From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 935C4C7EE23 for ; Wed, 1 Mar 2023 21:20:54 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0E0FF6B0074; Wed, 1 Mar 2023 16:20:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 090E66B0075; Wed, 1 Mar 2023 16:20:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E9AE96B0078; Wed, 1 Mar 2023 16:20:53 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id D9A896B0074 for ; Wed, 1 Mar 2023 16:20:53 -0500 (EST) Received: from smtpin23.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id A90E4160DB3 for ; Wed, 1 Mar 2023 21:20:53 +0000 (UTC) X-FDA: 80521599186.23.7628252 Received: from mail-lf1-f43.google.com (mail-lf1-f43.google.com [209.85.167.43]) by imf15.hostedemail.com (Postfix) with ESMTP id 9DD60A0012 for ; Wed, 1 Mar 2023 21:20:51 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="SzVg/5zL"; spf=pass (imf15.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.43 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1677705651; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Nu3x+PS5kBI5WP9BR112ZTU4z9UIuyI7KKIlTlTHeoQ=; b=avKKIqL3IX/nCsAZojOwDQCSVIWM9s+qBqV0pcXW80E/BFE0c3EFb79Ta/5yarHifcPJ3G i6Zh9UHW5v+0fPUQygmB7W2jFt5kxfKijU1EbzaZdXlTIldJc5UiH1WNPczKHZscYLxjFy yfD1Vf7zKKL1x+DVciH5P05uZ8dqMrI= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b="SzVg/5zL"; spf=pass (imf15.hostedemail.com: domain of zhi.wang.linux@gmail.com designates 209.85.167.43 as permitted sender) smtp.mailfrom=zhi.wang.linux@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1677705651; a=rsa-sha256; cv=none; b=ImgHR/JMyCkUlh39JjCQKIK30+XKJxuyJBt4rUSM3De1jJCQUgwGsdX4Gc0BxC6uLWvaOE Xwit2JrnC1GUnZ+yjPrS97O8v+ChEccZuUbwhT6j5lhsy0lL0y2j4zQP+Q8vNhihZRJaXR fuXRgRTkmhhljfX+lZ98yGiBZ3Dr7w4= Received: by mail-lf1-f43.google.com with SMTP id i9so19490321lfc.6 for ; Wed, 01 Mar 2023 13:20:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1677705650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:from:to:cc:subject:date :message-id:reply-to; bh=Nu3x+PS5kBI5WP9BR112ZTU4z9UIuyI7KKIlTlTHeoQ=; b=SzVg/5zL41KXogvGm5lKOvxW1C3rCcPhuShpSJvvVahiKNg7LGudNS2LH6j8JQwW/h D7MVwCtdUPl1j1jE9kJclFZdtn9iRW5LyNd7aKbtMz4/5rZzFvDi5rXeG5HFWz5+Omcp xnF9tJ808zJ2sE4A4CYZBFuMW6qLFAI6RwOlITc7gwR09jtWmUW2C28lCvd04uLEA+Ww JzEOdxPGeuRgAoJYtWx1cqh5gno1NHnIO0hzKo2GMiMEH5h05dmHv8BFYmTGM9DFzenf y9DL9YXcb4j0+9bESYzwkhtMwJjcZw44B47m5Ol4/WVYSVn1DaBtJgUPF/n+S0t4NE16 QpNA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1677705650; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Nu3x+PS5kBI5WP9BR112ZTU4z9UIuyI7KKIlTlTHeoQ=; b=57tvBcWj45U7FjpnTpyGlC9AXpX3HTA9Ae6Y6ul9VGfgPXWVTg/PqwfI5sckRXj8fR VAwU8ZK0RZjpFU2la99+03PR/KSzF3Nv7cV1Z6bS4kN7Ii50r4WHjRI7kEyX3ug33Uza cGtlQTk6A0GphhPvTlqywijkL2OErp5rPWwhFtMqKi9bCt16Gq8z1LkLIIMmhYva9FIc MinuFB1cDsSweADS8yjbVGMj8RPVsm1JFkIrcAqVKs/X+GFRRyN5EHfvhWHP+Fz6bgdO B5azgLRTWBf1ez6b31e4Ln069sCnCggnbqduVt3erEz0Ok/pRuj7L4bOxTELzhXmzCwY HT/Q== X-Gm-Message-State: AO0yUKXK/cOLS9neznsDpF8IriCttw03VGQFX58RkZ51RJsKc8wr1l4Y hdhUwH5SuISo4UQGdfEwUII= X-Google-Smtp-Source: AK7set8yk+qcKeH8xZqt1MHJtbzkX+ZnH5n15zWSZb9IPULga8cN+Cba34unxob+c60jagUQ1AfbYw== X-Received: by 2002:ac2:4c2a:0:b0:4db:3890:cb59 with SMTP id u10-20020ac24c2a000000b004db3890cb59mr1713252lfq.1.1677705649622; Wed, 01 Mar 2023 13:20:49 -0800 (PST) Received: from localhost (88-115-161-74.elisa-laajakaista.fi. [88.115.161.74]) by smtp.gmail.com with ESMTPSA id j8-20020a19f508000000b004d093d60f50sm1861420lfb.215.2023.03.01.13.20.