| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jan 2023 08:50:44 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Jarkko Sakkinen <jarkko@...fian.com>,
Brijesh Singh <brijesh.singh@....com>,
John Allen <john.allen@....com>,
Herbert Xu <herbert@...dor.apana.org.au>,
"David S. Miller" <davem@...emloft.net>
Cc: "open list:AMD CRYPTOGRAPHIC COPROCESSOR (CCP) DRIVER - SE..."
<linux-crypto@...r.kernel.org>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5] crypto: ccp: Sanitize sev_platform_init() error
messages
On 1/10/23 13:12, Jarkko Sakkinen wrote:
> The following functions end up calling sev_platform_init() or
> __sev_platform_init_locked():
>
> * sev_guest_init()
> * sev_ioctl_do_pek_csr
> * sev_ioctl_do_pdh_export()
> * sev_ioctl_do_pek_import()
> * sev_ioctl_do_pek_pdh_gen()
> * sev_pci_init()
>
> However, only sev_pci_init() prints out the failed command error code, and
> even there, the error message does not specify which SEV command failed.
>
> Address this by printing out the SEV command errors inside
> __sev_platform_init_locked(), and differentiate between DF_FLUSH, INIT and
> INIT_EX commands. As a side-effect, @error can be removed from the
> parameter list.
>
> This extra information is particularly useful if firmware loading and/or
> initialization is going to be made more robust, e.g. by allowing firmware
> loading to be postponed.
>
> Signed-off-by: Jarkko Sakkinen <jarkko@...fian.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> v5:
> * Address Tom's feedback:
> https://lore.kernel.org/all/ddbb4b2f-3eb8-64da-bce9-3cfd66d7729a@amd.com/
> * "failed error" -> "error"
> * "SEV_CMD_" -> ""
>
> v4:
> * Sorry, v3 was malformed. Here's a proper patch.
>
> v3:
> * Address Tom Lendacky's feedback:
> https://lore.kernel.org/kvm/8bf6f179-eee7-fd86-7892-cdcd76e0762a@amd.com/
>
> v2:
> * Address David Rientjes's feedback:
> https://lore.kernel.org/all/6a16bbe4-4281-fb28-78c4-4ec44c8aa679@google.com/
> * Remove @error.
> * Remove "SEV_" prefix: it is obvious from context so no need to make klog
> line longer.
> ---
> drivers/crypto/ccp/sev-dev.c | 17 +++++++++++------
> 1 file changed, 11 insertions(+), 6 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 06fc7156c04f..3f80cd39cbdf 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -478,17 +478,23 @@ static int __sev_platform_init_locked(int *error)
> }
> if (error)
> *error = psp_ret;
> -
> - if (rc)
> + if (rc) {
> + dev_err(sev->dev, "SEV: %s error %#x",
> + sev_init_ex_buffer ? "INIT_EX" : "INIT", psp_ret);
> return rc;
> + }
>
> sev->state = SEV_STATE_INIT;
>
> /* Prepare for first SEV guest launch after INIT */
> wbinvd_on_all_cpus();
> - rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
> - if (rc)
> + rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, &psp_ret);
> + if (error)
> + *error = psp_ret;
> + if (rc) {
> + dev_err(sev->dev, "SEV: DF_FLUSH error %#x", psp_ret);
> return rc;
> + }
>
> dev_dbg(sev->dev, "SEV firmware initialized\n");
>
> @@ -1337,8 +1343,7 @@ void sev_pci_init(void)
> /* Initialize the platform */
> rc = sev_platform_init(&error);
> if (rc)
> - dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
> - error, rc);
> + dev_err(sev->dev, "SEV: failed to INIT rc %d\n", rc);
>
> return;
>
Powered by blists - more mailing lists