| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2cfbc885-f699-d434-2207-7772d203f455@amd.com>
Date: Fri, 7 Mar 2025 14:54:23 -0600
From: Tom Lendacky <thomas.lendacky@....com>
To: Ashish Kalra <Ashish.Kalra@....com>, seanjc@...gle.com,
pbonzini@...hat.com, tglx@...utronix.de, mingo@...hat.com, bp@...en8.de,
dave.hansen@...ux.intel.com, x86@...nel.org, hpa@...or.com,
john.allen@....com, herbert@...dor.apana.org.au
Cc: michael.roth@....com, dionnaglaze@...gle.com, nikunj@....com,
ardb@...nel.org, kevinloughlin@...gle.com, Neeraj.Upadhyay@....com,
aik@....com, kvm@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-crypto@...r.kernel.org, linux-coco@...ts.linux.dev
Subject: Re: [PATCH v6 1/8] crypto: ccp: Abort doing SEV INIT if SNP INIT
fails
On 3/6/25 17:09, Ashish Kalra wrote:
> From: Ashish Kalra <ashish.kalra@....com>
>
> If SNP host support (SYSCFG.SNPEn) is set, then RMP table must be
s/RMP/the RMP/
> initialized up before calling SEV INIT.
s/up//
>
> In other words, if SNP_INIT(_EX) is not issued or fails then
> SEV INIT will fail once SNP host support (SYSCFG.SNPEn) is enabled.
s/once/if/
>
> Fixes: 1ca5614b84eed ("crypto: ccp: Add support to initialize the AMD-SP for SEV-SNP")
> Signed-off-by: Ashish Kalra <ashish.kalra@....com>
> ---
> drivers/crypto/ccp/sev-dev.c | 7 ++-----
> 1 file changed, 2 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 2e87ca0e292a..a0e3de94704e 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -1112,7 +1112,7 @@ static int __sev_snp_init_locked(int *error)
> if (!sev_version_greater_or_equal(SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR)) {
> dev_dbg(sev->dev, "SEV-SNP support requires firmware version >= %d:%d\n",
> SNP_MIN_API_MAJOR, SNP_MIN_API_MINOR);
> - return 0;
> + return -EOPNOTSUPP;
> }
>
> /* SNP_INIT requires MSR_VM_HSAVE_PA to be cleared on all CPUs. */
> @@ -1325,12 +1325,9 @@ static int _sev_platform_init_locked(struct sev_platform_init_args *args)
> */
> rc = __sev_snp_init_locked(&args->error);
> if (rc && rc != -ENODEV) {
Can we get ride of this extra -ENODEV check? It can only be returned
because of the same check that is made earlier in this function so it
doesn't really serve any purpose from what I can tell.
Just make this "if (rc) {"
Thanks,
Tom
> - /*
> - * Don't abort the probe if SNP INIT failed,
> - * continue to initialize the legacy SEV firmware.
> - */
> dev_err(sev->dev, "SEV-SNP: failed to INIT rc %d, error %#x\n",
> rc, args->error);
> + return rc;
> }
>
> /* Defer legacy SEV/SEV-ES support if allowed by caller/module. */
Powered by blists - more mailing lists