lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Jan 2024 15:03:43 +0100
From: Borislav Petkov <bp@...en8.de>
To: Michael Roth <michael.roth@....com>
Cc: x86@...nel.org, kvm@...r.kernel.org, linux-coco@...ts.linux.dev,
	linux-mm@...ck.org, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
	jroedel@...e.de, thomas.lendacky@....com, hpa@...or.com,
	ardb@...nel.org, pbonzini@...hat.com, seanjc@...gle.com,
	vkuznets@...hat.com, jmattson@...gle.com, luto@...nel.org,
	dave.hansen@...ux.intel.com, slp@...hat.com, pgonda@...gle.com,
	peterz@...radead.org, srinivas.pandruvada@...ux.intel.com,
	rientjes@...gle.com, tobin@....com, vbabka@...e.cz,
	kirill@...temov.name, ak@...ux.intel.com, tony.luck@...el.com,
	sathyanarayanan.kuppuswamy@...ux.intel.com, alpergun@...gle.com,
	jarkko@...nel.org, ashish.kalra@....com, nikunj.dadhania@....com,
	pankaj.gupta@....com, liam.merwick@...cle.com
Subject: Re: [PATCH v1 17/26] crypto: ccp: Handle non-volatile INIT_EX data
 when SNP is enabled

On Sat, Dec 30, 2023 at 10:19:45AM -0600, Michael Roth wrote:
>  drivers/crypto/ccp/sev-dev.c | 104 ++++++++++++++++++++++++++---------
>  1 file changed, 79 insertions(+), 25 deletions(-)

Some minor cleanups ontop:

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index dfe7f7afc411..a72ed4466d7b 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -266,16 +266,15 @@ static int sev_read_init_ex_file(void)
 }
 
 /*
- * When SNP is enabled, the pages comprising the buffer used to populate
- * the file specified by the init_ex_path module parameter needs to be set
- * to firmware-owned, which removes the mapping from the kernel direct
- * mapping since generally the hypervisor does not access firmware-owned
- * pages. However, in this case the hypervisor does need to read the
- * buffer to transfer the contents to the file at init_ex_path, so this
- * function is used to create a temporary virtual mapping to be used for
- * this purpose.
+ * When SNP is enabled, the pages comprising the buffer used to populate the
+ * file specified by the init_ex_path module parameter needs to be set to
+ * firmware-owned. This removes the mapping from the kernel direct mapping since
+ * generally the hypervisor does not access firmware-owned pages. However, in
+ * this case the hypervisor does need to read the buffer to transfer the
+ * contents to the file at init_ex_path, so create a temporary virtual mapping
+ * to be used for this purpose.
  */
-static void *vmap_sev_init_ex_buffer(void)
+static void *vmap_init_ex_buf(void)
 {
 	struct page *pages[NV_PAGES];
 	unsigned long base_pfn;
@@ -292,6 +291,11 @@ static void *vmap_sev_init_ex_buffer(void)
 	return vmap(pages, NV_PAGES, VM_MAP, PAGE_KERNEL_RO);
 }
 
+static void destroy_init_ex_buf(void *buf)
+{
+	vunmap(buf);
+}
+
 static int sev_write_init_ex_file(void)
 {
 	struct sev_device *sev = psp_master->sev_data;
@@ -315,7 +319,7 @@ static int sev_write_init_ex_file(void)
 		return ret;
 	}
 
-	sev_init_ex_buffer = vmap_sev_init_ex_buffer();
+	sev_init_ex_buffer = vmap_init_ex_buf();
 	if (!sev_init_ex_buffer) {
 		dev_err(sev->dev, "SEV: failed to map non-volative memory area\n");
 		return -EIO;
@@ -329,12 +333,12 @@ static int sev_write_init_ex_file(void)
 		dev_err(sev->dev,
 			"SEV: failed to write %u bytes to non volatile memory area, ret %ld\n",
 			NV_LENGTH, nwrite);
-		vunmap(sev_init_ex_buffer);
+		destroy_init_ex_buf(sev_init_ex_buffer);
 		return -EIO;
 	}
 
 	dev_dbg(sev->dev, "SEV: write successful to NV file\n");
-	vunmap(sev_init_ex_buffer);
+	destroy_init_ex_buf(sev_init_ex_buffer);
 
 	return 0;
 }

-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