* [PATCH] crypto: ccp - Consolidate sev INIT logic
@ 2021-10-05 19:52 Peter Gonda
2021-10-07 22:30 ` Marc Orr
2021-10-08 15:52 ` Brijesh Singh
0 siblings, 2 replies; 6+ messages in thread
From: Peter Gonda @ 2021-10-05 19:52 UTC (permalink / raw)
To: thomas.lendacky
Cc: Peter Gonda, Brijesh Singh, Marc Orr, Joerg Roedel, Herbert Xu,
David Rientjes, John Allen, David S. Miller, linux-crypto,
linux-kernel
Adds new helper function sev_init_if_required() for use in sev_ioctl().
The function calls __sev_platform_init_locked() if the command requires
the PSP's internal state be at least SEV_STATE_INIT. This consolidates
many checks scattered through out the ioctl delegation functions.
Signed-off-by: Peter Gonda <pgonda@google.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Marc Orr <marcorr@google.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Cc: John Allen <john.allen@amd.com>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: linux-crypto@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
---
drivers/crypto/ccp/sev-dev.c | 63 +++++++++++++++---------------------
1 file changed, 26 insertions(+), 37 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index e09925d86bf3..071d57fec4c4 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -386,24 +386,14 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
{
- struct sev_device *sev = psp_master->sev_data;
- int rc;
-
if (!writable)
return -EPERM;
- if (sev->state == SEV_STATE_UNINIT) {
- rc = __sev_platform_init_locked(&argp->error);
- if (rc)
- return rc;
- }
-
return __sev_do_cmd_locked(cmd, NULL, &argp->error);
}
static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
{
- struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pek_csr input;
struct sev_data_pek_csr data;
void __user *input_address;
@@ -435,12 +425,6 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
data.len = input.length;
cmd:
- if (sev->state == SEV_STATE_UNINIT) {
- ret = __sev_platform_init_locked(&argp->error);
- if (ret)
- goto e_free_blob;
- }
-
ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
/* If we query the CSR length, FW responded with expected data. */
@@ -586,7 +570,6 @@ static int sev_update_firmware(struct device *dev)
static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
{
- struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pek_cert_import input;
struct sev_data_pek_cert_import data;
void *pek_blob, *oca_blob;
@@ -617,17 +600,10 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
data.oca_cert_address = __psp_pa(oca_blob);
data.oca_cert_len = input.oca_cert_len;
- /* If platform is not in INIT state then transition it to INIT */
- if (sev->state != SEV_STATE_INIT) {
- ret = __sev_platform_init_locked(&argp->error);
- if (ret)
- goto e_free_oca;
- }
-
ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
-e_free_oca:
kfree(oca_blob);
+
e_free_pek:
kfree(pek_blob);
return ret;
@@ -730,7 +706,6 @@ static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
{
- struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pdh_cert_export input;
void *pdh_blob = NULL, *cert_blob = NULL;
struct sev_data_pdh_cert_export data;
@@ -738,16 +713,6 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
void __user *input_pdh_cert_address;
int ret;
- /* If platform is not in INIT state then transition it to INIT. */
- if (sev->state != SEV_STATE_INIT) {
- if (!writable)
- return -EPERM;
-
- ret = __sev_platform_init_locked(&argp->error);
- if (ret)
- return ret;
- }
-
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
@@ -819,6 +784,26 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
return ret;
}
+static int sev_init_if_required(int cmd_id, bool writable,
+ struct sev_issue_cmd *argp)
+{
+ struct sev_device *sev = psp_master->sev_data;
+
+ lockdep_assert_held(&sev_cmd_mutex);
+
+ if (!writable)
+ return -EPERM;
+
+ if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
+ cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
+ return 0;
+
+ if (sev->state == SEV_STATE_UNINIT)
+ return __sev_platform_init_locked(&argp->error);
+
+ return 0;
+}
+
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
@@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
mutex_lock(&sev_cmd_mutex);
- switch (input.cmd) {
+ ret = sev_init_if_required(input.cmd, writable, &input);
+ if (ret)
+ goto copy_out;
+ switch (input.cmd) {
case SEV_FACTORY_RESET:
ret = sev_ioctl_do_reset(&input, writable);
break;
@@ -875,6 +863,7 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
goto out;
}
+copy_out:
if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
ret = -EFAULT;
out:
--
2.33.0.800.g4c38ced690-goog
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
