[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250731113653.000000cd@huawei.com>
Date: Thu, 31 Jul 2025 11:36:53 +0100
From: Jonathan Cameron <Jonathan.Cameron@...wei.com>
To: "Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org>
CC: <linux-coco@...ts.linux.dev>, <kvmarm@...ts.linux.dev>,
<linux-pci@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <aik@....com>,
<lukas@...ner.de>, Samuel Ortiz <sameo@...osinc.com>, Xu Yilun
<yilun.xu@...ux.intel.com>, Jason Gunthorpe <jgg@...pe.ca>, "Suzuki K
Poulose" <Suzuki.Poulose@....com>, Steven Price <steven.price@....com>,
Catalin Marinas <catalin.marinas@....com>, Marc Zyngier <maz@...nel.org>,
Will Deacon <will@...nel.org>, Oliver Upton <oliver.upton@...ux.dev>
Subject: Re: [RFC PATCH v1 38/38] coco: guest: arm64: Add support for
fetching device info
On Mon, 28 Jul 2025 19:22:15 +0530
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@...nel.org> wrote:
> RSI_RDEV_GET_INFO returns different digest hash values, which can be
> compared with host cached values to ensure the host didn't tamper with
> the cached data.
>
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@...nel.org>
Hi Aneesh
A few comments on this one
Jonathan
> diff --git a/drivers/virt/coco/arm-cca-guest/rsi-da.c b/drivers/virt/coco/arm-cca-guest/rsi-da.c
> index 6222b10964ee..a1bb225adb4c 100644
> --- a/drivers/virt/coco/arm-cca-guest/rsi-da.c
> +++ b/drivers/virt/coco/arm-cca-guest/rsi-da.c
> @@ -6,6 +6,7 @@
> #include <linux/pci.h>
> #include <linux/mem_encrypt.h>
> #include <asm/rsi_cmds.h>
> +#include <crypto/hash.h>
>
> #include "rsi-da.h"
>
> @@ -186,11 +187,102 @@ rsi_rdev_get_measurements(struct pci_dev *pdev, unsigned long vdev_id,
> return RSI_SUCCESS;
> }
>
> +static int verify_digests(struct cca_guest_dsc *dsm)
> +{
> + int i;
> + int ret;
> + u8 digest[SHA512_DIGEST_SIZE];
> + int sdesc_size;
> + size_t digest_size;
> + char *hash_alg_name;
> + struct shash_desc *shash;
> + struct crypto_shash *alg;
> + struct pci_dev *pdev = dsm->pci.tsm.pdev;
> + struct {
> + uint8_t *report;
> + size_t size;
> + uint8_t *digest;
> + } reports[] = {
> + {
> + dsm->interface_report,
> + dsm->interface_report_size,
> + dsm->dev_info.report_digest
> + },
> + {
> + dsm->certificate,
> + dsm->certificate_size,
> + dsm->dev_info.cert_digest
> + },
> + {
> + dsm->measurements,
> + dsm->measurements_size,
> + dsm->dev_info.meas_digest
> + }
> + };
> +
> +
> + if (dsm->dev_info.hash_algo == RSI_HASH_SHA_256) {
This to me smells like a place that will need switch sooner or
later, maybe just do it now.
> + hash_alg_name = "sha256";
> + digest_size = SHA256_DIGEST_SIZE;
> + } else if (dsm->dev_info.hash_algo == RSI_HASH_SHA_512) {
> + hash_alg_name = "sha512";
> + digest_size = SHA512_DIGEST_SIZE;
> + } else {
> + pci_err(pdev, "unknown realm hash algorithm!\n");
> + ret = -EINVAL;
return -EINVAL;
> + goto err_out;
> + }
> +
> + alg = crypto_alloc_shash(hash_alg_name, 0, 0);
As below - I'd spin a DEFINE_FREE() for this to simplify error
paths in here and remove the labels that had me confused briefly.
> + if (IS_ERR(alg)) {
> + pci_err(pdev, "cannot allocate %s\n", hash_alg_name);
> + return PTR_ERR(alg);
> + }
> +
> + sdesc_size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
Not common in crypto so perhaps just leave this as you have it.
sdesc_size = struct_size(struct shash_dec, __ctx, crypto_shash_desc_size(alg));
is more informative on what is going on here.
> + shash = kzalloc(sdesc_size, GFP_KERNEL);
> + if (!shash) {
> + pci_err(pdev, "cannot allocate sdesc\n");
> + ret = -ENOMEM;
> + goto err_free_shash;
> + }
> + shash->tfm = alg;
> +
> + for (i = 0; i < ARRAY_SIZE(reports); i++) {
> + ret = crypto_shash_digest(shash, reports[i].report,
> + reports[i].size, digest);
To me a bit marginal on whether this loop and the structures above
are beneficial over straight line code.
> + if (ret) {
> + pci_err(pdev, "failed to compute digest, %d\n", ret);
> + goto err_free_sdesc;
> + }
> +
> + if (memcmp(reports[i].digest, digest, digest_size)) {
> + pci_err(pdev, "invalid digest\n");
> + ret = -EINVAL;
> + goto err_free_sdesc;
> + }
> + }
> +
> + kfree(shash);
> + crypto_free_shash(alg);
> +
> + pci_info(pdev, "Successfully verified the digests\n");
debug.
