| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jan 2024 16:05:00 -0800
From: Dionna Amalie Glaze <dionnaglaze@...gle.com>
To: Tom Lendacky <thomas.lendacky@....com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, "H. Peter Anvin" <hpa@...or.com>,
Andy Lutomirski <luto@...nel.org>, Peter Zijlstra <peterz@...radead.org>,
Dan Williams <dan.j.williams@...el.com>, Michael Roth <michael.roth@....com>,
Ashish Kalra <ashish.kalra@....com>
Subject: Re: [PATCH 01/11] x86/sev: Rename snp_init() in the
boot/compressed/sev.c file
On Fri, Jan 26, 2024 at 2:16 PM Tom Lendacky <thomas.lendacky@....com> wrote:
>
> The snp_init() function is local to the boot/compressed/sev.c file and is
> not called from outside of the file. Change the name so that it is not
> tied to the function definition in arch/x86/include/asm/sev.h. Move the
> renamed snp_init() and related functions up in the file to avoid having to
> add a forward declaration and make the function static, too.
>
> This will allow the snp_init() function in arch/x86/kernel/sev.c to be
> changed without having to make the same change in boot/compressed/sev.c.
>
> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
> ---
> arch/x86/boot/compressed/sev.c | 162 ++++++++++++++++-----------------
> 1 file changed, 81 insertions(+), 81 deletions(-)
>
> diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
> index 454acd7a2daf..c3030cfb6484 100644
> --- a/arch/x86/boot/compressed/sev.c
> +++ b/arch/x86/boot/compressed/sev.c
> @@ -405,6 +405,85 @@ void snp_check_features(void)
> }
> }
>
> +/* Search for Confidential Computing blob in the EFI config table. */
> +static struct cc_blob_sev_info *find_cc_blob_efi(struct boot_params *bp)
> +{
> + unsigned long cfg_table_pa;
> + unsigned int cfg_table_len;
> + int ret;
> +
> + ret = efi_get_conf_table(bp, &cfg_table_pa, &cfg_table_len);
> + if (ret)
> + return NULL;
> +
> + return (struct cc_blob_sev_info *)efi_find_vendor_table(bp, cfg_table_pa,
> + cfg_table_len,
> + EFI_CC_BLOB_GUID);
> +}
> +
> +/*
> + * Initial set up of SNP relies on information provided by the
> + * Confidential Computing blob, which can be passed to the boot kernel
> + * by firmware/bootloader in the following ways:
> + *
> + * - via an entry in the EFI config table
> + * - via a setup_data structure, as defined by the Linux Boot Protocol
> + *
> + * Scan for the blob in that order.
> + */
> +static struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp)
> +{
> + struct cc_blob_sev_info *cc_info;
> +
> + cc_info = find_cc_blob_efi(bp);
> + if (cc_info)
> + goto found_cc_info;
> +
> + cc_info = find_cc_blob_setup_data(bp);
> + if (!cc_info)
> + return NULL;
> +
> +found_cc_info:
> + if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
> + sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> +
> + return cc_info;
> +}
> +
> +/*
> + * Indicate SNP based on presence of SNP-specific CC blob. Subsequent checks
> + * will verify the SNP CPUID/MSR bits.
> + */
> +static bool snp_setup(struct boot_params *bp)
> +{
> + struct cc_blob_sev_info *cc_info;
> +
> + if (!bp)
> + return false;
> +
> + cc_info = find_cc_blob(bp);
> + if (!cc_info)
> + return false;
> +
> + /*
> + * If a SNP-specific Confidential Computing blob is present, then
> + * firmware/bootloader have indicated SNP support. Verifying this
> + * involves CPUID checks which will be more reliable if the SNP
> + * CPUID table is used. See comments over snp_setup_cpuid_table() for
> + * more details.
> + */
> + setup_cpuid_table(cc_info);
> +
> + /*
> + * Pass run-time kernel a pointer to CC info via boot_params so EFI
> + * config table doesn't need to be searched again during early startup
> + * phase.
