int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2465,12 +2466,12 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn vc_ghcb_invalidate(ghcb); - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { - ghcb_set_rax(ghcb, input->data_gpa); - ghcb_set_rbx(ghcb, input->data_npages); + if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { + ghcb_set_rax(ghcb, __pa(req->data)); + ghcb_set_rbx(ghcb, req->data_npages); } - ret = sev_es_ghcb_hv_call(ghcb, &ctxt, exit_code, input->req_gpa, input->resp_gpa); + ret = sev_es_ghcb_hv_call(ghcb, &ctxt, req->exit_code, input->req_gpa, input->resp_gpa); if (ret) goto e_put; @@ -2485,8 +2486,8 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN): /* Number of expected pages are returned in RBX */ - if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { - input->data_npages = ghcb_get_rbx(ghcb); + if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { + req->data_npages = ghcb_get_rbx(ghcb); ret = -ENOSPC; break; } diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index e8cef42a211d..85e3d39bd5a9 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -29,8 +29,6 @@ #include #include -#include "sev-guest.h" - #define DEVICE_NAME "sev-guest" #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) @@ -179,7 +177,7 @@ static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) return ctx; } -static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) +static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *req) { struct snp_guest_msg *resp_msg = snp_dev->secret_response; struct snp_guest_msg *req_msg = snp_dev->secret_request; @@ -208,20 +206,19 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, * If the message size is greater than our buffer length then return * an error. */ - if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > sz)) + if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > req->resp_sz)) return -EBADMSG; /* Decrypt the payload */ memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); - if (!aesgcm_decrypt(ctx, payload, resp_msg->payload, resp_msg_hdr->msg_sz, + if (!aesgcm_decrypt(ctx, req->resp_buf, resp_msg->payload, resp_msg_hdr->msg_sz, &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) return -EBADMSG; return 0; } -static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, - void *payload, size_t sz) +static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) { struct snp_guest_msg *msg = snp_dev->secret_request; struct snp_guest_msg_hdr *hdr = &msg->hdr; @@ -233,11 +230,11 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 hdr->algo = SNP_AEAD_AES_256_GCM; hdr->hdr_version = MSG_HDR_VER; hdr->hdr_sz = sizeof(*hdr); - hdr->msg_type = type; - hdr->msg_version = version; + hdr->msg_type = req->msg_type; + hdr->msg_version = req->msg_version; hdr->msg_seqno = seqno; - hdr->msg_vmpck = vmpck_id; - hdr->msg_sz = sz; + hdr->msg_vmpck = req->vmpck_id; + hdr->msg_sz = req->req_sz; /* Verify the sequence number is non-zero */ if (!hdr->msg_seqno) @@ -246,17 +243,17 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 pr_debug("request [seqno %lld type %d version %d sz %d]\n", hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - if (WARN_ON((sz + ctx->authsize) > SNP_GUEST_MSG_PAYLOAD_SIZE)) + if (WARN_ON((req->req_sz + ctx->authsize) > SNP_GUEST_MSG_PAYLOAD_SIZE)) return -EBADMSG; memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); - aesgcm_encrypt(ctx, msg->payload, payload, sz, &hdr->algo, AAD_LEN, - iv, hdr->authtag); + aesgcm_encrypt(ctx, msg->payload, req->req_buf, req->req_sz, &hdr->algo, + AAD_LEN, iv, hdr->authtag); return 0; } -static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, +static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { unsigned long req_start = jiffies; @@ -271,7 +268,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * sequence number must be incremented or the VMPCK must be deleted to * prevent reuse of the IV. */ - rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); + rc = snp_issue_guest_request(req, &snp_dev->input, rio); switch (rc) { case -ENOSPC: /* @@ -281,8 +278,8 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * order to increment the sequence number and thus avoid * IV reuse. */ - override_npages = snp_dev->input.data_npages; - exit_code = SVM_VMGEXIT_GUEST_REQUEST; + override_npages = req->data_npages; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; /* * Override the error to inform callers the given extended @@ -337,15 +334,13 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, } if (override_npages) - snp_dev->input.data_npages = override_npages; + req->data_npages = override_npages; return rc; } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, - struct snp_guest_request_ioctl *rio, u8 type, - void *req_buf, size_t req_sz, void *resp_buf, - u32 resp_sz) +static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) { u64 seqno; int rc; @@ -359,7 +354,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, memset(snp_dev->response, 0, SNP_GUEST_MSG_SIZE); /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); + rc = enc_payload(snp_dev, seqno, req); if (rc) return rc; @@ -367,9 +362,9 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, * Write the fully encrypted request to the shared unencrypted * request page. */ - memcpy(snp_dev->request, &snp_dev->secret_request, SNP_GUEST_MSG_SIZE); + memcpy(snp_dev->request, snp_dev->secret_request, SNP_GUEST_MSG_SIZE); - rc = __handle_guest_request(snp_dev, exit_code, rio); + rc = __handle_guest_request(snp_dev, req, rio); if (rc) { if (rc == -EIO && rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) @@ -378,12 +373,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", rc, rio->exitinfo2); - snp_disable_vmpck(snp_dev); return rc; } - rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); + rc = verify_and_dec_payload(snp_dev, req); if (rc) { dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); snp_disable_vmpck(snp_dev); @@ -400,8 +394,9 @@ struct snp_req_resp { static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_report_req *req = &snp_dev->req.report; - struct snp_report_resp *resp; + struct snp_report_req *report_req = &snp_dev->req.report; + struct snp_guest_req req = {0}; + struct snp_report_resp *report_resp; int rc, resp_len; lockdep_assert_held(&snp_cmd_mutex); @@ -409,7 +404,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io if (!arg->req_data || !arg->resp_data) return -EINVAL; - if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req))) + if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req))) return -EFAULT; /* @@ -417,29 +412,37 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; - resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!resp) + resp_len = sizeof(report_resp->data) + snp_dev->ctx->authsize; + report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); + if (!report_resp) return -ENOMEM; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, - SNP_MSG_REPORT_REQ, req, sizeof(*req), resp->data, - resp_len); + req.msg_version = arg->msg_version; + req.msg_type = SNP_MSG_REPORT_REQ; + req.vmpck_id = vmpck_id; + req.req_buf = report_req; + req.req_sz = sizeof(*report_req); + req.resp_buf = report_resp->data; + req.resp_sz = resp_len; + req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(snp_dev, &req, arg); if (rc) goto e_free; - if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) + if (copy_to_user((void __user *)arg->resp_data, report_resp, sizeof(*report_resp))) rc = -EFAULT; e_free: - kfree(resp); + kfree(report_resp); return rc; } static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) { - struct snp_derived_key_req *req = &snp_dev->req.derived_key; - struct snp_derived_key_resp resp = {0}; + struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key; + struct snp_derived_key_resp derived_key_resp = {0}; + struct snp_guest_req req = {0}; int rc, resp_len; /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ u8 buf[64 + 16]; @@ -454,25 +457,35 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp.data) + snp_dev->ctx->authsize; + resp_len = sizeof(derived_key_resp.data) + snp_dev->ctx->authsize; if (sizeof(buf) < resp_len) return -ENOMEM; - if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req))) + if (copy_from_user(derived_key_req, (void __user *)arg->req_data, + sizeof(*derived_key_req))) return -EFAULT; - rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, - SNP_MSG_KEY_REQ, req, sizeof(*req), buf, resp_len); + req.msg_version = arg->msg_version; + req.msg_type = SNP_MSG_KEY_REQ; + req.vmpck_id = vmpck_id; + req.req_buf = derived_key_req; + req.req_sz = sizeof(*derived_key_req); + req.resp_buf = buf; + req.resp_sz = resp_len; + req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(snp_dev, &req, arg); if (rc) return rc; - memcpy(resp.data, buf, sizeof(resp.data)); - if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp))) + memcpy(derived_key_resp.data, buf, sizeof(derived_key_resp.data)); + if (copy_to_user((void __user *)arg->resp_data, &derived_key_resp, + sizeof(derived_key_resp))) rc = -EFAULT; /* The response buffer contains the sensitive data, explicitly clear it. */ memzero_explicit(buf, sizeof(buf)); - memzero_explicit(&resp, sizeof(resp)); + memzero_explicit(&derived_key_resp, sizeof(derived_key_resp)); return rc; } @@ -480,32 +493,33 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques struct snp_req_resp *io) { - struct snp_ext_report_req *req = &snp_dev->req.ext_report; - struct snp_report_resp *resp; - int ret, npages = 0, resp_len; + struct snp_ext_report_req *report_req = &snp_dev->req.ext_report; + struct snp_guest_req req = {0}; + struct snp_report_resp *report_resp; sockptr_t certs_address; + int ret, resp_len; lockdep_assert_held(&snp_cmd_mutex); if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; - if (copy_from_sockptr(req, io->req_data, sizeof(*req))) + if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req))) return -EFAULT; /* caller does not want certificate data */ - if (!req->certs_len || !req->certs_address) + if (!report_req->certs_len || !report_req->certs_address) goto cmd; - if (req->certs_len > SEV_FW_BLOB_MAX_SIZE || - !IS_ALIGNED(req->certs_len, PAGE_SIZE)) + if (report_req->certs_len > SEV_FW_BLOB_MAX_SIZE || + !IS_ALIGNED(report_req->certs_len, PAGE_SIZE)) return -EINVAL; if (sockptr_is_kernel(io->resp_data)) { - certs_address = KERNEL_SOCKPTR((void *)req->certs_address); + certs_address = KERNEL_SOCKPTR((void *)report_req->certs_address); } else { - certs_address = USER_SOCKPTR((void __user *)req->certs_address); - if (!access_ok(certs_address.user, req->certs_len)) + certs_address = USER_SOCKPTR((void __user *)report_req->certs_address); + if (!access_ok(certs_address.user, report_req->certs_len)) return -EFAULT; } @@ -515,45 +529,53 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ - memset(snp_dev->certs_data, 0, req->certs_len); - npages = req->certs_len >> PAGE_SHIFT; + memset(snp_dev->certs_data, 0, report_req->certs_len); + req.data_npages = report_req->certs_len >> PAGE_SHIFT; cmd: /* * The intermediate response buffer is used while decrypting the * response payload. Make sure that it has enough space to cover the * authtag. */ - resp_len = sizeof(resp->data) + snp_dev->ctx->authsize; - resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); - if (!resp) + resp_len = sizeof(report_resp->data) + snp_dev->ctx->authsize; + report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); + if (!report_resp) return -ENOMEM; - snp_dev->input.data_npages = npages; - ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, - SNP_MSG_REPORT_REQ, &req->data, - sizeof(req->data), resp->data, resp_len); + req.msg_version = arg->msg_version; + req.msg_type = SNP_MSG_REPORT_REQ; + req.vmpck_id = vmpck_id; + req.req_buf = &report_req->data; + req.req_sz = sizeof(report_req->data); + req.resp_buf = report_resp->data; + req.resp_sz = resp_len; + req.exit_code = SVM_VMGEXIT_EXT_GUEST_REQUEST; + req.data = snp_dev->certs_data; + + ret = snp_send_guest_request(snp_dev, &req, arg); /* If certs length is invalid then copy the returned length */ if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { - req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT; + report_req->certs_len = req.data_npages << PAGE_SHIFT; - if (copy_to_sockptr(io->req_data, req, sizeof(*req))) + if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) ret = -EFAULT; } if (ret) goto e_free; - if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, req->certs_len)) { + if (req.data_npages && report_req->certs_len && + copy_to_sockptr(certs_address, snp_dev->certs_data, report_req->certs_len)) { ret = -EFAULT; goto e_free; } - if (copy_to_sockptr(io->resp_data, resp, sizeof(*resp))) + if (copy_to_sockptr(io->resp_data, report_resp, sizeof(*report_resp))) ret = -EFAULT; e_free: - kfree(resp); + kfree(report_resp); return ret; } @@ -1064,10 +1086,9 @@ static int __init sev_guest_probe(struct platform_device *pdev) misc->name = DEVICE_NAME; misc->fops = &snp_guest_fops; - /* initial the input address for guest request */ + /* Initialize the input addresses for guest request */ snp_dev->input.req_gpa = __pa(snp_dev->request); snp_dev->input.resp_gpa = __pa(snp_dev->response); - snp_dev->input.data_gpa = __pa(snp_dev->certs_data); /* Set the privlevel_floor attribute based on the vmpck_id */ sev_tsm_ops.privlevel_floor = vmpck_id; From patchwork Fri Jun 21 12:38:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707544 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2055.outbound.protection.outlook.com [40.107.101.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4FFD815B558; Fri, 21 Jun 2024 12:39:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973587; cv=fail; b=Y2/LCk8aIA5HK2wyJ4z61X4AMx4w1a19tX4amcj+wRyhLZ7KUtazBF3oALYQcXao5lBJzIwDm5twKaVEpS+XzjBZLY4FpcRwYJtk+7fXQFiGhcvHwmuS1WwNW3u6Our3l45FTya0CW0llj+uI0Lzu9A4y3niSvnjcMmGvxCehuE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973587; c=relaxed/simple; bh=NraT8e5d4Mi8Px0VzCjkHpmEBL3XQcCv0FiowaI4NKg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=OBTLONs48ifNNZKfHxc/WymVquD/+eysCBVpcvbaQQrNg6/ddKjcxoEXkbJ8IFbOB686APK/hFp06LVPCvcZi1U+rfENCmxX2SqgXpWNOU5JEcQ99LuSyTDP7v/8Oo/bPEmrgibHKwQKErWtEpPqDio1jyOaacF4RfwDnbKQdhE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=bMvGLNbW; arc=fail smtp.client-ip=40.107.101.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="bMvGLNbW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eRJ8m/qt46njt+i4QYuElRIjbySh49TWwdlx+F7VLZ+AqM/ItLygte2LIqLeSmNhD51hTnNZflRTgY9evuBduisvwoj95RI/VplrHulEqRp6ELnI34k51H3c2ejDKaZkwk1yzbzy1xfuQrDyE2kl9XygZ9hC4jOWQy6XUK01doBcVOKj5HaPVm1jDYGwh5EwenOOkd2kI1Ryz9EzqwSEeAmvSVzq9XRvKf2rCCiQQ89W7wwhQoq2Rwpt4uugVhiKyz2rrC7t0qFkeZSLx+qS8G8GcZargCQjrjL2GCYa3juVIzfy40oKU7uoWLiiZwWa1AeiYMZso5tYL0vusT60DQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FkeG9EOfc+HMDARCiGLMQy242FCTjXuoXr0l/l4t9bE=; b=RyzNte1jdHzfHJkoQGE8VRNYNimWDfyeHVGGLdLFBZ0MSlFMGIC63LYlwFm1KRFpHFn67vU7CpQxen2xb6K2IUoGQ9onkGm8b3WH9hsDMagyFGbjdJRQga/oIIL6n6T5tgduT670uLXDGBuOnWjNMiGfBuh8ADJIYFr/vKXvPGLIwaFu5WUknnfn5+2diCbFwf5fwqkESj71SSiS/idfJ+i2bleIn+Qbvq5er5tqsGcEyFvKPmCmkyV/CAlCeJfgofEmG1xLtSGnpF/0e/1M/akGMKJS4Nxsd83hmTp4o+IjOeXBFEuYq6Vs8ySYZ6UTwH7O4V/QhmBQvKo/iqROgg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FkeG9EOfc+HMDARCiGLMQy242FCTjXuoXr0l/l4t9bE=; b=bMvGLNbWRBfxDfqGBPACdPfaLPVxUp7/scfuRGY8yXr1SZ3JFxFke8jBY7rmQJUV/pdGXq9QfI2S/Q/fXTDFAWhZ7/skVrt/Qcl7/ly2ByfuqcsqawBZ9SHsSremuGDHSbyjgr/JxBUm1ygZGCZJKO0OrlqRF6id5lWJfU/V17A= Received: from SN6PR05CA0021.namprd05.prod.outlook.com (2603:10b6:805:de::34) by SA1PR12MB5616.namprd12.prod.outlook.com (2603:10b6:806:22a::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.20; Fri, 21 Jun 2024 12:39:44 +0000 Received: from SN1PEPF00036F3E.namprd05.prod.outlook.com (2603:10b6:805:de:cafe::b9) by SN6PR05CA0021.outlook.office365.com (2603:10b6:805:de::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:44 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3E.mail.protection.outlook.com (10.167.248.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:44 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:40 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 05/24] virt: sev-guest: Fix user-visible strings Date: Fri, 21 Jun 2024 18:08:44 +0530 Message-ID: <20240621123903.2411843-6-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3E:EE_|SA1PR12MB5616:EE_ X-MS-Office365-Filtering-Correlation-Id: db7193a3-7eff-468b-8b01-08dc91ef3a53 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|376011|7416011|36860700010|82310400023|1800799021; X-Microsoft-Antispam-Message-Info: 1HKzfEwqauadKFUT44gjufO6nryz3ns+ro1j8S0V9ySllm/BCh8qRE0+nv9WJOar2vXhmOrr5jhBUzQRdVGVdwosO6h/t9jf/AgJGcJqHYoQ2NpN7x8wyTmqIJHTYpdmuVzUwkkj/QfdsCXJzBr+qibzva5+YXCoUroxxxpv0sa/ND4+MfwDPl1hh2tOmFnJQEGtdp5PGarpPt2rQPv1EzUXpBWY1eOuo4O2u2qgfPJ+/KkwMTZRcYr7kMNFW/i+XN7GCzgoZ2vQ59hV4pl3R+4c7GlsmBqMYRJKrd+RqzN3RFtGxkXWgzGs99CHpnfN9HtabZDlzz8ayu4esT3MqWxqmGwHDRWOK0z0A05tQpPc6aw1DzWTyheZjqXxXzU+YTKhmQifLgbZ4gfjw1sD8e3olXJIbf/gIdJn+mun1xeJtXJD/RsbPXgyZXgO2vwIYCTfbwPZnSlRkL/9Hiq7xarxpJ/BOBsEqO6Hfw29hKOP4C6loc/eSyvjm9wK8zmYallp+G2mqrfvoQHi5RzMBWrGcN5roOi/XF+dubXZqxWyoQqipK/29UFS7iaGqhEII3DdAmXSbU4/XQv3oqXTne5aSgVTGP2o6yMv7HqNzdpRJ6YdPjSz69pFbRwxxImDihYv3/PT9nUZjDocLOnWndatI9KaXI24vg6256IUCydUwvhrzMfE3axZw7Ft02sYtZ/Itw5DAwZk1wZhZ9jNFlQmYwMC493dU5Xj8TwnnKzhXiTtU6tgsO/TDkQd5EGriXJ4rfh+WDcVH6nsOHGLmZFJhuiwzCYsSTIjApQzm4GyCct8PmjY13BZZVENQgduPRgu8O3JrsheVrIEx+t+Xf2Bmhd7xzRWxrgspddtmwH+cJYgg8ewoy/k/4Ziymg6u3PJAfjR4I/LAZRYZvJLJzD2LOhRkApz70eBxG0N/u5wInmj2GJ5WXaIZda++ZAq1eEf17t9R4Nu6YHB/r/BTIrnxp9gs18Atg4XO3dtbfvuNRwI2zBiismpy/1QxNnCD/ADKmEkpLvr7aNI2VLCe+bZrpSQINoUqDO/sLx+xOqnkM1yAFbqmQF4HqZQK48j7+uSs3pfPNctK1sW1iwksh6q1urvp9ihLZbyEtX8v5gXrp9gcqIGUXq+S3f8AmuODS0lTqmRxJAkJMNqlMbZD7cfoTGOEbbFhnB8aJ22PxMECzjHuxQtIqE0z3aMcIIWoUz99lmqJox4fV7dUk2qo21hh0NJS8nnNc2tHnnBUgYImkdmmz23E5gzPbcdsYgc9ZyAHluPtkNxTMoBPRAEucoJ+BWTebaQvk4pHwCsXz0x7D+ucVR4KLllVuCn+C8jTmF7Hrg3xhVEDsC1IxpL/pXwkIo2G7BdkbjwkkFQ9fMd3b5GntX77RoxnJhXUTydVH0/sIGPhqiCSdbi1QYx6w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(376011)(7416011)(36860700010)(82310400023)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:44.0438 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: db7193a3-7eff-468b-8b01-08dc91ef3a53 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB5616 User-visible abbreviations should be in capitals, ensure messages are readable and clear. No functional change. Signed-off-by: Nikunj A Dadhania --- drivers/virt/coco/sev-guest/sev-guest.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 85e3d39bd5a9..61e190ecfa3a 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -105,7 +105,7 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) */ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) { - dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n", + dev_alert(snp_dev->dev, "Disabling VMPCK%d communication key to prevent IV reuse.\n", vmpck_id); memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); snp_dev->vmpck = NULL; @@ -1040,13 +1040,13 @@ static int __init sev_guest_probe(struct platform_device *pdev) ret = -EINVAL; snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); if (!snp_dev->vmpck) { - dev_err(dev, "invalid vmpck id %d\n", vmpck_id); + dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); goto e_unmap; } /* Verify that VMPCK is not zero. */ if (is_vmpck_empty(snp_dev)) { - dev_err(dev, "vmpck id %d is null\n", vmpck_id); + dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); goto e_unmap; } @@ -1105,7 +1105,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (ret) goto e_free_ctx; - dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); + dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", vmpck_id); return 0; e_free_ctx: From patchwork Fri Jun 21 12:38:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707545 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2055.outbound.protection.outlook.com [40.107.93.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0541215DBA8; Fri, 21 Jun 2024 12:39:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.55 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973592; cv=fail; b=cYT6E+UPua/XdIentVzHhMRWWn1w2UwPHNl06e7A+6Awqm1yRSCDD2E8+rJEY1Cmv2fF25H8Eo9Nw8Cup+OJIMTzDQY28BwvkXfgNl9Y4kCzjFFmkuHv7Vkiko4qXmLddcZoD6zqrp5JyZOcL/RfuLHx1ALd/DRji8oy20byNxE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973592; c=relaxed/simple; bh=0xXPqfPOqcXqW3fe4qUvWylRRJSfj42B3OrLs8XJaIg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=inoQXWiUkWnGcY/T0nctNp1IZmCq31GWTvBKniBo69EIN/3YO5vC92IflYGOyOVnnxTWNcezGdnVxMScrmAxjzO6ItvQafaoogbhCAhxczxBC5wvU/SJSbghAFvXJjkWdNATmb/r4gibhwlKPGBGDw3yJfpm4jEe268wQXf8E30= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=nrnGpvlG; arc=fail smtp.client-ip=40.107.93.55 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="nrnGpvlG" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VXTlYTI1DRhd1B44QghmJvPtWRetjSYnZSq+dHM1f760d9z+42lv7G0THRNn/jDuFwsqfnjBRBKewsVbveiym097XSCX1QxNq7h3Hz+PIDW6houSKf419E7gSatZyaUI9L2j9bGEfjeYCrnlPjKuLxMTOmzVDrLrVD3M7Gp81w9jSbI+RBJkl5151wrNBXT5vKAGCZ84ntO0ykkH2geQKMkRBRDM+qCU3nJrDy9WkbBbicr0kpovBM+xqwT79MmbM1nRdPL5WEGDdwbvW3YJpY8IKFFhgH1mBMEYixZ7s1XTSdxQaPXRM6J56+sAE2DDShc3xa9mnx1LFLkNLj6BTA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=SYYzSR5VgTyFcQNFDcLQN3cQD5ig8K5bIodpqw1JEno=; b=Nw+/L4wuIuFXvkQeivhsmd7Yx9urk9wDQD9pupB45AGXtCeE+kN43Xru+qZdVcbSUpAgzsg+UJXE6BwnU2qrKau2ejoojuQkAR2S0QUo0YoplTR/huT5FQ41B6IdqcSEhn9Xid00wYVcRwXFyAJEqty2Dmc626CgyRS44oMZdfX4nyPTT5vZdP/H7v+G9DYYO/gd5Bz4KTUHSOcuWJoxTswj6k+fZ0+Pwsp5xYQN07L482iwgC3mDKVCdDHYQr4tEd/vo/3v71agsZuax9/HyS+6C8ThjylCiWvArpumaCQVI8mv3mbOkWpJ4Tb2+XvDTlzUBg9VOdeNXS75/FZpbQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SYYzSR5VgTyFcQNFDcLQN3cQD5ig8K5bIodpqw1JEno=; b=nrnGpvlGloIUSKQ8JZ7tbX/FzIgD2ZX4ZJqidUubIvrAaf3oLgnXPFo9OT1ZqjQOueKmVhGIiOGktu0YXEc/54js21pkd6ocKQhL705Snygn74z2STdjS2pcJVpXNQNBXts8c37/3enHDNE7kteJxeqOIadtqZkkL6n/SVsm7/c= Received: from PH7PR13CA0007.namprd13.prod.outlook.com (2603:10b6:510:174::17) by PH7PR12MB6785.namprd12.prod.outlook.com (2603:10b6:510:1ab::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:39:48 +0000 Received: from SN1PEPF00036F3F.namprd05.prod.outlook.com (2603:10b6:510:174:cafe::5e) by PH7PR13CA0007.outlook.office365.com (2603:10b6:510:174::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.33 via Frontend Transport; Fri, 21 Jun 2024 12:39:48 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3F.mail.protection.outlook.com (10.167.248.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:48 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:43 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 06/24] virt: sev-guest: Simplify VMPCK and sequence number assignments Date: Fri, 21 Jun 2024 18:08:45 +0530 Message-ID: <20240621123903.2411843-7-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3F:EE_|PH7PR12MB6785:EE_ X-MS-Office365-Filtering-Correlation-Id: 7addae28-dd80-46e4-cbfa-08dc91ef3ccd X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|82310400023|1800799021|376011|7416011; X-Microsoft-Antispam-Message-Info: mevHdGhcq+j3bbGaJ4XQTz4CRyy5YIx68MyWFgYzhOlVawAhFUQER4rScCJXGcfWR8vG8UzbMezq1trjFiRGpqkYuOUEN2oUlTClmMgsw06NrJMwoRMXn9mX6OO17lbwGPY3leDpzjgKTE3ZnibHseHVI35ueEZ49sH12j+dhAfzFMy4OyPgvo4PB4PDPKbjFxScUBKYXLU9jUQ+SdICYNaESXFprILVV7DSdnIo5EaVJy2BrZOoK5Z+6BSqJm1ZeqiKnlmTK4W4V7vEqrVk6xee0/r83j1rers5fQOoaQj5LdsRNhknVEI78s39ne69LwKnnxRmTWTCr3I7eE80B/lbacbODmquV17Sc4KiOM7UFO1mRFfgsfb8WctGl/eHWh3IlQqWZVNV2uvuQNojcukDTueSJqiWryUuS+sdAqf56nHgMXQJT40XBbeNDFZmZ3PpGW5iG3wClmEVJXPZlEghHpQoZ7d4fn64Yil0UuBqqAkKCZEuNjqEMa77gqJg/5JFDOAExrxlI1iBraUECLsuInYQj1iNpY6UHk+PP8NSCtul/byt7a+maXN5XTJwMEAEPzdlJB/0dWUZ7uyCM438hqgrwmUk+3FYsbvJMh53l+kzBQCdhsXPSNzy5vvgBWpDWsiFI1RHzspvlnSkbc8dm3KlnM+kOoZH++spx/K+RlRmCbf2Yvhv4naMvKCJ/mDFzrDeluGt26r23+mhO6+PC3BUZWcG9ipnVahZfDuhdTvS0A44oKc2oso2yZLXRM4VeudGKiSCXOJzF8sAWsZ+W9Ayx0fv78WNBv5nBqi+bOPCkk6pcOOx77Nr64kPUjg5b3ZP1FDsRDvmLtapAmJ1Wl2H1lTse1aQAOkr6rlBB3uLi3ml4HXE6HbB9Og+E6OXcXR3BiljPf4Ut661o0oIBiNlDJS5Cs4HKDJPHFAZvHncrq+Y8Mhts5b6Xn1gwIR0Mdje0zW3njGkRbNKwgWsDpzsCHsTT3Zw3dVbVAdwRqmVKjMyX8vighQHEygbQLJ/jGYwEtI9bdy1Us5srWRfKZqYasA9DBh2eR82TL6azhZzG3CWulbfSNPImSZ1YKU+/x+Qd9z98X2oaEM52YT05GUgsJRpvA3dPTR/p1EcK+79T0TNYtbGtf2mhWET84hSCxTYFKC98NRJ/N1tED46TBgVxtQJ4pGnb5O7RVbfllCyYYXu7gHxHwVagUOyxg56LdMmMPsl3uezw2J+fYXgoOJ6nKZr2c6gmW9CpGyBSHO2HrI4GXNWuPdPWdSlM8psCirLEpZe14+HIH8Lkls/0IUem/KbC5FzBT6V/ABa3ptIiSmMWyjsYB7BRMxixF/k+5xZW2shaOiu5KJkyXm52z+43Gxrj9tHeZSMqeEMhatggGPPiK4pNnX0tB6Zq5DwzaCQYzUksuRLvu6NyQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(82310400023)(1800799021)(376011)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:48.0911 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7addae28-dd80-46e4-cbfa-08dc91ef3ccd X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3F.