| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c49607f6-6548-4fb5-82ca-5de393c2bf36@amd.com>
Date: Wed, 4 Dec 2024 15:00:26 +0530
From: "Nikunj A. Dadhania" <nikunj@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: linux-kernel@...r.kernel.org, thomas.lendacky@....com, x86@...nel.org,
kvm@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
dave.hansen@...ux.intel.com, pgonda@...gle.com, seanjc@...gle.com,
pbonzini@...hat.com
Subject: Re: [PATCH v15 01/13] x86/sev: Carve out and export SNP guest
messaging init routines
On 12/3/2024 7:49 PM, Borislav Petkov wrote:
> On Tue, Dec 03, 2024 at 02:30:33PM +0530, Nikunj A Dadhania wrote:
>> @@ -458,6 +456,20 @@ void set_pte_enc_mask(pte_t *kpte, unsigned long pfn, pgprot_t new_prot);
>> void snp_kexec_finish(void);
>> void snp_kexec_begin(void);
>>
>> +static inline bool snp_is_vmpck_empty(struct snp_msg_desc *mdesc)
>> +{
>> + static const char zero_key[VMPCK_KEY_LEN] = {0};
>> +
>> + if (mdesc->vmpck)
>> + return !memcmp(mdesc->vmpck, zero_key, VMPCK_KEY_LEN);
>> +
>> + return true;
>> +}
>
> This function looks silly in a header with that array allocation.
>
> I think you should simply do:
>
> if (memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN))
Just a minor nit, it will need a negation:
if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN))
> at the call sites and not have this helper at all.
>
> But please do verify whether what I'm saying actually makes sense and if it
> does, this can be a cleanup pre-patch.
Yes, it makes sense. I have verified the code and below is the cleanup pre-patch.
>From 4d249f393aeba7bed7fb99778b8ee8a24a33b5b7 Mon Sep 17 00:00:00 2001
From: Nikunj A Dadhania <nikunj@....com>
Date: Tue, 3 Dec 2024 20:48:28 +0530
Subject: [PATCH] virt: sev-guest: Remove is_vmpck_empty() helper
Remove the is_vmpck_empty() helper function, which uses a local array
allocation to check if the VMPCK is empty. Replace it with memchr_inv() to
directly determine if the VMPCK is empty without additional memory
allocation.
Suggested-by: Borislav Petkov <bp@...en8.de>
Signed-off-by: Nikunj A Dadhania <nikunj@....com>
---
drivers/virt/coco/sev-guest/sev-guest.c | 14 ++------------
1 file changed, 2 insertions(+), 12 deletions(-)
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index b699771be029..62328d0b2cb6 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -63,16 +63,6 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.
/* Mutex to serialize the shared buffer access and command handling. */
static DEFINE_MUTEX(snp_cmd_mutex);
-static bool is_vmpck_empty(struct snp_msg_desc *mdesc)
-{
- char zero_key[VMPCK_KEY_LEN] = {0};
-
- if (mdesc->vmpck)
- return !memcmp(mdesc->vmpck, zero_key, VMPCK_KEY_LEN);
-
- return true;
-}
-
/*
* If an error is received from the host or AMD Secure Processor (ASP) there
* are two options. Either retry the exact same encrypted request or discontinue
@@ -335,7 +325,7 @@ static int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r
guard(mutex)(&snp_cmd_mutex);
/* Check if the VMPCK is not empty */
- if (is_vmpck_empty(mdesc)) {
+ if (!mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) {
pr_err_ratelimited("VMPCK is disabled\n");
return -ENOTTY;
}
@@ -1024,7 +1014,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
}
/* Verify that VMPCK is not zero. */
- if (is_vmpck_empty(mdesc)) {
+ if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) {
dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id);
goto e_unmap;
}
--
2.34.1
Powered by blists - more mailing lists