2021-10-05 19:52 [PATCH] crypto: ccp - Consolidate sev INIT logic Peter Gonda
@ 2021-10-07 22:30 ` Marc Orr
2021-10-12 14:37 ` Peter Gonda
2021-10-08 15:52 ` Brijesh Singh
1 sibling, 1 reply; 6+ messages in thread
From: Marc Orr @ 2021-10-07 22:30 UTC (permalink / raw)
To: Peter Gonda
Cc: Lendacky, Thomas, Brijesh Singh, Joerg Roedel, Herbert Xu,
David Rientjes, John Allen, David S. Miller, linux-crypto, LKML
On Tue, Oct 5, 2021 at 12:52 PM Peter Gonda <pgonda@google.com> wrote:
>
> Adds new helper function sev_init_if_required() for use in sev_ioctl().
> The function calls __sev_platform_init_locked() if the command requires
> the PSP's internal state be at least SEV_STATE_INIT. This consolidates
> many checks scattered through out the ioctl delegation functions.
>
> Signed-off-by: Peter Gonda <pgonda@google.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: Joerg Roedel <jroedel@suse.de>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: David Rientjes <rientjes@google.com>
> Cc: John Allen <john.allen@amd.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> ---
> drivers/crypto/ccp/sev-dev.c | 63 +++++++++++++++---------------------
> 1 file changed, 26 insertions(+), 37 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index e09925d86bf3..071d57fec4c4 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -386,24 +386,14 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
>
> static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
> {
> - struct sev_device *sev = psp_master->sev_data;
> - int rc;
> -
> if (!writable)
> return -EPERM;
This check can be removed because it's is handled by
`sev_init_if_required()`. Same is true for all the other commands.
>
> - if (sev->state == SEV_STATE_UNINIT) {
> - rc = __sev_platform_init_locked(&argp->error);
> - if (rc)
> - return rc;
> - }
> -
> return __sev_do_cmd_locked(cmd, NULL, &argp->error);
> }
>
> static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> {
> - struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_csr input;
> struct sev_data_pek_csr data;
> void __user *input_address;
> @@ -435,12 +425,6 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> data.len = input.length;
>
> cmd:
> - if (sev->state == SEV_STATE_UNINIT) {
> - ret = __sev_platform_init_locked(&argp->error);
> - if (ret)
> - goto e_free_blob;
> - }
> -
> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
>
> /* If we query the CSR length, FW responded with expected data. */
> @@ -586,7 +570,6 @@ static int sev_update_firmware(struct device *dev)
>
> static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> {
> - struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_cert_import input;
> struct sev_data_pek_cert_import data;
> void *pek_blob, *oca_blob;
> @@ -617,17 +600,10 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> data.oca_cert_address = __psp_pa(oca_blob);
> data.oca_cert_len = input.oca_cert_len;
>
> - /* If platform is not in INIT state then transition it to INIT */
> - if (sev->state != SEV_STATE_INIT) {
> - ret = __sev_platform_init_locked(&argp->error);
> - if (ret)
> - goto e_free_oca;
> - }
> -
> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
>
> -e_free_oca:
> kfree(oca_blob);
> +
> e_free_pek:
> kfree(pek_blob);
> return ret;
> @@ -730,7 +706,6 @@ static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
>
> static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> {
> - struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pdh_cert_export input;
> void *pdh_blob = NULL, *cert_blob = NULL;
> struct sev_data_pdh_cert_export data;
> @@ -738,16 +713,6 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> void __user *input_pdh_cert_address;
> int ret;
>
> - /* If platform is not in INIT state then transition it to INIT. */
> - if (sev->state != SEV_STATE_INIT) {
> - if (!writable)
> - return -EPERM;
> -
> - ret = __sev_platform_init_locked(&argp->error);
> - if (ret)
> - return ret;
> - }
> -
> if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
> return -EFAULT;
>
> @@ -819,6 +784,26 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> return ret;
> }
>
> +static int sev_init_if_required(int cmd_id, bool writable,
> + struct sev_issue_cmd *argp)
> +{
> + struct sev_device *sev = psp_master->sev_data;
> +
> + lockdep_assert_held(&sev_cmd_mutex);
> +
> + if (!writable)
> + return -EPERM;
> +
> + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
> + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
> + return 0;
I really like this patch and would like to see it get reviewed and
merged. I've often thought of writing up a similar patch every time I
look at the PSP code, but never took the initiative to do it myself.