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6785 Preparatory patch to remove direct usage of VMPCK and message sequence number in the SEV guest driver. Use arrays for the VM platform communication key and message sequence number to simplify the function and usage. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky --- arch/x86/include/asm/sev.h | 12 ++++------- drivers/virt/coco/sev-guest/sev-guest.c | 27 ++++--------------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 2ac899adcbf6..473760208764 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -118,6 +118,8 @@ struct sev_guest_platform_data { u64 secrets_gpa; }; +#define VMPCK_MAX_NUM 4 + /* * The secrets page contains 96-bytes of reserved field that can be used by * the guest OS. The guest OS uses the area to save the message sequence @@ -126,10 +128,7 @@ struct sev_guest_platform_data { * See the GHCB spec section Secret page layout for the format for this area. */ struct secrets_os_area { - u32 msg_seqno_0; - u32 msg_seqno_1; - u32 msg_seqno_2; - u32 msg_seqno_3; + u32 msg_seqno[VMPCK_MAX_NUM]; u64 ap_jump_table_pa; u8 rsvd[40]; u8 guest_usage[32]; @@ -214,10 +213,7 @@ struct snp_secrets_page { u32 fms; u32 rsvd2; u8 gosvw[16]; - u8 vmpck0[VMPCK_KEY_LEN]; - u8 vmpck1[VMPCK_KEY_LEN]; - u8 vmpck2[VMPCK_KEY_LEN]; - u8 vmpck3[VMPCK_KEY_LEN]; + u8 vmpck[VMPCK_MAX_NUM][VMPCK_KEY_LEN]; struct secrets_os_area os_area; u8 vmsa_tweak_bitmap[64]; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 61e190ecfa3a..a5602c84769f 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -678,30 +678,11 @@ static const struct file_operations snp_guest_fops = { static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) { - u8 *key = NULL; - - switch (id) { - case 0: - *seqno = &secrets->os_area.msg_seqno_0; - key = secrets->vmpck0; - break; - case 1: - *seqno = &secrets->os_area.msg_seqno_1; - key = secrets->vmpck1; - break; - case 2: - *seqno = &secrets->os_area.msg_seqno_2; - key = secrets->vmpck2; - break; - case 3: - *seqno = &secrets->os_area.msg_seqno_3; - key = secrets->vmpck3; - break; - default: - break; - } + if (!(id < VMPCK_MAX_NUM)) + return NULL; - return key; + *seqno = &secrets->os_area.msg_seqno[id]; + return secrets->vmpck[id]; } struct snp_msg_report_resp_hdr { From patchwork Fri Jun 21 12:38:46 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707546 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2074.outbound.protection.outlook.com [40.107.220.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id B0FE115ADBB; Fri, 21 Jun 2024 12:39:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.74 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973596; cv=fail; b=uyIfBpDmVpoCWoabwSu4v/WKqkkQbiuxzMTpF1p3gz5TnkTBDl01qpSjKJPIXsa5JEEBxBefWP9V6PM3b4XK/Y8OBWt+RS1uONbHTjvWTdpGsxDpNnzfay9/dBPna9slcYowJwDKP6XbYnN/v657vy9RwYud/ws1ki8D1c82Tm4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973596; c=relaxed/simple; bh=MVToh/UKrGa8buheEVhhEm5acdBovufkYy4bO19fGV4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=myaAGbLj2QtilmHZ6caFRTFcgHICkjr8ZBp6s2M0Zt6H+q5bYzlKK/7o26mF7FehPVL0dkUrrfifUhfSsdzOA+21xp7yOosb+4abrKGZwCfQf/DtePiLhc6mvBuagfE8QVEZ66WH820Zpc2twg4KFCsiXUpGnXwaclHfYg6nL34= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=JYNg6HK6; arc=fail smtp.client-ip=40.107.220.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="JYNg6HK6" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aLAnjYIid1w01tnrZfrkN8MaExx3hJUVhruzeTjtCzBN0n2oHDMkla09fGgf/HTZl8FGOWZ86stivUhMYDHSKu9c/AaW7qF8rmSHtYrwSl8/SHjX3aeqc5hVzgN9ljd1TKKvNHs32zzwlQN4lCaOyZNbEN1Qk/Ne2SCX3j7JScNTW6VrsKHaUbuu3Zu2UpmZds58ZZ56qfwqycguPKtOIrvrEXx3AuePyzPV5EDlY9BDCW1nyLmOtDrgb5XrxoQHzvaQ7znosdPSwWxOOTJ8N5jCgtv8AZaVFRZJXGm7lFQz4pV/cH4HsO26Xn9djeHEn18rfSfEHiE+2DYKERFv5g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=i0gGWdFUXjk6iboDQWBHyOtK+Nmee2mnFr1u3Y9qIgE=; b=fK5bSNCXt1sCsCzrreYK8+QgzSC7F8KZgB8F9CcWGlIvU3fN4WWxRNKqUi4k3lej8iaPY6oqJGHJ5xuTrf2MHuQwCfxr2HC4AYHmxOMAvMr8JDu8tq8O0qQMyKaPqWnne/mEDqKD24VCwghWoOzTZaADIBL0jpg4jgGmkm9ABaaMfx6xrnLzgvxnUJTVy6Cpk03getXOrprNXCQEMJkmZF8pLOYtSZZQSEiX9GgBhUJayT/L1e1ed83+JLEQzgJeffAaAH30gSpb+bUKfoljrYmlmjVGdPFXX8RQBFkUrASRX3HIUqYXMmAyQ+cXA2MYiOZ1y/YKrmOw/80OkWzV9g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=i0gGWdFUXjk6iboDQWBHyOtK+Nmee2mnFr1u3Y9qIgE=; b=JYNg6HK6oR9jruS0wTL/5fLR+T4SOsID1gr10FiNXH/mWlk6d5VJbBQAqt8XAkuhXmNfU17RlIwk6FFsKf/AS5EjAnIoaWLE2VQuAMtBFBEAthieebbJv0TCXDWEj/y9gfW+cn7qfn9zdZBxmHDTb9C9wPhAJjUQe56nFDInYVA= Received: from SN1PR12CA0099.namprd12.prod.outlook.com (2603:10b6:802:21::34) by MN0PR12MB6367.namprd12.prod.outlook.com (2603:10b6:208:3d3::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.21; Fri, 21 Jun 2024 12:39:51 +0000 Received: from SN1PEPF00036F42.namprd05.prod.outlook.com (2603:10b6:802:21:cafe::86) by SN1PR12CA0099.outlook.office365.com (2603:10b6:802:21::34) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:51 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F42.mail.protection.outlook.com (10.167.248.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:51 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:47 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 07/24] virt: sev-guest: Store VMPCK index to SNP guest device structure Date: Fri, 21 Jun 2024 18:08:46 +0530 Message-ID: <20240621123903.2411843-8-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F42:EE_|MN0PR12MB6367:EE_ X-MS-Office365-Filtering-Correlation-Id: 6caf80db-1ce0-414f-1519-08dc91ef3eda X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|7416011|82310400023|376011|1800799021|36860700010; X-Microsoft-Antispam-Message-Info: 7T1ozoEVgZoyJ0qZV65V9gY253auZpzYJFVGi4+HetifzNFuYPOhK1Gdg3RvUaOVJ+JZ64nO/YaWhqp2/2wB1AYxdQlUnge28ewlYbIT8YNepqakS9yBMG9opoveFV5mtaQiGWjHDkME0ve0VwEo1Ips0fIqzpTWZTNIaRY8hJAee1lMIi+V/MNVqPxXGgnqlZbDRa7JRrrdlHw7yf4nUfSRhJgeS9WMsBjryfVTRfQhlkRsF+4oG/479swwSnOP2xC4QaSz+6opRIXesbK+LkprcB2oYTm2Xd0z19f0TYaqDpC2UHAox6lc0lXUB4MfEMql1DGPZ37WvaW/9aqa3o+PYlrJIMtJLq7UpB2RX7A8Ud1B1+19h+XRmc/+tDuACvVCaB7xK+g8wDQ2e/MC9rXs+PfAatAubpXa6GtrFZ7TzTIyV3IMmJd8ov9mRbfql3jBgbli82s6DdKpoT4KXkrFCol5pOgwvec4S9eiVerDZtwxu/DFmMFIqXGJFjszaGmX/3WIp0HoH51NRCMQq2+Bnha7wtAMt0i9mswhrwPYBrUvmmYOYmPRkIfedk5GdTWR4QSlpWhkCEKiZnBXdbzNyRpDs//leuQYcnHDKwjDAwQTGWoX9S/0dxyUWD0N7g/WUvBaaWvMGfLv3yKmNdg5v6NgUzPxhkWnBD1aeoXw+MgzmgTvePu83DuwLKhqWiTDCNwYUztVm0tCn7QtLW1yQ2oE2c5YIahKbma92bno3Qyls+7lYg67wTrauwa1R97ZEOK7zWRQASVsyOX2PZ250HJlVCoQgXYH4X0aVN2gVGaziVJ1YruCIgNE6h0aioRWm3OkachnqJu0LzbopH7qmlR8UyAne7HQWin+6QPtcJ4Gm70XG/jxhkRV9Bx/8BzQ0S0DFowvfb31C8oJFuV8RMcZBtcZ+rhCifE0ei9E7xDtLPKPEL0DOady/xKlqD9/M8u2YApZnpD1UISTBl6m1+LEun/578mlzSlFo2O3UCP291WPFr+aegC4UEC5whDOlfU302fWUFGCziRPhfocDGytuaZpaW2VGo89wNdUg0bgUp1DmwMwqk/GBMKEmFat8Ehr6c3BMwvI7piXyZhA1OWPLO8MaY83jMfp1MFiFOoyR1V1RPLsM+S//rjtXLW/tcK42L5Uoq6iWBtAldWOzT4CnC6znverIcSUPmUlpAXDQ3rwFew5/ZvgYelv4WlkcoCaEctP8nAwO3baSfx9qy0fGQdQDymWLI82OA7mXfX06EVvrB745FFTI8lHQOJO1oe2HKMPQbF8tWViwzS01/Zf4d15S0FTTiCw3yqFzKlQbBHLtdX/AEsrWfHzNVTdxYXWiLx7aiyHc6pcEFY70JJmIy8HJqDt1fEXCXPE5uYWOkM5eA0oNioVT+qPwxxK3N2EQ9WMfri5/B4cAA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(7416011)(82310400023)(376011)(1800799021)(36860700010);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:51.6052 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 6caf80db-1ce0-414f-1519-08dc91ef3eda X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F42.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR12MB6367 Currently, SEV guest driver retrieves the pointers to VMPCK and os_area_msg_seqno from the secrets page. In order to get rid of this dependency, use vmpck_id to index the appropriate key and the corresponding message sequence number. Signed-off-by: Nikunj A Dadhania --- drivers/virt/coco/sev-guest/sev-guest.c | 74 ++++++++++++------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index a5602c84769f..fcd61df08702 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -58,8 +58,7 @@ struct snp_guest_dev { struct snp_derived_key_req derived_key; struct snp_ext_report_req ext_report; } req; - u32 *os_area_msg_seqno; - u8 *vmpck; + unsigned int vmpck_id; }; /* @@ -69,21 +68,24 @@ struct snp_guest_dev { * Should the default key be wiped (see snp_disable_vmpck()), this parameter * allows for using one of the remaining VMPCKs. */ -static int vmpck_id = -1; -module_param(vmpck_id, int, 0444); +static u32 vmpck_id = VMPCK_MAX_NUM; +module_param(vmpck_id, uint, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); /* Mutex to serialize the shared buffer access and command handling. */ static DEFINE_MUTEX(snp_cmd_mutex); +static inline u8 *get_vmpck(struct snp_guest_dev *snp_dev) +{ + return snp_dev->secrets->vmpck[snp_dev->vmpck_id]; +} + static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) { char zero_key[VMPCK_KEY_LEN] = {0}; + u8 *key = get_vmpck(snp_dev); - if (snp_dev->vmpck) - return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); - - return true; + return !memcmp(key, zero_key, VMPCK_KEY_LEN); } /* @@ -105,28 +107,24 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) */ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) { - dev_alert(snp_dev->dev, "Disabling VMPCK%d communication key to prevent IV reuse.\n", - vmpck_id); - memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); - snp_dev->vmpck = NULL; -} - -static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) -{ - u64 count; - - lockdep_assert_held(&snp_cmd_mutex); + u8 *key = get_vmpck(snp_dev); - /* Read the current message sequence counter from secrets pages */ - count = *snp_dev->os_area_msg_seqno; + if (is_vmpck_empty(snp_dev)) + return; - return count + 1; + dev_alert(snp_dev->dev, "Disabling VMPCK%u communication key to prevent IV reuse.\n", + snp_dev->vmpck_id); + memzero_explicit(key, VMPCK_KEY_LEN); } /* Return a non-zero on success */ static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) { - u64 count = __snp_get_msg_seqno(snp_dev); + u64 count; + + lockdep_assert_held(&snp_cmd_mutex); + + count = snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] + 1; /* * The message sequence counter for the SNP guest request is a 64-bit @@ -150,7 +148,7 @@ static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) * The counter is also incremented by the PSP, so increment it by 2 * and save in secrets page. */ - *snp_dev->os_area_msg_seqno += 2; + snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] += 2; } static inline struct snp_guest_dev *to_snp_dev(struct file *file) @@ -160,15 +158,17 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen) +static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) { struct aesgcm_ctx *ctx; + u8 *key; ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); if (!ctx) return NULL; - if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) { + key = get_vmpck(snp_dev); + if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { pr_err("Crypto context initialization failed\n"); kfree(ctx); return NULL; @@ -676,13 +676,14 @@ static const struct file_operations snp_guest_fops = { .unlocked_ioctl = snp_guest_ioctl, }; -static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) +static bool assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) { - if (!(id < VMPCK_MAX_NUM)) - return NULL; + if (!(vmpck_id < VMPCK_MAX_NUM)) + return false; + + dev->vmpck_id = vmpck_id; - *seqno = &secrets->os_area.msg_seqno[id]; - return secrets->vmpck[id]; + return true; } struct snp_msg_report_resp_hdr { @@ -1015,25 +1016,24 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_unmap; /* Adjust the default VMPCK key based on the executing VMPL level */ - if (vmpck_id == -1) + if (vmpck_id == VMPCK_MAX_NUM) vmpck_id = snp_vmpl; ret = -EINVAL; - snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); - if (!snp_dev->vmpck) { + snp_dev->secrets = secrets; + if (!assign_vmpck(snp_dev, vmpck_id)) { dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); goto e_unmap; } /* Verify that VMPCK is not zero. */ if (is_vmpck_empty(snp_dev)) { - dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); + dev_err(dev, "Empty VMPCK%d communication key\n", snp_dev->vmpck_id); goto e_unmap; } platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - snp_dev->secrets = secrets; /* Allocate secret request and response message for double buffering */ snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); @@ -1058,7 +1058,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_free_response; ret = -EIO; - snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN); + snp_dev->ctx = snp_init_crypto(snp_dev); if (!snp_dev->ctx) goto e_free_cert_data; From patchwork Fri Jun 21 12:38:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707547 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2048.outbound.protection.outlook.com [40.107.243.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 28F4A15F41E; Fri, 21 Jun 2024 12:39:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.48 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973599; cv=fail; b=kFp1Gqc/omMu8f4/u4mSlxCCm6xEiWwQX5UZaF3q4I52vUvfCt1DOQmFYig4p1tfNLCrGdw76RybvvbrzWpbqN8M7wGXdM179HMjQkp7wlwi9QAcIM6pTiThxCbTQCV8XHBbjx4BzzZ348rnemzcOthrxqIxGI5LtoWAVUPVsjY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973599; c=relaxed/simple; bh=v48RcdVmnEvMzGgLyfteKN++wvVFIZShzXzHU58GC/4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WVA6lFSM9s5niR87te0oa6GogFp3UIeYXXscT6BQMr4pFqf0lD9AjMclLyU2HaDv/FaWEpdQ5HF9XpBgMg2gl6L3jgXKRHutlPs2cXrZvInyykyHJu6xdioqGnQyllcB/aLrllW0B7YNSVc0+d3eCR7/9phUYpVaXBm+VBCAwQA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=i+c8r5j8; arc=fail smtp.client-ip=40.107.243.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="i+c8r5j8" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oe+6itLL1vzbltvAsmhMigSs7XiD3NIT2itbRT5jhfGFnNykQbLAQySYOwwMcXEMLKKsKovcnV6XRqG2wQ2q/D9ULi55/lk+KIruU0qbRT70/solujIgwVKUkGtJuVsiGDNCgQpNeih/Vl/Ahbg1UWp3cOvU8yXDDC4pAzqEhoxfwEgF0AgnLEwQkwyJgalZlYlSHkHS4+8oiEtIdNdHRIzo44o2LRDCAu9wyq9yBSGnk/8k8V/Ec4PZkq1cVpqd29piR0loykkG/OoXnnYXmOuSHjCHvYjY10j++CgSpx9JRDl0fd/ZUKYM2GKA5GVrNKd5M9MZvh3t7K2PTcDaNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lGSRY1U41Oqj/0fj0ULYA+LHHRrMAFErMUg+URhHacQ=; b=OT89oumkJ7NBcx560Qh/5mMtOa9+xPI4xGZ5FLrkpkRYEEQrYPR5D9id4rKu23bnJzoaeZrSJSO/lvp2/K1E2fJZQoLMtcwudK1BYFcyNFoLX9eSpfucRstJc2nx7pvc8nOuAcphscMYpVGqFJyLk8DGgbIGmHE3/pOzyblb/x0XADAN0gApMzbm2Jbddkdp+bWFg0nrhJGWwUBPR+n0aW+rHg3tH1Ktt+JBuQ8PCW5sh/LQIV7ofuSAXQ70rm+yQMpgTXV4gB4yufPP+pg9FYlQDn9tx+aUvW+VsKUmv/2ALo6jcO26I0KHtjKNPCX+v+O1AgXp2J1Evpkt7cAeDQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lGSRY1U41Oqj/0fj0ULYA+LHHRrMAFErMUg+URhHacQ=; b=i+c8r5j8nl1gChXKsMPhIHkW7GpZEFabSLj7BYVAFLJRKOty6SaT/3lb5ppeO0HFcu/rtLUvQvRd5gqM0xcjhvnvslL013owUzapWiJnRwGfKQw4BDZhCdNepzPQhSTnfibVWZTPNzw1IDW5FPApwD61hnOuJlxT4+GkN7WjJXo= Received: from SN6PR05CA0011.namprd05.prod.outlook.com (2603:10b6:805:de::24) by DM6PR12MB4059.namprd12.prod.outlook.com (2603:10b6:5:215::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.21; Fri, 21 Jun 2024 12:39:55 +0000 Received: from SN1PEPF00036F40.namprd05.prod.outlook.com (2603:10b6:805:de:cafe::80) by SN6PR05CA0011.outlook.office365.com (2603:10b6:805:de::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.34 via Frontend Transport; Fri, 21 Jun 2024 12:39:55 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F40.mail.protection.outlook.com (10.167.248.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:55 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:51 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 08/24] virt: sev-guest: Take mutex in snp_send_guest_request() Date: Fri, 21 Jun 2024 18:08:47 +0530 Message-ID: <20240621123903.2411843-9-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F40:EE_|DM6PR12MB4059:EE_ X-MS-Office365-Filtering-Correlation-Id: 4c477c49-dfdd-4235-f697-08dc91ef4123 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|1800799021|82310400023|7416011|376011|36860700010; X-Microsoft-Antispam-Message-Info: 8bqT4ed0hcsPoKYH/4/Bm+LRUnqIqxrStaBaUU1qhhvK//3Voq6oC7dgc5saUh/+Yoah4moS7XZYAPXQU7zQER2RF4F6YWfvHekqBR7OU5Rn3DoybmSXoDz3DD8N0nioznZC9sbuvspoXqHJMrZn5hd1L2UuMf+yz5oB0ZXbQO27LDWb3kmQcDT+gUAokw5yCo0JFOi8iRwN2+F46KEIPJDeKYLpPuJEtxlJ3vO2gM0DU+SrP4CpVvMlB/4OaGIWcmBVaP3WDMpBdLBDNuRMOIucwVDU+H7zf+y+v3QscWkdGZsO9ZC0sPEQOAa9dSv6/Bn2/S74qYCtCzIRVsRD4kH0LDWiAHSOIYQsPqJ/ItAmQqgTy8byrGx9FSwPOseRW9bLQEtBTixfVG9CuiVcJGD6ohjFX8zDwuuSXa7Iv9VYyBTfdn2Bx0vukdbIkHbbbv76wMOnb/td9waVbJMVe/7RcclOssRInFSBzaB2Wt/0dG2/BZigBjmA8no2i5z5FFPr23E50lnomtfJqkFO3wdY1Q6Xf/ijf/VDC1zgG/BYWoum4TuwE/Bxn9G4JLzMla5IREIVM37L32wi19JQBBNbGnHoRwIjFzuRaY+iEA21+CgLRQRBm3H4nPBh8/R5gFcOFRK+vTh+cTQQ55t4ztutb21a8F0XbakHcxpj5lW1uzlrCfBpGelq0SywGS1e1PfmwqX6egu4lIugtqAgJjTaNUTHqP49XOi7o1sBJzOmdIqmSQpvHR54jOHcJ1rf5dzvUnNjTKTJv78negyBo6r1BJJiiEYx9CP4JRRGI6b/0smAkaUqGUvnArn+Krk+S0USGSwK+5VtY5v2xbIPfX948AlbqRoihVTVU22UVLAaw4QEC+iI1O0i6UeKWFalZuNFBCp/9PXavNVtTcwA+gxKmYkxdVTE0ZGpQjzLUBwX2Gsc1NcOR9/1DnOmp++7JJXg5m3OUtYAZ4NVfJLo0tIvmLRp4p10y0fwJPVM5WiTAHzVKV0briImomhw8jk+G6/FFilzEVFmfDe/rR1OHtwE9UbbANrQTGG5UneOlv8/hntckH0OSyuYKTMS4mWfxQvaWN8IwXiMb5wjEGkDJxHSEQ4359unenPVGleAWQ52ts4zoRSZGJcNpIOx/of8vU7yKKMxFQDnohGArFthV+vjlGfEON8C+IYM/aQ5pwXk7xEm4XvPnsxbhiG6rU64zxTmMBlw52iwdoOPJq0ByCumLVsXDfNvC9VUIBTk81MRwniwz4T1Na/vVYGjAgY5TS+q0XF0SjPZj7aMXJoJ3wvlkttohh6fza3fArAuRLA3Ro2BnKWAm7h78nnQrSXl+rg8f+KcSUgYs+YsGD6Q9taI93jcT01aZXpZ8rd8ZjTOVJGkqx+ByknQNWo3u3TQuQPedl//Gvb0142FwxbVKA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(1800799021)(82310400023)(7416011)(376011)(36860700010);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:55.3198 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4c477c49-dfdd-4235-f697-08dc91ef4123 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F40.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4059 SNP command mutex is used to serialize access to the shared buffer, command handling and message sequence number races. As part of the preparation for moving SEV guest driver common code and making mutex private, take the mutex in snp_send_guest_request() instead of snp_guest_ioctl(). This will result in locking behavior change as detailed below: Current locking behaviour: snp_guest_ioctl() mutex_lock(&snp_cmd_mutex) get_report()/get_derived_key()/get_ext_report() snp_send_guest_request() ... mutex_unlock(&snp_cmd_mutex) New locking behaviour: snp_guest_ioctl() get_report()/get_derived_key()/get_ext_report() snp_send_guest_request() guard(mutex)(&snp_cmd_mutex) ... Remove multiple lockdep check in the sev-guest driver as they are redundant now. Signed-off-by: Nikunj A Dadhania --- drivers/virt/coco/sev-guest/sev-guest.c | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index fcd61df08702..ed00c21ca821 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -122,8 +122,6 @@ static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) { u64 count; - lockdep_assert_held(&snp_cmd_mutex); - count = snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] + 1; /* @@ -345,6 +343,8 @@ static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_gues u64 seqno; int rc; + guard(mutex)(&snp_cmd_mutex); + /* Get message sequence and verify that its a non-zero */ seqno = snp_get_msg_seqno(snp_dev); if (!seqno) @@ -399,8 +399,6 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io struct snp_report_resp *report_resp; int rc, resp_len; - lockdep_assert_held(&snp_cmd_mutex); - if (!arg->req_data || !arg->resp_data) return -EINVAL; @@ -447,8 +445,6 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ u8 buf[64 + 16]; - lockdep_assert_held(&snp_cmd_mutex); - if (!arg->req_data || !arg->resp_data) return -EINVAL; @@ -499,8 +495,6 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques sockptr_t certs_address; int ret, resp_len; - lockdep_assert_held(&snp_cmd_mutex); - if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) return -EINVAL; @@ -596,12 +590,9 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long if (!input.msg_version) return -EINVAL; - mutex_lock(&snp_cmd_mutex); - /* Check if the VMPCK is not empty */ if (is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); - mutex_unlock(&snp_cmd_mutex); return -ENOTTY; } @@ -626,8 +617,6 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long break; } - mutex_unlock(&snp_cmd_mutex); - if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) return -EFAULT; @@ -724,8 +713,6 @@ static int sev_svsm_report_new(struct tsm_report *report, void *data) man_len = SZ_4K; certs_len = SEV_FW_BLOB_MAX_SIZE; - guard(mutex)(&snp_cmd_mutex); - if (guid_is_null(&desc->service_guid)) { call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SERVICES); } else { @@ -860,8 +847,6 @@ static int sev_report_new(struct tsm_report *report, void *data) if (!buf) return -ENOMEM; - guard(mutex)(&snp_cmd_mutex); - /* Check if the VMPCK is not empty */ if (is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); From patchwork Fri Jun 21 12:38:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707548 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2087.outbound.protection.outlook.com [40.107.92.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1776A160785; Fri, 21 Jun 2024 12:40:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.87 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973604; cv=fail; b=WO839+DERRv5IUuwAG8MgkkrSHrWia2ixUbvCn756DFo7v9LHZKPjfhMrfyhyeepJiTjsiaJ3dyoi6YI0lOgEiU15eqicljSNve/sPhENLCkiOrS4JoHSLE065r879qYSneiP2+YhQxMLTU9SQsedBdn2uPBOTrkdg6VVjr3rqU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973604; c=relaxed/simple; bh=F4nvjMJ01C7up0tkfbbxDOnA+7ZN+7MUs/HD68+R65o=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=jFlj/fikyiE7djKaeH2iJGPH1uvdAv3QRWXWV3qCH7APNYj3kPC2PAbNiy4sm6Zr+HmWs7lPPRU3v/sJKYH06uwjOsOGuxUwANl87e8vXkV/w/wUoAfF6apDo1/ApNuPFRspr5+dZBqEdmznZw/Knc0MclH/nXYTKRh4aNdmaQM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Zv9S9EWx; arc=fail smtp.client-ip=40.107.92.87 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Zv9S9EWx" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EvwKLLljF4dryQKo3dyTqIdrdVZU8hang/Fq+lPnG0BjeIlqDcAZpR5kXr1cZIH9imzyHY8+mnJIvPujkoAHMws3L2mGIlwiPt/KGrs46gnx+7GdO9mLnEV7/he/uBnAhbYiVkzVQH2oE5atVOeQuRVTikVHCfplHSvAIlcuPgTw0pMThZ+e83NTB7jp/YMgByIuEpVp1z2kLXsEJ2s5clyIGfHBwLpSbPORoZ3ZX2npO0vSe4uFZElUjdIJNF8ZTwaZN5YxuCUlfn4MAS14LLQ3jS4MBfyvMJUgDxBUE234LdA9orpoYynWNprQfp3Wmzvp8pXfL6+qR2adTOCuog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZSO6r2yNeKYfj2Ua1o8fKr8aQZgpnuHohoX02r2igXw=; b=c8q5QDTxfluRY1t9cA4U/tJvrMcR0Iqq7rdQvPzWpBY+GceLHear3pA1nfoPd6dAG62NcYCFnNJEuITgIZxQI1uuFb9gL7trUoOnf6aLSxyzV9w92OKTO9+039X4O/ooGvL2Cuvukb1BqHMGkRnhlQWbdqSZmJhJoxeBRVnas/H48wPntCfTk6RZrrBwFWWwkupwoDsOwb1/37yng/42f+DewcJyLOVn+J6vaThMZ4GQhmqJCiTsyTyegXCn2ENDTl5tLaMppmbwIYIXiFABXXnzPmnp5SRCO1/bolpyUxKferLXdV9WtgVEGcVS8ON6J0/ay1OThWPNTP0t+ekotA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZSO6r2yNeKYfj2Ua1o8fKr8aQZgpnuHohoX02r2igXw=; b=Zv9S9EWxpMj1YblmbFQBm0Ka1pait2yUk63ur/9A+dqS8bIT+j5eht5fUaQlVLR2BtCC34yFMeIPAtHvWeY9a6Ldo9bNIP7MomK/eLtj/gGRLY6lwS5FrLKyVywStHDrZcUWsTAN5EApJCdomF0830WTdN5Q6UVoHNYgKnERaxg= Received: from PH8PR02CA0009.namprd02.prod.outlook.com (2603:10b6:510:2d0::22) by MW3PR12MB4395.namprd12.prod.outlook.com (2603:10b6:303:5c::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:39:59 +0000 Received: from SN1PEPF00036F43.namprd05.prod.outlook.com (2603:10b6:510:2d0:cafe::c5) by PH8PR02CA0009.outlook.office365.com (2603:10b6:510:2d0::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:39:59 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F43.mail.protection.outlook.com (10.167.248.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:39:59 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:54 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 09/24] virt: sev-guest: Carve out SNP guest messaging init/exit Date: Fri, 21 Jun 2024 18:08:48 +0530 Message-ID: <20240621123903.2411843-10-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F43:EE_|MW3PR12MB4395:EE_ X-MS-Office365-Filtering-Correlation-Id: f0cde540-90ab-4e34-a9c4-08dc91ef4349 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|7416011|36860700010|82310400023|376011|1800799021; X-Microsoft-Antispam-Message-Info: YadlzZt2GTDmYtB9jCuD5Uf3oNbUMQ0dwMBNlDbusose585+U2YVv3TeYesd/aHDTYzdUy9rS6VUjaRsTtorwReUpF4jPgiRc4XyBFIJ+/fyPp6i9SyjOMtJCCFdu43ujEFTpYGJ8exLyz7yCpYsAB6rzAXhQ/zjJzqy3oVqB0/LcjUuH2kxfhhBIuf3fhooYa/JZE1Ah4FHCcUug2xvfT2aMsN7/CNTA0Dv3+Gls4UhU9gDzd6ET98hWFnrR5a0DRMaNqxYKgxDQb9AUFd1d6XhjYeHZxznZ8Xa7pHAV2zomAiV2HqhaYAEBJdYAOGkweE3U7K/ALd4c5DXlP51Kw8Vo9UhBnhh8EcjcJUb3dFfBlo0YKlAj4neXSC+gk0Air+juNAeOX1QBq5TMC0rfU+f4Gp6iI6GnV1n7kP3WI5hX1Q7ZrFHb3nLW3RDyZgx8xTTcj4urUxFHEl9f/KJpTrifVP4d44S0sN8SdmwjTdXCp9M/3ljORT9cZa1GaNDZLOg+jvZv5hPZ0MVzW62JFb6BB0cBSX3X2sOk9vfkbnRk2wqyiyjtmyLTNuyxogHwc2IsfVehMtXaQYsxjGiSQo2J3igZ8U/98FW4h/H8lg+QyBRJe4URQgYwfx9H9Q/DV/1T1vkbO4LR74jq0/NKX8xuZDIyJnras0W1szQx+Z27LOK4Os+c4cQuzH6X4ru7ODfMFr7UBL/O76h4+wMjw4NVGMRwqhdBUaaOn1M8PPzmykySAxSHw3U2jF4plQMOZrSr9edPOwILBRPL/Z6WQamo1/oj31L3wS/Y4yKEepL6BEozYizRUwPgirVvCqdsAtj91cHRmSLQZTy/T74G0XvtDYLq0+xU+YZtmGE5yjveFCIARoC9MJBNgPXB/M+sVTeeL4rY03NyZwxAmgfBiaDJ+AmpxqdkH/6APL/5MwDhLSxnvU9dWc30XLs0b3IxRNfkBI/Wx7YDx+mfcSIyj7k6ppG30WoXq8gddg7xqhyMT4U62HWhf8k6av2G3D6N8WFFqUqCEYndP7MwfZB3ogfo1Bn2Bvf30oaM8mW2hqr7VJwYagPsF3Y7FExicKP2F5RvPpQJZHxk5ujsLFm49ufTeXFYOQ/9wERdNDiEfaF1IXmmGpt1CzywEhom4rPzQ0lNEA1pIA1QN5EUt0ITvLnB+ALDQmyW7/88q/PC9Af3MldtaPRuQxygyHE6ICNUNuLzYLck6/+LYX0yyWDlZUa3VWntFQqXcb+18eUwaFoeAVDXMI1Jl733b8qUpT4D0rWzJZ/YmX9EwhGQR9Ye0mw7H+p4Wt7RPbtp/5tbusnoQOQU0jhDdIJoxsfd19CejBWz6yto5H2OPdR7AcrJ8vZUuFbCBNt/wT8HuIyWOhp44OyJ+lGNa2RxrSNxnpng30JlNItZusi8Tc5YGIPog== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(7416011)(36860700010)(82310400023)(376011)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:39:59.0786 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f0cde540-90ab-4e34-a9c4-08dc91ef4349 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F43.