From: Brijesh Singh <brijesh.singh@amd.com>
To: Peter Gonda <pgonda@google.com>
Cc: brijesh.singh@amd.com, "Lendacky,
Thomas" <thomas.lendacky@amd.com>, Marc Orr <marcorr@google.com>,
Joerg Roedel <jroedel@suse.de>,
Herbert Xu <herbert@gondor.apana.org.au>,
David Rientjes <rientjes@google.com>,
John Allen <john.allen@amd.com>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] crypto: ccp - Consolidate sev INIT logic
Date: Wed, 13 Oct 2021 06:46:39 -0500 [thread overview]
Message-ID: <54f66e72-a33a-2f07-fe51-992ba0c7444c@amd.com> (raw)
In-Reply-To: <CAMkAt6piNiJdHDMzSqgm-aQ0o-xxM=ax4qMgn81fKzVuaNukPg@mail.gmail.com>
On 10/12/21 7:34 AM, Peter Gonda wrote:
> On Fri, Oct 8, 2021 at 9:52 AM Brijesh Singh <brijesh.singh@amd.com> wrote:
>>
>> On 10/5/21 12:52 PM, Peter Gonda wrote:
>>> +static int sev_init_if_required(int cmd_id, bool writable,
>>> + struct sev_issue_cmd *argp)
>>> +{
>>> + struct sev_device *sev = psp_master->sev_data;
>>> +
>>> + lockdep_assert_held(&sev_cmd_mutex);
>>> +
>>> + if (!writable)
>>> + return -EPERM;
>>> +
>>> + if (cmd_id == SEV_FACTORY_RESET || cmd_id == SEV_PLATFORM_STATUS ||
>>> + cmd_id == SEV_GET_ID || cmd_id == SEV_GET_ID2)
>>> + return 0;
>>> +
>>> + if (sev->state == SEV_STATE_UNINIT)
>>> + return __sev_platform_init_locked(&argp->error);
>>> +
>>> + return 0;
>>> +}
>>> +
>>> static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>>> {
>>> void __user *argp = (void __user *)arg;
>>> @@ -840,8 +825,11 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
>>>
>>> mutex_lock(&sev_cmd_mutex);
>>>
>>> - switch (input.cmd) {
>>> + ret = sev_init_if_required(input.cmd, writable, &input);
>>> + if (ret)
>>> + goto copy_out;
>> We need to call this function only for the SEV commands (i.e input.cmd
>>> =0 && input.cmd <= SEV_GET_ID2). Otherwise a invalid command may
>> trigger SEV_INIT. e.g below sequence:
>>
>> 1) SEV_FACTORY_RESET // this will transition the fw to UNINIT state.
>>
>> 2) <INVALID_CMD_ID> // since fw was in uninit this invalid command
>> will initialize the fw and then later switch will fail.
> Good catch, I took Marc's suggested approach for a V2. Does that sound
> reasonable?
Yes, that works.
thanks
prev parent reply other threads:[~2021-10-13 11:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-05 19:52 [PATCH] crypto: ccp - Consolidate sev INIT logic Peter Gonda
2021-10-07 22:30 ` Marc Orr
2021-10-12 14:37 ` Peter Gonda
2021-10-08 15:52 ` Brijesh Singh
2021-10-12 14:34 ` Peter Gonda
2021-10-13 11:46 ` Brijesh Singh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54f66e72-a33a-2f07-fe51-992ba0c7444c@amd.com \
--to=brijesh.singh@amd.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=jroedel@suse.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcorr@google.com \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.