Overall, I wonder if it's trying too hard to reduce redundant code. In
particular, we could avoid this awkward check if we put this helper
inline, in the command helpers themselves. Perhaps we split this out
into two helpers or instead add a parameter to this helper to control
whether to check if `state` is `SEV_STATE_UNINIT`. What do you think?
> +
> + if (sev->state == SEV_STATE_UNINIT)
> + return __sev_platform_init_locked(&argp->error);
> +
> + return 0;
> +}
> +
> static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> {
> void __user *argp = (void __user *)arg;
> @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>
> mutex_lock(&sev_cmd_mutex);
>
> - switch (input.cmd) {
> + ret = sev_init_if_required(input.cmd, writable, &input);
> + if (ret)
> + goto copy_out;
>
> + switch (input.cmd) {
nit: Not sure what changed on this line. Was there an unintended
whitespace change here?
> case SEV_FACTORY_RESET:
> ret = sev_ioctl_do_reset(&input, writable);
> break;
> @@ -875,6 +863,7 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> goto out;
> }
>
> +copy_out:
> if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
> ret = -EFAULT;
> out:
> --
> 2.33.0.800.g4c38ced690-goog
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
2021-10-05 19:52 [PATCH] crypto: ccp - Consolidate sev INIT logic Peter Gonda
2021-10-07 22:30 ` Marc Orr
@ 2021-10-08 15:52 ` Brijesh Singh
2021-10-12 14:34 ` Peter Gonda
1 sibling, 1 reply; 6+ messages in thread
From: Brijesh Singh @ 2021-10-08 15:52 UTC (permalink / raw)
To: Peter Gonda, thomas.lendacky
Cc: brijesh.singh, Marc Orr, Joerg Roedel, Herbert Xu,
David Rientjes, John Allen, David S. Miller, linux-crypto,
linux-kernel
On 10/5/21 12:52 PM, Peter Gonda wrote:
>
> +static int sev_init_if_required(int cmd_id, bool writable,
> + struct sev_issue_cmd *argp)
> +{
> + struct sev_device *sev = psp_master->sev_data;
> +
> + lockdep_assert_held(&sev_cmd_mutex);
> +
> + if (!writable)
> + return -EPERM;
> +
> + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
> + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
> + return 0;
> +
> + if (sev->state == SEV_STATE_UNINIT)
> + return __sev_platform_init_locked(&argp->error);
> +
> + return 0;
> +}
> +
> static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> {
> void __user *argp = (void __user *)arg;
> @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>
> mutex_lock(&sev_cmd_mutex);
>
> - switch (input.cmd) {
> + ret = sev_init_if_required(input.cmd, writable, &input);
> + if (ret)
> + goto copy_out;
We need to call this function only for the SEV commands (i.e input.cmd
>=0 && input.cmd <= SEV_GET_ID2). Otherwise a invalid command may
trigger SEV_INIT. e.g below sequence:
1) SEV_FACTORY_RESET // this will transition the fw to UNINIT state.