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR12MB4395 In preparation for the movement of common code required for both SEV guest driver and Secure TSC, carve out initializaton and cleanup routines. While at it, the device pointer in alloc_shared_pages() is used only in the print routines, replace dev_err() with pr_err() and drop the device pointer from the function prototype. Signed-off-by: Nikunj A Dadhania --- drivers/virt/coco/sev-guest/sev-guest.c | 152 ++++++++++++++---------- 1 file changed, 88 insertions(+), 64 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index ed00c21ca821..ec1ae5c3f4be 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -161,6 +161,11 @@ static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) struct aesgcm_ctx *ctx; u8 *key; + if (is_vmpck_empty(snp_dev)) { + pr_err("VM communication key VMPCK%u is invalid\n", snp_dev->vmpck_id); + return NULL; + } + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); if (!ctx) return NULL; @@ -640,7 +645,7 @@ static void free_shared_pages(void *buf, size_t sz) __free_pages(virt_to_page(buf), get_order(sz)); } -static void *alloc_shared_pages(struct device *dev, size_t sz) +static void *alloc_shared_pages(size_t sz) { unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; struct page *page; @@ -652,7 +657,7 @@ static void *alloc_shared_pages(struct device *dev, size_t sz) ret = set_memory_decrypted((unsigned long)page_address(page), npages); if (ret) { - dev_err(dev, "failed to mark page shared, ret=%d\n", ret); + pr_err("failed to mark page shared, ret=%d\n", ret); __free_pages(page, get_order(sz)); return NULL; } @@ -972,14 +977,80 @@ static void unregister_sev_tsm(void *data) tsm_unregister(&sev_tsm_ops); } +static int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) +{ + int ret = -ENOMEM; + + snp_dev->secrets = (__force void *)ioremap_encrypted(secrets_gpa, PAGE_SIZE); + if (!snp_dev->secrets) { + pr_err("Failed to map SNP secrets page.\n"); + return ret; + } + + /* Allocate secret request and response message for double buffering */ + snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_request) + goto e_unmap; + + snp_dev->secret_response = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_response) + goto e_free_secret_req; + + /* Allocate the shared page used for the request and response message. */ + snp_dev->request = alloc_shared_pages(SNP_GUEST_MSG_SIZE); + if (!snp_dev->request) + goto e_free_secret_resp; + + snp_dev->response = alloc_shared_pages(SNP_GUEST_MSG_SIZE); + if (!snp_dev->response) + goto e_free_request; + + /* Initialize the input addresses for guest request */ + snp_dev->input.req_gpa = __pa(snp_dev->request); + snp_dev->input.resp_gpa = __pa(snp_dev->response); + + ret = -EIO; + snp_dev->ctx = snp_init_crypto(snp_dev); + if (!snp_dev->ctx) { + pr_err("SNP crypto context initialization failed\n"); + goto e_free_response; + } + + return 0; + +e_free_response: + free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); +e_free_request: + free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); +e_free_secret_resp: + kfree(snp_dev->secret_response); +e_free_secret_req: + kfree(snp_dev->secret_request); +e_unmap: + iounmap(snp_dev->secrets); + + return ret; +} + +static void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) +{ + if (!snp_dev) + return; + + kfree(snp_dev->ctx); + free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); + free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); + kfree(snp_dev->secret_response); + kfree(snp_dev->secret_request); + iounmap(snp_dev->secrets); +} + static int __init sev_guest_probe(struct platform_device *pdev) { struct sev_guest_platform_data *data; - struct snp_secrets_page *secrets; struct device *dev = &pdev->dev; struct snp_guest_dev *snp_dev; struct miscdevice *misc; - void __iomem *mapping; int ret; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) @@ -989,73 +1060,40 @@ static int __init sev_guest_probe(struct platform_device *pdev) return -ENODEV; data = (struct sev_guest_platform_data *)dev->platform_data; - mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); - if (!mapping) - return -ENODEV; - - secrets = (__force void *)mapping; - ret = -ENOMEM; snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); if (!snp_dev) - goto e_unmap; + return -ENOMEM; /* Adjust the default VMPCK key based on the executing VMPL level */ if (vmpck_id == VMPCK_MAX_NUM) vmpck_id = snp_vmpl; ret = -EINVAL; - snp_dev->secrets = secrets; if (!assign_vmpck(snp_dev, vmpck_id)) { dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); - goto e_unmap; + return ret; } - /* Verify that VMPCK is not zero. */ - if (is_vmpck_empty(snp_dev)) { - dev_err(dev, "Empty VMPCK%d communication key\n", snp_dev->vmpck_id); - goto e_unmap; + if (snp_guest_messaging_init(snp_dev, data->secrets_gpa)) { + dev_err(dev, "Unable to setup SNP Guest messaging using VMPCK%u\n", + snp_dev->vmpck_id); + return ret; } platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - /* Allocate secret request and response message for double buffering */ - snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); - if (!snp_dev->secret_request) - goto e_unmap; - - snp_dev->secret_response = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); - if (!snp_dev->secret_response) - goto e_free_secret_req; - - /* Allocate the shared page used for the request and response message. */ - snp_dev->request = alloc_shared_pages(dev, SNP_GUEST_MSG_SIZE); - if (!snp_dev->request) - goto e_free_secret_resp; - - snp_dev->response = alloc_shared_pages(dev, SNP_GUEST_MSG_SIZE); - if (!snp_dev->response) - goto e_free_request; - - snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); + ret = -ENOMEM; + snp_dev->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); if (!snp_dev->certs_data) - goto e_free_response; - - ret = -EIO; - snp_dev->ctx = snp_init_crypto(snp_dev); - if (!snp_dev->ctx) - goto e_free_cert_data; + goto e_cleanup_msg_init; misc = &snp_dev->misc; misc->minor = MISC_DYNAMIC_MINOR; misc->name = DEVICE_NAME; misc->fops = &snp_guest_fops; - /* Initialize the input addresses for guest request */ - snp_dev->input.req_gpa = __pa(snp_dev->request); - snp_dev->input.resp_gpa = __pa(snp_dev->response); - /* Set the privlevel_floor attribute based on the vmpck_id */ sev_tsm_ops.privlevel_floor = vmpck_id; @@ -1069,25 +1107,15 @@ static int __init sev_guest_probe(struct platform_device *pdev) ret = misc_register(misc); if (ret) - goto e_free_ctx; + goto e_free_cert_data; dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", vmpck_id); return 0; -e_free_ctx: - kfree(snp_dev->ctx); e_free_cert_data: free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); -e_free_response: - free_shared_pages(snp_dev->response, SNP_GUEST_MSG_SIZE); -e_free_request: - free_shared_pages(snp_dev->request, SNP_GUEST_MSG_SIZE); -e_free_secret_resp: - kfree(snp_dev->secret_response); -e_free_secret_req: - kfree(snp_dev->secret_request); -e_unmap: - iounmap(mapping); +e_cleanup_msg_init: + snp_guest_messaging_exit(snp_dev); return ret; } @@ -1096,11 +1124,7 @@ static void __exit sev_guest_remove(struct platform_device *pdev) struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); - free_shared_pages(snp_dev->response, SNP_GUEST_MSG_SIZE); - free_shared_pages(snp_dev->request, SNP_GUEST_MSG_SIZE); - kfree(snp_dev->secret_response); - kfree(snp_dev->secret_request); - kfree(snp_dev->ctx); + snp_guest_messaging_exit(snp_dev); misc_deregister(&snp_dev->misc); } From patchwork Fri Jun 21 12:38:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707549 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2064.outbound.protection.outlook.com [40.107.236.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 667F91607A7; Fri, 21 Jun 2024 12:40:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973608; cv=fail; b=j8y+h4Be3ywb5kIQ7VtpXHbmTtEIgP/2Dw7nKUgp6YQbc61Gzze9mTVD5qpchbYbeHleevKHDbEHm98lxwBcwje7dNOqLMRnX+A4GS0Xyow77ek4ZtJ6Yau1+BsAgssTjvuVriaSe6YW+jh3lkFSjyfWHjP/KJEun6W3b/QhOPA= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973608; c=relaxed/simple; bh=DzhJ+eHcmBGMxljZtEIicGRsyqCcGrHpVLv/2VxL61I=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=fLFUHI4vSwEMF+hKgZYQ2hygBwBWm632Qiq9QF7fCNNZ38pZdqCrFncqR0nA5ktqQg5+DrESWpyKyswV5zokXXj+Xbh5R4xbBRZgxElsN6XChX0iUptj8qFYG65V2ZVZdd4FHkkKy7nW35+LOdGTf7WGRg/AHgE887LCwjHBTFU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=QV3tZ/kJ; arc=fail smtp.client-ip=40.107.236.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="QV3tZ/kJ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XHoiexc/ubg3sm3Ljy2gxCJV/kiOzlWdBgmoZwLPp/4seGi62zrOOaSZPxTN4oIkTsyk7NfpQa6LY9/cefvOi+7xILmiOttEtgM1qe0i8Y5XeeIW8PZEMEdAFfhoVb/jzJ8D2L6qf96RsVNH/ONzZdkQ03zNpAwjIDY3701I+NXeBrbdwkImcfktx2NlmiMnvjJQ/gmT9AoH+MSvL/zxsgOhAIS2XejZ0bCGd+MsI6DsC3hEp/Q6+nVI7bu//teJ7dAex7f10VMXbLQ4sm+5zHi5Nz12Co93dv0A8L63HrnN1TIeSOGu20UGNuCsIfdHLstFQULDoFPzRVs8pxSYSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XeO7NVwx+FpvdoTSntG2+27U1Jy6/2muAJgI9B7hNbo=; b=BDBp4C2H5DDxvi+J7CFDLaO1KEZR5cJZQiW8Uwge68iOT2mVLNQLjV0spePFFXl/9MLsaqnpFcg2Y9mx5rhCCHbloruE8u2/PZ6AgdjJpLX2unjpoljdygvkls+8KnTYPTVGdD0WAODe/QEnuO1pjP8nG5DxBeth7xOknYwf5uYI6OcbvdLr90T/IG55slAtYkAK/fusZIt8txBYFJ0veQPv0wRmcvNWeM91wAcTI8ktuFgF5ZxEBG+PPD3gm0GFiYLg46QGyMOOEUatGqPXCWQaz8NCf6BhJU3SWxNOvUUUnRWx9mEWX8qJzCXrg3YanjCHAZ78NPlpIv6LpAEoYw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XeO7NVwx+FpvdoTSntG2+27U1Jy6/2muAJgI9B7hNbo=; b=QV3tZ/kJ99wj8lXWlmWPHYY4tkP8xSfLhThUMj8cfPjQ19KXBhXzhbhMUjwMzuMsfJdTN8gp3zlTR8F9PyAsXk7q0G3YeF+fynYTrDTpM1oxXmlFitf4Ek2xvvrJSdm2gTGCR2y+IWy2b2tn0rpn2/aUb+p5CmmG4KS8O/GyLlo= Received: from SN6PR05CA0035.namprd05.prod.outlook.com (2603:10b6:805:de::48) by SA0PR12MB4381.namprd12.prod.outlook.com (2603:10b6:806:70::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.24; Fri, 21 Jun 2024 12:40:02 +0000 Received: from SN1PEPF00036F40.namprd05.prod.outlook.com (2603:10b6:805:de::4) by SN6PR05CA0035.outlook.office365.com (2603:10b6:805:de::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.34 via Frontend Transport; Fri, 21 Jun 2024 12:40:02 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F40.mail.protection.outlook.com (10.167.248.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:02 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:39:58 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 10/24] x86/sev: Move core SEV guest driver routines to common code Date: Fri, 21 Jun 2024 18:08:49 +0530 Message-ID: <20240621123903.2411843-11-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F40:EE_|SA0PR12MB4381:EE_ X-MS-Office365-Filtering-Correlation-Id: 8c0790f6-5042-41d2-2e2f-08dc91ef4544 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|1800799021|36860700010|7416011|376011; X-Microsoft-Antispam-Message-Info: Z92fKhJBJaYY65f5/YQjuCIuYVk1s+HF4ovzkVaEeUJro2GpfMpXMshfExf1wHNdvdjQYP8ThMBpvSGl8JenMlNWaxjfvUQsqptuoEeQcZFY9kGVCop5I29QogplyE4CiJcU0KCpYgXz/k5I2TmwiHRYIfPSXGmUYgjYr1dbDVR4YUJjmvHMjgJ2RSV1QLUosihNlw3pXN7dcIZsp2lqmunqSETWyPdP20uUPl1h1SZlzjuW3fbz3KzPD4h+Fz0JgJ9KLHrQGMK4eezQrHC9z2j1r09KEkGcYhn1XjoZvRR3bP/Jhg9m7tdWciUDCDOL0SI25xHgkkBt6rxPsJaXbY5QYqytQbNqZUllD/DtUrNxFdDHQTAgxOanMLX96w+x/fogB04xq2U5Q6utSSkeQUwxjLtzld/76HQK9clXVf2fxzaoVFoxBIikvK9mpqMMkR7YsRxLjY0kogz7PnNIBIcTxBbms5YUZGIm8+/dQtO2Zu1wL9+CE4MMOesEeFbYHXUaYz25QKrYfx9A2ByqwL+OD0PgvERRyU/20yDfddQThh8Ha0w2Skv1DZSgqx8E1OTtlQgaLhSzDNRRrHB4HQb/+J53xy6iL+DWgTbj1wkbS7qQye6CagWhgYXSIqhrtcN5eQCsu9OzxMs7dFlDKac3fFH0QnQ6lMF1oNl74hZRO/RYJ/bXamjjgX5sniPqdsUJWTr1RmCWZ+ovWCpnTOSuIUS791bza2RaqSVbj4g8fE1xvjsI4Lj+QJ2C2NGb0x4FcACaTy7E4qsAI6Wl1rzunt6viadzHwGo5peC9sKeNgv0++FdZCR30PqXlcsyC88iJPQ+wlnZ/m4Q6oWzslWGXIvB0jaFTago2/H8BxrXa7Q+dDO/o7SkjEWGDM54fi9CI6JRBWvjs9WBAJQptIWJP4FRT8QPfDDk3n3zjyCfsMViyQ782YpdpSe+fiHgACfOR1rX2J8IYuWBlUkRxUby3Ln/PwJBIwZ+S9/AKm4XL/Vn7vEG2kRrdYB1peBGY/SNVCfbDwUA+n/RWdaeUFmGDimf0LdvuChkq1tn4VCqpLCYX0BOJt06J61QxUhEqCUHUS6gHloj0DosYzb6/cQG1e3YPMHXJ2yrIacNOLPYCVhhQXevui2FYKEucjSubVnnwCWigRKOnxT+H8elO9ZzGjilInE8r0+7tlwNLcCBBRTxlM1l5YFpOcAAE64dyc4+U17+W0Z1RjMIhixHri7ZPNb1L3ttJE6A5tFHhQMld1XyKSv4rcjiVOKsu91FeTe/bcU90sPOL+5TW55uytxsf3oYD02pR8VwICsTJqtnr3ldn9FfF7v9JyF7YArOABb8+St2DjeMETTqyltlMlAgbHRXnch7ayKSKQFOGiPFknv63f/hrumLDJbQiP8caq2uIZLVfZyrsiFNy7Qxsg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(1800799021)(36860700010)(7416011)(376011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:02.4137 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8c0790f6-5042-41d2-2e2f-08dc91ef4544 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F40.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4381 In order to enable Secure TSC, SEV-SNP guests need to communicate with the AMD Security Processor during early boot. However, many of the necessary SNP guest messaging functions are currently implemented in the SEV guest driver and are not available during early boot. As a result, these core SNP guest messaging functions need to be relocated to SEV common code. Later, APIs will be provided to the SEV guest driver to initialize and send SNP guest messages. Some functions in sev.c are marked __maybe_unused to ensure compilation does not break. Similarly, a few functions are stubbed out in SEV guest driver. This is pure code movement, SEV guest driver is broken after this patch. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/sev.h | 71 ++++ arch/x86/coco/sev/core.c | 394 +++++++++++++++++++++ drivers/virt/coco/sev-guest/sev-guest.c | 443 +----------------------- arch/x86/Kconfig | 1 + drivers/virt/coco/sev-guest/Kconfig | 1 - 5 files changed, 475 insertions(+), 435 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 473760208764..f0e43ca5e424 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -10,10 +10,12 @@ #include #include +#include #include #include #include +#include #define GHCB_PROTOCOL_MIN 1ULL #define GHCB_PROTOCOL_MAX 2ULL @@ -135,6 +137,10 @@ struct secrets_os_area { } __packed; #define VMPCK_KEY_LEN 32 + +#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) +#define SNP_REQ_RETRY_DELAY (2*HZ) + #define MAX_AUTHTAG_LEN 32 #define AUTHTAG_LEN 16 #define AAD_LEN 48 @@ -189,6 +195,31 @@ struct snp_guest_msg { #define SNP_GUEST_MSG_SIZE 4096 #define SNP_GUEST_MSG_PAYLOAD_SIZE (SNP_GUEST_MSG_SIZE - sizeof(struct snp_guest_msg)) +struct snp_guest_dev { + struct device *dev; + struct miscdevice misc; + + void *certs_data; + struct aesgcm_ctx *ctx; + /* request and response are in unencrypted memory */ + struct snp_guest_msg *request, *response; + + /* + * Avoid information leakage by double-buffering shared messages + * in fields that are in regular encrypted memory. + */ + struct snp_guest_msg *secret_request, *secret_response; + + struct snp_secrets_page *secrets; + struct snp_req_data input; + union { + struct snp_report_req report; + struct snp_derived_key_req derived_key; + struct snp_ext_report_req ext_report; + } req; + unsigned int vmpck_id; +}; + struct snp_guest_req { void *req_buf; size_t req_sz; @@ -413,6 +444,44 @@ u64 sev_get_status(void); void sev_show_status(void); void snp_update_svsm_ca(void); +static inline void free_shared_pages(void *buf, size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + int ret; + + if (!buf) + return; + + ret = set_memory_encrypted((unsigned long)buf, npages); + if (ret) { + WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); + return; + } + + __free_pages(virt_to_page(buf), get_order(sz)); +} + +static inline void *alloc_shared_pages(size_t sz) +{ + unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; + struct page *page; + int ret; + + page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); + if (!page) + return NULL; + + ret = set_memory_decrypted((unsigned long)page_address(page), npages); + if (ret) { + pr_err("failed to mark page shared, ret=%d\n", ret); + __free_pages(page, get_order(sz)); + return NULL; + } + + return page_address(page); +} + + #else /* !CONFIG_AMD_MEM_ENCRYPT */ #define snp_vmpl 0 @@ -449,6 +518,8 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } +static inline void free_shared_pages(void *buf, size_t sz) { } +static inline void *alloc_shared_pages(size_t sz) { return NULL; } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index d3c70604aba8..7cb7a7c41a3b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -25,6 +25,7 @@ #include #include #include +#include #include #include @@ -2605,3 +2606,396 @@ static int __init sev_sysfs_init(void) } arch_initcall(sev_sysfs_init); #endif // CONFIG_SYSFS + +/* Mutex to serialize the shared buffer access and command handling. */ +static DEFINE_MUTEX(snp_cmd_mutex); + +static inline u8 *get_vmpck(struct snp_guest_dev *snp_dev) +{ + return snp_dev->secrets->vmpck[snp_dev->vmpck_id]; +} + +static bool __maybe_unused assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) +{ + if (!(vmpck_id < VMPCK_MAX_NUM)) + return false; + + dev->vmpck_id = vmpck_id; + + return true; +} + +static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) +{ + char zero_key[VMPCK_KEY_LEN] = {0}; + u8 *key = get_vmpck(snp_dev); + + return !memcmp(key, zero_key, VMPCK_KEY_LEN); +} + +/* + * If an error is received from the host or AMD Secure Processor (ASP) there + * are two options. Either retry the exact same encrypted request or discontinue + * using the VMPCK. + * + * This is because in the current encryption scheme GHCB v2 uses AES-GCM to + * encrypt the requests. The IV for this scheme is the sequence number. GCM + * cannot tolerate IV reuse. + * + * The ASP FW v1.51 only increments the sequence numbers on a successful + * guest<->ASP back and forth and only accepts messages at its exact sequence + * number. + * + * So if the sequence number were to be reused the encryption scheme is + * vulnerable. If the sequence number were incremented for a fresh IV the ASP + * will reject the request. + */ +static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) +{ + u8 *key = get_vmpck(snp_dev); + + if (is_vmpck_empty(snp_dev)) + return; + + dev_alert(snp_dev->dev, "Disabling VMPCK%u communication key to prevent IV reuse.\n", + snp_dev->vmpck_id); + memzero_explicit(key, VMPCK_KEY_LEN); +} + +/* Return a non-zero on success */ +static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) +{ + u64 count; + + count = snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] + 1; + + /* + * The message sequence counter for the SNP guest request is a 64-bit + * value but the version 2 of GHCB specification defines a 32-bit storage + * for it. If the counter exceeds the 32-bit value then return zero. + * The caller should check the return value, but if the caller happens to + * not check the value and use it, then the firmware treats zero as an + * invalid number and will fail the message request. + */ + if (count >= UINT_MAX) { + dev_err(snp_dev->dev, "request message sequence counter overflow\n"); + return 0; + } + + return count; +} + +static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) +{ + /* + * The counter is also incremented by the PSP, so increment it by 2 + * and save in secrets page. + */ + snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] += 2; +} + +static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) +{ + struct aesgcm_ctx *ctx; + u8 *key; + + if (is_vmpck_empty(snp_dev)) { + pr_err("VM communication key VMPCK%u is invalid\n", snp_dev->vmpck_id); + return NULL; + } + + ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); + if (!ctx) + return NULL; + + key = get_vmpck(snp_dev); + if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { + pr_err("Crypto context initialization failed\n"); + kfree(ctx); + return NULL; + } + + return ctx; +} + +static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *req) +{ + struct snp_guest_msg *resp_msg = snp_dev->secret_response; + struct snp_guest_msg *req_msg = snp_dev->secret_request; + struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; + struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; + + pr_debug("response [seqno %lld type %d version %d sz %d]\n", + resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, + resp_msg_hdr->msg_sz); + + /* Copy response from shared memory to encrypted memory. */ + memcpy(resp_msg, snp_dev->response, SNP_GUEST_MSG_SIZE); + + /* Verify that the sequence counter is incremented by 1 */ + if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) + return -EBADMSG; + + /* Verify response message type and version number. */ + if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || + resp_msg_hdr->msg_version != req_msg_hdr->msg_version) + return -EBADMSG; + + /* + * If the message size is greater than our buffer length then return + * an error. + */ + if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > req->resp_sz)) + return -EBADMSG; + + /* Decrypt the payload */ + memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); + if (!aesgcm_decrypt(ctx, req->resp_buf, resp_msg->payload, resp_msg_hdr->msg_sz, + &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) + return -EBADMSG; + + return 0; +} + +static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) +{ + struct snp_guest_msg *msg = snp_dev->secret_request; + struct snp_guest_msg_hdr *hdr = &msg->hdr; + struct aesgcm_ctx *ctx = snp_dev->ctx; + u8 iv[GCM_AES_IV_SIZE] = {}; + + memset(msg, 0, SNP_GUEST_MSG_SIZE); + + hdr->algo = SNP_AEAD_AES_256_GCM; + hdr->hdr_version = MSG_HDR_VER; + hdr->hdr_sz = sizeof(*hdr); + hdr->msg_type = req->msg_type; + hdr->msg_version = req->msg_version; + hdr->msg_seqno = seqno; + hdr->msg_vmpck = req->vmpck_id; + hdr->msg_sz = req->req_sz; + + /* Verify the sequence number is non-zero */ + if (!hdr->msg_seqno) + return -ENOSR; + + pr_debug("request [seqno %lld type %d version %d sz %d]\n", + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); + + if (WARN_ON((req->req_sz + ctx->authsize) > SNP_GUEST_MSG_PAYLOAD_SIZE)) + return -EBADMSG; + + memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); + aesgcm_encrypt(ctx, msg->payload, req->req_buf, req->req_sz, &hdr->algo, + AAD_LEN, iv, hdr->authtag); + + return 0; +} + +static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) +{ + unsigned long req_start = jiffies; + unsigned int override_npages = 0; + u64 override_err = 0; + int rc; + +retry_request: + /* + * Call firmware to process the request. In this function the encrypted + * message enters shared memory with the host. So after this call the + * sequence number must be incremented or the VMPCK must be deleted to + * prevent reuse of the IV. + */ + rc = snp_issue_guest_request(req, &snp_dev->input, rio); + switch (rc) { + case -ENOSPC: + /* + * If the extended guest request fails due to having too + * small of a certificate data buffer, retry the same + * guest request without the extended data request in + * order to increment the sequence number and thus avoid + * IV reuse. + */ + override_npages = req->data_npages; + req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + /* + * Override the error to inform callers the given extended + * request buffer size was too small and give the caller the + * required buffer size. + */ + override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); + + /* + * If this call to the firmware succeeds, the sequence number can + * be incremented allowing for continued use of the VMPCK. If + * there is an error reflected in the return value, this value + * is checked further down and the result will be the deletion + * of the VMPCK and the error code being propagated back to the + * user as an ioctl() return code. + */ + goto retry_request; + + /* + * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been + * throttled. Retry in the driver to avoid returning and reusing the + * message sequence number on a different message. + */ + case -EAGAIN: + if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { + rc = -ETIMEDOUT; + break; + } + schedule_timeout_killable(SNP_REQ_RETRY_DELAY); + goto retry_request; + } + + /* + * Increment the message sequence number. There is no harm in doing + * this now because decryption uses the value stored in the response + * structure and any failure will wipe the VMPCK, preventing further + * use anyway. + */ + snp_inc_msg_seqno(snp_dev); + + if (override_err) { + rio->exitinfo2 = override_err; + + /* + * If an extended guest request was issued and the supplied certificate + * buffer was not large enough, a standard guest request was issued to + * prevent IV reuse. If the standard request was successful, return -EIO + * back to the caller as would have originally been returned. + */ + if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + rc = -EIO; + } + + if (override_npages) + req->data_npages = override_npages; + + return rc; +} + +static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev, + struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) +{ + u64 seqno; + int rc; + + guard(mutex)(&snp_cmd_mutex); + + /* Get message sequence and verify that its a non-zero */ + seqno = snp_get_msg_seqno(snp_dev); + if (!seqno) + return -EIO; + + /* Clear shared memory's response for the host to populate. */ + memset(snp_dev->response, 0, SNP_GUEST_MSG_SIZE); + + /* Encrypt the userspace provided payload in snp_dev->secret_request. */ + rc = enc_payload(snp_dev, seqno, req); + if (rc) + return rc; + + /* + * Write the fully encrypted request to the shared unencrypted + * request page. + */ + memcpy(snp_dev->request, snp_dev->secret_request, SNP_GUEST_MSG_SIZE); + + rc = __handle_guest_request(snp_dev, req, rio); + if (rc) { + if (rc == -EIO && + rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) + return rc; + + dev_alert(snp_dev->dev, + "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", + rc, rio->exitinfo2); + snp_disable_vmpck(snp_dev); + return rc; + } + + rc = verify_and_dec_payload(snp_dev, req); + if (rc) { + dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", + rc); + snp_disable_vmpck(snp_dev); + return rc; + } + + return 0; +} + +static int __maybe_unused snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) +{ + int ret = -ENOMEM; + + snp_dev->secrets = (__force void *)ioremap_encrypted(secrets_gpa, PAGE_SIZE); + if (!snp_dev->secrets) { + pr_err("Failed to map SNP secrets page.