lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240129151207.GAZbfAR1_nCqhblsAT@fat_crate.local>
Date: Mon, 29 Jan 2024 16:12:07 +0100
From: Borislav Petkov <bp@...en8.de>
To: Michael Roth <michael.roth@....com>
Cc: x86@...nel.org, kvm@...r.kernel.org, linux-coco@...ts.linux.dev,
	linux-mm@...ck.org, linux-crypto@...r.kernel.org,
	linux-kernel@...r.kernel.org, tglx@...utronix.de, mingo@...hat.com,
	jroedel@...e.de, thomas.lendacky@....com, hpa@...or.com,
	ardb@...nel.org, pbonzini@...hat.com, seanjc@...gle.com,
	vkuznets@...hat.com, jmattson@...gle.com, luto@...nel.org,
	dave.hansen@...ux.intel.com, slp@...hat.com, pgonda@...gle.com,
	peterz@...radead.org, srinivas.pandruvada@...ux.intel.com,
	rientjes@...gle.com, tobin@....com, vbabka@...e.cz,
	kirill@...temov.name, ak@...ux.intel.com, tony.luck@...el.com,
	sathyanarayanan.kuppuswamy@...ux.intel.com, alpergun@...gle.com,
	jarkko@...nel.org, ashish.kalra@....com, nikunj.dadhania@....com,
	pankaj.gupta@....com, liam.merwick@...cle.com
Subject: Re: [PATCH v2 17/25] crypto: ccp: Handle non-volatile INIT_EX data
 when SNP is enabled

On Thu, Jan 25, 2024 at 10:11:17PM -0600, Michael Roth wrote:
> -	if (sev_init_ex_buffer) {
> +	/*
> +	 * If an init_ex_path is provided allocate a buffer for the file and
> +	 * read in the contents. Additionally, if SNP is initialized, convert
> +	 * the buffer pages to firmware pages.
> +	 */
> +	if (init_ex_path && !sev_init_ex_buffer) {
> +		struct page *page;
> +
> +		page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
> +		if (!page) {
> +			dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
> +			return -ENOMEM;
> +		}
> +
> +		sev_init_ex_buffer = page_address(page);
> +
>  		rc = sev_read_init_ex_file();
>  		if (rc)
>  			return rc;
> +
> +		/* If SEV-SNP is initialized, transition to firmware page. */
> +		if (sev->snp_initialized) {
> +			unsigned long npages;
> +
> +			npages = 1UL << get_order(NV_LENGTH);
> +			if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer),
> +						    npages, false)) {
> +				dev_err(sev->dev,
> +					"SEV: INIT_EX NV memory page state change failed.\n");
> +				return -ENOMEM;
> +			}
> +		}
>  	}

Ontop:

---
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index c364ad33f376..5ec563611953 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -775,6 +775,48 @@ static void __sev_platform_init_handle_tmr(struct sev_device *sev)
 	}
 }
 
+/*
+ * If an init_ex_path is provided allocate a buffer for the file and
+ * read in the contents. Additionally, if SNP is initialized, convert
+ * the buffer pages to firmware pages.
+ */
+static int __sev_platform_init_handle_init_ex_path(struct sev_device *sev)
+{
+	struct page *page;
+	int rc;
+
+	if (!init_ex_path)
+		return 0;
+
+	if (sev_init_ex_buffer)
+		return 0;
+
+	page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
+	if (!page) {
+		dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
+		return -ENOMEM;
+	}
+
+	sev_init_ex_buffer = page_address(page);
+
+	rc = sev_read_init_ex_file();
+	if (rc)
+		return rc;
+
+	/* If SEV-SNP is initialized, transition to firmware page. */
+	if (sev->snp_initialized) {
+		unsigned long npages;
+
+		npages = 1UL << get_order(NV_LENGTH);
+		if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, false)) {
+			dev_err(sev->dev, "SEV: INIT_EX NV memory page state change failed.\n");
+			return -ENOMEM;
+		}
+	}
+
+	return 0;
+}
+
 static int __sev_platform_init_locked(int *error)
 {
 	int rc, psp_ret = SEV_RET_NO_FW_CALL;
@@ -790,39 +832,9 @@ static int __sev_platform_init_locked(int *error)
 
 	__sev_platform_init_handle_tmr(sev);
 
-	/*
-	 * If an init_ex_path is provided allocate a buffer for the file and
-	 * read in the contents. Additionally, if SNP is initialized, convert
-	 * the buffer pages to firmware pages.
-	 */
-	if (init_ex_path && !sev_init_ex_buffer) {
-		struct page *page;
-
-		page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
-		if (!page) {
-			dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
-			return -ENOMEM;
-		}
-
-		sev_init_ex_buffer = page_address(page);
-
-		rc = sev_read_init_ex_file();
-		if (rc)
-			return rc;
-
-		/* If SEV-SNP is initialized, transition to firmware page. */
-		if (sev->snp_initialized) {
-			unsigned long npages;
-
-			npages = 1UL << get_order(NV_LENGTH);
-			if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer),
-						    npages, false)) {
-				dev_err(sev->dev,
-					"SEV: INIT_EX NV memory page state change failed.\n");
-				return -ENOMEM;
-			}
-		}
-	}
+	rc = __sev_platform_init_handle_init_ex_path(sev);
+	if (rc)
+		return rc;
 
 	rc = __sev_do_init_locked(&psp_ret);
 	if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) {


-- 
Regards/Gruss,
    Boris.

https://people.kernel.org/tglx/notes-about-netiquette

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