2) <INVALID_CMD_ID> // since fw was in uninit this invalid command
will initialize the fw and then later switch will fail.
thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
2021-10-08 15:52 ` Brijesh Singh
@ 2021-10-12 14:34 ` Peter Gonda
2021-10-13 11:46 ` Brijesh Singh
0 siblings, 1 reply; 6+ messages in thread
From: Peter Gonda @ 2021-10-12 14:34 UTC (permalink / raw)
To: Brijesh Singh
Cc: Lendacky, Thomas, Marc Orr, Joerg Roedel, Herbert Xu,
David Rientjes, John Allen, David S. Miller, linux-crypto, LKML
On Fri, Oct 8, 2021 at 9:52 AM Brijesh Singh <brijesh.singh@amd.com> wrote:
>
>
> On 10/5/21 12:52 PM, Peter Gonda wrote:
> >
> > +static int sev_init_if_required(int cmd_id, bool writable,
> > + struct sev_issue_cmd *argp)
> > +{
> > + struct sev_device *sev = psp_master->sev_data;
> > +
> > + lockdep_assert_held(&sev_cmd_mutex);
> > +
> > + if (!writable)
> > + return -EPERM;
> > +
> > + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
> > + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
> > + return 0;
> > +
> > + if (sev->state == SEV_STATE_UNINIT)
> > + return __sev_platform_init_locked(&argp->error);
> > +
> > + return 0;
> > +}
> > +
> > static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> > {
> > void __user *argp = (void __user *)arg;
> > @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> >
> > mutex_lock(&sev_cmd_mutex);
> >
> > - switch (input.cmd) {
> > + ret = sev_init_if_required(input.cmd, writable, &input);
> > + if (ret)
> > + goto copy_out;
>
> We need to call this function only for the SEV commands (i.e input.cmd
> >=0 && input.cmd <= SEV_GET_ID2). Otherwise a invalid command may
> trigger SEV_INIT. e.g below sequence:
>
> 1) SEV_FACTORY_RESET // this will transition the fw to UNINIT state.
>
> 2) <INVALID_CMD_ID> // since fw was in uninit this invalid command
> will initialize the fw and then later switch will fail.
Good catch, I took Marc's suggested approach for a V2. Does that sound
reasonable?
>
> thanks
>
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
2021-10-07 22:30 ` Marc Orr
@ 2021-10-12 14:37 ` Peter Gonda
0 siblings, 0 replies; 6+ messages in thread
From: Peter Gonda @ 2021-10-12 14:37 UTC (permalink / raw)
To: Marc Orr
Cc: Lendacky, Thomas, Brijesh Singh, Joerg Roedel, Herbert Xu,
David Rientjes, John Allen, David S. Miller, linux-crypto, LKML
On Thu, Oct 7, 2021 at 4:30 PM Marc Orr <marcorr@google.com> wrote:
>
> On Tue, Oct 5, 2021 at 12:52 PM Peter Gonda <pgonda@google.com> wrote:
> >
> > Adds new helper function sev_init_if_required() for use in sev_ioctl().
> > The function calls __sev_platform_init_locked() if the command requires
> > the PSP's internal state be at least SEV_STATE_INIT. This consolidates
> > many checks scattered through out the ioctl delegation functions.
> >
> > Signed-off-by: Peter Gonda <pgonda@google.com>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Brijesh Singh <brijesh.singh@amd.com>
> > Cc: Marc Orr <marcorr@google.com>
> > Cc: Joerg Roedel <jroedel@suse.de>
> > Cc: Herbert Xu <herbert@gondor.apana.org.au>
> > Cc: David Rientjes <rientjes@google.com>
> > Cc: John Allen <john.allen@amd.com>
> > Cc: "David S. Miller" <davem@davemloft.net>
> > Cc: linux-crypto@vger.kernel.org
> > Cc: linux-kernel@vger.kernel.org
> > ---
> > drivers/crypto/ccp/sev-dev.c | 63 +++++++++++++++---------------------
> > 1 file changed, 26 insertions(+), 37 deletions(-)
> >
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > index e09925d86bf3..071d57fec4c4 100644
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -386,24 +386,14 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
> >
> > static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
> > {
> > - struct sev_device *sev = psp_master->sev_data;
> > - int rc;
> > -
> > if (!writable)
> > return -EPERM;
>
> This check can be removed because it's is handled by
> `sev_init_if_required()`. Same is true for all the other commands.