\n"); + return ret; + } + + /* Allocate secret request and response message for double buffering */ + snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_request) + goto e_unmap; + + snp_dev->secret_response = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); + if (!snp_dev->secret_response) + goto e_free_secret_req; + + /* Allocate the shared page used for the request and response message. */ + snp_dev->request = alloc_shared_pages(SNP_GUEST_MSG_SIZE); + if (!snp_dev->request) + goto e_free_secret_resp; + + snp_dev->response = alloc_shared_pages(SNP_GUEST_MSG_SIZE); + if (!snp_dev->response) + goto e_free_request; + + /* Initialize the input addresses for guest request */ + snp_dev->input.req_gpa = __pa(snp_dev->request); + snp_dev->input.resp_gpa = __pa(snp_dev->response); + + ret = -EIO; + snp_dev->ctx = snp_init_crypto(snp_dev); + if (!snp_dev->ctx) { + pr_err("SNP crypto context initialization failed\n"); + goto e_free_response; + } + + return 0; + +e_free_response: + free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); +e_free_request: + free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); +e_free_secret_resp: + kfree(snp_dev->secret_response); +e_free_secret_req: + kfree(snp_dev->secret_request); +e_unmap: + iounmap(snp_dev->secrets); + + return ret; +} + +static void __maybe_unused snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) +{ + if (!snp_dev) + return; + + kfree(snp_dev->ctx); + free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); + free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); + kfree(snp_dev->secret_response); + kfree(snp_dev->secret_request); + iounmap(snp_dev->secrets); +} diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index ec1ae5c3f4be..228bf0db93b3 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -31,36 +31,8 @@ #define DEVICE_NAME "sev-guest" -#define SNP_REQ_MAX_RETRY_DURATION (60*HZ) -#define SNP_REQ_RETRY_DELAY (2*HZ) - #define SVSM_MAX_RETRIES 3 -struct snp_guest_dev { - struct device *dev; - struct miscdevice misc; - - void *certs_data; - struct aesgcm_ctx *ctx; - /* request and response are in unencrypted memory */ - struct snp_guest_msg *request, *response; - - /* - * Avoid information leakage by double-buffering shared messages - * in fields that are in regular encrypted memory. - */ - struct snp_guest_msg *secret_request, *secret_response; - - struct snp_secrets_page *secrets; - struct snp_req_data input; - union { - struct snp_report_req report; - struct snp_derived_key_req derived_key; - struct snp_ext_report_req ext_report; - } req; - unsigned int vmpck_id; -}; - /* * The VMPCK ID represents the key used by the SNP guest to communicate with the * SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key @@ -72,81 +44,10 @@ static u32 vmpck_id = VMPCK_MAX_NUM; module_param(vmpck_id, uint, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); -/* Mutex to serialize the shared buffer access and command handling. */ -static DEFINE_MUTEX(snp_cmd_mutex); - -static inline u8 *get_vmpck(struct snp_guest_dev *snp_dev) -{ - return snp_dev->secrets->vmpck[snp_dev->vmpck_id]; -} - static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) { - char zero_key[VMPCK_KEY_LEN] = {0}; - u8 *key = get_vmpck(snp_dev); - - return !memcmp(key, zero_key, VMPCK_KEY_LEN); -} - -/* - * If an error is received from the host or AMD Secure Processor (ASP) there - * are two options. Either retry the exact same encrypted request or discontinue - * using the VMPCK. - * - * This is because in the current encryption scheme GHCB v2 uses AES-GCM to - * encrypt the requests. The IV for this scheme is the sequence number. GCM - * cannot tolerate IV reuse. - * - * The ASP FW v1.51 only increments the sequence numbers on a successful - * guest<->ASP back and forth and only accepts messages at its exact sequence - * number. - * - * So if the sequence number were to be reused the encryption scheme is - * vulnerable. If the sequence number were incremented for a fresh IV the ASP - * will reject the request. - */ -static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) -{ - u8 *key = get_vmpck(snp_dev); - - if (is_vmpck_empty(snp_dev)) - return; - - dev_alert(snp_dev->dev, "Disabling VMPCK%u communication key to prevent IV reuse.\n", - snp_dev->vmpck_id); - memzero_explicit(key, VMPCK_KEY_LEN); -} - -/* Return a non-zero on success */ -static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) -{ - u64 count; - - count = snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] + 1; - - /* - * The message sequence counter for the SNP guest request is a 64-bit - * value but the version 2 of GHCB specification defines a 32-bit storage - * for it. If the counter exceeds the 32-bit value then return zero. - * The caller should check the return value, but if the caller happens to - * not check the value and use it, then the firmware treats zero as an - * invalid number and will fail the message request. - */ - if (count >= UINT_MAX) { - dev_err(snp_dev->dev, "request message sequence counter overflow\n"); - return 0; - } - - return count; -} - -static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) -{ - /* - * The counter is also incremented by the PSP, so increment it by 2 - * and save in secrets page. - */ - snp_dev->secrets->os_area.msg_seqno[snp_dev->vmpck_id] += 2; + /* Place holder function to be removed after code movement */ + return true; } static inline struct snp_guest_dev *to_snp_dev(struct file *file) @@ -156,240 +57,11 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) -{ - struct aesgcm_ctx *ctx; - u8 *key; - - if (is_vmpck_empty(snp_dev)) { - pr_err("VM communication key VMPCK%u is invalid\n", snp_dev->vmpck_id); - return NULL; - } - - ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT); - if (!ctx) - return NULL; - - key = get_vmpck(snp_dev); - if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) { - pr_err("Crypto context initialization failed\n"); - kfree(ctx); - return NULL; - } - - return ctx; -} - -static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_req *req) -{ - struct snp_guest_msg *resp_msg = snp_dev->secret_response; - struct snp_guest_msg *req_msg = snp_dev->secret_request; - struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; - struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; - struct aesgcm_ctx *ctx = snp_dev->ctx; - u8 iv[GCM_AES_IV_SIZE] = {}; - - pr_debug("response [seqno %lld type %d version %d sz %d]\n", - resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, - resp_msg_hdr->msg_sz); - - /* Copy response from shared memory to encrypted memory. */ - memcpy(resp_msg, snp_dev->response, SNP_GUEST_MSG_SIZE); - - /* Verify that the sequence counter is incremented by 1 */ - if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) - return -EBADMSG; - - /* Verify response message type and version number. */ - if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || - resp_msg_hdr->msg_version != req_msg_hdr->msg_version) - return -EBADMSG; - - /* - * If the message size is greater than our buffer length then return - * an error. - */ - if (unlikely((resp_msg_hdr->msg_sz + ctx->authsize) > req->resp_sz)) - return -EBADMSG; - - /* Decrypt the payload */ - memcpy(iv, &resp_msg_hdr->msg_seqno, min(sizeof(iv), sizeof(resp_msg_hdr->msg_seqno))); - if (!aesgcm_decrypt(ctx, req->resp_buf, resp_msg->payload, resp_msg_hdr->msg_sz, - &resp_msg_hdr->algo, AAD_LEN, iv, resp_msg_hdr->authtag)) - return -EBADMSG; - - return 0; -} - -static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, struct snp_guest_req *req) -{ - struct snp_guest_msg *msg = snp_dev->secret_request; - struct snp_guest_msg_hdr *hdr = &msg->hdr; - struct aesgcm_ctx *ctx = snp_dev->ctx; - u8 iv[GCM_AES_IV_SIZE] = {}; - - memset(msg, 0, SNP_GUEST_MSG_SIZE); - - hdr->algo = SNP_AEAD_AES_256_GCM; - hdr->hdr_version = MSG_HDR_VER; - hdr->hdr_sz = sizeof(*hdr); - hdr->msg_type = req->msg_type; - hdr->msg_version = req->msg_version; - hdr->msg_seqno = seqno; - hdr->msg_vmpck = req->vmpck_id; - hdr->msg_sz = req->req_sz; - - /* Verify the sequence number is non-zero */ - if (!hdr->msg_seqno) - return -ENOSR; - - pr_debug("request [seqno %lld type %d version %d sz %d]\n", - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); - - if (WARN_ON((req->req_sz + ctx->authsize) > SNP_GUEST_MSG_PAYLOAD_SIZE)) - return -EBADMSG; - - memcpy(iv, &hdr->msg_seqno, min(sizeof(iv), sizeof(hdr->msg_seqno))); - aesgcm_encrypt(ctx, msg->payload, req->req_buf, req->req_sz, &hdr->algo, - AAD_LEN, iv, hdr->authtag); - - return 0; -} - -static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - unsigned long req_start = jiffies; - unsigned int override_npages = 0; - u64 override_err = 0; - int rc; - -retry_request: - /* - * Call firmware to process the request. In this function the encrypted - * message enters shared memory with the host. So after this call the - * sequence number must be incremented or the VMPCK must be deleted to - * prevent reuse of the IV. - */ - rc = snp_issue_guest_request(req, &snp_dev->input, rio); - switch (rc) { - case -ENOSPC: - /* - * If the extended guest request fails due to having too - * small of a certificate data buffer, retry the same - * guest request without the extended data request in - * order to increment the sequence number and thus avoid - * IV reuse. - */ - override_npages = req->data_npages; - req->exit_code = SVM_VMGEXIT_GUEST_REQUEST; - - /* - * Override the error to inform callers the given extended - * request buffer size was too small and give the caller the - * required buffer size. - */ - override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); - - /* - * If this call to the firmware succeeds, the sequence number can - * be incremented allowing for continued use of the VMPCK. If - * there is an error reflected in the return value, this value - * is checked further down and the result will be the deletion - * of the VMPCK and the error code being propagated back to the - * user as an ioctl() return code. - */ - goto retry_request; - - /* - * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been - * throttled. Retry in the driver to avoid returning and reusing the - * message sequence number on a different message. - */ - case -EAGAIN: - if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { - rc = -ETIMEDOUT; - break; - } - schedule_timeout_killable(SNP_REQ_RETRY_DELAY); - goto retry_request; - } - - /* - * Increment the message sequence number. There is no harm in doing - * this now because decryption uses the value stored in the response - * structure and any failure will wipe the VMPCK, preventing further - * use anyway. - */ - snp_inc_msg_seqno(snp_dev); - - if (override_err) { - rio->exitinfo2 = override_err; - - /* - * If an extended guest request was issued and the supplied certificate - * buffer was not large enough, a standard guest request was issued to - * prevent IV reuse. If the standard request was successful, return -EIO - * back to the caller as would have originally been returned. - */ - if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - rc = -EIO; - } - - if (override_npages) - req->data_npages = override_npages; - - return rc; -} - static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { - u64 seqno; - int rc; - - guard(mutex)(&snp_cmd_mutex); - - /* Get message sequence and verify that its a non-zero */ - seqno = snp_get_msg_seqno(snp_dev); - if (!seqno) - return -EIO; - - /* Clear shared memory's response for the host to populate. */ - memset(snp_dev->response, 0, SNP_GUEST_MSG_SIZE); - - /* Encrypt the userspace provided payload in snp_dev->secret_request. */ - rc = enc_payload(snp_dev, seqno, req); - if (rc) - return rc; - - /* - * Write the fully encrypted request to the shared unencrypted - * request page. - */ - memcpy(snp_dev->request, snp_dev->secret_request, SNP_GUEST_MSG_SIZE); - - rc = __handle_guest_request(snp_dev, req, rio); - if (rc) { - if (rc == -EIO && - rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) - return rc; - - dev_alert(snp_dev->dev, - "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", - rc, rio->exitinfo2); - snp_disable_vmpck(snp_dev); - return rc; - } - - rc = verify_and_dec_payload(snp_dev, req); - if (rc) { - dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); - snp_disable_vmpck(snp_dev); - return rc; - } - - return 0; + /* Place holder function to be removed after code movement */ + return -EIO; } struct snp_req_resp { @@ -628,43 +300,6 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long return ret; } -static void free_shared_pages(void *buf, size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - int ret; - - if (!buf) - return; - - ret = set_memory_encrypted((unsigned long)buf, npages); - if (ret) { - WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); - return; - } - - __free_pages(virt_to_page(buf), get_order(sz)); -} - -static void *alloc_shared_pages(size_t sz) -{ - unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; - struct page *page; - int ret; - - page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); - if (!page) - return NULL; - - ret = set_memory_decrypted((unsigned long)page_address(page), npages); - if (ret) { - pr_err("failed to mark page shared, ret=%d\n", ret); - __free_pages(page, get_order(sz)); - return NULL; - } - - return page_address(page); -} - static const struct file_operations snp_guest_fops = { .owner = THIS_MODULE, .unlocked_ioctl = snp_guest_ioctl, @@ -672,12 +307,8 @@ static const struct file_operations snp_guest_fops = { static bool assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) { - if (!(vmpck_id < VMPCK_MAX_NUM)) - return false; - - dev->vmpck_id = vmpck_id; - - return true; + /* Place holder function to be removed after code movement */ + return false; } struct snp_msg_report_resp_hdr { @@ -979,70 +610,14 @@ static void unregister_sev_tsm(void *data) static int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) { - int ret = -ENOMEM; - - snp_dev->secrets = (__force void *)ioremap_encrypted(secrets_gpa, PAGE_SIZE); - if (!snp_dev->secrets) { - pr_err("Failed to map SNP secrets page.\n"); - return ret; - } - - /* Allocate secret request and response message for double buffering */ - snp_dev->secret_request = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); - if (!snp_dev->secret_request) - goto e_unmap; - - snp_dev->secret_response = kzalloc(SNP_GUEST_MSG_SIZE, GFP_KERNEL); - if (!snp_dev->secret_response) - goto e_free_secret_req; - - /* Allocate the shared page used for the request and response message. */ - snp_dev->request = alloc_shared_pages(SNP_GUEST_MSG_SIZE); - if (!snp_dev->request) - goto e_free_secret_resp; - - snp_dev->response = alloc_shared_pages(SNP_GUEST_MSG_SIZE); - if (!snp_dev->response) - goto e_free_request; - - /* Initialize the input addresses for guest request */ - snp_dev->input.req_gpa = __pa(snp_dev->request); - snp_dev->input.resp_gpa = __pa(snp_dev->response); - - ret = -EIO; - snp_dev->ctx = snp_init_crypto(snp_dev); - if (!snp_dev->ctx) { - pr_err("SNP crypto context initialization failed\n"); - goto e_free_response; - } - + /* Place holder function to be removed after code movement */ return 0; - -e_free_response: - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); -e_free_request: - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); -e_free_secret_resp: - kfree(snp_dev->secret_response); -e_free_secret_req: - kfree(snp_dev->secret_request); -e_unmap: - iounmap(snp_dev->secrets); - - return ret; } static void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) { - if (!snp_dev) - return; - - kfree(snp_dev->ctx); - free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); - free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); - kfree(snp_dev->secret_response); - kfree(snp_dev->secret_request); - iounmap(snp_dev->secrets); + /* Place holder function to be removed after code movement */ + return; } static int __init sev_guest_probe(struct platform_device *pdev) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 1d7122a1883e..97814cccf0e8 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig @@ -1544,6 +1544,7 @@ config AMD_MEM_ENCRYPT select ARCH_HAS_CC_PLATFORM select X86_MEM_ENCRYPT select UNACCEPTED_MEMORY + select CRYPTO_LIB_AESGCM help Say yes to enable support for the encryption of system memory. This requires an AMD processor that supports Secure Memory diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig index 0b772bd921d8..a6405ab6c2c3 100644 --- a/drivers/virt/coco/sev-guest/Kconfig +++ b/drivers/virt/coco/sev-guest/Kconfig @@ -2,7 +2,6 @@ config SEV_GUEST tristate "AMD SEV Guest driver" default m depends on AMD_MEM_ENCRYPT - select CRYPTO_LIB_AESGCM select TSM_REPORTS help SEV-SNP firmware provides the guest a mechanism to communicate with From patchwork Fri Jun 21 12:38:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707550 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2044.outbound.protection.outlook.com [40.107.93.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3DF7016086C; Fri, 21 Jun 2024 12:40:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973609; cv=fail; b=ld+cagl8xn3E5oJwzKoGtJSmMxHtPWKQPhMOrCuGcS60i75Xdb2pa5dk2+gPGC0J8oyRWPNGSYrbD6QeNnrZMJnBVDb3GZ5/+7UcxYiUQn6+SIva50NmHfAg/l4UU3eA+zEImeQEkOvy1xiMN1o30t960U0U1uuvwtkjoys+gyo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973609; c=relaxed/simple; bh=+S1ZRh037uKA3kIyz4UW4kWlUwtxdTvSsPRw6RUq8kY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KdaFAf4Kh8ggGLdTXungHrkSVxCfu94AvrCW7uIKfum8i1zjTbxzDfn0QZLWVDQO62IqcNx404qfVrO20SJpLG1w37Q3tD1C/TM5+gDty94rcwXIvJwOlOcCirfKBLQw0/YaQoYvdy8B8+uuNKtI8SrK2Ed1pWKrsFEoGwAI2Jw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=4Shrpomx; arc=fail smtp.client-ip=40.107.93.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="4Shrpomx" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BA9tTnrYXcyQOUiajgXfucR+j8MMHEO2xTNgQ2MddIBj7/1BhyIjnIQfsM1ffERoc+TS3Srwb+u2LiZ0BUzhlDo1z6a1hJkBzTMtFIxrtW0XE4kt1ZflzopAeoUf8C3dqeWEgYlLCznMwXhC9jGvmSkCsEplmIIgPVaE6pnctxzA/13lpI52G05R60481QUximNA8M+YNnfGJH9MEXVVsYMZJ7aFgkJGIY4f7p6txcjakjPThkLmqzO6AqN02VWYVzblGU4xBm9FrTixEx4UF2XNcQoeM1JqGCRelsEjmYxJjvP/Dl6Zxw/PJoABMYv7iaq2d90ZZlD1HQEf6wcrNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=fBDcZ24P51HzcY53IOfwHgXuQ8Ah0mBb3qVBMTEudAI=; b=UoNYqGkms0nlSTu9acas95GPOz/izu0NUGLIykQI8r7NBnwJwRkgvTOSDpARvUtS3SRQrcfIYRAu6duPJLGUlvXeiYpiCE1MBlnrwxHVuGuBXEesAUYY0YsSN2lHJBpFFvRj9V+WSIja5iGCx3umssM5JnBxbaMIwvZR8gg7+0ro2j8RGpECGsJd9vkDwTqJY/gvtOY0xrNIxpL5D2Zwj8fOMsaDKetgJcbnS0klBACfXlWaQHgkqLqzQmVzbDZ3nakm+tJU+IqwwyR2cPIQ5vVERroQbTVSdhYu+gvNZN5xMoBhCZ7Od8LozBqBO4M3szM70i1lWfX7tK2wcpbcUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fBDcZ24P51HzcY53IOfwHgXuQ8Ah0mBb3qVBMTEudAI=; b=4ShrpomxwysQSjd9Ce0a9jcUqgkcjRAfGtDdlSWZ4UfVI+lIkGg9hoeN6m+XRbidz2xZfp1QE9bKKsAKloBvZUtX94UifmQWettaq9yhIeCtt7LkahIk2GKXOqGx0sEdMe0dlDNanRl5aoWsjvHjVU08JVrUyKK0lmt6hNFS3/c= Received: from SN6PR05CA0034.namprd05.prod.outlook.com (2603:10b6:805:de::47) by SA1PR12MB8945.namprd12.prod.outlook.com (2603:10b6:806:375::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.30; Fri, 21 Jun 2024 12:40:06 +0000 Received: from SN1PEPF00036F3E.namprd05.prod.outlook.com (2603:10b6:805:de:cafe::dd) by SN6PR05CA0034.outlook.office365.com (2603:10b6:805:de::47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:06 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F3E.mail.protection.outlook.com (10.167.248.22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:05 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:02 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 11/24] x86/sev: Replace dev_[err,alert] with pr_[err,alert] Date: Fri, 21 Jun 2024 18:08:50 +0530 Message-ID: <20240621123903.2411843-12-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F3E:EE_|SA1PR12MB8945:EE_ X-MS-Office365-Filtering-Correlation-Id: d17d9344-2494-408f-ce9e-08dc91ef475f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|7416011|376011|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: q903J1AnVMpcP308T4laATxp5dXg4qKQZdUaXtZKjdYPBy0zQ92+35WCaGpOgS9jiQkDkMu/2q5fBj59vuIOuSXS0dtQoq5NDs8moK8f3iBQZxTPoKpt5uqav6DdfPdBk2QiTL4K4mhTJUxffPnyOeIetZ7IFsS2TWRVfzApuoi/tn2JkrO78BVF5fieQwAL2h58XKqNbUzismbzVoYqvBCDnEDNdThK1gVv3mAsvkGGAgrxqKctc0DExBiuMhAXKgUOQRLM7zvYDoToYKOHqivOkspMGSTk+D8RUu2mPmHw42MHCU+ryQ+N+FP1q/pybJD2474GIarH+hu+sPNjDnzprxqr5BM3bSEeRhLEDbxPL82xOvRCeXPZfKawXXdVRjY4TDuRmj5jcS1ApK1AILrfaqfykq7ddSGQ5Iqbgl1G9SHNIVoJeIc91RsEw5W3H0+RWiY4w9VcCO3tvwJeWw15+SQD8v1Nr39QguykseU+qQeE3wJ7lV1zYeN7MdmDjrzut8yFuyZMZBG070YZ0fKuOClWZZMfnynsIB1WtSjjLpPhUr+rjOm3x1oZ/L+z+DuGCjtJYw8lRmcr1Vc/IV5Caod/1atYQwvcC9x3tDHUBKeE8bvooEj1npW4/LK8j34/y8iynQzplxwkBKsKMhC/IvTYola/+Vie0jbgsMlvMZxaPCx7JJGT329ZpfzcW9P5fWFRZFBA1AbfN6x82adIh6UIXznmxSomzirhMqog11SfLW1Iyqy7L+rZsgLsZYZAhNGzK+WtvZx1XXwA13/hmwZjTFLZXSCb/W+NxkMG0U+FuWjkuIcucS76rHHxXDPYY+aPhT0UxY2SoyCSuQhL2D0q5SFvtKcG+Br14cjN+MOlgQK+t7sWvjYCgdICw8CtYlZZsTCjLpU0nb56A7glDy/yzXoN0IKVJ6knUR2J5UB82ogGn1+UKnhtk1whNsWwTFUHVn07Da3Z21uw3sXIim/X6XQOPQ6ZQwBPcfqxgDM/7C6aIPd1EelRO8QRs5yLfaxXEI7j9YdepRY5VJiE2sdieRwmIqtKxCDb050SOW60I0XvqMHQ3/w7KLbjEQG0kIIvCCHxY4HDw/sjCccySOLZvyNW2UPTlcIKFYpaOC32N/Bgg7GnyGXSZPsWZMGZaSoVekfVRLXb1VSEeBk6NALUNYTblCzAMThXYSOi+ZAznwS/TWLI3Zr0HXEgZAlidDFLfNXPZY+LUQDaFiVdS+QaRb0RhNSg+XAnkqoFSX1/7hVb98h8e1cfGfgFKPymxt6LB9IAroycw+XQUek87Wk+5PztOJDkFpqFahlKnWZM1Wv0WFB5/p6oFf5Flv7c0iwEKTV3b/LKzQTNE9DehawycID7lqjF4YDp05pnon9nqTna/pgKimf0C8GkpZ/GHBecttI5H+aAOEkSbQ== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(7416011)(376011)(1800799021)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:05.9502 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: d17d9344-2494-408f-ce9e-08dc91ef475f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F3E.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8945 Replace the dev_err/alert with pr_err/alert after the sev-guest driver movement. No functional change. Signed-off-by: Nikunj A Dadhania --- arch/x86/coco/sev/core.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 7cb7a7c41a3b..0112e4c5dbcd 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2657,8 +2657,7 @@ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) if (is_vmpck_empty(snp_dev)) return; - dev_alert(snp_dev->dev, "Disabling VMPCK%u communication key to prevent IV reuse.\n", - snp_dev->vmpck_id); + pr_alert("Disabling VMPCK%u communication key to prevent IV reuse.