> + */
> + bp->cc_blob_address = (u32)(unsigned long)cc_info;
> +
> + return true;
> +}
> +
> /*
> * sev_check_cpu_support - Check for SEV support in the CPU capabilities
> *
> @@ -455,7 +534,7 @@ void sev_enable(struct boot_params *bp)
> bp->cc_blob_address = 0;
>
> /*
> - * Do an initial SEV capability check before snp_init() which
> + * Do an initial SEV capability check before snp_setup() which
> * loads the CPUID page and the same checks afterwards are done
> * without the hypervisor and are trustworthy.
> *
> @@ -470,7 +549,7 @@ void sev_enable(struct boot_params *bp)
> * Setup/preliminary detection of SNP. This will be sanity-checked
> * against CPUID/MSR values later.
> */
> - snp = snp_init(bp);
> + snp = snp_setup(bp);
>
> /* Now repeat the checks with the SNP CPUID table. */
>
> @@ -527,85 +606,6 @@ u64 sev_get_status(void)
> return m.q;
> }
>
> -/* Search for Confidential Computing blob in the EFI config table. */
> -static struct cc_blob_sev_info *find_cc_blob_efi(struct boot_params *bp)
> -{
> - unsigned long cfg_table_pa;
> - unsigned int cfg_table_len;
> - int ret;
> -
> - ret = efi_get_conf_table(bp, &cfg_table_pa, &cfg_table_len);
> - if (ret)
> - return NULL;
> -
> - return (struct cc_blob_sev_info *)efi_find_vendor_table(bp, cfg_table_pa,
> - cfg_table_len,
> - EFI_CC_BLOB_GUID);
> -}
> -
> -/*
> - * Initial set up of SNP relies on information provided by the
> - * Confidential Computing blob, which can be passed to the boot kernel
> - * by firmware/bootloader in the following ways:
> - *
> - * - via an entry in the EFI config table
> - * - via a setup_data structure, as defined by the Linux Boot Protocol
> - *
> - * Scan for the blob in that order.
> - */
> -static struct cc_blob_sev_info *find_cc_blob(struct boot_params *bp)
> -{
> - struct cc_blob_sev_info *cc_info;
> -
> - cc_info = find_cc_blob_efi(bp);
> - if (cc_info)
> - goto found_cc_info;
> -
> - cc_info = find_cc_blob_setup_data(bp);
> - if (!cc_info)
> - return NULL;
> -
> -found_cc_info:
> - if (cc_info->magic != CC_BLOB_SEV_HDR_MAGIC)
> - sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
> -
> - return cc_info;
> -}
> -
> -/*
> - * Indicate SNP based on presence of SNP-specific CC blob. Subsequent checks
> - * will verify the SNP CPUID/MSR bits.
> - */
> -bool snp_init(struct boot_params *bp)
> -{
> - struct cc_blob_sev_info *cc_info;
> -
> - if (!bp)
> - return false;
> -
> - cc_info = find_cc_blob(bp);
> - if (!cc_info)
> - return false;
> -
> - /*
> - * If a SNP-specific Confidential Computing blob is present, then
> - * firmware/bootloader have indicated SNP support. Verifying this
> - * involves CPUID checks which will be more reliable if the SNP
> - * CPUID table is used. See comments over snp_setup_cpuid_table() for
> - * more details.
> - */
> - setup_cpuid_table(cc_info);
> -
> - /*
> - * Pass run-time kernel a pointer to CC info via boot_params so EFI
> - * config table doesn't need to be searched again during early startup
> - * phase.
> - */
> - bp->cc_blob_address = (u32)(unsigned long)cc_info;
> -
> - return true;
> -}
> -
Did some kind of whitespace replacement happen accidentally? There's a
lot that isn't changed but the diff is quite big.
> void sev_prep_identity_maps(unsigned long top_level_pgt)
> {
> /*
> --
> 2.42.0
>
>
--
-Dionna Glaze, PhD (she/her)
Powered by blists - more mailing lists