This check is still needed on commands that "write" to the PSP I
think. Since the command SEV_CMD_PEK_GEN makes the PSP write a new PEK
to its storage I think this command still needs the file to be open
writeable. Same with the other commands.
>
> >
> > - if (sev->state == SEV_STATE_UNINIT) {
> > - rc = __sev_platform_init_locked(&argp->error);
> > - if (rc)
> > - return rc;
> > - }
> > -
> > return __sev_do_cmd_locked(cmd, NULL, &argp->error);
> > }
> >
> > static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> > {
> > - struct sev_device *sev = psp_master->sev_data;
> > struct sev_user_data_pek_csr input;
> > struct sev_data_pek_csr data;
> > void __user *input_address;
> > @@ -435,12 +425,6 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> > data.len = input.length;
> >
> > cmd:
> > - if (sev->state == SEV_STATE_UNINIT) {
> > - ret = __sev_platform_init_locked(&argp->error);
> > - if (ret)
> > - goto e_free_blob;
> > - }
> > -
> > ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
> >
> > /* If we query the CSR length, FW responded with expected data. */
> > @@ -586,7 +570,6 @@ static int sev_update_firmware(struct device *dev)
> >
> > static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> > {
> > - struct sev_device *sev = psp_master->sev_data;
> > struct sev_user_data_pek_cert_import input;
> > struct sev_data_pek_cert_import data;
> > void *pek_blob, *oca_blob;
> > @@ -617,17 +600,10 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> > data.oca_cert_address = __psp_pa(oca_blob);
> > data.oca_cert_len = input.oca_cert_len;
> >
> > - /* If platform is not in INIT state then transition it to INIT */
> > - if (sev->state != SEV_STATE_INIT) {
> > - ret = __sev_platform_init_locked(&argp->error);
> > - if (ret)
> > - goto e_free_oca;
> > - }
> > -
> > ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
> >
> > -e_free_oca:
> > kfree(oca_blob);
> > +
> > e_free_pek:
> > kfree(pek_blob);
> > return ret;
> > @@ -730,7 +706,6 @@ static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
> >
> > static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> > {
> > - struct sev_device *sev = psp_master->sev_data;
> > struct sev_user_data_pdh_cert_export input;
> > void *pdh_blob = NULL, *cert_blob = NULL;
> > struct sev_data_pdh_cert_export data;
> > @@ -738,16 +713,6 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> > void __user *input_pdh_cert_address;
> > int ret;
> >
> > - /* If platform is not in INIT state then transition it to INIT. */
> > - if (sev->state != SEV_STATE_INIT) {
> > - if (!writable)
> > - return -EPERM;
> > -
> > - ret = __sev_platform_init_locked(&argp->error);
> > - if (ret)
> > - return ret;
> > - }
> > -
> > if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
> > return -EFAULT;
> >
> > @@ -819,6 +784,26 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> > return ret;
> > }
> >
> > +static int sev_init_if_required(int cmd_id, bool writable,
> > + struct sev_issue_cmd *argp)
> > +{
> > + struct sev_device *sev = psp_master->sev_data;
> > +
> > + lockdep_assert_held(&sev_cmd_mutex);
> > +
> > + if (!writable)
> > + return -EPERM;
> > +
> > + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
> > + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
> > + return 0;
>
> I really like this patch and would like to see it get reviewed and
> merged. I've often thought of writing up a similar patch every time I
> look at the PSP code, but never took the initiative to do it myself.