\n", snp_dev->vmpck_id); memzero_explicit(key, VMPCK_KEY_LEN); } @@ -2678,7 +2677,7 @@ static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) * invalid number and will fail the message request. */ if (count >= UINT_MAX) { - dev_err(snp_dev->dev, "request message sequence counter overflow\n"); + pr_err("request message sequence counter overflow\n"); return 0; } @@ -2914,8 +2913,7 @@ static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev, rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) return rc; - dev_alert(snp_dev->dev, - "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", + pr_alert("Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", rc, rio->exitinfo2); snp_disable_vmpck(snp_dev); return rc; @@ -2923,8 +2921,7 @@ static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev, rc = verify_and_dec_payload(snp_dev, req); if (rc) { - dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", - rc); + pr_alert("Detected unexpected decode failure from ASP. rc: %d\n", rc); snp_disable_vmpck(snp_dev); return rc; } From patchwork Fri Jun 21 12:38:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707553 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2082.outbound.protection.outlook.com [40.107.236.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 779FD16B38E; Fri, 21 Jun 2024 12:40:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.236.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973622; cv=fail; b=ViEsfJ5xjPwYwXUYho8mnAWWTcfTsjlSfVSK2QLx1RXnh5OQMGiD8G6CoXKlnNOB7X6LOoPOryOrOid6hE95LFbe9zc9q2NjIKHsM0SPCTgzs8AcCe9aQfsCJAgIbsbTq9p7GFQG4uHiCpCagm6cQq/HlEcUdcCOrY/67ii9ayE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973622; c=relaxed/simple; bh=OYQ2uE7cNW/mD7SpEhLT7D66gKuqp4N4Dm0gIz2rHmo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Rzp/BQ0AV3OlA19z6vtWkQSB6B9OucQ4LNoucGMsHj6DPRcLyYiSrVlxRo67Pvc579nldLsAeSPrv6s5Cuh1xdFkSY3dA8DYmz7EdVdh8Gjo0a5Eb5LdSDj2k0RuNEiVFU3MmLid5LpvLpexHZRHSy9FxleJyAfCCYRieinnih0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=Vmt5jMGS; arc=fail smtp.client-ip=40.107.236.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="Vmt5jMGS" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MIYM7oRILS01GU+JXkx+6kHUCqys8oBA3FRJ+XEo0nzZkFyW1vNrl41P0FYbTb/PJSXwrhyV+yZ6LvezT/C/bJoTfnwvZdIHL/6vlDgEVr9+MamDqaNNHJ+jDsKWPl/Si5xyRPuRq+clxVEW6oxBW2XN5sbKUVJxrN7t4fDu4B58hRNjJtuyBskhuNflVzMD+A4hgHgZhEt8+vX0nCB79F+mGcRbLr1WbS/PqXqzYBjLPNAoq+qDaQWazkD1ybIJ47KaWLIbQsbQtE1lyc4In4d4nDldLGRGOmaYFRRBrvSIGtog2bdRGpB2mset4iLi8Hg5TmuYJJO6I0CQjBm2+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4SHxr8ZoV6qbqyWGn1heGZaHUZ8pFBQ8d/JPs4/x7QE=; b=SsYBfJ7NuVKLfGNWiltiDsh152tJ5ofZsBWkeM8hW0JHkF3HJuY4ZLHg/jrZ2l1QNsxnpb0u4oa3jtHJfpQYOXALRVHiRKbY2nF22InUXxk5bvfCCy/P7e4x3rnnsas88kBbUnnePEP19lCrkyLLV/WFv38s65FKzE1qaRm+LiIslvAe9dcg8usj7PLGWDzYulqgM0+H7Yh97CerEFUX/XaiZNS4I5Cj5461Jv6Zjg7Z0Yxw9BbViie714WoTWKxh8X6LYgzCwVydNdkUIBfni82DmG+0rvRvKgTB6rQHQ7QwJ/v7o6HpkM1NAePvUMo6Dib3OWDTIRlqU1leGMw2g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4SHxr8ZoV6qbqyWGn1heGZaHUZ8pFBQ8d/JPs4/x7QE=; b=Vmt5jMGS8aHdONfiVRRrYNF8Hz1QRKI+RdfXkaVsBY9ij1d/pN33HTabJQyO2SKoBzooZxRg4HMM5DSP+oMrHKAfeQU3HxMEVo7QWosJxNdzVP+dAeSeFKyNdERsDA1+26vMKISVWV8wfkJyElqHQdbdamMVHk7AGy0fizmprXI= Received: from PH7PR10CA0018.namprd10.prod.outlook.com (2603:10b6:510:23d::15) by CH3PR12MB7617.namprd12.prod.outlook.com (2603:10b6:610:140::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:40:13 +0000 Received: from SJ1PEPF00001CDE.namprd05.prod.outlook.com (2603:10b6:510:23d:cafe::fa) by PH7PR10CA0018.outlook.office365.com (2603:10b6:510:23d::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37 via Frontend Transport; Fri, 21 Jun 2024 12:40:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SJ1PEPF00001CDE.mail.protection.outlook.com (10.167.242.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:10 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:05 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 12/24] x86/sev: Make snp_issue_guest_request() static Date: Fri, 21 Jun 2024 18:08:51 +0530 Message-ID: <20240621123903.2411843-13-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SJ1PEPF00001CDE:EE_|CH3PR12MB7617:EE_ X-MS-Office365-Filtering-Correlation-Id: f999212f-444f-4be4-65b4-08dc91ef4a56 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|376011|1800799021|7416011|36860700010; X-Microsoft-Antispam-Message-Info: nNUemPlXBYpQqg9jOnbp2/0tTYLZSaKGVezKF61iGJdTct9parwigIVHOhggC5aVWx7jFEtPkEdVbEYxM6uMspxDdoXCvvhLTkB2faYXKA1O7b8IwLiP8wm5FKqU5101L1kollxZwu2NAZAMBaTDZcJoxUcige5h9r+p8Zda5Q/n/s5HXNof4fvBBszARIcfkT8bBEyCbKu6+kvCANyfm0v9Grs3LY/vl16X5z9N7j2MpXdfoI2zRbt8ER6NdpesGAVmyx2CuVRMPzlisFfPVgwTTPz1GIAwpoLmXDWSIfuzz1kHriMeZiPCe2Q66LecihiVe29bpbHFfLUyRFoeLvenqZSB/yshzjGL5L7W0qBVwYvRWAsB/Y6ZHMniO73BHVMmeW5IUydM5CYbJ3RPMSTRd3HpMJt6AUrPl/B/Pcq4LLhrx3uO8U7QiKfZiWogrOWtqT04mu8x0lWKwkNbeTxhQ3/EBoXELYcNFjPG65LiSqjDGLGXc60or/gndIqlWC9AkMb8whytULoCJDe4p6XGP1BQhp0RXJLIWiyMPjxu3V2C4rVu01dbD3y0oGIwmuxEwDVCILaHIwOMIYWEXNEx80fvX3evL+4Afu2ufIwXdQwPXAaOUcbaz7+vyjMT83+pir094Lvd4y6jhkGMZmegf0YvREqJAnMohKGi34fyuu9Rq163eEv+cFUZWY2J8tcH7b5M7cbRA8UEt3eW2vVGN0YdWfRdwqj/0dC8klM9pmCduC2O70HRdV+DdUIvhb1pQsTbvIBha5Vcf/smq1g4QNrbuM3VnhU1BvNSMtatvrCofi5qedGfYM1aq7RFpBhGuwqw5Yaz/Q+J67DXcNzx/YoDM4+4fgSU72fcmvxn2yvWCSfcbWOVhIHazsJJM0Vs28q6RyUfrw287Phq9bjdiGBQ2Fd3nkglCWbKjNFz/KtVq0idFeYkLObA0YM4+tSGhPfCYMzBDmLJ2YD5Tha/bbZTQftpl19zUkiGrx4Y9E8sTQFPCnqCei7+dGbCWQvO9c16EYoreGvK6ArFTU564SEMOxyz6BRP+jZF5IkEitHFqNsAAtMGlp0WSWqtylWbQAj/ZXqcMhrTHh0KTXPjEmCn3gkFFHAiDqbQL2SzQEV+LN/I3WwOtl3HFRCuf64JHvOinLk82yv0I91jzJ73LNoofvJFIy6qZvKFIbMkymuTi8LEJN7WfXH0dBF+3MAGxBbOuWZEYTDO6VhaCE8vXjJyxpO2HRcdg3TkjBEF9jhvQXdERiSf77XJcURSsokd/jjRuu1CdR2YCQhGsww+HcUuOkAi9emquAAZROzzJi6WEkbX3B0iNillSEqs1tO2Twwi/wX5h/ANrKv4IzhL3APypdjbd1Ked/JoFjNlGdHxqwbuH54si3EA8KXljwS56IEuqJo4ULJwgxODNg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(376011)(1800799021)(7416011)(36860700010);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:10.9373 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f999212f-444f-4be4-65b4-08dc91ef4a56 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SJ1PEPF00001CDE.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB7617 As there is no external caller for snp_issue_guest_request() anymore, make it static and drop the prototype from the header. No functional change. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/sev.h | 7 ------- arch/x86/coco/sev/core.c | 5 ++--- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f0e43ca5e424..f16dd1900206 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -435,8 +435,6 @@ void snp_set_wakeup_secondary_cpu(void); bool snp_init(struct boot_params *bp); void __noreturn snp_abort(void); void snp_dmi_setup(void); -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio); int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input); void snp_accept_memory(phys_addr_t start, phys_addr_t end); u64 snp_get_unsupported_features(u64 status); @@ -504,11 +502,6 @@ static inline void snp_set_wakeup_secondary_cpu(void) { } static inline bool snp_init(struct boot_params *bp) { return false; } static inline void snp_abort(void) { } static inline void snp_dmi_setup(void) { } -static inline int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio) -{ - return -ENOTTY; -} static inline int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, struct svsm_attest_call *input) { return -ENOTTY; diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 0112e4c5dbcd..5f5339eda4a9 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2442,8 +2442,8 @@ int snp_issue_svsm_attest_req(u64 call_id, struct svsm_call *call, } EXPORT_SYMBOL_GPL(snp_issue_svsm_attest_req); -int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, - struct snp_guest_request_ioctl *rio) +static int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *input, + struct snp_guest_request_ioctl *rio) { struct ghcb_state state; struct es_em_ctxt ctxt; @@ -2505,7 +2505,6 @@ int snp_issue_guest_request(struct snp_guest_req *req, struct snp_req_data *inpu return ret; } -EXPORT_SYMBOL_GPL(snp_issue_guest_request); static struct platform_device sev_guest_device = { .name = "sev-guest", From patchwork Fri Jun 21 12:38:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707551 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2086.outbound.protection.outlook.com [40.107.94.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BCCA16A927; Fri, 21 Jun 2024 12:40:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973618; cv=fail; b=oMQyOfN0wcO8S98Eafb+oza49QCi8pmTYM9k8Fx4i3Ck28UhlpHvxdfKEo9zYQluQgHvBLJFfBeBExlyOzlOO7+kU5Il0bxAF9womMg7m874YKnXwr/NZ97yhtIw4QFbq4wIW5EgYyuraCqnVjqMu0cBwGlcs/de0i71W/QixRI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973618; c=relaxed/simple; bh=hw2ypxsU/OlQ5hhLoV4eAWgO4O4WTs5u+bGflflLMiU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dFPxrz1N6/X5z4OG/n8n29+pOHdnaAKThVVefeXP8npgTEn/LmdpzxTHbO/KC9nlUFaOwxLaoKysBcuSOSQoKfXCFlo9kb7gaRjMsT+cnryHTEKJeKDNbo3U9LTdW0LDSVnj1ej+jsznAyg9X6+GdsK5uEOZ/bXuWJis/ciTUsQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=DY0KCh1d; arc=fail smtp.client-ip=40.107.94.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="DY0KCh1d" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UR+TiMmiyExvyYapPRF57lZiEn8ptT6u7b1ytpNiCKocr6o253GR2aZQqFNkiaMlH0+UijPGWoa3qJq4+SVuQVsrky3Yh+2K4Yy+bQd7GHIJgcW9apmhDCvWc+8NrW1MSIOxbs/SAWpAUP/e/72vVQjHLejoMItIXBfCcLoMxxSCnRouQ0NrFoP2M79aI0YOxDWb4O/U62HE9zVYogKfdyRlJktI05NKAjunm4pjed1U+e3PTVXxW39yT/GP0Lb0MnHYMeFmICXfEgh4Ojjj6lUUM0wIyZZEZcUdwo4kTm2+0ClC76dDoU7zmDp5fDicSAhwykxEFOXA83a610aJ4w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xTwQYQKrrnyJMvBHp5qT/wTb0qk42zn2W+TQxdpC3Lc=; b=muezCZQ9uMo9KXhZ3lZsCUe3a7f6/NzPI2b848Z8uAP3NV0rukz4oFRJsthDcZAYdRpqakVwab9rG010QkbZ6M6H3OT5LSqR1b+3SQmMHI4ssIOlfdOwY0VMcq9TdQvBiobfYitk2AWmYeCM3k6YGXc5s0dQ+XFp5vpinNguneIgrWAS9PLRxC/toMrsTOgbMxYW15ASFWEGUt6QGu0bdKsg1Mhyk4yyBtX8KdvB6LjVUcBNZ+XQbR2VzlQd0ZANkstKpRElElzTJZ5viahPt6KjsOMJ1PtU/YqPprE7dbgA4brn4gARtrZwLgwBiyCtlzm/0wqLNTdNRUqOOZ2XzA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xTwQYQKrrnyJMvBHp5qT/wTb0qk42zn2W+TQxdpC3Lc=; b=DY0KCh1dANpuFuw4/rJcA/bfJYt86MT+6eMFtjYHEVvE0joUMtBTsKqO8Qnm2DUjc4w3KW+NFZFR6K9fwP0Ggl67BZWw7bECExUg0opKQMFVGMqxdVqyp+AZ3F+TQHOy+FvhN+O0fZ/nkm4Kf2XDHWZRqyi/Q/3OxPVPjxJyCUQ= Received: from SN6PR05CA0026.namprd05.prod.outlook.com (2603:10b6:805:de::39) by SN7PR12MB7204.namprd12.prod.outlook.com (2603:10b6:806:2ab::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.22; Fri, 21 Jun 2024 12:40:14 +0000 Received: from SN1PEPF00036F40.namprd05.prod.outlook.com (2603:10b6:805:de:cafe::3b) by SN6PR05CA0026.outlook.office365.com (2603:10b6:805:de::39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.33 via Frontend Transport; Fri, 21 Jun 2024 12:40:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by SN1PEPF00036F40.mail.protection.outlook.com (10.167.248.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:14 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:09 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 13/24] x86/sev: Make sev-guest driver functional again Date: Fri, 21 Jun 2024 18:08:52 +0530 Message-ID: <20240621123903.2411843-14-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: SN1PEPF00036F40:EE_|SN7PR12MB7204:EE_ X-MS-Office365-Filtering-Correlation-Id: e4b6c551-b60d-4ab7-d2ba-08dc91ef4c36 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|376011|7416011|36860700010|82310400023|1800799021; X-Microsoft-Antispam-Message-Info: QTydMQbtMktRJi4mgcTobNUlfG4O1XXy/f0KZHLL++vJ7AbFEKpSdKsodUMaDAediq9JzfvrrvIfNjwcxw+ex7qlpfMxnfKynVfVIikNN+qTVFCob8IxLVgMdyrhBjlnFrjiHCdp46xN5DbretWo3zXRI4JcTz9+trZOfD4l6uD5wZwg6JTJ4y72eyYdFZ+zJgS//TCFNibSeTAFcRWeBj+9WM1owuIwSVfmfI13fyeQuKXh03ca6i/vc1TeJav4ECIwu9zs/UqzpTRhZeu+e06FiO7xVFSUwVimb8YbGpmH9w2/L38RBQxRNZAEMzHKaghCVwitMNvcWws/3Au8r/33ol41V9u0lFH8JJNf2jyGkzA92YvtPA2EZjIttbM261HCiOOaJDmmujipp1mF48j83xdsCsrh1u/dXj/DqhH0++rr8aXCpKItBtQv7NcjYxKgMe36vLRY7gNm9PKg1rE0J4HvzDKtBw/xgXQQhq9P+bfpmYFTqvGpW7zSI5ESloZT0gn8pI0UfRTV0RHa2Gxrs8aIIcTVYGXGOJ958Xic8cpIbM6sk1RvuTqUIiJ749KUeGv+MZnZIYmGbPCk3cl26gxvEYTteN00Bzlg3gXnbt98UjKfOiG5BBauysskLTXIyj7ATSmOd06jpNhuZqK/MOBL+4hO+wuxny+EavXBU2t/+yU3jjMLApCChKbzCccJa09KX3xIqQahV17NZ/oBFutnqo3mUEtor4WmV5aXkrUkiJ0Ot6ajR9DzPwvTNdpoZ24SnG7AjkmbnIsKulolM3c+hf5nUwGmLarcZKVXRJR/H6tO1UaPjANGcjdQwDqRnM6jXogYzv/HTRe4lmz5vyMG7jg4A05lo2PZU9Z0nMXkURhyc4GmjaMaQxToolclIdHw0a0tOLHGUHgXQYEw6tYiYUR3Eh9lyEcGPhVwe1bvDHhJgRW6zWed35BGLnlrdL0mNxsFFd5KH1c/3ebwok3/M46IVoJVS6LLDhUm4lr+fE8XZxHAlJ4XyYZyMhh5n3+h8il2b1DyivGbkaUo+EHztL/HcDVnxcMWjcnTcmZi4rbP8Efj5JNblXelFCEp9uQEKvHTjkVAei/LW3kwulZlIDP372pHiub1do6mi+OH7HL4fqyXJVR8S3pr+ZRzJmnlpObYrxgqbvQX0iSfiaLgGqxMCZvYR/e+cCeKgjF5PLonJRfdFL/hmKgGNNmo/QEIrZAbJ62QVOuGhSMcf6tM4YUZ04n2eWsdW6eGxMRyy/2Kv0NtO0T1tx/wqlVJkoqKGpTdOQOrwX8BESVpXyRxKIShIm4S3qK/MhZiRsfeGHPcxeM+saJmCn1mzzqeiLZoJujRuQKLwdKFdl6fx+fKIMoRnEHniyMhypNwPFqD5YIs5XFKGRWu0kx5K0gEpw8ySdPIZsYFXlcX8g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(376011)(7416011)(36860700010)(82310400023)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:14.0859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4b6c551-b60d-4ab7-d2ba-08dc91ef4c36 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: SN1PEPF00036F40.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7204 After the pure mechanical code movement of core SEV guest driver routines, SEV guest driver is not yet functional. Export SNP guest messaging APIs for the sev-guest driver. Drop the stubbed routines in sev-guest driver and use the newly exported APIs Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/sev.h | 14 ++++++++++ arch/x86/coco/sev/core.c | 23 +++++++++------ drivers/virt/coco/sev-guest/sev-guest.c | 37 ++----------------------- 3 files changed, 31 insertions(+), 43 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index f16dd1900206..cdd37ad9e4b8 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -441,6 +441,12 @@ u64 snp_get_unsupported_features(u64 status); u64 sev_get_status(void); void sev_show_status(void); void snp_update_svsm_ca(void); +bool snp_assign_vmpck(struct snp_guest_dev *snp_dev, unsigned int vmpck_id); +bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev); +int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa); +void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev); +int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio); static inline void free_shared_pages(void *buf, size_t sz) { @@ -511,6 +517,14 @@ static inline u64 snp_get_unsupported_features(u64 status) { return 0; } static inline u64 sev_get_status(void) { return 0; } static inline void sev_show_status(void) { } static inline void snp_update_svsm_ca(void) { } +static inline bool snp_assign_vmpck(struct snp_guest_dev *snp_dev, + unsigned int vmpck_id) { return false; } +static inline bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) { return true; } +static inline int +snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) { return -EINVAL; } +static inline void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) { } +static inline int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) { return -EINVAL; } static inline void free_shared_pages(void *buf, size_t sz) { } static inline void *alloc_shared_pages(size_t sz) { return NULL; } diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 5f5339eda4a9..9f0f8819529c 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2614,7 +2614,7 @@ static inline u8 *get_vmpck(struct snp_guest_dev *snp_dev) return snp_dev->secrets->vmpck[snp_dev->vmpck_id]; } -static bool __maybe_unused assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) +bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) { if (!(vmpck_id < VMPCK_MAX_NUM)) return false; @@ -2623,14 +2623,16 @@ static bool __maybe_unused assign_vmpck(struct snp_guest_dev *dev, unsigned int return true; } +EXPORT_SYMBOL_GPL(snp_assign_vmpck); -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) +bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) { char zero_key[VMPCK_KEY_LEN] = {0}; u8 *key = get_vmpck(snp_dev); return !memcmp(key, zero_key, VMPCK_KEY_LEN); } +EXPORT_SYMBOL_GPL(snp_is_vmpck_empty); /* * If an error is received from the host or AMD Secure Processor (ASP) there @@ -2653,7 +2655,7 @@ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) { u8 *key = get_vmpck(snp_dev); - if (is_vmpck_empty(snp_dev)) + if (snp_is_vmpck_empty(snp_dev)) return; pr_alert("Disabling VMPCK%u communication key to prevent IV reuse.\n", snp_dev->vmpck_id); @@ -2697,7 +2699,7 @@ static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev) struct aesgcm_ctx *ctx; u8 *key; - if (is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev)) { pr_err("VM communication key VMPCK%u is invalid\n", snp_dev->vmpck_id); return NULL; } @@ -2878,9 +2880,9 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_gues return rc; } -static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev, - struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) +int snp_send_guest_request(struct snp_guest_dev *snp_dev, + struct snp_guest_req *req, + struct snp_guest_request_ioctl *rio) { u64 seqno; int rc; @@ -2927,8 +2929,9 @@ static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev, return 0; } +EXPORT_SYMBOL_GPL(snp_send_guest_request); -static int __maybe_unused snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) +int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) { int ret = -ENOMEM; @@ -2982,8 +2985,9 @@ static int __maybe_unused snp_guest_messaging_init(struct snp_guest_dev *snp_dev return ret; } +EXPORT_SYMBOL_GPL(snp_guest_messaging_init); -static void __maybe_unused snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) +void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) { if (!snp_dev) return; @@ -2995,3 +2999,4 @@ static void __maybe_unused snp_guest_messaging_exit(struct snp_guest_dev *snp_de kfree(snp_dev->secret_request); iounmap(snp_dev->secrets); } +EXPORT_SYMBOL_GPL(snp_guest_messaging_exit); diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 228bf0db93b3..0631271e5b9c 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -44,12 +44,6 @@ static u32 vmpck_id = VMPCK_MAX_NUM; module_param(vmpck_id, uint, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) -{ - /* Place holder function to be removed after code movement */ - return true; -} - static inline struct snp_guest_dev *to_snp_dev(struct file *file) { struct miscdevice *dev = file->private_data; @@ -57,13 +51,6 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file) return container_of(dev, struct snp_guest_dev, misc); } -static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, - struct snp_guest_request_ioctl *rio) -{ - /* Place holder function to be removed after code movement */ - return -EIO; -} - struct snp_req_resp { sockptr_t req_data; sockptr_t resp_data; @@ -268,7 +255,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long return -EINVAL; /* Check if the VMPCK is not empty */ - if (is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); return -ENOTTY; } @@ -305,12 +292,6 @@ static const struct file_operations snp_guest_fops = { .unlocked_ioctl = snp_guest_ioctl, }; -static bool assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id) -{ - /* Place holder function to be removed after code movement */ - return false; -} - struct snp_msg_report_resp_hdr { u32 status; u32 report_size; @@ -484,7 +465,7 @@ static int sev_report_new(struct tsm_report *report, void *data) return -ENOMEM; /* Check if the VMPCK is not empty */ - if (is_vmpck_empty(snp_dev)) { + if (snp_is_vmpck_empty(snp_dev)) { dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); return -ENOTTY; } @@ -608,18 +589,6 @@ static void unregister_sev_tsm(void *data) tsm_unregister(&sev_tsm_ops); } -static int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) -{ - /* Place holder function to be removed after code movement */ - return 0; -} - -static void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) -{ - /* Place holder function to be removed after code movement */ - return; -} - static int __init sev_guest_probe(struct platform_device *pdev) { struct sev_guest_platform_data *data; @@ -645,7 +614,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) vmpck_id = snp_vmpl; ret = -EINVAL; - if (!assign_vmpck(snp_dev, vmpck_id)) { + if (!snp_assign_vmpck(snp_dev, vmpck_id)) { dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); return ret; } From patchwork Fri Jun 21 12:38:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707552 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2082.outbound.protection.outlook.com [40.107.96.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4C16D16A935; Fri, 21 Jun 2024 12:40:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.82 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973621; cv=fail; b=l3J/NbiXb9fczNheSDHmyVQhwKTg9GK/Il8eU6D4k/y5Gy41ak61LU+3Q64ph0EQZnzY1gDmrCdvtrn720//jwa3LXwP3/Fi28/FlfmtOQz2l11MlZsaBExsYgHqUyIb2DZIW6MPu/IFAJ5Y/uqhwntjvqzAW2Iif031GHPW4Ts= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973621; c=relaxed/simple; bh=5qSYz184dG55AgMt1KcS/YHhgJrEhgfTvgTTCjahzBo=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WcnqHlzc1Uq5Ei444yH8j86+Thyz+jMEBhdX09chsKm8lg7SwvKVZj9955kACg/xSFD7M0GPewf3HqlRp5Hx2SrIPnTvkImGseBW5xIUrkae9EdTHu9+kTMQgH5gk8/lc4my0uNa0lwEI6pG5ZA182Po0WyHC2pYOr5TTSjWjQk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=VEfNt6xW; arc=fail smtp.client-ip=40.107.96.82 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="VEfNt6xW" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LdPUzQahDpcPddO636tIKV7/BLNMcplVQ/4CkgPOQwaqrwadYAw9LEw6qIXQGXFQ8SDsWiBQqjnq7GLN0Acwhb3ncZG+otaXUkPpKokAHJM+Jrk5WuVQzzTNCaTDPSEky1YxWm1ndwJ5mHveR+PUbyuNa16DoQGtg6xls0VQzB5/zQ0avd6dTjchf++KgaXEjF4owZqcvZoweVU9fOja89B92lqDVOeHdyst1p/fBZStOfqTz84r+tMhWJktB94+yTFDpyWCU3VUvxfhGXWzycfyeakcQoWRNthsTUUtK/QiKm2ofkpPA5XC4WZH9C2BGuZei9ASNvLPD+MVmKzc+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=dcHu6ihXJZRoVgQf2gK8G/BljboPy4aUZTH6uo1HfZM=; b=invZeENaF8dpL9EFeH6ZAPWmuUXr4nlO7EvchGQXKHajvDyBIV/JCjRQUrq/cXnG3hAQj/aa/7OwcUTz99bcgrPhP5offb7mIhXS7WaNIfMt0D9d8lwUlEHgtpl9521QXNRtqIXYCtRNgVbRR3Eu8w0chqUlxkLert+Cy5MfuvwqCoyXmJBcWmzRImsbgezEZ1znzLDMayhFlkSD894ueLfAgq4/llLLZHp+LGU8b6ykAYq/GhVHiBj24EpB1QZoclrXC7/tK70wLEHTzK2yyTTYiFhS+NDUEBbNe8CSuZ10Qj3D2SF153dEXbFC8D0PVY7052xfAYJ6Nr+ffKUz3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=dcHu6ihXJZRoVgQf2gK8G/BljboPy4aUZTH6uo1HfZM=; b=VEfNt6xWyY0FfGLdnuPAd7Bx0Pkx0phG6x/kGSWhN4o5Kcprs96658ydKfJnOfLc0K4pfIqu/oBSqz0N5MViHmTJ/iNJOdD5k/ee6BjcZUGXa7XYd4fnHqHBcasjyTPPuipo9cVgNaEhrPSIAT2ivYqUnHGtXMwc9Vgs153CzyY= Received: from DS7PR03CA0247.namprd03.prod.outlook.com (2603:10b6:5:3b3::12) by SN7PR12MB7023.namprd12.prod.outlook.com (2603:10b6:806:260::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:40:17 +0000 Received: from DS3PEPF0000C37A.namprd04.prod.outlook.com (2603:10b6:5:3b3:cafe::9f) by DS7PR03CA0247.outlook.office365.com (2603:10b6:5:3b3::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37 via Frontend Transport; Fri, 21 Jun 2024 12:40:17 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37A.mail.protection.outlook.com (10.167.23.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:17 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:12 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 14/24] x86/sev: Handle failures from snp_init() Date: Fri, 21 Jun 2024 18:08:53 +0530 Message-ID: <20240621123903.2411843-15-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37A:EE_|SN7PR12MB7023:EE_ X-MS-Office365-Filtering-Correlation-Id: f473bb25-8436-4f3b-580c-08dc91ef4df8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|82310400023|1800799021|376011|7416011; X-Microsoft-Antispam-Message-Info: IyjVJIe0Z09bOmmANyYiMt810ca0XSHkbcsiKGPxP7iwG30ZFWLVIkHShLaE+MPsd0nP2zab2WEax56CdtDEzoQxLw/5TDwki4TD5XOjCBVM5wNP/+4Xe8X/LokRKvq2rUmxgS3rMBchC6e4nqb/5kPmgUH4ciZ6Hkk1SmInb94AFfcub1vVQCVZE5qGuSTPZDwT4ogcPqZOefeNH32cQVQvSLMu1z6EnSXdRtXqKsxkRQoH0jxajpB2NJTbLKVVOr0Qh2ELyYGCcT5dxc1RAfuU3JjK+8kROZuyIXMeBeAQHWnn3abgWSUKddy/ivXGr4Dy3da4UrfdXVSD8YoJm4EUGwhkqPUMrRVtVV8slNNhdMKvHdqOka0O+4l2WTb6YhOEisbI3EHc++vAspkC1FmivO1w1tb4txuXuuKBw3acs1Pejlh9s5JI7UuJEAMMjm1fv/F+d6U2fmhe9ZFqEeSTMsf2HUUbV2n+9lith9PlIDouFodxQplhzii9IhJXjjx5y45OHCRfVKkrwy3TYlnZfrT8U5DECAIC6W8h0STHfVqP0VNDZnvGSiqVx5Xa9fjts0xCyjwGF99K56uPYo8p8XT/x8wDZpEMAkaCOkK/FrD4HNRa/Os8GnekM8Ib/dUQV/NHOEp71GQrVVatGNVriWKmTcnTPYLHmv3ue6fhkCxa3PZgBY16ewlALfKN49Wy8IS0M/GL9BHSHa59uRt4R+OFdJBo0h33OkL0HgQ5qNmpLiTRjdrTTCUPJOkJ+VuMtLZGoYFY911cbINsj6ghEb4elwwqUVi8oJSh2zVGN7PU6FH5zsgxt9cvC2ZmqyKexFe0ibiwvyrGT/Wf7aJ1eReC63WBoYAc1A09+my0gIID219kQx3IW4Caz2QFZpYTymdbs2CBoo9S6ruo3+sXR0vWTBv5T/sqdfRE3+z2NKIN0FTmRYMVyACEhJ+JcZefZfiBMHooU+mzbMBH5E9P5/gD1tjKaTwuQKEeeBe5FxE0xoVRDkfR+tjVs21fUDfEtMMbXMP/c1MbKGnBJFz8SkdWwW1rFOmk8u/CG5q7sUDW/5dYPCM9puMDaGM6VkRB0Z8W9lFMOKmA43pg8Vup3+uG6UytRpxK4xerSBH5hPuGmpUPbIo9PVzWNwEjGofLvPNRMuBvjiKNdrpj/Led8qEG2c5+5hn8R/psMug3PavDyXtCXNXPW5klqmNOd3+XAOaCcBaQH9GjMHEZ6shZy9KUF+RMe+KEhGkEBbB1pea9z5I4HPThJ1nRsTruzFvMVx9+MSb2xZcFqbzx4bLjHo7/4CHW7vJHS+aAyPHjSkEH7bYOIDyPwgyPqQLUO3FZZfOuQlbk8jY5d5WmAhsvxCZWkCOXBmxPHgwgs0akjEG0Y+BJvbq1+RBBY2NTfBXtHbTQig6jGNmOdKFkRg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(82310400023)(1800799021)(376011)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:17.0006 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: f473bb25-8436-4f3b-580c-08dc91ef4df8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR12MB7023 Failures from the snp_init() are currently being ignored by sme_enable(). Add missing error handling for cases where snp_init() fails to retrieve SEV-SNP CC blob or encounters issues while parsing CC blob. SNP guests will error out early with this change. Signed-off-by: Nikunj A Dadhania --- arch/x86/mm/mem_encrypt_identity.