> + return 0;
> +
> +err_free_sdesc:
I'd tweak these labels if you keep them. This isn't freeing the sdesc.
> + kfree(shash);
Looks perfect for some __free() magic dust.
> +err_free_shash:
> + crypto_free_shash(alg);
DEFINE_FREE() needed for this but looks pretty uncontroversial.
> +err_out:
As below. I'd not do this.
> + return ret;
> +}
> +
> int rsi_device_lock(struct pci_dev *pdev)
> {
> unsigned long ret;
> unsigned long tdisp_version;
> struct rsi_device_measurements_params *rsi_dev_meas;
> + struct rsi_device_info *dev_info;
> struct cca_guest_dsc *dsm = to_cca_guest_dsc(pdev);
> int vdev_id = (pci_domain_nr(pdev->bus) << 16) |
> PCI_DEVID(pdev->bus->number, pdev->devfn);
> @@ -252,8 +344,44 @@ int rsi_device_lock(struct pci_dev *pdev)
> return -EIO;
> }
>
> + /* RMM expects sizeof(dev_info) (512 bytes) aligned address */
> + dev_info = kmalloc(sizeof(*dev_info), GFP_KERNEL);
Use a __free(kfree) here (and direct returns on errors) given it's freed
in all paths and we don't care if it is freed before or after verifying the digests.
I'm being slow today, but what in that enforces the alignment? I guess
it's that the structure happens to be big enough that it happens naturally?
I'd allocate max(512, sizeof(*dev_info)) to make it explicitly the case.
> + if (!dev_info) {
> + ret = -ENOMEM;
> + goto err_out;
> + }
> +
> + ret = rsi_rdev_get_info(vdev_id, dsm->instance_id, virt_to_phys(dev_info));
> + if (ret != RSI_SUCCESS) {
> + pci_err(pdev, "failed to get device digests (%lu)\n", ret);
> + ret = -EIO;
> + kfree(dev_info);
> + goto err_out;
> + }
> +
> + dsm->dev_info.attest_type = dev_info->attest_type;
> + dsm->dev_info.cert_id = dev_info->cert_id;
> + dsm->dev_info.hash_algo = dev_info->hash_algo;
> + memcpy(dsm->dev_info.cert_digest, dev_info->cert_digest, SHA512_DIGEST_SIZE);
> + memcpy(dsm->dev_info.meas_digest, dev_info->meas_digest, SHA512_DIGEST_SIZE);
> + memcpy(dsm->dev_info.report_digest, dev_info->report_digest, SHA512_DIGEST_SIZE);
> +
Can't you memcpy the whole thing in one go?
> + kfree(dev_info);
> + /*
> + * Verify that the digests of the provided reports match with the
> + * digests from RMM
> + */
> + ret = verify_digests(dsm);
> + if (ret) {
> + pci_err(pdev, "device digest validation failed (%ld)\n", ret);
> + return ret;
> + }
> +
> + return 0;
> +err_out:
I'll always grumble about these. To me it always makes the code
less readable. Some others disagree though ;(
> return ret;
> }
> +
Looks like this should have been in an earlier patch.
> static inline unsigned long rsi_rdev_start(struct pci_dev *pdev,
> unsigned long vdev_id, unsigned long inst_id)
> {
> diff --git a/drivers/virt/coco/arm-cca-guest/rsi-da.h b/drivers/virt/coco/arm-cca-guest/rsi-da.h
> index f26156d9be81..e8953b8e85a3 100644
> --- a/drivers/virt/coco/arm-cca-guest/rsi-da.h
> +++ b/drivers/virt/coco/arm-cca-guest/rsi-da.h
> @@ -10,6 +10,7 @@
> #include <linux/pci-tsm.h>
> #include <asm/rsi_smc.h>
> #include <asm/rhi.h>
> +#include <crypto/sha2.h>
>
> struct pci_tdisp_device_interface_report {
> u16 interface_info;
> @@ -33,6 +34,17 @@ struct pci_tdisp_mmio_range {
> #define TSM_INTF_REPORT_MMIO_RESERVED GENMASK(15, 4)
> #define TSM_INTF_REPORT_MMIO_RANGE_ID GENMASK(31, 16)
>
> +struct dsm_device_info {
> + u64 flags;
> + u64 attest_type;
> + u64 cert_id;
> + u64 hash_algo;
> + u8 cert_digest[SHA512_DIGEST_SIZE];
> + u8 meas_digest[SHA512_DIGEST_SIZE];
> + u8 report_digest[SHA512_DIGEST_SIZE];
> +};
> +
One probably enough.
> +
> struct cca_guest_dsc {
> struct pci_tsm_pf0 pci;
> unsigned long instance_id;
> @@ -42,6 +54,7 @@ struct cca_guest_dsc {
> int certificate_size;
> void *measurements;
> int measurements_size;
> + struct dsm_device_info dev_info;
> };
>
> static inline struct cca_guest_dsc *to_cca_guest_dsc(struct pci_dev *pdev)
Powered by blists - more mailing lists