| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <4dde8da4-e29d-ebea-f33f-8389b2f47613@amd.com>
Date: Tue, 7 Jan 2025 12:38:05 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Nikunj A Dadhania <nikunj@....com>, linux-kernel@...r.kernel.org,
bp@...en8.de, x86@...nel.org
Cc: kvm@...r.kernel.org, mingo@...hat.com, tglx@...utronix.de,
dave.hansen@...ux.intel.com, pgonda@...gle.com, seanjc@...gle.com,
pbonzini@...hat.com, francescolavra.fl@...il.com
Subject: Re: [PATCH v16 01/13] virt: sev-guest: Remove is_vmpck_empty() helper
On 1/6/25 06:46, Nikunj A Dadhania wrote:
> Remove the is_vmpck_empty() helper function, which uses a local array
> allocation to check if the VMPCK is empty. Replace it with memchr_inv() to
> directly determine if the VMPCK is empty without additional memory
> allocation.
>
> Suggested-by: Borislav Petkov <bp@...en8.de>
> Signed-off-by: Nikunj A Dadhania <nikunj@....com>
> ---
> drivers/virt/coco/sev-guest/sev-guest.c | 14 ++------------
> 1 file changed, 2 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> index b699771be029..62328d0b2cb6 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> @@ -63,16 +63,6 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.
> /* Mutex to serialize the shared buffer access and command handling. */
> static DEFINE_MUTEX(snp_cmd_mutex);
>
> -static bool is_vmpck_empty(struct snp_msg_desc *mdesc)
> -{
> - char zero_key[VMPCK_KEY_LEN] = {0};
> -
> - if (mdesc->vmpck)
> - return !memcmp(mdesc->vmpck, zero_key, VMPCK_KEY_LEN);
> -
> - return true;
> -}
I still like the helper, but just using memchr_inv() inside it instead,
e.g.:
return !mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN);
But either way works for me.
Reviewed-by: Tom Lendacky <thomas.lendacky@....com>
> -
> /*
> * If an error is received from the host or AMD Secure Processor (ASP) there
> * are two options. Either retry the exact same encrypted request or discontinue
> @@ -335,7 +325,7 @@ static int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_r
> guard(mutex)(&snp_cmd_mutex);
>
> /* Check if the VMPCK is not empty */
> - if (is_vmpck_empty(mdesc)) {
> + if (!mdesc->vmpck || !memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) {
> pr_err_ratelimited("VMPCK is disabled\n");
> return -ENOTTY;
> }
> @@ -1024,7 +1014,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
> }
>
> /* Verify that VMPCK is not zero. */
> - if (is_vmpck_empty(mdesc)) {
> + if (!memchr_inv(mdesc->vmpck, 0, VMPCK_KEY_LEN)) {
> dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id);
> goto e_unmap;
> }
Powered by blists - more mailing lists