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c index ac33b2263a43..e83b363c5e68 100644 --- a/arch/x86/mm/mem_encrypt_identity.c +++ b/arch/x86/mm/mem_encrypt_identity.c @@ -535,6 +535,13 @@ void __head sme_enable(struct boot_params *bp) if (snp && !(msr & MSR_AMD64_SEV_SNP_ENABLED)) snp_abort(); + /* + * The SEV-SNP CC blob should be present and parsing CC blob should + * succeed when SEV-SNP is enabled. + */ + if (!snp && (msr & MSR_AMD64_SEV_SNP_ENABLED)) + snp_abort(); + /* Check if memory encryption is enabled */ if (feature_mask == AMD_SME_BIT) { if (!(bp->hdr.xloadflags & XLF_MEM_ENCRYPTION)) From patchwork Fri Jun 21 12:38:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707554 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2064.outbound.protection.outlook.com [40.107.94.64]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E44B6174EE5; Fri, 21 Jun 2024 12:40:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.64 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973627; cv=fail; b=GMfGUlGm515Fgp/qSzjzm1zEqMK9hBQiC4v9FloGy8tPxrHiZeG/dwOmQI3W7wV8J4xyG6vjBpmVH/oX8X2yy7IL5clf/RnvdIGs0eqCworDYQgBXNqzyNM2qJLA141LJC6nYi5Sxsf/yFpT1+rwPHACjWS9qxXOVcK4/348Ius= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973627; c=relaxed/simple; bh=Xva9JtNOoPlPm1swPjvGG686jz79Qn7himgY2KNr2VA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=dYOLfodG0NyjtXhl6P0fwIuFQK4HfIqQUnbKsYaSOrq0d+G8avXqK+QDSKjXhJXi2R8EIPncqoA9VI9bRRjhEB++o2WDY3YexFvNoydgk2YsKefywBRrQ+NqAmN+4NUj4CEmyMyVAl4wVirJE7zKz4ts6Q5pSi05HqBOkQZiXOI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=uzjO2rDj; arc=fail smtp.client-ip=40.107.94.64 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="uzjO2rDj" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gZVmgOyhZ7v6sdNOJLd1AHpvFVY1wD6iAjKsRflgy+64POGg7tLtIdcTCqE8QAI3zpQLm7YUvvhuDhX70fB/z2dbF26zvlsa3o9+R0t342VwQ6yS55rVSynij9dVDDR2bXxe+hkbGXrfEKy5XDOTnMcMTmzFdrvjSTwSSJxzP3aKOYIAaQxyLzTtfdgo3Mbm9zKZJ41P+RdeyCfueyHhyfkcCPKdWkvrckOi87PwcgFcHLEn5Ah3TOV0LVRB9NUoxGN/LKMaZUa/TitwlLwsQWMCHYKHngDHSHupP/FpxZ1gTLCoOKeUCUM9j42SiQRB3+J8Z2RtNen2EcV5r1m3WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=85o/aoww35R2jPaxPqeDU6ARsndbVylbytpwJvTn5+Q=; b=VVwwboXLUdo6YcrbZC3Rn1E2SRsHt4eHaAcZ0LUwfSupQ3Vx5OJ3eEqFmeAC5t/69zR3szKPApYDuGM4Vh/hsEQw/UtczBCXjKQOggl0+hl4cAu/2wxSnuqDlUmvCU03Ha3a1gn00V4gHc4/34fF1J09baBk59Vc+g0dkzhV6EoGkf3/bz58E2PFBVgj5B/1COY/b00Y9ZHUWzP9NVIppwvuzvzPB6C3pfsNbwsf58Hlo6p4xrg9ioZMahom96+pPmv38lrTzxNrvFMDzh7b0yEyJ4a9BR2Jvc8n79MwRAoZ6fV/NxXNMPd6+zc1O9JmSTaw3flfsdLi7VEYKXMo0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=temperror action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=85o/aoww35R2jPaxPqeDU6ARsndbVylbytpwJvTn5+Q=; b=uzjO2rDjHn3WEgcFokDcuEHXVNWQHLQGBCkAIGVH+H/3ZiCwY4ywozrro+6Bo3qjI4KzE9G4rTdLASPbMOn5s6N1xYval9XCdl8wVRsPTi7DbD332VUYBb7NX4aHqDR0uaxxY1BUxBvtwkuABKp/QB+JCpkXXO6Xjwc3KpIZ4nY= Received: from DM5PR07CA0065.namprd07.prod.outlook.com (2603:10b6:4:ad::30) by IA0PR12MB8325.namprd12.prod.outlook.com (2603:10b6:208:407::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.21; Fri, 21 Jun 2024 12:40:22 +0000 Received: from DS3PEPF0000C380.namprd04.prod.outlook.com (2603:10b6:4:ad:cafe::65) by DM5PR07CA0065.outlook.office365.com (2603:10b6:4:ad::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:22 +0000 X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=temperror action=none header.from=amd.com; Received-SPF: TempError (protection.outlook.com: error in processing during lookup of amd.com: DNS Timeout) Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C380.mail.protection.outlook.com (10.167.23.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:20 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:16 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 15/24] x86/sev: Cache the secrets page address Date: Fri, 21 Jun 2024 18:08:54 +0530 Message-ID: <20240621123903.2411843-16-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C380:EE_|IA0PR12MB8325:EE_ X-MS-Office365-Filtering-Correlation-Id: 7a2dd43e-4fd6-4e47-410e-08dc91ef5052 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|7416011|36860700010|376011|1800799021; X-Microsoft-Antispam-Message-Info: U6bcXSoLMtRYuiJAqoT+Zq2j0oaSg42F6aaQljF6jI0y1SMnScsYw+iqTnqa2ceUk0NwLtb3Y44AlWecxVC3zMJ1ogHShYbbb/iyyF3rrWE812CgjpBBWbFM3HqHkHw95wtVLvMcQwNRyloT6tNHLFtJjpRI4rGpIBARUpEpRD9HBGrvflUIMauZ5rknLSGgWUPXVsTDoEenuGpNVRlXQ5tU+YuVV5sGF9Zoh4t60QJ/9thVGmKg2CP5mHnh0JGFwiiaO0q7B1rOAfRgHYgQdTeR9zjREXCIPAQlAONpIhe67YnprdFLiHzRX+MlA99Ir00DeV9BThR+A3/GZEXsj+miMDHltRId16Pbff8IZHz//6pi/b5138IBDzhbhgD20E3CMi72rEhBE7qaYj90cqGEVL1NqOdbdd9HtDVuUpMQIWGli2yMPw5+3+lUaIyiuqIA21Q2usIjIxa9ubOZbum/DeqVVIupaFZmZzoA+4U5qaiLa58E0fiu/9HVUPoernEiHQNJOhnf7t/Z4N65lZ/U8/fmg/Y2KJ/DDRpqbcqtpsvBBygv+eSTcuAgivDXWjGRRYiOoUEwT4wz10UUbSe+RS4W7EU+yZ/V+dvBD9T7Z/hX+gbIIRzFyxQO1s3BBNshNVFhFDVgh8lBBZdM0f4CQo/o4qJhIVcF4Uyl9mNyZPyCXgvEyOXBBaMk0+gacgQ+XB+NsXevC9Mh/lSYuBd4v9339qVIR5EcBbLyVCe0YCIBDroh9tqINSEccfzacloPYZUwjqGJkiFMtDTJV0ZpqHaMuacu6SRhbxbTRsWbro3HeWdV+uJ0GL7/Zg07hAOSQtFUfVwLvXD2R5ewaMRV1o0R5gp8mIyJ2qZYx5ua202GlW+8oQGKIraknkHQgtBs12oqF678UADBqVh5+nGmzJodkub1wSTt2X5Ql4jBw4xIua4Kpj8pVLsIzNUJDd4cXMrwGZtThx+//dmRZ2fS1yVpmkWaRNgCaAms/RJXhr+7ag/lijRcl4ofWUpCwtgngVx1Njbs2YU8ahMdHpJlgPPBx1v4UpxgIUf+63DlISSz6K2lo88SAReS9t8944uH0QrifJxoLgreLG5T5iux1OrR32WaEeZQYdLtgYYi6GLfK9otWMAupjT4W0A2m78HvRlLUk+lRaBLJ2G+qWi/b+rJJbmmL6luz/2lg4Iy/oY1yvs01AmFGGW7jJMfjcma1wEFcCsLc6wuijE1y1ivmNJCDXlf9T5iV2+RNVz0M0D7sleRtO5I/t0NmpcfFXpKG7AZqfgdYgQa1I0lf7q5U2gUACdrdvRCytUicz7UxSR4BwJt+nRhl+8iqIRZdvclsLgBcOVUEgGaD6/qa1TxdaADxkZ//dTUWcLOVkFEdzEXBxptY0OevbBSJVIuVo7ECPoCniCIeirVSicA9w== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(7416011)(36860700010)(376011)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:20.9453 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7a2dd43e-4fd6-4e47-410e-08dc91ef5052 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C380.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB8325 Instead of calling get_secrets_page() that parses the CC blob every time for getting the secrets page physical address(secrets_pa), save the secrets page physical address during snp_init() from the CC blob. Now that there are no users of get_secrets_page() drop the function. Signed-off-by: Nikunj A Dadhania --- arch/x86/coco/sev/core.c | 51 +++++++++------------------------------- 1 file changed, 11 insertions(+), 40 deletions(-) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 9f0f8819529c..8bf573d44b0c 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -93,6 +93,9 @@ static struct ghcb *boot_ghcb __section(".data"); /* Bitmap of SEV features supported by the hypervisor */ static u64 sev_hv_features __ro_after_init; +/* Secrets page physical address from the CC blob */ +static u64 secrets_pa __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -723,45 +726,13 @@ void noinstr __sev_es_nmi_complete(void) __sev_put_ghcb(&state); } -static u64 __init get_secrets_page(void) -{ - u64 pa_data = boot_params.cc_blob_address; - struct cc_blob_sev_info info; - void *map; - - /* - * The CC blob contains the address of the secrets page, check if the - * blob is present. - */ - if (!pa_data) - return 0; - - map = early_memremap(pa_data, sizeof(info)); - if (!map) { - pr_err("Unable to locate SNP secrets page: failed to map the Confidential Computing blob.\n"); - return 0; - } - memcpy(&info, map, sizeof(info)); - early_memunmap(map, sizeof(info)); - - /* smoke-test the secrets page passed */ - if (!info.secrets_phys || info.secrets_len != PAGE_SIZE) - return 0; - - return info.secrets_phys; -} - static u64 __init get_snp_jump_table_addr(void) { struct snp_secrets_page *secrets; void __iomem *mem; - u64 pa, addr; - - pa = get_secrets_page(); - if (!pa) - return 0; + u64 addr; - mem = ioremap_encrypted(pa, PAGE_SIZE); + mem = ioremap_encrypted(secrets_pa, PAGE_SIZE); if (!mem) { pr_err("Unable to locate AP jump table address: failed to map the SNP secrets page.\n"); return 0; @@ -2301,6 +2272,11 @@ bool __head snp_init(struct boot_params *bp) if (!cc_info) return false; + if (cc_info->secrets_phys && cc_info->secrets_len == PAGE_SIZE) + secrets_pa = cc_info->secrets_phys; + else + return false; + setup_cpuid_table(cc_info); svsm_setup(cc_info); @@ -2514,16 +2490,11 @@ static struct platform_device sev_guest_device = { static int __init snp_init_platform_device(void) { struct sev_guest_platform_data data; - u64 gpa; if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - gpa = get_secrets_page(); - if (!gpa) - return -ENODEV; - - data.secrets_gpa = gpa; + data.secrets_gpa = secrets_pa; if (platform_device_add_data(&sev_guest_device, &data, sizeof(data))) return -ENODEV; From patchwork Fri Jun 21 12:38:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707555 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2054.outbound.protection.outlook.com [40.107.92.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 37BC5174EC5; Fri, 21 Jun 2024 12:40:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.54 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973629; cv=fail; b=R30S7XGzM/Ra7Ud+rNhL1CxV6AIuF9nJEJLbR6OpgS/tGzd9IVlFdEqwVz8ST+ANzqZfwsCUQhkwpwca1XkNailjj6Viv2O20embEucbpKJdE3wa+xRVDdJvam9wJrD0k86mmTum79ino6lA5uJsjL0jfkAksgMoo4l4aKx6wjo= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973629; c=relaxed/simple; bh=1+3213QQ769gxx+1IShr/BrI9pCNudrk1GvzhlEViEg=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=K4ketJJCNrxCBLQovNc+6kIHHNFKHlUKZOSrI/zBy1qq8PYHh0acGRr0/8hq+jBc5HqqQR5OvU+nt/FDZ1G1izGLExuK2JQQrzU/NfaCnoOUT2zK5yMWwmsQuwvSTDT9IHqoxCCxn5UdMMD+Q+OWKhZSx3Uhf9xRNy5aLNI1iFE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=HUeYX3+d; arc=fail smtp.client-ip=40.107.92.54 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="HUeYX3+d" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mWIYmCsyNuKnVRy6xOrnbeeWR0z84fOqOsdwpFBIA35nW8zQUMrKi2R8nHXlJ4qYt6Fj1I6SWXE4nHg4dwiHPAUnEfiwrlmjYH/bLVre0Sz5aPNqTxD9WuE0067Y6jDxn0TXtQ93MXxmXHw8goxi+bumOFwV6nMoOgzDfx+glZrw1mWGzYyt2/ran4h0B2oBhQWp5qSnIQfajBABGiyYU89HkCRTiLZUbHSUFS/ORSn6HWZl9IplvwHUxuCExblAOuE6rCzciWOlp9VtZ8aePwezFvY9RMnrs8EH7AkmpbiMcTGIfVIXJX/zfgjej9JWDB2tgVNdGmyY/yWNm+X6cA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YcD3QQjTZ665rMp9/oJhPT+mMUI2guKQwU1ndHc7nMg=; b=WKhmh43ocu9X3chbXBBXIU+k0K5f1h8K+g4G/g2yhITKQLR4Bm02m1iTwX+2LulCaW3CGGp5fjw/bTaD+pqs/VGJxegd53vU5X9/ZzzXnSgVNMz4xlD+dHFoQqabpzB95yX8DvI4drlUTffIDdAGJJ0kIzYnCOE6MUC2lAndToN7tSuxYYAZw8eyBR1xK2MChRnFeB1bfFmrDGW8oxGlrUxiHZeTEk496ULbKKhNkSOiDsa2cl1QS4tlaAEWA6PDUpR//Unto682DV5dz3ownrXOywfCq76TZ8s2IOJvNLr+p6kzr3B/AyvbZM/D6xnO0G5Z1n7HUYOuSQdsIuBCsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YcD3QQjTZ665rMp9/oJhPT+mMUI2guKQwU1ndHc7nMg=; b=HUeYX3+d6ggcXiF88vFsFQKl23YtpD8+3ctYAGnMpTLUPfZBSA+1vS3aHNTshk0/rMcduAQoxX/tYrAZ0mw9MrDW3BkhZvu/HAezqsVniBUGzF8g9UzaAIxyeJFRjuybTBM0RidDWEQGC6zMQZ7lq8s3wOb2KEAA1DzSxibtqKE= Received: from DM5PR07CA0078.namprd07.prod.outlook.com (2603:10b6:4:ad::43) by MW4PR12MB7440.namprd12.prod.outlook.com (2603:10b6:303:223::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37; Fri, 21 Jun 2024 12:40:24 +0000 Received: from DS3PEPF0000C380.namprd04.prod.outlook.com (2603:10b6:4:ad:cafe::ca) by DM5PR07CA0078.outlook.office365.com (2603:10b6:4:ad::43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37 via Frontend Transport; Fri, 21 Jun 2024 12:40:24 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C380.mail.protection.outlook.com (10.167.23.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:24 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:20 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 16/24] x86/sev: Drop sev_guest_platform_data structure Date: Fri, 21 Jun 2024 18:08:55 +0530 Message-ID: <20240621123903.2411843-17-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C380:EE_|MW4PR12MB7440:EE_ X-MS-Office365-Filtering-Correlation-Id: 1cdc0265-6296-4661-c4f6-08dc91ef527d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|376011|82310400023|7416011|1800799021; X-Microsoft-Antispam-Message-Info: FNGHpjD6q+TyigrnIqY1dwGKsaCN12jlhac3MQKBD1+jK5v+HlyplrG/ejtprPrB8hbtD4fPLmK+MJYZMXI0z6eGmkcw1QLQg7Xwa2kg3rjHfqvqlZaDesBS/diCkPpezuCwGvyTfw5bHWRrarZFBINpmeUNJH6yBdQ8fE3MeJGUIQJEPCCDabxuH0nbBvSuA5yKbBW9yvAt6hn1EA8nRZbXiUjueH26gLhNbIddCecMQerL7riCptEm0h1/dr604rE6uwz8cWqEwj6b/u6Pw/aAq1XnuA7sgvQiCc+FzOrd5zRApZZqVXPWm7hU7/VFHOQ1hUN/OcFiU8SLNDlgD0+bAAF+f57Q1P8t3Vf8KNm1JkeKZiVma0m9ksr0n+dKzZ2O+Zv0gkUexLkUFQSYSuEmaDDnfDF6P/4xC7OMcJ6UF9ey1HvdY7J38nRRND0vhL8oU95UUfwjJ/J0NLshS+oYqD1NTmOYhJpazYGkpS353TMdDcVa30NNp5SNhRCvlbodZxcnUq7GkRwmiLKEX1vTAwozexP/285egDlyxHiITlSPePhfd2BGNf1Z3GxCHoviAT8tO4zjh/DPpEZG3VGCTktDEiAUXO6hOj0/4VuXzQ++Am9pePq1KWyqdNo3W+Iya73PLr+TehaqrfSB5bCsP8zpXudTKf2GoHFG1vun6/F8zSPTuya17NtaI58NU75bLhfuW+liCApDYfZ6IaFCtHnKIWE2Qq7O/pWf3YPX0OIMqXIf9rcWa4BVAiKDY8epEqxupYLipuRjZEXrZ6HDgfMDrhtei4xVP6SWdbyw/dL3Txa9tyR7yIcfQbF03q0VGlj8jRurm9WyBZ59vH+vHKkz+THWPR1Bex7hJuyqQb36av3tWnGHcjzBxKoJzHcI4vEgdNNIj2cgRd/nITOuhhs7TKGyKJUSFXrBBaRHGYSZlJuHn2v/y9nyow90Wd/FshdO+5lf0HZoDomw/OO/7DWOur5BEkZkMzYO2VFNRwPoMYnkiJP6Lpj58Z6zMxr4/SKPKD4J1dr/Gmb//abxNECr9hAIj2tGbmFJRO2n7JFd40dSh3oJ2yFC6sT+xJUYXGU9CuYWFzLXk2ndZqdVPkmFL0Er+BEbZ2TQtK46wZVXCU5M4WKufYtuhESmHtBX8d8J+CLcAbYGFwgDsAtp4YIOKN2mULjzvNQTOZ6ZpHNYvLgXlv2mcaaxhY+tvR3bP69bVAPO2DX0yMNi5fBcxbT5K9e6f/O97YHnHxG3qgudzvkRA0Eodti1tDTUVF3gOOcGYlgZXyBpJdW0OutY5am+dZq2306hhtZvf/9SMdtWDFQ193z9m/kmVZnvsGsSGS7f1b40APabmoDYXFIS2hfqQv2UAvoB1+0FvbfIq2AzCyaflqNxbp0dqVjBPSpr/Qq6S3vFq1jyJSsJEw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(376011)(82310400023)(7416011)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:24.5859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 1cdc0265-6296-4661-c4f6-08dc91ef527d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C380.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB7440 SEV guest platform data structure was used to pass the secrets page physical address. As the SNP guest messaging initialization routines are local and secrets page address is cached in sev.c, use that instead of sending it to the SEV guest driver and getting the same address back. Signed-off-by: Nikunj A Dadhania --- arch/x86/include/asm/sev.h | 9 ++------- arch/x86/coco/sev/core.c | 10 ++-------- drivers/virt/coco/sev-guest/sev-guest.c | 8 +------- 3 files changed, 5 insertions(+), 22 deletions(-) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index cdd37ad9e4b8..c5ead3230d18 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -116,10 +116,6 @@ struct snp_req_data { unsigned long resp_gpa; }; -struct sev_guest_platform_data { - u64 secrets_gpa; -}; - #define VMPCK_MAX_NUM 4 /* @@ -443,7 +439,7 @@ void sev_show_status(void); void snp_update_svsm_ca(void); bool snp_assign_vmpck(struct snp_guest_dev *snp_dev, unsigned int vmpck_id); bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev); -int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa); +int snp_guest_messaging_init(struct snp_guest_dev *snp_dev); void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev); int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio); @@ -520,8 +516,7 @@ static inline void snp_update_svsm_ca(void) { } static inline bool snp_assign_vmpck(struct snp_guest_dev *snp_dev, unsigned int vmpck_id) { return false; } static inline bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) { return true; } -static inline int -snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) { return -EINVAL; } +static inline int snp_guest_messaging_init(struct snp_guest_dev *snp_dev) { return -EINVAL; } static inline void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) { } static inline int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req, struct snp_guest_request_ioctl *rio) { return -EINVAL; } diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 8bf573d44b0c..e0b79e292fcf 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2489,15 +2489,9 @@ static struct platform_device sev_guest_device = { static int __init snp_init_platform_device(void) { - struct sev_guest_platform_data data; - if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - data.secrets_gpa = secrets_pa; - if (platform_device_add_data(&sev_guest_device, &data, sizeof(data))) - return -ENODEV; - if (platform_device_register(&sev_guest_device)) return -ENODEV; @@ -2902,11 +2896,11 @@ int snp_send_guest_request(struct snp_guest_dev *snp_dev, } EXPORT_SYMBOL_GPL(snp_send_guest_request); -int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) +int snp_guest_messaging_init(struct snp_guest_dev *snp_dev) { int ret = -ENOMEM; - snp_dev->secrets = (__force void *)ioremap_encrypted(secrets_gpa, PAGE_SIZE); + snp_dev->secrets = (__force void *)ioremap_encrypted(secrets_pa, PAGE_SIZE); if (!snp_dev->secrets) { pr_err("Failed to map SNP secrets page.\n"); return ret; diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 0631271e5b9c..76be49da08de 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -591,7 +591,6 @@ static void unregister_sev_tsm(void *data) static int __init sev_guest_probe(struct platform_device *pdev) { - struct sev_guest_platform_data *data; struct device *dev = &pdev->dev; struct snp_guest_dev *snp_dev; struct miscdevice *misc; @@ -600,11 +599,6 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) return -ENODEV; - if (!dev->platform_data) - return -ENODEV; - - data = (struct sev_guest_platform_data *)dev->platform_data; - snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); if (!snp_dev) return -ENOMEM; @@ -619,7 +613,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) return ret; } - if (snp_guest_messaging_init(snp_dev, data->secrets_gpa)) { + if (snp_guest_messaging_init(snp_dev)) { dev_err(dev, "Unable to setup SNP Guest messaging using VMPCK%u\n", snp_dev->vmpck_id); return ret; From patchwork Fri Jun 21 12:38:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707556 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2061.outbound.protection.outlook.com [40.107.223.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4985D176223; Fri, 21 Jun 2024 12:40:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.61 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973631; cv=fail; b=QWbS2HQPF9yrGEuwItQuIsxxtGlPkmofYyh8l59H6pLLyrwjqBlUbyZUTL1WXj0/rRYmt0sRFlhk/JjNgbxTtEn1ww6koK7D0ZXpWiTjiWq7thqSbHSvyCNku0ydNvUb2SYJL6Bdk8OXgAcEabY5KKNtD96X4v+4ekVcc/U6xxQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973631; c=relaxed/simple; bh=vLrKq49G5EtzXifK3qXve/+xABeDSStTWEiwGb0yu/0=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ft0kWFDWvXtlX4sP8/Y1tr9bDSOIuT2pQXdsAajxbSE/0MYsYHlzTShdpHvp1lW9FxaETUQZ7lDWJj56ykL1hGlKaaX9IR/9GLWyusaDc55oa7erN08PWqwa0NDfsymx1drHS85xVQIZdPzwp00qB7/Ejs3BZjebby9WM3tRhfw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=25MA3j/3; arc=fail smtp.client-ip=40.107.223.61 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="25MA3j/3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WwKZLv1o/T35XmmoDn8GZixU0RrVFApIiIOcFjlt0F8RbmzDalsY5/03MTx+33NPffONHo2tVCCTFbCSdW7pCxJXIcXJ3nPpjNaJn6cvku88J/UmulilUDm7/JLbV3bfeLuDClRUhQLg8i6j6JiiinmQzRzsqy2Lh6IUlIAU/MiFwEnFBl2Ph/ZjjvTd0jveNRO8w9EXaWlq5j3cw30qhKs+Yhjnl+ihIZJLzfldSPs4TuTCmtS4EkpODPmTo8LAhWqpxvAG7o3PDOW5Uyy7M+8b92QSumiCuHsivJHmpdVum+9zt/GpZ5wre/Zmx5RdJgMn3ZqV6QrTbxfFODH2qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VI9Q6jL4aJyvI91x+hBzrKswrSdPdeIgmfBHMt4oUSY=; b=dtHXVcdYQUXQEbMxMTnP9kUUMM4WJU6MjdxNz7s2PIQ8u9adLNzj2NrFYC1O14X2X84NcYUNyUhk4k7wll/wyjkdfLjsuiruSsRIfozzvLq2LP+M1cFyq1HbmNP/69qtJ0BfGJVQGakA/I7rdC5uVAoUnLra97IvllcGaJPIRvmiLgN+XT3rkGyuBCtZMldqRn60ys9V0V2JPgHpL82Pjz7iq2Y189+Mpqqt8X8kFaKlLv7QbcfLeaYHK6ycvdsKHUxFh4geUEqO2ON464aGN4G/h6HJ4GA6xkn8oUa9He3tipk5BzGlnSmRrZS2q8UgRuURiUZoQVvhXnkR0TNlMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VI9Q6jL4aJyvI91x+hBzrKswrSdPdeIgmfBHMt4oUSY=; b=25MA3j/38L6BQEc9dVA7bVo1Eb1Mjh6RbrDILZJz1dbreBK4BxN9ksvZRcQpK8S20Qa/rb+a/mvZFJWbH9iTfRCVsyy1SJzrigkvlICaizb/JcFP8shXk6WNp1k80Uq7n9D5ENz0kisEjntoNa87Ox7qZvWi9JvxeRzfq+KKGMQ= Received: from DS7PR05CA0010.namprd05.prod.outlook.com (2603:10b6:5:3b9::15) by SJ2PR12MB8033.namprd12.prod.outlook.com (2603:10b6:a03:4c7::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.30; Fri, 21 Jun 2024 12:40:27 +0000 Received: from DS3PEPF0000C37D.namprd04.prod.outlook.com (2603:10b6:5:3b9:cafe::38) by DS7PR05CA0010.outlook.office365.com (2603:10b6:5:3b9::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37D.mail.protection.outlook.com (10.167.23.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:27 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:23 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 17/24] x86/cc: Add CC_ATTR_GUEST_SECURE_TSC Date: Fri, 21 Jun 2024 18:08:56 +0530 Message-ID: <20240621123903.2411843-18-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37D:EE_|SJ2PR12MB8033:EE_ X-MS-Office365-Filtering-Correlation-Id: 5bb6f1f5-2361-42d1-819d-08dc91ef5459 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|1800799021|36860700010|376011|7416011|82310400023; X-Microsoft-Antispam-Message-Info: yA+ZEyzauTsZv3hDlLjV2D1od8eDMFhRVm6SEk/INWEl2WoxMCWZiIMtbzHttjySR9T5lg2gv24yVHNSJP6FcdxHeK2K4S1ZeuegyPE8bwlG3EJhN5M6L5LsxPEJ7mUQSsGjCSFFNigiCQgmAckQEmA9d3X259e/MGlyGVAi8TuUaX/lQsRNyInt500nXxVEBpM8hM/ZsLJJqlQwTEbeZw7iw75GOTTdPQgLnG/Q3AlZN7y82jFqsy8BVVXhqmZr2M+YqNHQ222ixCcJ68ixCY0qlPCwuwgurv/SbZ/nnMvcqqRUEhXit3dESAT/CdJ4gENe5fMeMml3QxQGqvDROPU9wuqFCwDG8FC+9ifkhR4NskKr5p8cchOLOWRpZQe3g6TjR6Zdd4p4mw6fDLuOJMwFJdUuByhuJ0BROGLrBrAiyAKAbRC9KUqXFVTe6UjA1APuIYqhP4TSeI9V+jvrtT2VWpc2nnzMNMOZJjsvPpOS3fwYxAKnTosRrds55ZeThU7AtvyiLgcjC3cLwES3c8xRsO9XmufGaFQTXDKkZ4LS/dkJzPCbbRNigeXgSL51hduCtfH0afE3Aw/rrbSXvkMB5/2LN98EW1uf6SLUCtWitBwnvTjWyQQ18hnlhlyRvC9FuHUcRTdcy3sBM9tj0iw6+tohF4TIhzbc7hSAoibo1YzJ3+bMsqjUVDoPSSSDW4PJU8QAp0EOi2bUX82sVkwJ6yR7ngJKo15B9jesNz/NwFMHGBAyIs2h0p0NNAX3TFWDu55w/cJCTOn9gC6rDyhLIDDOv4wA20PEEooMuTCyomACyYv/7K63tPTOMzBB+0KTcb2elsg1ULoqnISReIxgh86xvxi+hVF9pfh+89RQFixUTI0TAUctMp3aX0EHg/ljaIm8NIUihS9rY3SCZ7SsJKJxStVaV2rP0BqwK9piutSk7IvEFk3ixiT8uz1GsOFUOgoVOVLs9kPhIWbCR/SzZbT/uAeCRmexv1vKiTFvEtAUAqse6Ogm79FOjnXDF8/kMbYdot+eIYdaKxzHhZ2KMBGvSn5eQP9fcsz+0OuewH/gmRq5Nc5donaN0XvrZtdYnzT+/HMhXshF9B0Ys0BGyAQ210WK/dxhiGy2X2sTkIXCd77jFmggD3iZGuD12YBx67TiRCld32Ftu71vAVdgv5yQ7ZH30hNvfNgt4Y8vRWvu1b0Zdw7vN0PoXnfa7mT28Bk/qpHiE6TU/hpAQOUvHQUF7DZeFEToqxlRp3FGSfIrnyHTaVb4mLIBlC++1j7klOBOBHoLfxb3KtWiJ4vQmPCEj/VQ8MTGnQpvdZTG+SOFqy5otad3d/9L+7yZxbplLrBvAEA5tphqGxJeRlZhGdHoR4OaLJi+H1ujfMI3ZEGOla+k3kk815h9M4gyn95FXyaYJokH8Kude5jdlA== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(1800799021)(36860700010)(376011)(7416011)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:27.7193 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5bb6f1f5-2361-42d1-819d-08dc91ef5459 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37D.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8033 Add confidential compute platform attribute CC_ATTR_GUEST_SECURE_TSC that can be used by the guest to query whether the Secure TSC feature is active. Signed-off-by: Nikunj A Dadhania --- include/linux/cc_platform.h | 8 ++++++++ arch/x86/coco/core.c | 3 +++ 2 files changed, 11 insertions(+) diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h index 60693a145894..57ec5c63277e 100644 --- a/include/linux/cc_platform.h +++ b/include/linux/cc_platform.h @@ -98,6 +98,14 @@ enum cc_attr { * enabled to run SEV-SNP guests. */ CC_ATTR_HOST_SEV_SNP, + + /** + * @CC_ATTR_GUEST_SECURE_TSC: Secure TSC is active. + * + * The platform/OS is running as a guest/virtual machine and actively + * using AMD SEV-SNP Secure TSC feature. + */ + CC_ATTR_GUEST_SECURE_TSC, }; #ifdef CONFIG_ARCH_HAS_CC_PLATFORM diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c index b31ef2424d19..df981e3ba80c 100644 --- a/arch/x86/coco/core.c +++ b/arch/x86/coco/core.c @@ -101,6 +101,9 @@ static bool noinstr amd_cc_platform_has(enum cc_attr attr) case CC_ATTR_HOST_SEV_SNP: return cc_flags.host_sev_snp; + case CC_ATTR_GUEST_SECURE_TSC: + return sev_status & MSR_AMD64_SNP_SECURE_TSC; + default: return false; } From patchwork Fri Jun 21 12:38:57 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707557 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2058.outbound.protection.outlook.com [40.107.220.