lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Mar 2022 11:18:32 -0700 From: isaku.yamahata@...il.com To: Kai Huang <kai.huang@...el.com> Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org, dave.hansen@...el.com, seanjc@...gle.com, pbonzini@...hat.com, kirill.shutemov@...ux.intel.com, sathyanarayanan.kuppuswamy@...ux.intel.com, peterz@...radead.org, tony.luck@...el.com, ak@...ux.intel.com, dan.j.williams@...el.com, isaku.yamahata@...el.com, isaku.yamahata@...il.com Subject: Re: [PATCH v2 17/21] x86/virt/tdx: Configure global KeyID on all packages On Sun, Mar 13, 2022 at 11:49:57PM +1300, Kai Huang <kai.huang@...el.com> wrote: > diff --git a/arch/x86/virt/vmx/tdx.c b/arch/x86/virt/vmx/tdx.c > index e03dc3e420db..39b1b7d0417d 100644 > --- a/arch/x86/virt/vmx/tdx.c > +++ b/arch/x86/virt/vmx/tdx.c > @@ -23,6 +23,7 @@ > #include <asm/virtext.h> > #include <asm/e820/api.h> > #include <asm/pgtable.h> > +#include <asm/smp.h> > #include <asm/tdx.h> > #include "tdx.h" > > @@ -398,6 +399,47 @@ static int seamcall_on_each_cpu(struct seamcall_ctx *sc) > return atomic_read(&sc->err); > } > > +/* > + * Call the SEAMCALL on one (any) cpu for each physical package in > + * serialized way. Note for serialized calls 'seamcall_ctx::err' > + * doesn't have to be atomic, but for simplicity just reuse it > + * instead of adding a new one. > + * > + * Return -ENXIO if IPI SEAMCALL wasn't run on any cpu, or -EFAULT > + * when SEAMCALL fails, or -EPERM when the cpu where SEAMCALL runs > + * on is not in VMX operation. In case of -EFAULT, the error code > + * of SEAMCALL is in 'struct seamcall_ctx::seamcall_ret'. > + */ > +static int seamcall_on_each_package_serialized(struct seamcall_ctx *sc) > +{ > + cpumask_var_t packages; > + int cpu, ret; > + > + if (!zalloc_cpumask_var(&packages, GFP_KERNEL)) > + return -ENOMEM; Memory leak. This should be freed before returning. > + for_each_online_cpu(cpu) { > + if (cpumask_test_and_set_cpu(topology_physical_package_id(cpu), > + packages)) > + continue; > + > + ret = smp_call_function_single(cpu, seamcall_smp_call_function, > + sc, true); > + if (ret) > + return ret; > + > + /* > + * Doesn't have to use atomic_read(), but it doesn't > + * hurt either. > + */ > + ret = atomic_read(&sc->err); > + if (ret) > + return ret; > + } > + > + return 0; > +} > + > static inline bool p_seamldr_ready(void) > { > return !!p_seamldr_info.p_seamldr_ready; > @@ -1316,6 +1358,18 @@ static int config_tdx_module(struct tdmr_info **tdmr_array, int tdmr_num, > return ret; > } > > +static int config_global_keyid(u64 global_keyid) global_keyid argument isn't used. Is global variable tdx_global_keyid used? > +{ > + struct seamcall_ctx sc = { .fn = TDH_SYS_KEY_CONFIG }; > + > + /* > + * TDH.SYS.KEY.CONFIG may fail with entropy error (which is > + * a recoverable error). Assume this is exceedingly rare and > + * just return error if encountered instead of retrying. > + */ > + return seamcall_on_each_package_serialized(&sc); > +} > + -- Isaku Yamahata <isaku.yamahata@...il.com>
Powered by blists - more mailing lists