lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 31 May 2024 10:00:27 +0530
From: Nikunj A Dadhania <nikunj@....com>
To: <linux-kernel@...r.kernel.org>, <thomas.lendacky@....com>, <bp@...en8.de>,
	<x86@...nel.org>, <kvm@...r.kernel.org>
CC: <mingo@...hat.com>, <tglx@...utronix.de>, <dave.hansen@...ux.intel.com>,
	<pgonda@...gle.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>,
	<nikunj@....com>
Subject: [PATCH v9 13/24] x86/sev: Make sev-guest driver functional again

After the pure mechanical code movement of core SEV guest driver routines,
SEV guest driver is not yet functional. Export SNP guest messaging APIs for
the sev-guest driver. Drop the stubbed routines in sev-guest driver and use
the newly exported APIs

Signed-off-by: Nikunj A Dadhania <nikunj@....com>
---
 arch/x86/include/asm/sev.h              | 14 ++++++++++
 arch/x86/kernel/sev.c                   | 23 +++++++++------
 drivers/virt/coco/sev-guest/sev-guest.c | 37 ++-----------------------
 3 files changed, 31 insertions(+), 43 deletions(-)

diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 109185daff2c..f58052fd6cb3 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -322,6 +322,12 @@ void snp_accept_memory(phys_addr_t start, phys_addr_t end);
 u64 snp_get_unsupported_features(u64 status);
 u64 sev_get_status(void);
 void sev_show_status(void);
+bool snp_assign_vmpck(struct snp_guest_dev *snp_dev, unsigned int vmpck_id);
+bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev);
+int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa);
+void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev);
+int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req,
+			   struct snp_guest_request_ioctl *rio);
 
 static inline void free_shared_pages(void *buf, size_t sz)
 {
@@ -384,6 +390,14 @@ static inline void snp_accept_memory(phys_addr_t start, phys_addr_t end) { }
 static inline u64 snp_get_unsupported_features(u64 status) { return 0; }
 static inline u64 sev_get_status(void) { return 0; }
 static inline void sev_show_status(void) { }
+static inline bool snp_assign_vmpck(struct snp_guest_dev *snp_dev,
+				    unsigned int vmpck_id) { return false; }
+static inline bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev) { return true; }
+static inline int
+snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa) { return -EINVAL; }
+static inline void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev) { }
+static inline int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req,
+					 struct snp_guest_request_ioctl *rio) { return -EINVAL; }
 static inline void free_shared_pages(void *buf, size_t sz) { }
 static inline void *alloc_shared_pages(size_t sz) { return NULL; }
 #endif
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index c2508809d4e2..878575b05b2d 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -2309,7 +2309,7 @@ static inline u8 *get_vmpck(struct snp_guest_dev *snp_dev)
 	return snp_dev->secrets->vmpck[snp_dev->vmpck_id];
 }
 
-static bool __maybe_unused assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
+bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
 {
 	if ((vmpck_id + 1) > VMPCK_MAX_NUM)
 		return false;
@@ -2318,14 +2318,16 @@ static bool __maybe_unused assign_vmpck(struct snp_guest_dev *dev, unsigned int
 
 	return true;
 }
+EXPORT_SYMBOL_GPL(snp_assign_vmpck);
 
-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
+bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)
 {
 	char zero_key[VMPCK_KEY_LEN] = {0};
 	u8 *key = get_vmpck(snp_dev);
 
 	return !memcmp(key, zero_key, VMPCK_KEY_LEN);
 }
+EXPORT_SYMBOL_GPL(snp_is_vmpck_empty);
 
 /*
  * If an error is received from the host or AMD Secure Processor (ASP) there
@@ -2348,7 +2350,7 @@ static void snp_disable_vmpck(struct snp_guest_dev *snp_dev)
 {
 	u8 *key = get_vmpck(snp_dev);
 
-	if (is_vmpck_empty(snp_dev))
+	if (snp_is_vmpck_empty(snp_dev))
 		return;
 
 	pr_alert("Disabling VMPCK%u to prevent IV reuse.\n", snp_dev->vmpck_id);
@@ -2392,7 +2394,7 @@ static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev)
 	struct aesgcm_ctx *ctx;
 	u8 *key;
 