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9BE1C176AD6; Fri, 21 Jun 2024 12:40:35 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973637; cv=fail; b=O9lY25sqBZ37SqLQA1i8j6YLr0/VGwN6NaYEtwzcXYWdwQImAnk8kOz5CpNSujqjQ2OaIJnFSUxgJuKrjEpFQ2QqqdlvPp6GlpO+slFTZSAAu9Ue3TOe1x3V03hyKgltC0AlN1YTzJLdciAg02gfsVMRwAhA+owfscSacwAzNyw= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973637; c=relaxed/simple; bh=i0kENcj60qGZYsyiYTxQUz4TJ/zM+XC5TOE1U2zUGoQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=kU4eI08OCRwiSXsNbZxgv9xnNRh0BQ7U6AKucCwLyOo500cOST+dNLegMVI9ICxxUfUQkB/pcLv8d0OlvnqC2Iz9NTmHlrKNmmiRoCUblPxo0cTr/uWOQspJU0cT63NNI6DjvsIY7ofrIZQ7HDQ2mY3cAb2Z8Z8HVU2QEFWuKkc= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=E8zfnDk+; arc=fail smtp.client-ip=40.107.220.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="E8zfnDk+" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DW6/LZsLVk81YO6bIqrb9Ch0F+4NWTJVV8jZ1VL4OgUwx3RvYUK7FedF0FmNtAijwj9GjCtIgpiREYFo8BXxS7I9Vj0fPuAD+1JYMyHRb67Kk05weiBUKdck2l6DORs9uawlr4HdbSg2jCISoVQWz2VGWjvV627XXqfSRmjqzBzNU7nsjIXhf6Zffo/XAGvv8qnsftlYxFWj4UoFD76gLVnb22sLPukABq0YRFvJ9E1wJ+38HS1sSxb25xL0Ug831ayuQQB0a6MuS80SGddCvIkwKs3Bn1MbShBVTeXRpAszBxBKUob0NGURjA2NFD6e9LD5aYDqj0i0qAHiBSnHLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=5Es21Umwwn5PpUyX9jS0LB5uwpqpirnODpdwQo6olrU=; b=QRGgB0hF8L/AXOMRh0yV/M0GyXlM2U3esDjHegX2+/he9Nltud3z1nnW7DI2IyQJ0wpUH3cAulsMrw2zwkrR1ECbdXPCgCAbkqsjV6K06R7HFFbk1F5u1uRiXkG0WV99oZ0S29rpsvjeKAX8TXeek3F8aG8MN7Ji66RUqTiLarj7/9mYHGxdYDvH/bUERftPq9cawXAbM1fni5tgUl12pHA2+gPWaAITfjdlTvHG/QdT8ORbYTxEYgfEH5d4t7+1UvyfkXCAGVTsU+Bmr+WM46lca8jaQn54ad5YBGVXdkGhXvMxYHy9WwvHmSOD2xjzFNRN83wjqg5KdFZULm1tUw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5Es21Umwwn5PpUyX9jS0LB5uwpqpirnODpdwQo6olrU=; b=E8zfnDk+TVaIXra7MD9aq5AtrnVjhfoWkCKW+O37xFYBb3xjhAA4mV+thWibIjB+QSmeP33isveD+403PEtk7XA3oLa42d5Hf8Hb8nbKVmScHsfQKE5M77ci5Rk7+riMqn+SlC6h/sBdPX+8BiI+2kEfhJpTtKgYIY9WeE2DFso= Received: from DS0PR17CA0018.namprd17.prod.outlook.com (2603:10b6:8:191::18) by PH8PR12MB7133.namprd12.prod.outlook.com (2603:10b6:510:22e::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.30; Fri, 21 Jun 2024 12:40:33 +0000 Received: from DS3PEPF0000C37E.namprd04.prod.outlook.com (2603:10b6:8:191:cafe::c) by DS0PR17CA0018.outlook.office365.com (2603:10b6:8:191::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:33 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37E.mail.protection.outlook.com (10.167.23.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:33 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:27 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 18/24] x86/sev: Add Secure TSC support for SNP guests Date: Fri, 21 Jun 2024 18:08:57 +0530 Message-ID: <20240621123903.2411843-19-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37E:EE_|PH8PR12MB7133:EE_ X-MS-Office365-Filtering-Correlation-Id: fd59bf99-9172-471a-9504-08dc91ef5786 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|7416011|376011|1800799021|36860700010; X-Microsoft-Antispam-Message-Info: p3I6Iq+HCqmsZ4lF7saLEedn8aIZsPnZWWEFBDffG7sxXwD1ffG2OE/wYzY3UJHoU15n2eM1ngzCjTYVKYAr5x8eY9AMMsOEBG5/S6uGAfAjx624sDt+quXTQ/UC9BE1IDcOSxyTrjay/qT3lHvksFZEJT+CXhQN6uBQqWagqgkQYg/rw7daHumtqaXlc/htOQD80OPVo+hk3j9Hcs2CDhIYGCzFhu8agmkLR7cDgtdh6xC3YEO4uZOHhGPL/fsEAKx4Wl5M/pjidEYJiffKBq4d+nBFni6DY01KaelKkEGtB6rYCMlji8LspiqpS0tw3bGjsazkFIIirskgmu3I9mkzVXXaRrWr7uzzV/Mzrvq0/YZbeOanKHvwX1g7QNn1CfDShfwMaelNzZ5QrZ7G3HlQZIT+s92L2M2EHT36j9j+TGHhnuXWRLFScX9UisG2tWTnaDu/rs2tt4399vM7R6vSBvYhTkbpqEGzU5tanAU0tBQuvKsChR9c3ArTZCJsfsVEaCPM/HDxYMYpLRt8ceLw3Z66oLy58v6e5ZqXCgwAf7vcjN4wJdQxQBUK1CCiSTL1W96By7qESfR815j3VgrVoOo1NZ8WyDOSIsFNbKqsNT7aRYQfXQMPf+K3pO5bKNFeGpNhBeyiI3EMUNMSHbKlEzQYuPKhfppzAXjblMjLb/2Ti6EgfrTt13NE37uWRqWp83CmZ264Fby8le81yoWj3PR20pRbF4hqd74DekTen4blO8X5tIDu8r4+SMRMUMEARhH1fJBo2VCUSiQVJLZMtkbUn5GkSgSO6luuv3sqiPkIlQ11AxyONnh6ivh+tFMBtSfpq3RtSLlLb94k6HSbX4Z33LdtbN8qkbvTrTmF3hs3nNwChGczyBzZ73W1cjLfFvLVbH7x5acJxnzI3eZbXQenubCg+Xq7Gk5iS8IB7Kc3h2BQYV3V47D+caojK8d0aka7kOyriQ2ziOxL3eZJBUK9LEle9Qsit9bUu2PFRH4Yul00bHeUuz8FXfqTTNq8PXtv5ZnhAiabPnHzutKGW3y1TSj2lLZ+lmps9p77NR57xAK4khxXa4Xg17MvLp/pGa2NGlYrTmIOx4PVJA8adRno4NBqvV3b0E8Y4D6BgbiEmzK9qU8f4z1c0MakPMeufz8wc1zVYHzngwp/XH/ia18lJx+QHNjelIIKCH7RU2mVcsP7bnKRHisDbAFJCa5LhJdMaEicBXjPuFJrpPaY7kyMPgl16iogPMFVv5bTgZAHVfHDSiYcSSrr5vCTe84jzQf8QFvKqhWnEU5uT39bwF7pW+7SxXPeLCw21uiliXkZOuCvATMxABdBrh3RsxzA7GCP9NaWPdgwW+cDF427zij90ew34cmM94CPcty4ZYitfD2sws44RDZ5muWyb2iXSttk1ylZSt0G+6xa3g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(7416011)(376011)(1800799021)(36860700010);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:33.0166 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fd59bf99-9172-471a-9504-08dc91ef5786 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB7133 Add support for Secure TSC in SNP enabled guests. Secure TSC allows guest to securely use RDTSC/RDTSCP instructions as the parameters being used cannot be changed by the hypervisor once the guest is launched. Secure TSC enabled guests need to query TSC info from the AMD Security Processor. This communication channel is encrypted between the AMD Security Processor and the guest, the hypervisor is just the conduit to deliver the guest messages to the AMD Security Processor. Each message is protected with an AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP Guest messages to communicate with the PSP. Use the mem_encrypt_init() to fetch SNP TSC info from the AMD Security Processor and initialize the snp_tsc_scale and snp_tsc_offset. During secondary CPU initialization set VMSA fields GUEST_TSC_SCALE (offset 2F0h) and GUEST_TSC_OFFSET(offset 2F8h) with snp_tsc_scale and snp_tsc_offset respectively. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/include/asm/sev-common.h | 1 + arch/x86/include/asm/sev.h | 22 ++++++++ arch/x86/include/asm/svm.h | 6 ++- arch/x86/coco/sev/core.c | 90 +++++++++++++++++++++++++++++++ arch/x86/mm/mem_encrypt.c | 4 ++ 5 files changed, 121 insertions(+), 2 deletions(-) diff --git a/arch/x86/include/asm/sev-common.h b/arch/x86/include/asm/sev-common.h index e90d403f2068..4cb3ea6564da 100644 --- a/arch/x86/include/asm/sev-common.h +++ b/arch/x86/include/asm/sev-common.h @@ -181,6 +181,7 @@ struct snp_psc_desc { #define GHCB_TERM_NO_SVSM 7 /* SVSM is not advertised in the secrets page */ #define GHCB_TERM_SVSM_VMPL0 8 /* SVSM is present but has set VMPL to 0 */ #define GHCB_TERM_SVSM_CAA 9 /* SVSM is present but CAA is not page aligned */ +#define GHCB_TERM_SECURE_TSC 10 /* Secure TSC initialization failed */ #define GHCB_RESP_CODE(v) ((v) & GHCB_MSR_INFO_MASK) diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index c5ead3230d18..f2ce29345163 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -160,6 +160,9 @@ enum msg_type { SNP_MSG_VMRK_REQ, SNP_MSG_VMRK_RSP, + SNP_MSG_TSC_INFO_REQ = 17, + SNP_MSG_TSC_INFO_RSP, + SNP_MSG_TYPE_MAX }; @@ -191,6 +194,22 @@ struct snp_guest_msg { #define SNP_GUEST_MSG_SIZE 4096 #define SNP_GUEST_MSG_PAYLOAD_SIZE (SNP_GUEST_MSG_SIZE - sizeof(struct snp_guest_msg)) +#define SNP_TSC_INFO_REQ_SZ 128 +#define SNP_TSC_INFO_RESP_SZ 128 + +struct snp_tsc_info_req { + u8 rsvd[SNP_TSC_INFO_REQ_SZ]; +} __packed; + +struct snp_tsc_info_resp { + u32 status; + u32 rsvd1; + u64 tsc_scale; + u64 tsc_offset; + u32 tsc_factor; + u8 rsvd2[100]; +} __packed; + struct snp_guest_dev { struct device *dev; struct miscdevice misc; @@ -212,6 +231,7 @@ struct snp_guest_dev { struct snp_report_req report; struct snp_derived_key_req derived_key; struct snp_ext_report_req ext_report; + struct snp_tsc_info_req tsc_info; } req; unsigned int vmpck_id; }; @@ -481,6 +501,7 @@ static inline void *alloc_shared_pages(size_t sz) return page_address(page); } +void __init snp_secure_tsc_prepare(void); #else /* !CONFIG_AMD_MEM_ENCRYPT */ @@ -522,6 +543,7 @@ static inline int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct s struct snp_guest_request_ioctl *rio) { return -EINVAL; } static inline void free_shared_pages(void *buf, size_t sz) { } static inline void *alloc_shared_pages(size_t sz) { return NULL; } +static inline void __init snp_secure_tsc_prepare(void) { } #endif /* CONFIG_AMD_MEM_ENCRYPT */ diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h index 728c98175b9c..91d6c8a79aa2 100644 --- a/arch/x86/include/asm/svm.h +++ b/arch/x86/include/asm/svm.h @@ -410,7 +410,9 @@ struct sev_es_save_area { u8 reserved_0x298[80]; u32 pkru; u32 tsc_aux; - u8 reserved_0x2f0[24]; + u64 tsc_scale; + u64 tsc_offset; + u8 reserved_0x300[8]; u64 rcx; u64 rdx; u64 rbx; @@ -542,7 +544,7 @@ static inline void __unused_size_checks(void) BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298); - BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0); + BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380); BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0); diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index e0b79e292fcf..7aed6819930b 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -96,6 +96,10 @@ static u64 sev_hv_features __ro_after_init; /* Secrets page physical address from the CC blob */ static u64 secrets_pa __ro_after_init; +/* Secure TSC values read using TSC_INFO SNP Guest request */ +static u64 snp_tsc_scale __ro_after_init; +static u64 snp_tsc_offset __ro_after_init; + /* #VC handler runtime per-CPU data */ struct sev_es_runtime_data { struct ghcb ghcb_page; @@ -1173,6 +1177,12 @@ static int wakeup_cpu_via_vmgexit(u32 apic_id, unsigned long start_ip) vmsa->vmpl = snp_vmpl; vmsa->sev_features = sev_status >> 2; + /* Set Secure TSC parameters */ + if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) { + vmsa->tsc_scale = snp_tsc_scale; + vmsa->tsc_offset = snp_tsc_offset; + } + /* Switch the page over to a VMSA page now that it is initialized */ ret = snp_set_vmsa(vmsa, caa, apic_id, true); if (ret) { @@ -2965,3 +2975,83 @@ void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) iounmap(snp_dev->secrets); } EXPORT_SYMBOL_GPL(snp_guest_messaging_exit); + +static struct snp_guest_dev tsc_snp_dev __initdata; + +static int __init snp_get_tsc_info(void) +{ + struct snp_tsc_info_req *tsc_req = &tsc_snp_dev.req.tsc_info; + static u8 buf[SNP_TSC_INFO_RESP_SZ + AUTHTAG_LEN]; + struct snp_guest_request_ioctl rio; + struct snp_tsc_info_resp tsc_resp; + struct snp_guest_req req; + int rc; + + /* + * The intermediate response buffer is used while decrypting the + * response payload. Make sure that it has enough space to cover the + * authtag. + */ + BUILD_BUG_ON(sizeof(buf) < (sizeof(tsc_resp) + AUTHTAG_LEN)); + + if (!snp_assign_vmpck(&tsc_snp_dev, 0)) + return -EINVAL; + + rc = snp_guest_messaging_init(&tsc_snp_dev); + if (rc) + return rc; + + memset(tsc_req, 0, sizeof(*tsc_req)); + memset(&req, 0, sizeof(req)); + memset(&rio, 0, sizeof(rio)); + memset(buf, 0, sizeof(buf)); + + req.msg_version = MSG_HDR_VER; + req.msg_type = SNP_MSG_TSC_INFO_REQ; + req.vmpck_id = tsc_snp_dev.vmpck_id; + req.req_buf = tsc_req; + req.req_sz = sizeof(*tsc_req); + req.resp_buf = buf; + req.resp_sz = sizeof(tsc_resp) + AUTHTAG_LEN; + req.exit_code = SVM_VMGEXIT_GUEST_REQUEST; + + rc = snp_send_guest_request(&tsc_snp_dev, &req, &rio); + if (rc) + goto err_req; + + memcpy(&tsc_resp, buf, sizeof(tsc_resp)); + pr_debug("%s: response status %x scale %llx offset %llx factor %x\n", + __func__, tsc_resp.status, tsc_resp.tsc_scale, tsc_resp.tsc_offset, + tsc_resp.tsc_factor); + + if (tsc_resp.status == 0) { + snp_tsc_scale = tsc_resp.tsc_scale; + snp_tsc_offset = tsc_resp.tsc_offset; + } else { + pr_err("Failed to get TSC info, response status %x\n", tsc_resp.status); + rc = -EIO; + } + +err_req: + /* The response buffer contains the sensitive data, explicitly clear it. */ + memzero_explicit(buf, sizeof(buf)); + memzero_explicit(&tsc_resp, sizeof(tsc_resp)); + memzero_explicit(&req, sizeof(req)); + + snp_guest_messaging_exit(&tsc_snp_dev); + + return rc; +} + +void __init snp_secure_tsc_prepare(void) +{ + if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) + return; + + if (snp_get_tsc_info()) { + pr_alert("Unable to retrieve Secure TSC info from ASP\n"); + sev_es_terminate(SEV_TERM_SET_LINUX, GHCB_TERM_SECURE_TSC); + } + + pr_debug("SecureTSC enabled"); +} diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 0a120d85d7bb..996ca27f0b72 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -94,6 +94,10 @@ void __init mem_encrypt_init(void) /* Call into SWIOTLB to update the SWIOTLB DMA buffers */ swiotlb_update_mem_attributes(); + /* Initialize SNP Secure TSC */ + if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) + snp_secure_tsc_prepare(); + print_mem_encrypt_feature_info(); } From patchwork Fri Jun 21 12:38:58 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707558 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2084.outbound.protection.outlook.com [40.107.237.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 08F88176ADA; Fri, 21 Jun 2024 12:40:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973641; cv=fail; b=VjYIndNxH1Vn3NlS+lz0+7sHS+FdLVWuYGiHqSkspih2WfarAxJQfg9onouaTzGuz4TwLxbTgXIrNESN4Q33UioGemljw+pV5iMETnLZXAI25AGrKcQmiwhREHibLYqg4BZUCBY7+Mc6O8axn3uPhOYgmJBZYTi+UAcKO5MEjXg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973641; c=relaxed/simple; bh=BAQiUc8hjxleJxuGqdwU4sZuRRI3hj0APKiO0k8i6TM=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=d9Zz2Ij9LZzVvgRSQyudMVi6ezlQXcUyalwCKUAOwvJKoSuDV0qiJlp7uv1PNN4bZb1nTAJLs8FGYTx0PkANh1eEcTRBf4h0ap+KpPwAheXKn49EpQ2P/zEYPYE8pgd1LK24BQgEOJdpe0UqwAjtiWhW0D8g9rXPNteVJNma2Ws= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=lIztTgol; arc=fail smtp.client-ip=40.107.237.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="lIztTgol" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CovGeAbyZVJXONDkJ1Kc5LUHbxTRYyNJF5qwh2wkhagXaE1jgqeKYYFDrcuaufZKDuG4PlsYzP80HgyfR7T6+FoCGQ6ab4RN2Ee30A2nygi8cL9fXe9qb/nIsalxLTgWjyQ0JTS11jGe+wvyc3dMTzplAka4RgyjjfM2cCtKv782Y4j952QxPW8wP9kIpOiqaxykkbyXSaAQ4JP/WYc8PZUHD2mGSatlfYLfqXtWiUUDi6Sgo5kLJb2mU0XX2cqPvZLPQpsqCQ+Aq4ebfb759m0UBO1qqcAQ9QXnaoMxvwFDET+NNOUql87G7nAbhufI856j6javC9oZrCVJbD399g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=l1UkiuGo1mloJRmOmboZB3VU/DZ+UPBdDSoCvRceymI=; b=mvKZx8Lmn968KPqxZ49Oy4iIVxEnC4G4dGh9SUnM8tksNPbyLPJL55MR+EOKWDhOQ2Vq2d0eWOHzMGmA4ecJ30jucOrtbndQLCW37JVYCajkcWq2N81v4fTdTxGexyLZB08GS0PR4QSElVVDgXpDJ1D4VkGyTL8VOejRfbnvua6zI0o+BP6PIlbBuo7A6BrsDbUhcZJqjkGWRlwdn0FYIwGGtMpYFBq1K0pXug2opdsmtDYg3jRioyBfwm0TK7zaAgxNeScOy3sKHXIPVz0pLK0Lc8v8WbGeJ3kAU4QnVSbVx09p2o9VMJmuPsvP/4ZzXFGRcgJKtvUMEXsE3S9oUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l1UkiuGo1mloJRmOmboZB3VU/DZ+UPBdDSoCvRceymI=; b=lIztTgolw36AdO6jFhu3YLfHwdkVs00hzGZrvlcVHtW2WEtb4GFIpcfj/v/s3+VlzOHnfNo0YcPfFVMJqBKyM54RcD9NCGwOiVy8rBEsq0rmN5QF+f+KaO4GfNoPvVNgDqrtlXuqCGMdbv9VW6KGoMcn3eWpMgQoF/gkT9foMe4= Received: from DS7PR05CA0006.namprd05.prod.outlook.com (2603:10b6:5:3b9::11) by CY8PR12MB8363.namprd12.prod.outlook.com (2603:10b6:930:7a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.31; Fri, 21 Jun 2024 12:40:35 +0000 Received: from DS3PEPF0000C37D.namprd04.prod.outlook.com (2603:10b6:5:3b9:cafe::ab) by DS7PR05CA0006.outlook.office365.com (2603:10b6:5:3b9::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.33 via Frontend Transport; Fri, 21 Jun 2024 12:40:35 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37D.mail.protection.outlook.com (10.167.23.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:34 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:30 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 19/24] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Date: Fri, 21 Jun 2024 18:08:58 +0530 Message-ID: <20240621123903.2411843-20-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37D:EE_|CY8PR12MB8363:EE_ X-MS-Office365-Filtering-Correlation-Id: 484ede7a-b5a2-4db3-0157-08dc91ef58a7 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|36860700010|376011|7416011|1800799021; X-Microsoft-Antispam-Message-Info: olapYLXME1sm5hb3srjcsFmESS++BhPCT9EYIhHcS0IRw3NB7ZmIiwn+IqL7uN6LXRBIflBG2cDleEroO7lsgcmXhoKhbjBzPL7cOzfJdVPQOF9lRYl7zWl+QdLw93oxsMD1OhVyfAYhA5YblXKIssIYyPb4aEWaV/wiWTnSlXbsvy+uxzkTVjtMTKKFUbs5JxHtxMsgKDjdOKu8AnImM+ixSagSFluvFzx5neS2lg+Zecsnop18jwdlwdqGrVYJOQ80uXfAH2C1qP7/57pkLBfgiOc+xIm41ayEf1PKh/hLiZhsHx7kR1ucOJOWpaCjDFqbmZyyA6aKCi7lv1iAnRR/CHVrlpjkDURe4I0VtzzD4K/KHnvlvcqFrnEq93MGQwsnqO7MUbx7ussEe6/00mTpRTcPE9rQEXFwRUj8Q2sJqSE0lzc1M+nX4aaQirpKAsX355oZ5gQj93q0O1idzo8vwPgDOghkulV1WIUTBzo+0aIAUUw0WfzJG/dYgk1T4XQEdyen++efVBAN1D6Ga6wnR4MtKRAUUGdeYLXPvH0fIFmUcGErrdKjytCRUlowOaDqI4c9qEL3Eot8Q/4yz3ImNWwDrMKH5ojWLu4UwOZ7ilx/mRgTYSipcY6/p45M+N2leCcDwlLOsE0PYAWGp/VIoOHh+8R5MM5NvBxUbjlx7iokgSMzQmrBTOBo8USkqygFdA5HfWKsYp9ZuVU7RXLbvI+64pWZbhXIdSq4cfXDQrqAY2rc41EcuHo6E5u4Fgimg3rOkQSag6zqa1bVV8i8oo3i6nq54WYdi2pw7wDVdS8n9VEb87Uj0gAtKDv3qHIxnQTA2jA7bVo9I21Nq6Wd1rPpysZHDE9KCVWOXhFalX9oFwB8HwcKfa+/EOYgd2HpmioTilvzm39z7YSp5j/PL+gdnl1PTLBqA2Yc3tYkmhAIMGZWQajBORPdr4r5BRDQgKFmco0GvlJAWktRSObtYHNKrwh12wyCNsZpMjgoM+iR4NpPlJx6reCaLBjFo8Pnhk9+5F7Hm5BUD7ZDopiERQRbXpdLIOWqWNyvntKw0lWRoGuukqNFq5t+pfZtDmc4s7RXkvRdEkv4vdT0KhzPRKhVpIjPBoZZQV6oLYjV6qxvH6+DSReKSp4394uuE3kZX2Vnbnsag5t/7jWlrP3a2WJyId634yy620aOv/SUmZSYXjQMjBmIl/B+Wk8pTBnphSuo0t5Qbs/XUueHMDli2tt7pikO4GFEJ7wBsauEJtqp4VPOCt3DqXCNWmyb1o/S08Cng7lGT0H0sA+TMpqNCNtlsaBBWlZOO2Xpn54OdswAovQhdYSS6+LfQ6QJE0U5wHAKnmNLDC7D/gBzHH5LkYVHwootBRu6PLH9Q+pMcF2Wde8G08TK5Q93bbmIsQnJMHs6tYJUU1NBLJ5sbw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(36860700010)(376011)(7416011)(1800799021);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:34.9381 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 484ede7a-b5a2-4db3-0157-08dc91ef58a7 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37D.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR12MB8363 Secure TSC enabled guests should not write MSR_IA32_TSC(10H) register as the subsequent TSC value reads are undefined. MSR_IA32_TSC related accesses should not exit to the hypervisor for such guests. Accesses to MSR_IA32_TSC needs special handling in the #VC handler for the guests with Secure TSC enabled. Writes to MSR_IA32_TSC should be ignored, and reads of MSR_IA32_TSC should return the result of the RDTSC instruction. Signed-off-by: Nikunj A Dadhania Reviewed-by: Tom Lendacky Tested-by: Peter Gonda --- arch/x86/coco/sev/core.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index 7aed6819930b..fda40794317e 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -1333,6 +1333,30 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt) return ES_OK; } + /* + * TSC related accesses should not exit to the hypervisor when a + * guest is executing with SecureTSC enabled, so special handling + * is required for accesses of MSR_IA32_TSC: + * + * Writes: Writing to MSR_IA32_TSC can cause subsequent reads + * of the TSC to return undefined values, so ignore all + * writes. + * Reads: Reads of MSR_IA32_TSC should return the current TSC + * value, use the value returned by RDTSC. + */ + if (regs->cx == MSR_IA32_TSC && cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) { + u64 tsc; + + if (exit_info_1) + return ES_OK; + + tsc = rdtsc(); + regs->ax = UINT_MAX & tsc; + regs->dx = UINT_MAX & (tsc >> 32); + + return ES_OK; + } + ghcb_set_rcx(ghcb, regs->cx); if (exit_info_1) { ghcb_set_rax(ghcb, regs->ax); From patchwork Fri Jun 21 12:38:59 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707559 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2058.outbound.protection.outlook.com [40.107.223.58]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A6733155739; Fri, 21 Jun 2024 12:40:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.223.58 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973643; cv=fail; b=hFp+YLxxWbkMIdzq7jlAFPDz6B/YPiJzXkIXU4w4kbH7kgagMysJ12ZC0sZJdluhT1uKzLMncxvMRQCczUKYCo/oc8DzyqInfN/jEhw8C/cUBGFh3AM1plal0rUe4ihN6dR4d3CJ66ug9xv7EECCLaTqCBr7YpjdVQOW2BwA1rI= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973643; c=relaxed/simple; bh=FEbHX3j7c5ug4PfkWWvrTqkjOzigIiRJ02uFB2S9eb8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=ZRIs0c/ZQILKNHyGibRBcqzbc76H4vQipehmUhskr/1xWab6AWH6jAfUtEKW9PH5y2ToPAOGGtqHVoxMdrzoeL9XfKlvOisOJICuRdM5JTtsbHQ0MYXzQ0gJkxY9TI6jY9XdyOzCM2CsPbKlNX/EqZ08xUbK4Djp5dFMCPTrJjE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=j3w9rlum; arc=fail smtp.client-ip=40.107.223.58 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="j3w9rlum" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=efkptuiyN97QzOenj18uVnmXxqkH5RX+v2PlN9bY6akldujC87pro3wm34tW0YztXOhC6U9c09KTmQJz5yITVFRAPncPSu7TTqQlyNCN+3J5UDR2P+rivKXNwCsrYerLT0/axYvUlbT0CoUxqDESPf07IGdhoe6SGR4wyCFhIPESSPqIQMadYRGtRq9YJ/uGq4JQI1cJWym/qe7r5o4Je/d/yGEvHSMioI6dsasRb18gcmte06wLc9Bjo9OoiZZ34ZnVMYsXRLVgxoeGTJH7Hc1LhdMDNvYuoZ6Px80/eAPrKI4ZwyloPzvgS7VsNiQwo+F1XLbvyqncTqp+aITIHw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=3r6ckwFv6qalMabkjn+qV10EDFSrhKV0JviLhz7s2tQ=; b=MwYJkclbT8OxDUuyRIsx4gAkpHpzOxE51hv+FC36pFs+u9bfAZvqekZ24B5kNEXAWhrCgC91wCJG1plceetcwxxpf8AjWadYnNCt0gEzSknCIFCt75OKKy7VloCPC3aA4Y+3gTV3gZ96VeRLOaWvwYsSmE3DEHWgxllKv3L3q4iby3LzzU85riaLfXhg2efO6CU9QksXB7X6F+uYICaGt6aoAkxWA9YX0QFT+KGIAYfxRexuxjJ+2uNQj7LHvA5cuL5Rqc4Qc1p6FKxzkvn+iBYnvGy+3T9Fj/23GQL5NaltqV+dIvy34IllswZuFdLLk2CpsZPHkfCgf+UaVxcTvA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3r6ckwFv6qalMabkjn+qV10EDFSrhKV0JviLhz7s2tQ=; b=j3w9rlumeIHMQz6wJdGWpxNUAQM34BnjKPXGWNSvJLyPhHzhtMOKG90wUYTY0gTPUpnLZAbt9iS/WAgKV0AukuNq21eWAiI8XGTkqguu7yMkg7AoelYE9k8SIr4RcX8H6CutZv7j5d32OJEm2DjfxFmIaKlI/QMYzREzgiCCecU= Received: from DS7PR03CA0242.namprd03.prod.outlook.com (2603:10b6:5:3b3::7) by CH0PR12MB8531.namprd12.prod.outlook.com (2603:10b6:610:181::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37; Fri, 21 Jun 2024 12:40:39 +0000 Received: from DS3PEPF0000C37A.namprd04.prod.outlook.com (2603:10b6:5:3b3:cafe::d7) by DS7PR03CA0242.outlook.office365.com (2603:10b6:5:3b3::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37A.mail.protection.outlook.com (10.167.23.4) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:38 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:34 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 20/24] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests Date: Fri, 21 Jun 2024 18:08:59 +0530 Message-ID: <20240621123903.2411843-21-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37A:EE_|CH0PR12MB8531:EE_ X-MS-Office365-Filtering-Correlation-Id: c1a6ade7-6111-48be-6c74-08dc91ef5acb X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|36860700010|7416011|376011|1800799021|82310400023; X-Microsoft-Antispam-Message-Info: J/5qsbQ3qTRxt/s4nK1s96cbASIcCLUN1XFZHZiZHmKIdXMhjmXlj59h/awBlfVipggSV6NJMHeLZ+Xgp3Zh0NwZQj15JAtsuMVTxKOYUTAsGzh3HM3GkG4QC4E7IZlP4yBVhwSAPDJ3NQzqSDQtH35DMtTKI4xUXHql6+v/cpesZh4lE30br7lNppuPjPEqB5QvfcbUByezlk+ecw4Sxkx3D/C0hLyIGpCNJNa3QhTXe/jneK9Y7F8zl1r4A2UfGk0EK3ii2pwCJF4p9ifRRnf3gAxBiAxDJxamOvLai2I4OiqEXI2yofu7X4lkGIChKfojsBeM3Wm+WlBA71HgGOyqRCC1E85dgkgBNLB5ZUz5UDhWfxKvv8hVhtPzyD5GOEg6iwDM40SVPkG1L82wd3GQHoyKHf9cdXzQAZIea7XpR0cwZvzZEGGQdL9hYbe02DRRTZF/ATli3spDdaRoXi0r5OSMU7zNH4nXuPQ9GjYVeP47QAwLpvUwVF9JHQLGqbpTczAdm68uDxLvI45EJ9j2tb1AhAtS00nGyKk/pRsjNX058DfT37bxJlDsgOCz/BUT/0D4j9DWiN5+zPDzOiETTTbZBqz6Mp/u2BBqoZgjlQDDedYq0ygtgBO6ghGBWDcQWRMggvKMXsrv6BocuGNDqcCYyy8SKhslhqJJkudAMgAM91cktEm5Ilc8ZZ3V/rjYWL+zjfyUTWXFNG4Zz3jDkGwUHlT0gLjVpWBHr//VFs2Lnm0DKkDv+bfwzHqvgC0Jysa8Wkt6IN6HhmpxF6caeRu1ElmVrADcMMrGN6fkPSqEgxhfeK5rj8PwLF5ckWOn5KNavnF1o8wOYnRpNdwbb+KsZ6qZzE22/mGQ+7ldmlY2CJ8pelN+8X4WmJQd+H2fmtYzVBgrnjmQ0ISwpF/osT1u+aVjmiUAFIduMtBBk5jLkjLMJROUxlFPXta7Ae7CWxEhvTso6DEzhGlyauiTb7MFS/v1Hb9XhwkFRECwhJhrPfXr2UuRvWVoKZWoGJ75KldSxrVG35/l52cUVVJzH0GEm5IQ+7TE1pEju8jY1VM2Mv6EiG03T2f7kqRSLcleJ28ewYOHPDW3qFdGRZyIfHv9eyw4kYAKdllRXQqH0fN+rrTGHKRXabmYWt6GqX0BCkFlspGUV7BuvMNErlf9UqzZR4tMuyNw5DVF+aIWVQ+KJhFNeHI+KfaQIMYefnPRmbzD6zTym2U3WoGXHrfOH7/Ml84PXv30A8mexzRRq4qQL6IAruStQwC+DOe60oLOZ0gj4fa2BJqXj+xQUl7zHasxnSe9TTPDh79GAnsNamEjkY0L5u+eD7Lq2b8LM7n7ki65U4VtJsIhk6Sbez2urgHehyT1pevMj1R0b0IWolFiBRjOXCxlU6zNNg6zn8klDLXHIBJVtFGpLNCkfw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(36860700010)(7416011)(376011)(1800799021)(82310400023);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:38.5322 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c1a6ade7-6111-48be-6c74-08dc91ef5acb X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37A.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR12MB8531 The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC is enabled. A #VC exception will be generated if the RDTSC/RDTSCP instructions are being intercepted. If this should occur and Secure TSC is enabled, terminate guest execution. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/coco/sev/shared.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/arch/x86/coco/sev/shared.c b/arch/x86/coco/sev/shared.c index 71de53194089..c2a9e2ada659 100644 --- a/arch/x86/coco/sev/shared.c +++ b/arch/x86/coco/sev/shared.c @@ -1140,6 +1140,16 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb, bool rdtscp = (exit_code == SVM_EXIT_RDTSCP); enum es_result ret; + /* + * RDTSC and RDTSCP should not be intercepted when Secure TSC is + * enabled. Terminate the SNP guest when the interception is enabled. + * This file is included from kernel/sev.c and boot/compressed/sev.c, + * use sev_status here as cc_platform_has() is not available when + * compiling boot/compressed/sev.c. + */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + return ES_VMM_ERROR; + ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0); if (ret != ES_OK) return ret; From patchwork Fri Jun 21 12:39:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707560 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2068.outbound.protection.outlook.com [40.107.243.68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id F2268179658; Fri, 21 Jun 2024 12:40:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.68 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973646; cv=fail; b=ZOy/RdgWejTiM9CAW1v+q4ZhblJpInZtSkWmivRTPbtXmFn+xAiIMNkNmAnrncpR7Q7zl8SeWahgRRa775vm92RdoFBKF1LxPnKlP6mC8NBGSvtSqrwNQlL2TJY/QijRH9XidPzBsV3QK2Ud0SneqXo18yKJjLXMq2WCnoargO0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973646; c=relaxed/simple; bh=wjgsaMYeT1GD78TxdoMUeB43JDwnow8CRuB1a5G31SY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=DwftWGr7aFMnDV/3Vxp9obPrr3oT7927IIL+cIRSdA0Lz8o5zR8QEcHJh/gsClElPeRSmYfch1F3HNGlI4D5QKsDpLoOiRZxwKOETjOfBEJEZYXuEcAJrCzeyS6QiW/o+e1tBP+EAeVv2zvPYMU+HyWRXK4d39Em+LmTWRdj7ck= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=QVBTFJR7; arc=fail smtp.client-ip=40.107.243.68 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="QVBTFJR7" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WbZ7NDcs8GVwmMnWJUY4psXXHcFwPJE/YeK7yNs+ClYXLt4lS9MWmt1yo0zcXmf+gB9p73nJtoTw0JkjWvR4SvJfiMjl5BgM9B32nX0wJ0lYLOSyFjxo4JS1yKrfkt9p4FjqNHnaMVbC/SMZjqWezncFujFXAYQdDfTDOIPBhxsdXyOLWpwQ2ENnCFMeEnWuYKc5KaG3UhFescMF23Y9vO6hMAQfH9zTd9QQRGOh2EFJxupMlCN8gPwM2QiJqP52oO4dZ0sPBReC81hBb4ODO19zN3kJBA7zpy4Rkvlm01RTJZcAXMpSOFJkV5WGwbwsN6teIU4ekZ0p/8sxpWfavA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UAaAbe3aro4EM2xBQdGp/o69Ah/mnZD76EyvwIMZKr0=; b=AdxgKUEKvICemKZ5Kk+T3VP19mplZ0jGSNrGVXTe4ZFRYD67TGsBNuRrruMppKtv3dNEUYyOog/mhBM6QB9ISLRvc82bfi+rtivga1NjVxBuSbI3wnjSG6bKyUq9rDsE3x6Ymc3KZZVJw9BKAVTmf7/vqGocEqJPD8ftC/uCieWUq3mCATzlfqrguzj6oEQEt815ZGz1iDH2zOUgCkY7ODal+tUkiaGVfgOXcN2iGk+VYCf0vlsa1KguaUfCUjelOUueKhuixru9KRQ2rBt4BUcThuNVdlX0d5gXIYEBbMFDbWpeLgfeb8rXtA6BoB/a3xSVtigNiiH7d/ExfvYobg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UAaAbe3aro4EM2xBQdGp/o69Ah/mnZD76EyvwIMZKr0=; b=QVBTFJR70SqAG4sSG8iHKhyYXm3E0u9TDnEnUN3wJ1LqhJqPERe9rLtsLEfe3CGLThW0PavKQ0xd2D98b1sR5Ov4agDhVQNrLYLw7quruNBHsOoPB7mbD8xt6Z6C4/WHNJ8SmDE20NyBXya0JoN2JtGQK8C8suObFUckYGIXfYY= Received: from DS7PR03CA0235.namprd03.prod.outlook.com (2603:10b6:5:3ba::30) by SJ2PR12MB8652.namprd12.prod.outlook.com (2603:10b6:a03:53a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.23; Fri, 21 Jun 2024 12:40:42 +0000 Received: from DS3PEPF0000C37C.namprd04.prod.outlook.com (2603:10b6:5:3ba:cafe::d7) by DS7PR03CA0235.outlook.office365.com (2603:10b6:5:3ba::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37 via Frontend Transport; Fri, 21 Jun 2024 12:40:42 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37C.mail.protection.outlook.com (10.167.23.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:42 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:38 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 21/24] x86/kvmclock: Skip kvmclock when Secure TSC is available Date: Fri, 21 Jun 2024 18:09:00 +0530 Message-ID: <20240621123903.2411843-22-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37C:EE_|SJ2PR12MB8652:EE_ X-MS-Office365-Filtering-Correlation-Id: 3cc17967-9b74-43d4-8c04-08dc91ef5d1f X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|1800799021|36860700010|7416011|376011; X-Microsoft-Antispam-Message-Info: JZ0sD6fVARQcAC6F3gzl0tY3V0VWoKDrp9sZr/JKNrs4DGyRv/1UAFbiP8UOIgCuA89MxoYm9B7hTvvoLK5TRwXzPNPYpx0NcrcskXCKRrHAe793KPfOzZ+a0jdr3xjANRNiG+j77K5TOebxPN8Jsk3vPh/iX/ytIu9IcYpDSk9RoK35iktSNY9KDG+1yddGCzTZpi+8bDUBj1/AniJx3b/N/yNccQHecKG3fNhE88cS1SXV2Pi382KTZtM0fap+xyA5Hv9qqqqXOD3T6l+wCvdiNRHjaD00a186B4jU/JUNZ3S1An1tK0rsxx5lmLwmfpph/yZhl06QRLQ5ifgU15ss9WCmr1GFXSx7aAmPDnCBsrw5by63KMrG8lqQUWY304miIGGX6n/roPrWtAtaFiepBJyxtZiyqWNhOCQphgIV+EJT9xYfbm3m4zCrfa4/7h9dKb2xWBBVnKEyIp2/f+IEFVtLWBacgkiKvtPmjkDb+T0xmy8knYzu2sv4nTRO7Iay6PCrBjtj6htWtsFD/xH8TrYM/fAWhdUD6xBoHvczi5hqetx0VMrS3HZSRviHyseTW9ADM2hcxFI1k9f0qfu407nnu2oO98+dFG/RutLFvUH+hi58x4tPcn8zkT3KrBeEfwcaLzZPBxdY6imLTFMtwuJSJ/C/7Sb2IDxKQR/xMabmY/foTSfG2UoF2G80B0CNn6gdPguF8W5GT7Vck99CuYq+ClEkwOp8YynAlT1lKzYe+qbHK/coltwn6BBFMjb733PXRZKeCGh6+du+cShL9uUJwkZNHYrvfqgdDZZUNx/YT3ZkLBTiSEjKmSw7MOl35OIuKGlbFDvgU4131IueCkCVu7ymi5Twn3tBWTJkhzHcA4Bj28L+MtQRo9DqL4uhdBsbGFAHKMDj0uviZIy0ocLxmy6+ekC/856H+MEyOZTj2GmC4NUStjjG8+9lA9y8sFnazIJyn86boqtgHjTPKGxIc8nLeBbiVURec2gd3832JTvUkiWSx8CQna0LzexFm7ziWj5lapZopjL3R1Yo9sNBSwbnuUHTuUDdgsexkllLmV0WbyAz1ZfBcGsmvklM/+3AyQ5RwYAY6oqXorxNbisciq5lsx54RNr+x9KOrAn7WKYQ7T9dhKwcAwrvFa5gqvit0nKOVScb+WVJ+FoZKqvrdvYkm9C/EGkwQxUNkzmR2ZFtIkXl6trO83cb0Xe5GZsyjKtjh4XhJ9+ae7Patxaf0tdBkTLVUFDfrAkIuh+qIoLeAcoi8SEqswrVDCYgQlVwzTGDRkh7GW/w8EQOsj+qmjIeS8LIeA7YNq8nfoxHqXsQgnNZrE+DpBglW8hNbU8AtZjjSuOT9qp7wA06YEBFyKihw0mPg5az3V3N5YEQKFNyOz0btREbpK4YzLyZEfo62+Ae3UlGlSzJ1g== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(1800799021)(36860700010)(7416011)(376011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:42.3765 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3cc17967-9b74-43d4-8c04-08dc91ef5d1f X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37C.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ2PR12MB8652 For AMD SNP guests having Secure TSC enabled, skip using the kvmclock. The guest kernel will fallback and use Secure TSC based clocksource. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/kernel/kvmclock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c index 5b2c15214a6b..3d03b4c937b9 100644 --- a/arch/x86/kernel/kvmclock.c +++ b/arch/x86/kernel/kvmclock.c @@ -289,7 +289,7 @@ void __init kvmclock_init(void) { u8 flags; - if (!kvm_para_available() || !kvmclock) + if (!kvm_para_available() || !kvmclock || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) return; if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE2)) { From patchwork Fri Jun 21 12:39:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707562 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2063.outbound.protection.outlook.com [40.107.212.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5082D155A43; Fri, 21 Jun 2024 12:40:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.63 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973654; cv=fail; b=rdN/mdeCqFIA/bknPZOIo/jEtwRmFvUSGL/cmybEWzlmwyQS+xl3FkRYro9M08m5CLMQHPvDK4MhQPmRknN34nLhaTq2o++gNaU3rFSH52nqjQaQNt3d+2fZTV0zeDlt3c56unka/nF7WANzpw2v5W21IwTAEplsYLMdIxO7B7I= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973654; c=relaxed/simple; bh=NjtLdLL/fizBHeKJ9hNhhOGJEnNvjH/UY0HtJMj6jnc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NKhn6WzXBzIIkucuJ0HVnpHHz1pZZThhzFGktOKWwsfLbBzZcOks4gxfns7uyf0xE6JmVb1Jsg5DcKlhGzVST3aBC9U7eBfzVhLGhERqvJp3Zp65aeOgIMqkh7l+SYNRJ8GTRlka61oz2E8JgfqD54IyAtF+EAzt8Ui0aKBR0vI= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ZJlWVgrH; arc=fail smtp.client-ip=40.107.212.63 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ZJlWVgrH" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QSUzzUpvBmyqpDh+PAmLQey0sjvzKAMbMsikLXpAb/2bSWy6RUzUCI45IENwNCkLIKeCp4zW1a/jPv25INW6zYx0hxrRiIRCf6pZ6QrHeQtZstk/s8Vs6L9Z8rO3X7hoZv1u30vgJTUeHQznLEp37rvsz2mHwBI/TtKOXyjCoXNRcVGI1MPMkYFN3m6gJYtN1L06anqeo/NFpqlx4CNtY9sQSy37VMknXTD7CHdiE4jmpabOMhWcm26qqTI9g/UnB3UNDGuJURpZOVp2UgDfqUfYLPika0NOcgHLaHjZgSAFhIdkL2n0wxPydCmrY6B0QIs6YFikU6MR3upO/91lrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kwMhuWhXBTLejC/8NnGn9qapu7ahiSKE8vXxKfognq4=; b=IkNvHJgozXwMy9UZ71z68msuYJ06pRINKt8p+SD6AeehjF3KG88JMw8/0Q4cdg6b0qFQpvTJqa2Eq8fIV/4SXgUicnqeA4KWTrHi4FkON0vn8uLas5qM+4H1e8ffnx7L63cPV+Xd2fFu6pcNDnDsAgU7FRJu5ZbRKn+5rYKxxE9fKcgloYJU5hCaCu8TsvjbDldM6fTFnr2VL7U5g9DorttzoqWUNwo1h8lQQ76oEfwyrnAkROuHHkBdLxaffK5XIOI2wsUteUWMwHQ5NmlpbC3SiFuQMapGJmf3k3Fx5iUBak5O35BBHrIvsEBt+HJmVB9e+Gr2JcRue2UYtGde6g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kwMhuWhXBTLejC/8NnGn9qapu7ahiSKE8vXxKfognq4=; b=ZJlWVgrHyQWU0UoiWYfNIU7DqzUQN14JVXeEl8vh5+q710xPSX/GK/ijTdhNXItvMreLdQwhPWyi6ORPbY4OpG2+KHO8mRD1HD0BvcNSpxQUT/sLgmJxqlU6kPbUWi6L6xn4WSvX12k2yQBqWaFcGcvP2tCOraWsWszYJEd2t70= Received: from DS7PR03CA0233.namprd03.prod.outlook.com (2603:10b6:5:3ba::28) by PH0PR12MB8051.namprd12.prod.outlook.com (2603:10b6:510:26d::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.37; Fri, 21 Jun 2024 12:40:46 +0000 Received: from DS3PEPF0000C37C.namprd04.prod.outlook.com (2603:10b6:5:3ba:cafe::cc) by DS7PR03CA0233.outlook.office365.com (2603:10b6:5:3ba::28) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.33 via Frontend Transport; Fri, 21 Jun 2024 12:40:46 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37C.mail.protection.outlook.com (10.167.23.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:45 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:41 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 22/24] x86/sev: Mark Secure TSC as reliable Date: Fri, 21 Jun 2024 18:09:01 +0530 Message-ID: <20240621123903.2411843-23-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37C:EE_|PH0PR12MB8051:EE_ X-MS-Office365-Filtering-Correlation-Id: 23deef32-92cf-4992-af07-08dc91ef5f48 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|1800799021|36860700010|7416011|376011; X-Microsoft-Antispam-Message-Info: aTefokz2F3KuIgfgA8/GFnMJ7dWFw4cAs3Q4unOZrvRLv0fUwuUtQiWw3yNHAux3tLyZ3NB0eEZvYngBNwpRiPN7xXq2+XvT5IHPvPsAqHqdh4vZ93dbJXsn0iIoNADnqZC3cWUj47wXBtZ38Umbu4sjujWMpCUGzSj4DUUS6Nsmkg/MqhmhJP5obr7m8pWoUB7Phct9lTFDgIGqLU2/IZeng4BKQOr9EU7h4aixIwgSlhQP3rj7wI36ZXKGoszSsh/cdHL8dlnHcPabsjkvw8FLfvOsgbAVyUD7FkVszl2DXIK52A06NzVCq/2B3ZJH6dZd6AjjX+seMhbRch0ZS865Htx0Rl3TvRTwin1JemZPpiwQmDgoKhsg/ORod62bmLl7FKOHjodNCJ7SyzVkiqQT0R6JE83m2VfI8Ib0aYm5rrc8ag8TnRBqkBcLnfMGY2u9ekJzixqPuck/nu2/dlDbaWfKeorXu602M11z514qm6WmhVhd9szvtjozeWXuJJZUPzroRZl9QVQzxTBb2n5lvNn1RziAYfajF83T0N+zhPqVSIEAWB+70W2B46p6ROL2gB7pKxGj758OyOGS5ehnXO407Gg6saADRcHCLut93tBX9Lu7NW/FIJa9xk/Jcq8vcKzXIHIcfILQ+WkEmTRsyJ9jFs3SQ59dObkVCSIOptOPvNkI0gQ2Z1TzHRvLZf4/yDGgrYe3jav/oMfamzB1y/muVH4eGXEuYbwDYxqKbJw5EWzvgdX6yEvzQtmw+edgY2R+YMKAhnJ4gthDdCbtvA/Pkcy2HIUObINoPU/9ZyHOxw3vHuboNTaqlcoyPmNvZMksgibCe9jo/g3JqFiM70Zuy2WlOXpGulR4x+FYxW9dmRczn5o/PSCkQKrVdgplpvnjAwDn43j3aghwSvzj3jj2tqm8oqSI6OeGko+S53jm4Q4BVUtvDWOUgqp5sptReyEncEmWaKL1OJFIe+eNViiLDaUiaBt8yQfLlFOI47TnnpbX2FCqMWmIXv3+k8hEieCk7wV5HVJZVMsVyuBzpz1yRnwwtWGLPtFU7E1tCTD7siV8wXPPpzdPdE/mCwXw0poH5JnCFvfRkSLZ0fYfFEJ+nrUdvBFxRo1vlKJeLdsuIsVk8YpkmBYPrBq+YAbNXJfjKP8aPGDcm8HU1WPjSNtmdupBIZO6vq9gbFV9gzqNDyUmQeFdsGw0//D0AXPlNqWwK1qTQTmULgL50aCGFG5XPA6Nsj/yr6GCGanIFKd/Ufkn5KF4GJuN4f1DQ/OjvzimieDp0V6cKoTA/twzNM3z29DNVzXzpqR+ZhCRlfT5x8LRNwbSsCDYCT30Ypi4ohLzQFqofoeANNAlWhCNi7y8hknVTFM58B13dUaCXtFRAZTtNnuPSzqVhS68YVxw8d4z2qjV+DbNtW1yUg== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(1800799021)(36860700010)(7416011)(376011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:45.9859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 23deef32-92cf-4992-af07-08dc91ef5f48 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37C.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR12MB8051 AMD SNP guests may have Secure TSC feature enabled. Use the Secure TSC as the only reliable clock source in SEV-SNP guests when enabled, bypassing unstable calibration. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/mm/mem_encrypt_amd.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c index 84624ae83b71..8331bd02000f 100644 --- a/arch/x86/mm/mem_encrypt_amd.c +++ b/arch/x86/mm/mem_encrypt_amd.c @@ -516,6 +516,10 @@ void __init sme_early_init(void) * kernel mapped. */ snp_update_svsm_ca(); + + /* Mark the TSC as reliable when Secure TSC is enabled */ + if (sev_status & MSR_AMD64_SNP_SECURE_TSC) + setup_force_cpu_cap(X86_FEATURE_TSC_RELIABLE); } void __init mem_encrypt_free_decrypted_mem(void) From patchwork Fri Jun 21 12:39:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707561 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2041.outbound.protection.outlook.com [40.107.92.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8BCB8155A35; Fri, 21 Jun 2024 12:40:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973654; cv=fail; b=oaDFho5s0z/6kEW312k/IK9X1voMY2gY/Hvi2N+pUXQfyB3ltGlLavVNyB7RTATaGdspkhv47oSfAl7LCqAygko0V6+Ax/+U5SeSn/8of2jFqRD5Ejd2O/B/KeHt1ai3bXu6RgUtGppiRcQfGxMeJU2cMPuJIa+D5fxz+OPL19k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973654; c=relaxed/simple; bh=sMUEgS2OAgLUi3hCkfqVE3W55RNR9QGPfw4LxwPs2VA=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=MRsaM+Ux6CbtllwdssG/Ow2gwHskTEr8+wpvzAUkNDF2kix2Od5se9FACYriIf4hNsX0n8gglpkR1lF6lV3USvzFROdstZLdA+kGKXHFdAubnugDYImCFbdeLK4MuQ5LZ+GcjZYv/YpGDyGNzTDXOaq657dUgUJd4P9AFDdo+sE= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=caO8ydwn; arc=fail smtp.client-ip=40.107.92.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="caO8ydwn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CBB8cexYfcv5BF+JIQDI4Fm28MHd8rZmEuTKTPagg2+XSN2YBN6cSK1TUlK/Ll4W9z7t1bw3Df9lcMIsn/ehhohi7Ef+YLy9mIigj9K4q8wsfzFp8kYd7Q7aidpD4y/0Vq2X4ANC2wQKqBQ06//kOTSVPZSx9R9RnmFu/JeMZxzNZArJWipot0iz1eOPWjzc8ptOKA0ZOn37FDwe1GIym7BzycO6MdLC+O7+WJ2iFXyqtPlCBoHgMTinWijuQnXH+vP4x1+XfpclAf/XIr44bYhvf1DBJtFt+KKDxTw7CF7pYluPEQmF7LqZpIJaI8XuRqxsIl8XPFPpAwJ9Z+RH1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=GxzyqnMqVWcls0UcDrE4oX6b/GsUu1v5GwYmfO4Rbxw=; b=gFr1GgiQSEY3NNo3fK3fWNTv/b85TVQWhAYbQKVLBx4q7c23B4Li69PsiYLp9HI9L1ZwWTFX5Em5X7WTR5pV6HQvoLOUmWBvhj5GfbDBaAEaWov3kVub/BICgjky/7lJkYEWQht2cb/HjLR2U1UA1lQZVCytYOp7YCwRj+rJ9MzxI0S7PDOZ69EwPmiysFb/0sQHne1Dy6xOzGOsveBmksInOspAr/XDjk2himt3xS//a8v8qk/q/siqhuxkclpePQFPs6f5JNI115CteDiXti6+BnPoWCqcxBwUsEyD3nhABjeHkqgZcQhUlWEn884UbEGaIPFQW2sZDxOWq+abHQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=GxzyqnMqVWcls0UcDrE4oX6b/GsUu1v5GwYmfO4Rbxw=; b=caO8ydwnzEl51SgyXCXr9/b/Or+lvKfskr0RFZdIGkg5K131Lkh8UeaX4uHZxw4e5RDHfTO+ZFvfoQlucp10/gZ1GfYjzNDEcj8GcqUabcjrwM25xAVlcaDLcGRzXcYxxcnNwYkZonmufylLNt9ZAvP9a0J7/7UgfN8TXNikWwI= Received: from DS0PR17CA0023.namprd17.prod.outlook.com (2603:10b6:8:191::24) by MW4PR12MB6852.namprd12.prod.outlook.com (2603:10b6:303:207::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Fri, 21 Jun 2024 12:40:49 +0000 Received: from DS3PEPF0000C37E.namprd04.prod.outlook.com (2603:10b6:8:191:cafe::68) by DS0PR17CA0023.outlook.office365.com (2603:10b6:8:191::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:49 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37E.mail.protection.outlook.com (10.167.23.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:49 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:45 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 23/24] x86/cpu/amd: Do not print FW_BUG for Secure TSC Date: Fri, 21 Jun 2024 18:09:02 +0530 Message-ID: <20240621123903.2411843-24-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37E:EE_|MW4PR12MB6852:EE_ X-MS-Office365-Filtering-Correlation-Id: 0e789742-fc63-4e81-0e21-08dc91ef6180 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|82310400023|1800799021|376011|7416011|36860700010; X-Microsoft-Antispam-Message-Info: kWJUH3DhDI6FKEn4JP877JR5S74AaCDOYkqw5lpssKtPU9Ay8rwyufvMy8IVrwQY/h52q3YfekrMF67L2qdplRtz7p8aD4xlSs6DyePNDzQy7wrsJCMqw8ZCh0wbti25wMFztHEhsvAd7sVTnL+Rf5UlzUc4UByFHUJiGqQXUeOlKQQy5fOqyGiB6YNivU+df4/jwcxMayCwh6FjsEGuhGuoJRJQjAwvILCxE5V135wgjzk5/JOEK+TVcPJtpw0KiEbvH0Kpz1zLrBmH3jYPnoRhfrlZrz0yhZRjYbB8/LOGKGdNX+5H6l8QONsBzz/TiCazFWQufszAg9pHj7bJdCAOLWFcOzXTSMUdCVegVLlFVHH4jGgWFrWdDdRBt8sllNLiCj8IzRJasCty+5Q+W0l0ZWSB1C4eoKHNpro25QVgnK6uxUEvvnxZYguU1VUpPpa7AvyUiqS5mwY/6lh/bL49KtDLMsbjL1f+j71Ac1atlgThX3jkIK/9KT9FGVIPf4HnsdxJ+sqrBg3ZAvulhIPrwnHom59sftB5+ogZotPlnH8z/b5WBlJgxuDUa1sCQ1tS2qEXNlQwelgl8i/lv4yD8tXr3/NOXgPMpUtFqzzMAaAt+JW2EmRVdhpwD0jshvJVuITwheyKfR9RA0r7RMdvp720AaR7k+gEnZOClIjQ1DOT4JR2FJJWwnaoq3YWkGB2d/tJR3MYzPYCRIZ1LvwsBZT+oWJBknPCWXYMnyuIGQtpoysecoOMgJUoYnqM2dGapPgYo8eqkXG9l1YYW11BCvyXdjnaAHU1WrR5GhTCyfnWsX79s4obojag5FrzrmOCRza/dMelhYLW4Yt8M+OgdzcRHaR8vDWjyzgaNMpPziqzrpMVcZQvLnvg7tFSl6koAKsQ5+osVQZw6V9PyHEqGaAdfU00V1qwUAwexP6JEKRz/fQ/SZX0dmRcKA4xcw24e5I6e8bILAc4+U6LO0Dvo4wiKyLwJLRhovt/F/wK/k1wGPfuZ+nAWOqmQT/WhDm+RchYFgLQ897700+Zk0Z/trlvg/KVDHebYQ54dTqGUT/ghgv6WyuzNkF+sLnGF/ZhfhTDb9D+veSOaaxWEen6L8jbVcRH7FGVtVIWCeX1AxoDDAnthzfs8im5uDFOempAvVCHyQLOtRNnIhfdJYw6f34KdhrIeoQ8CveBtJPdgWxWKK+6v9wLhB70GT9HP8DYbpJdRBvH/PkyMAUcH/AxIAaC7T46zZJNdY1UW4+rXN6hlEFI0qHDcikJqT4bWCbKorbgmHlvDGD98RuLvGOTMDspavyEwx6hQ6bw/ImcA13Jvgyzk2lcRi20tQSMub4rMy5tQvYfxK0+fhWNgMFsZFq3YmVier/ypYZvV5wb+SSm/gqTMdmyJBkgtb4dXO0uhXtsGd9XlcEhiiMQbw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(82310400023)(1800799021)(376011)(7416011)(36860700010);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:49.7198 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0e789742-fc63-4e81-0e21-08dc91ef6180 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB6852 When SecureTSC is enabled and TscInvariant (bit 8) in CPUID_8000_0007_edx is set, kernel complains with the below firmware bug: [Firmware Bug]: TSC doesn't count with P0 frequency! Secure TSC need not run at P0 frequency, the TSC frequency is set by the VMM as part of the SNP_LAUNCH_START command. Avoid the check when Secure TSC is enabled Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/kernel/cpu/amd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c index 44df3f11e731..905e57ca324f 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c @@ -370,7 +370,8 @@ static void bsp_determine_snp(struct cpuinfo_x86 *c) static void bsp_init_amd(struct cpuinfo_x86 *c) { - if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { + if (cpu_has(c, X86_FEATURE_CONSTANT_TSC) && + !cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) { if (c->x86 > 0x10 || (c->x86 == 0x10 && c->x86_model >= 0x2)) { From patchwork Fri Jun 21 12:39:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Nikunj A. Dadhania" X-Patchwork-Id: 13707563 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2075.outbound.protection.outlook.com [40.107.244.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CB2BE17B509; Fri, 21 Jun 2024 12:40:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973658; cv=fail; b=eZ+1v+JGCBNecVQPmjf0MoHnn8Zzz02i8fXNDOw2goCbhcC3crrdWSCnACgt0sdeQieja85cnPBGFnViDeVW0CtYyFqfwnPbKlAXyGNp+HBwQTLsL84RBQaqUu0tM9s+P0KvT864y+jOgKTxR15fYvBCFuWe/TQKde2BF/UNjVc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1718973658; c=relaxed/simple; bh=cAC/VFJ4wEnAQpkNDwUveWrurfRumjkFBldmm9DGTEY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UGeeHmT9ByyUDGifLAWgs2cpLTLShXoqUyrY+E3cw+rof+kY+j6svcTlBFW3OFjD/zd2wF+Izu4QqzPg1fSxi0slIwDbBqF+jTtYrlbMVqFA5qeH87ZnYMgwtpwmATQcJKbZRr7pmCoNMvFUh2MxUCfr3A5Rpytr7NkGc1Ox754= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=PQCnAggQ; arc=fail smtp.client-ip=40.107.244.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="PQCnAggQ" ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QRsaU/3AtdCbcAz2yZvrvKMzSm1cy9kQHrNcDQGXEPXk4FBOs0OwcSsIBIjGWlMM9lA4Mvsgm4UKWS5UkpI/RwoAH/rZPijb7HmORWBtIk8hb2DyOBX2prR6WFguUa0C0Xi3ETz5iv4vOhHDCSuP7ZLbRA0i+HLOD5PYsfWhRMKIT2Mq0kiinv6ZJAO1lznBVh8f2asxcevn/qkgR2eAaMz20u28wL09bZCKSlecrmHl+RnZnuCG5KTzMjMMakjZj9B3/H540L+CDI31PWHQnzUisjXpiU6rangcPSTbwrpZD0ByNZnryLon+j/qhVgJYLjWhWpQVj7QYfnRnofLiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UNKGJqPN3gcI3Ygqznh20qY8AnS8F0rxhXhh636gblQ=; b=hhM2ftJlKfmJMz4gDrCcggQ8CxnzrfBUox8MQtjMJHIHyXvzzSftiCjakqwtYEQlizbCGkJOOWVfsLfXrpOEXaFzIWzxJjOniQyMDbGy5IIe9XmtWpRnszDommUwj4LlzQq7sNSKU/3ihHnuXupfUnjhdZL6PEK0BlYC9o4Phwz8rVA98yGRtzY/rq2taqAR8BtarsFxSc8o4nZZ6UkGcuVWLavFn2UgFfm3/LAM4m8o/n/uTcrc/YcXDyiS7i+rTIO/r2iGSTbUGHKmdPcaEymlmJqYIiaN0VFiRavLr6ufb24gyCVc+n8hbkcSjyr9XCqmNfxTpEAz7B9JDoM23Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UNKGJqPN3gcI3Ygqznh20qY8AnS8F0rxhXhh636gblQ=; b=PQCnAggQ/RPx4bfBz44YzaGhEvbjzXr3tZ5DRk2t1fohoAOn/S+Sw6APEBJAt+7o2Qg7RXBglgeODwKf49La/so+jfoOcPVH9XNs6HBb85Idlpc32beiWJLtSzex+cv7mRgawereGirwG+po79Am4abjDnHCjhR3oYjpWs2tGXE= Received: from DS0PR17CA0003.namprd17.prod.outlook.com (2603:10b6:8:191::17) by PH7PR12MB6761.namprd12.prod.outlook.com (2603:10b6:510:1ab::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.21; Fri, 21 Jun 2024 12:40:54 +0000 Received: from DS3PEPF0000C37E.namprd04.prod.outlook.com (2603:10b6:8:191:cafe::13) by DS0PR17CA0003.outlook.office365.com (2603:10b6:8:191::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.36 via Frontend Transport; Fri, 21 Jun 2024 12:40:53 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS3PEPF0000C37E.mail.protection.outlook.com (10.167.23.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7677.15 via Frontend Transport; Fri, 21 Jun 2024 12:40:53 +0000 Received: from gomati.amd.com (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 21 Jun 2024 07:40:49 -0500 From: Nikunj A Dadhania To: , , , , CC: , , , , , , Subject: [PATCH v10 24/24] x86/sev: Enable Secure TSC for SNP guests Date: Fri, 21 Jun 2024 18:09:03 +0530 Message-ID: <20240621123903.2411843-25-nikunj@amd.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20240621123903.2411843-1-nikunj@amd.com> References: <20240621123903.2411843-1-nikunj@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB04.amd.com (10.181.40.145) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS3PEPF0000C37E:EE_|PH7PR12MB6761:EE_ X-MS-Office365-Filtering-Correlation-Id: beebb753-087b-4c8c-cf2d-08dc91ef6387 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230037|376011|82310400023|36860700010|1800799021|7416011; X-Microsoft-Antispam-Message-Info: kB0EO1tiYgic1BSYaWI9QV7BGUv28sI4udalbcAbYWeU4ctrAWX2KrXXoZVJid0uGygl31gHAQ30/M9M+qn2CfyAirijKFZSJyOT2sEW57vT+OcEp8KXzmQzaAT0vmsa/VfjxwaIVl4k4kfGoTAP9+Fd6QnI2wNiw+z8eSG8UbkeuZG0ENIpDFFDHypIauMqnDNQh101JHDqolxMEPhUWpxpUHx1moLEVV6W4F/VxPoKYgggeWL+EF2tBA3JNLc6eIsoOFmkn6HZLTT5AmumxtmkcEOCz+JQDi4JJHaZ/OdwoVkGCkP3m09J+ymSJFlxxkgrwvi4degnq07rOLXaR4OsQtHpZBmnLA4G4bjzviAz8IZj0+EugmS54nKOwqUAWAS4Zyo9wFkIP6vqPxmJo4wEhYaI/eP6XP7DP0aZ8Fuf3seiBv+BS+8M4CuZnL5fTFIkQ780OoSV3n8f1LXCkXwAyPusDHbh9u/93WqGd7jJxQcIe4Y8jlA56tQ+G4ZXjnd5cpvSknjqX0n3tkv5a9V/4CCN9ehRiMmeZ5pGtVuhC7ZGu6JMOyuBl/PkTJMGhSYEyEzkk5lJA5pPrHUbTCztN5Izdvu7JfFmFhKWAqtkCE4E60knSpVkaaqe+DW5aG0nUhQy7YxU1a8JKVXjAmuxydSh3a33gbl8l4iIytVODZ4N0vt42AW4mV/YWBvssCSB+yuB76oh5Vzlqv94wpts12/l69md34dz3KW28l/a3/7jx0JBWjYuKrAawXjgDZtZ84UVAkAmQKkrj+E+pQ52xSvRt0TK0yKD2ZaMp6pSHSC9ruNG3IFs5v6lBGGrUY9DwOTNCX63GkcZxgqs+dFSWV9ktAIBmszDQnquQ5PRKWzNre6GEJVZn2ElF72hDHL9RjFxZ//BtRUVNHsgJGdt/FahV8IND9L+0bhc4mxolf8nf3PPH41cQtE75DzT5EwWql9a87S2bxyqpNqgrsOwJw23WQWuXhiWKEwFp5NV23xyc8jyPug/q7qU0P+9kbEOCKDC5sarUb7a1JYhkxtomLfOb/TJr486yzWMH3SeIGuYpck51bgsMqQHJFt38TGh6wHpeDa5BtHXIVmhm3R8W2KbU5CyTW2mapwTvialkebf36FV3YoVnq8xSGlAA/rAlPii6B8MLyFY70fv1qA7Ns3Dx3gs7GQ2sXDvhGU+uhkKXIVMMf//Dyhg85wDLh0BCO66srns/ym6aWE0I5SXCLFwIr4X37TWBBAtvUw54dMH8w+wixQX8pwTh4ab39LWDtqFFvPOze0syWj0om1FFxpoBVCyVaxyAvJwJCzbCxxyD1Sg4w4grgJm5J7sGegjQuKGQL3Zt9DJEMdLL0eGgBGXj/xWkQ7Zw4zN+XecyClXPc+K1ZvGHEmG9PVBfbgvdF0jGOrJO2cVQexYHw== X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230037)(376011)(82310400023)(36860700010)(1800799021)(7416011);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Jun 2024 12:40:53.1573 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: beebb753-087b-4c8c-cf2d-08dc91ef6387 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS3PEPF0000C37E.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB6761 Now that all the required plumbing is done for enabling SNP Secure TSC feature, add Secure TSC to SNP features present list. Signed-off-by: Nikunj A Dadhania Tested-by: Peter Gonda --- arch/x86/boot/compressed/sev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c index cd44e120fe53..bb55934c1cee 100644 --- a/arch/x86/boot/compressed/sev.c +++ b/arch/x86/boot/compressed/sev.c @@ -401,7 +401,8 @@ void do_boot_stage2_vc(struct pt_regs *regs, unsigned long exit_code) * by the guest kernel. As and when a new feature is implemented in the * guest kernel, a corresponding bit should be added to the mask. */ -#define SNP_FEATURES_PRESENT MSR_AMD64_SNP_DEBUG_SWAP +#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_DEBUG_SWAP | \ + MSR_AMD64_SNP_SECURE_TSC) u64 snp_get_unsupported_features(u64 status) {