> Overall, I wonder if it's trying too hard to reduce redundant code. In
> particular, we could avoid this awkward check if we put this helper
> inline, in the command helpers themselves. Perhaps we split this out
> into two helpers or instead add a parameter to this helper to control
> whether to check if `state` is `SEV_STATE_UNINIT`. What do you think?
That sounds good. I've moved calls to sev_init_if_required into the
command functions.
>
> > +
> > + if (sev->state == SEV_STATE_UNINIT)
> > + return __sev_platform_init_locked(&argp->error);
> > +
> > + return 0;
> > +}
> > +
> > static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> > {
> > void __user *argp = (void __user *)arg;
> > @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> >
> > mutex_lock(&sev_cmd_mutex);
> >
> > - switch (input.cmd) {
> > + ret = sev_init_if_required(input.cmd, writable, &input);
> > + if (ret)
> > + goto copy_out;
> >
> > + switch (input.cmd) {
>
> nit: Not sure what changed on this line. Was there an unintended
> whitespace change here?
Fixed for V2.
>
> > case SEV_FACTORY_RESET:
> > ret = sev_ioctl_do_reset(&input, writable);
> > break;
> > @@ -875,6 +863,7 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
> > goto out;
> > }
> >
> > +copy_out:
> > if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
> > ret = -EFAULT;
> > out:
> > --
> > 2.33.0.800.g4c38ced690-goog
> >
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
2021-10-12 14:34 ` Peter Gonda
@ 2021-10-13 11:46 ` Brijesh Singh
0 siblings, 0 replies; 6+ messages in thread
From: Brijesh Singh @ 2021-10-13 11:46 UTC (permalink / raw)
To: Peter Gonda
Cc: brijesh.singh, Lendacky, Thomas, Marc Orr, Joerg Roedel,
Herbert Xu, David Rientjes, John Allen, David S. Miller,
linux-crypto, LKML
On 10/12/21 7:34 AM, Peter Gonda wrote:
> On Fri, Oct 8, 2021 at 9:52 AM Brijesh Singh <brijesh.singh@amd.com> wrote:
>>
>> On 10/5/21 12:52 PM, Peter Gonda wrote:
>>> +static int sev_init_if_required(int cmd_id, bool writable,
>>> + struct sev_issue_cmd *argp)
>>> +{
>>> + struct sev_device *sev = psp_master->sev_data;
>>> +
>>> + lockdep_assert_held(&sev_cmd_mutex);
>>> +
>>> + if (!writable)
>>> + return -EPERM;
>>> +
>>> + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
>>> + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
>>> + return 0;
>>> +
>>> + if (sev->state == SEV_STATE_UNINIT)
>>> + return __sev_platform_init_locked(&argp->error);
>>> +
>>> + return 0;
>>> +}
>>> +
>>> static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>>> {
>>> void __user *argp = (void __user *)arg;
>>> @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>>>
>>> mutex_lock(&sev_cmd_mutex);
>>>
>>> - switch (input.cmd) {
>>> + ret = sev_init_if_required(input.cmd, writable, &input);
>>> + if (ret)
>>> + goto copy_out;
>> We need to call this function only for the SEV commands (i.e input.cmd
>>> =0 && input.cmd <= SEV_GET_ID2). Otherwise a invalid command may
>> trigger SEV_INIT. e.g below sequence:
>>
>> 1) SEV_FACTORY_RESET // this will transition the fw to UNINIT state.
>>
>> 2) <INVALID_CMD_ID> // since fw was in uninit this invalid command
>> will initialize the fw and then later switch will fail.
> Good catch, I took Marc's suggested approach for a V2. Does that sound
> reasonable?
Yes, that works.
thanks
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-10-13 11:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 19:52 [PATCH] crypto: ccp - Consolidate sev INIT logic Peter Gonda
2021-10-07 22:30 ` Marc Orr
2021-10-12 14:37 ` Peter Gonda
2021-10-08 15:52 ` Brijesh Singh
2021-10-12 14:34 ` Peter Gonda
2021-10-13 11:46 ` Brijesh Singh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.