lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <174550926387.31282.8024498782812144912.tip-bot2@tip-bot2>
Date: Thu, 24 Apr 2025 15:41:03 -0000
From: "tip-bot2 for Tom Lendacky" <tip-bot2@...utronix.de>
To: linux-tip-commits@...r.kernel.org
Cc: Tom Lendacky <thomas.lendacky@....com>, Ingo Molnar <mingo@...nel.org>,
 Ard Biesheuvel <ardb@...nel.org>,
 Dionna Amalie Glaze <dionnaglaze@...gle.com>,
 Kevin Loughlin <kevinloughlin@...gle.com>, x86@...nel.org,
 linux-kernel@...r.kernel.org
Subject: [tip: x86/boot] x86/sev: Share the sev_secrets_pa value again

The following commit has been merged into the x86/boot branch of tip:

Commit-ID:     18ea89eae404d119ced26d80ac3e62255ce15409
Gitweb:        https://git.kernel.org/tip/18ea89eae404d119ced26d80ac3e62255ce15409
Author:        Tom Lendacky <thomas.lendacky@....com>
AuthorDate:    Wed, 23 Apr 2025 10:22:31 -05:00
Committer:     Ingo Molnar <mingo@...nel.org>
CommitterDate: Thu, 24 Apr 2025 17:20:52 +02:00

x86/sev: Share the sev_secrets_pa value again

This commits breaks SNP guests:

  234cf67fc3bd ("x86/sev: Split off startup code from core code")

The SNP guest boots, but no longer has access to the VMPCK keys needed
to communicate with the ASP, which is used, for example, to obtain an
attestation report.

The secrets_pa value is defined as static in both startup.c and
core.c. It is set by a function in startup.c and so when used in
core.c its value will be 0.

Share it again and add the sev_ prefix to put it into the global
SEV symbols namespace.

[ mingo: Renamed to sev_secrets_pa ]

Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
Signed-off-by: Ingo Molnar <mingo@...nel.org>
Acked-by: Ard Biesheuvel <ardb@...nel.org>
Cc: Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc: Kevin Loughlin <kevinloughlin@...gle.com>
Link: https://lore.kernel.org/r/cf878810-81ed-3017-52c6-ce6aa41b5f01@amd.com
---
 arch/x86/boot/startup/sev-startup.c | 4 ++--
 arch/x86/coco/sev/core.c            | 7 ++-----
 arch/x86/include/asm/sev-internal.h | 1 +
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/arch/x86/boot/startup/sev-startup.c b/arch/x86/boot/startup/sev-startup.c
index 36a75c5..f901ce9 100644
--- a/arch/x86/boot/startup/sev-startup.c
+++ b/arch/x86/boot/startup/sev-startup.c
@@ -55,7 +55,7 @@ struct ghcb *boot_ghcb __section(".data");
 u64 sev_hv_features __ro_after_init;
 
 /* Secrets page physical address from the CC blob */
-static u64 secrets_pa __ro_after_init;
+u64 sev_secrets_pa __ro_after_init;
 
 /* For early boot SVSM communication */
 struct svsm_ca boot_svsm_ca_page __aligned(PAGE_SIZE);
@@ -1367,7 +1367,7 @@ bool __head snp_init(struct boot_params *bp)
 		return false;
 
 	if (cc_info->secrets_phys && cc_info->secrets_len == PAGE_SIZE)
-		secrets_pa = cc_info->secrets_phys;
+		sev_secrets_pa = cc_info->secrets_phys;
 	else
 		return false;
 
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c
index 617988a..ac40052 100644
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -80,9 +80,6 @@ static const char * const sev_status_feat_names[] = {
 	[MSR_AMD64_SNP_SMT_PROT_BIT]		= "SMTProt",
 };
 
-/* Secrets page physical address from the CC blob */
-static u64 secrets_pa __ro_after_init;
-
 /*
  * For Secure TSC guests, the BSP fetches TSC_INFO using SNP guest messaging and
  * initializes snp_tsc_scale and snp_tsc_offset. These values are replicated
@@ -109,7 +106,7 @@ static u64 __init get_snp_jump_table_addr(void)
 	void __iomem *mem;
 	u64 addr;
 
-	mem = ioremap_encrypted(secrets_pa, PAGE_SIZE);
+	mem = ioremap_encrypted(sev_secrets_pa, PAGE_SIZE);
 	if (!mem) {
 		pr_err("Unable to locate AP jump table address: failed to map the SNP secrets page.\n");
 		return 0;
@@ -1599,7 +1596,7 @@ struct snp_msg_desc *snp_msg_alloc(void)
 	if (!mdesc)
 		return ERR_PTR(-ENOMEM);
 
-	mem = ioremap_encrypted(secrets_pa, PAGE_SIZE);
+	mem = ioremap_encrypted(sev_secrets_pa, PAGE_SIZE);
 	if (!mem)
 		goto e_free_mdesc;
 
diff --git a/arch/x86/include/asm/sev-internal.h b/arch/x86/include/asm/sev-internal.h
index e54847a..a78f972 100644
--- a/arch/x86/include/asm/sev-internal.h
+++ b/arch/x86/include/asm/sev-internal.h
@@ -5,6 +5,7 @@
 extern struct ghcb boot_ghcb_page;
 extern struct ghcb *boot_ghcb;
 extern u64 sev_hv_features;
+extern u64 sev_secrets_pa;
 
 /* #VC handler runtime per-CPU data */
 struct sev_es_runtime_data {

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