-	if (is_vmpck_empty(snp_dev)) {
+	if (snp_is_vmpck_empty(snp_dev)) {
 		pr_err("VM communication key VMPCK%u is invalid\n", snp_dev->vmpck_id);
 		return NULL;
 	}
@@ -2573,9 +2575,9 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_gues
 	return rc;
 }
 
-static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev,
-						 struct snp_guest_req *req,
-						 struct snp_guest_request_ioctl *rio)
+int snp_send_guest_request(struct snp_guest_dev *snp_dev,
+			   struct snp_guest_req *req,
+			   struct snp_guest_request_ioctl *rio)
 {
 	u64 seqno;
 	int rc;
@@ -2622,8 +2624,9 @@ static int __maybe_unused snp_send_guest_request(struct snp_guest_dev *snp_dev,
 
 	return 0;
 }
+EXPORT_SYMBOL_GPL(snp_send_guest_request);
 
-static int __maybe_unused snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa)
+int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa)
 {
 	int ret = -ENOMEM;
 
@@ -2677,8 +2680,9 @@ static int __maybe_unused snp_guest_messaging_init(struct snp_guest_dev *snp_dev
 
 	return ret;
 }
+EXPORT_SYMBOL_GPL(snp_guest_messaging_init);
 
-static void __maybe_unused snp_guest_messaging_exit(struct snp_guest_dev *snp_dev)
+void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev)
 {
 	if (!snp_dev)
 		return;
@@ -2690,3 +2694,4 @@ static void __maybe_unused snp_guest_messaging_exit(struct snp_guest_dev *snp_de
 	kfree(snp_dev->secret_request);
 	iounmap(snp_dev->secrets);
 }
+EXPORT_SYMBOL_GPL(snp_guest_messaging_exit);
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 567b3684eae5..41878bd968d5 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -34,12 +34,6 @@ static u32 vmpck_id;
 module_param(vmpck_id, uint, 0444);
 MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.");
 
-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
-{
-	/* Place holder function to be removed after code movement */
-	return true;
-}
-
 static inline struct snp_guest_dev *to_snp_dev(struct file *file)
 {
 	struct miscdevice *dev = file->private_data;
@@ -47,13 +41,6 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file)
 	return container_of(dev, struct snp_guest_dev, misc);
 }
 
-static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req,
-				  struct snp_guest_request_ioctl *rio)
-{
-	/* Place holder function to be removed after code movement */
-	return -EIO;
-}
-
 struct snp_req_resp {
 	sockptr_t req_data;
 	sockptr_t resp_data;
@@ -258,7 +245,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
 		return -EINVAL;
 
 	/* Check if the VMPCK is not empty */
-	if (is_vmpck_empty(snp_dev)) {
+	if (snp_is_vmpck_empty(snp_dev)) {
 		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
 		return -ENOTTY;
 	}
@@ -295,12 +282,6 @@ static const struct file_operations snp_guest_fops = {
 	.unlocked_ioctl = snp_guest_ioctl,
 };
 
-static bool assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
-{
-	/* Place holder function to be removed after code movement */
-	return false;
-}
-
 struct snp_msg_report_resp_hdr {
 	u32 status;
 	u32 report_size;
@@ -332,7 +313,7 @@ static int sev_report_new(struct tsm_report *report, void *data)
 		return -ENOMEM;
 
 	/* Check if the VMPCK is not empty */
-	if (is_vmpck_empty(snp_dev)) {
+	if (snp_is_vmpck_empty(snp_dev)) {
 		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
 		return -ENOTTY;
 	}
@@ -423,18 +404,6 @@ static void unregister_sev_tsm(void *data)
 	tsm_unregister(&sev_tsm_ops);
 }
 
-static int snp_guest_messaging_init(struct snp_guest_dev *snp_dev, u64 secrets_gpa)
-{
-	/* Place holder function to be removed after code movement */
-	return 0;
-}
-
-static void snp_guest_messaging_exit(struct snp_guest_dev *snp_dev)
-{
-	/* Place holder function to be removed after code movement */
-	return;
-}
-
 static int __init sev_guest_probe(struct platform_device *pdev)
 {
 	struct sev_guest_platform_data *data;
@@ -456,7 +425,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
 		return -ENOMEM;
 
 	ret = -EINVAL;
-	if (!assign_vmpck(snp_dev, vmpck_id)) {
+	if (!snp_assign_vmpck(snp_dev, vmpck_id)) {
 		dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id);
 		return ret;
 	}
-- 
2.34.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