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Mar 2023 13:20:49 -0800 (PST) From: Zhi Wang X-Google-Original-From: Zhi Wang Date: Wed, 1 Mar 2023 23:20:45 +0200 To: Michael Roth Cc: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Brijesh Singh Subject: Re: [PATCH RFC v8 52/56] ccp: Add support to decrypt the page Message-ID: <20230301232045.0000502e@intel.com> In-Reply-To: <20230220183847.59159-53-michael.roth@amd.com> References: <20230220183847.59159-1-michael.roth@amd.com> <20230220183847.59159-53-michael.roth@amd.com> X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 9DD60A0012 X-Stat-Signature: nex1udq91atxx7gfmaz1mbh865chy8sz X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1677705651-776224 X-HE-Meta: U2FsdGVkX18X7TpL/UE3D7YKrNc1SAGRPPrWPzXulUaIRyphtBDEU7Q2h+QsArPRi5rji6itbC1TKgqV6G3/GnZNFmxXOhsXATslWw1sIOUxdlrLmsElfmJAqU783SC6o+id9sOAVK6tyfwmBb/KTXteyd6Hnz2X1eF5t/8xUUNAv7YoK/HzP1HQLZLgksj9xe1QLtIV7YSkbEqEL8iU93FlFREeuEmWIWsrE0DfsthxRltsG5eXJtiFvO+Hgr4sL2PSvMP6ygqi50MZUkh94leFTsOs9N+GTUi6q5RNDYKTDqHSAf700I5ov9IJp24LRmCsjxlzpKuMQV+NKCKu3SpjA5p6CKUu2Wf+bFWIYV3awAS6sYDYTSrz/DVb7EjJetCqW3qXMy/wHK/C+IaqacoFfxP010ltRrVT96SczNAel1RMZutUbTo7kfWlYSbGsaHJ/C7yrdQ5MTDLi2HKORdu/tz9aJ+HPAeIkvZB/fmkreJ8smbRtFBjbNgvNPnPZ5PWjdNkfD1aKDq8y6bzORkclaESHIBEjPoOEYDAdN43Qs+Q4hIoZRUX9Qsd9jPNG22/dGPehXqsan+pFEed9HKXR16m3YiT002+gjW0Vzb61CA2UTXPq/CqdpjrBlmR/v3SHEVPC4mgXdGavN/epgsfj/0iOu0gqzR3UkxMxjzg+pwu6XKYI4yrSTewsCWEdfUbzq8yp7XrVHAVaqURQPDvdgis6jYLOUyuD7uCN9h2Kef0A46jQb1gEQ9HFgFibzW5k0Rg32NggV1t5gRdwiDy+mPx02K2KsF41dV4rpSTLiBIhLBiIOC1+uOhps+eIFhuqKOHk3tr+zuBfTWsvcqI3ulM3lbECPEnm5GM9lRIn4dz7EPTHosqVRBZr/DvaEP2zhfjQGuZcQtf0g2mGrSYH2GLFyAMVNpTZl+cXXGH0SUCjbFemdtYSWBRupos+gCaaBF4N9ge1aPncNP gDHYW566 1hh+MFoYdjR4m+CsxdfWfm+42bP7Jz2CtT7sBQzWpjYgcNxd8zSX6QP20KLKl8r+r2pQgRkBRrLfNA8sXDg+lIQvJ0L1gW7aeY13iumFh9MN845NkYzFLmJCsBr+mOxGx/U3W8nTYkeuecX4/MnXAbyqgkXa6vVzykoVnlzFbMcAGQe0EVpDHXZPJ1M2hQxgMdL4WZgfygixzXVvEXDmPBcDWUAs3yh95Va+KnVWhbE65/66WdbnieXg5gSy30ql2Olkj2vANtizIo72hddNvAQQcpBiiWyxwGFigaFTsaCqfomyYUKcqttP2xHRXOGG13iT5Up+q4FRvrBg/BtEr+q2VA6hLpoBC63EYCBrxf9A+ksgN87GJpqQx6zRMO5unYZCaR+dSzu4FfBCgZgkxy3n6Rmy6xGacaGdcr/NWeKW7LIyMJWXm+ocDiDmVkeBu5MdiN8Nl+2sw8OzHvNoVKFcqSA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, 20 Feb 2023 12:38:43 -0600 Michael Roth wrote: > From: Brijesh Singh > > Add support to decrypt guest encrypted memory. These API interfaces can > be used for example to dump VMCBs on SNP guest exit. > What kinds of check will be applied from firmware when VMM decrypts this page? I suppose there has to be kinda mechanism to prevent VMM to decrypt any page in the guest. It would be nice to have some introduction about it in the comments. > Signed-off-by: Brijesh Singh > Signed-off-by: Ashish Kalra > [mdr: minor commit fixups] > Signed-off-by: Michael Roth > --- > drivers/crypto/ccp/sev-dev.c | 32 ++++++++++++++++++++++++++++++++ > include/linux/psp-sev.h | 22 ++++++++++++++++++++-- > 2 files changed, 52 insertions(+), 2 deletions(-) > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > index e65563bc8298..bf5167b2acfc 100644 > --- a/drivers/crypto/ccp/sev-dev.c > +++ b/drivers/crypto/ccp/sev-dev.c > @@ -2017,6 +2017,38 @@ int sev_guest_df_flush(int *error) > } > EXPORT_SYMBOL_GPL(sev_guest_df_flush); > > +int snp_guest_dbg_decrypt_page(u64 gctx_pfn, u64 src_pfn, u64 dst_pfn, int *error) > +{ > + struct sev_data_snp_dbg data = {0}; > + struct sev_device *sev; > + int ret; > + > + if (!psp_master || !psp_master->sev_data) > + return -ENODEV; > + > + sev = psp_master->sev_data; > + > + if (!sev->snp_initialized) > + return -EINVAL; > + > + data.gctx_paddr = sme_me_mask | (gctx_pfn << PAGE_SHIFT); > + data.src_addr = sme_me_mask | (src_pfn << PAGE_SHIFT); > + data.dst_addr = sme_me_mask | (dst_pfn << PAGE_SHIFT); > + > + /* The destination page must be in the firmware state. */ > + if (rmp_mark_pages_firmware(data.dst_addr, 1, false)) > + return -EIO; > + > + ret = sev_do_cmd(SEV_CMD_SNP_DBG_DECRYPT, &data, error); > + > + /* Restore the page state */ > + if (snp_reclaim_pages(data.dst_addr, 1, false)) > + ret = -EIO; > + > + return ret; > +} > +EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt_page); > + > int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) > { > diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h > index 81bafc049eca..92116e2b74fd 100644 > --- a/include/linux/psp-sev.h > +++ b/include/linux/psp-sev.h > @@ -710,7 +710,6 @@ struct sev_data_snp_dbg { > u64 gctx_paddr; /* In */ > u64 src_addr; /* In */ > u64 dst_addr; /* In */ > - u32 len; /* In */ > } __packed; > > /** > @@ -913,13 +912,27 @@ int sev_guest_decommission(struct sev_data_decommission *data, int *error); > * @error: SEV command return code > * > * Returns: > + * 0 if the sev successfully processed the command > + * -%ENODEV if the sev device is not available > + * -%ENOTSUPP if the sev does not support SEV > + * -%ETIMEDOUT if the sev command timed out > + * -%EIO if the sev returned a non-zero return code > + */ > +int sev_do_cmd(int cmd, void *data, int *psp_ret); > + > +/** > + * snp_guest_dbg_decrypt_page - perform SEV SNP_DBG_DECRYPT command > + * > + * @sev_ret: sev command return code > + * > + * Returns: > * 0 if the SEV successfully processed the command > * -%ENODEV if the SEV device is not available > * -%ENOTSUPP if the SEV does not support SEV > * -%ETIMEDOUT if the SEV command timed out > * -%EIO if the SEV returned a non-zero return code > */ > -int sev_do_cmd(int cmd, void *data, int *psp_ret); > +int snp_guest_dbg_decrypt_page(u64 gctx_pfn, u64 src_pfn, u64 dst_pfn, int *error); > > void *psp_copy_user_blob(u64 uaddr, u32 len); > void *snp_alloc_firmware_page(gfp_t mask); > @@ -987,6 +1000,11 @@ static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_P > > void snp_mark_pages_offline(unsigned long pfn, unsigned int npages) {} > > +static inline int snp_guest_dbg_decrypt_page(u64 gctx_pfn, u64 src_pfn, u64 dst_pfn, int *error) > +{ > + return -ENODEV; > +} > + > static inline void *snp_alloc_firmware_page(gfp_t mask) > { > return NULL;