| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220324181832.GC1212881@ls.amr.corp.intel.com>
Date: Thu, 24 Mar 2022 11:18:32 -0700
From: isaku.yamahata@...il.com
To: Kai Huang <kai.huang@...el.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
dave.hansen@...el.com, seanjc@...gle.com, pbonzini@...hat.com,
kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, peterz@...radead.org,
tony.luck@...el.com, ak@...ux.intel.com, dan.j.williams@...el.com,
isaku.yamahata@...el.com, isaku.yamahata@...il.com
Subject: Re: [PATCH v2 17/21] x86/virt/tdx: Configure global KeyID on all
packages
On Sun, Mar 13, 2022 at 11:49:57PM +1300,
Kai Huang <kai.huang@...el.com> wrote:
> diff --git a/arch/x86/virt/vmx/tdx.c b/arch/x86/virt/vmx/tdx.c
> index e03dc3e420db..39b1b7d0417d 100644
> --- a/arch/x86/virt/vmx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx.c
> @@ -23,6 +23,7 @@
> #include <asm/virtext.h>
> #include <asm/e820/api.h>
> #include <asm/pgtable.h>
> +#include <asm/smp.h>
> #include <asm/tdx.h>
> #include "tdx.h"
>
> @@ -398,6 +399,47 @@ static int seamcall_on_each_cpu(struct seamcall_ctx *sc)
> return atomic_read(&sc->err);
> }
>
> +/*
> + * Call the SEAMCALL on one (any) cpu for each physical package in
> + * serialized way. Note for serialized calls 'seamcall_ctx::err'
> + * doesn't have to be atomic, but for simplicity just reuse it
> + * instead of adding a new one.
> + *
> + * Return -ENXIO if IPI SEAMCALL wasn't run on any cpu, or -EFAULT
> + * when SEAMCALL fails, or -EPERM when the cpu where SEAMCALL runs
> + * on is not in VMX operation. In case of -EFAULT, the error code
> + * of SEAMCALL is in 'struct seamcall_ctx::seamcall_ret'.
> + */
> +static int seamcall_on_each_package_serialized(struct seamcall_ctx *sc)
> +{
> + cpumask_var_t packages;
> + int cpu, ret;
> +
> + if (!zalloc_cpumask_var(&packages, GFP_KERNEL))
> + return -ENOMEM;
Memory leak. This should be freed before returning.
> + for_each_online_cpu(cpu) {
> + if (cpumask_test_and_set_cpu(topology_physical_package_id(cpu),
> + packages))
> + continue;
> +
> + ret = smp_call_function_single(cpu, seamcall_smp_call_function,
> + sc, true);
> + if (ret)
> + return ret;
> +
> + /*
> + * Doesn't have to use atomic_read(), but it doesn't
> + * hurt either.
> + */
> + ret = atomic_read(&sc->err);
> + if (ret)
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> static inline bool p_seamldr_ready(void)
> {
> return !!p_seamldr_info.p_seamldr_ready;
> @@ -1316,6 +1358,18 @@ static int config_tdx_module(struct tdmr_info **tdmr_array, int tdmr_num,
> return ret;
> }
>
> +static int config_global_keyid(u64 global_keyid)
global_keyid argument isn't used. Is global variable tdx_global_keyid used?
> +{
> + struct seamcall_ctx sc = { .fn = TDH_SYS_KEY_CONFIG };
> +
> + /*
> + * TDH.SYS.KEY.CONFIG may fail with entropy error (which is
> + * a recoverable error). Assume this is exceedingly rare and
> + * just return error if encountered instead of retrying.
> + */
> + return seamcall_on_each_package_serialized(&sc);
> +}
> +
--
Isaku Yamahata <isaku.yamahata@...il.com>
Powered by blists - more mailing lists