[PATCH] crypto: ccp: shutdown SEV firmware on kexec

[PATCH] crypto: ccp: shutdown SEV firmware on kexec

[Brijesh Singh]

The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
PSP driver") added support to allocate Trusted Memory Region (TMR)
used during the SEV-ES firmware initialization. The TMR gets locked
during the firmware initialization and unlocked during the shutdown.
While the TMR is locked, access to it is disallowed.

Currently, the CCP driver does not shutdown the firmware during the
kexec reboot, leaving the TMR memory locked.

Register a callback to shutdown the SEV firmware on the kexec boot.

Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
Reported-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
Tested-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
Cc: <stable@kernel.org>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Joerg Roedel <jroedel@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: David Rientjes <rientjes@google.com>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
---
 drivers/crypto/ccp/sev-dev.c | 49 +++++++++++++++++-------------------
 drivers/crypto/ccp/sp-pci.c  | 12 +++++++++
 2 files changed, 35 insertions(+), 26 deletions(-)

diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 91808402e0bf..2ecb0e1f65d8 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -300,6 +300,9 @@ static int __sev_platform_shutdown_locked(int *error)
 	struct sev_device *sev = psp_master->sev_data;
 	int ret;
 
+	if (sev->state == SEV_STATE_UNINIT)
+		return 0;
+
 	ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
 	if (ret)
 		return ret;
@@ -1019,6 +1022,20 @@ int sev_dev_init(struct psp_device *psp)
 	return ret;
 }
 
+static void sev_firmware_shutdown(struct sev_device *sev)
+{
+	sev_platform_shutdown(NULL);
+
+	if (sev_es_tmr) {
+		/* The TMR area was encrypted, flush it from the cache */
+		wbinvd_on_all_cpus();
+
+		free_pages((unsigned long)sev_es_tmr,
+			   get_order(SEV_ES_TMR_SIZE));
+		sev_es_tmr = NULL;
+	}
+}
+
 void sev_dev_destroy(struct psp_device *psp)
 {
 	struct sev_device *sev = psp->sev_data;
@@ -1026,6 +1043,8 @@ void sev_dev_destroy(struct psp_device *psp)
 	if (!sev)
 		return;
 
+	sev_firmware_shutdown(sev);
+
 	if (sev->misc)
 		kref_put(&misc_dev->refcount, sev_exit);
 
@@ -1056,21 +1075,6 @@ void sev_pci_init(void)
 	if (sev_get_api_version())
 		goto err;
 
-	/*
-	 * If platform is not in UNINIT state then firmware upgrade and/or
-	 * platform INIT command will fail. These command require UNINIT state.
-	 *
-	 * In a normal boot we should never run into case where the firmware
-	 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
-	 * may not go through a typical shutdown sequence and may leave the
-	 * firmware in INIT or WORKING state.
-	 */
-
-	if (sev->state != SEV_STATE_UNINIT) {
-		sev_platform_shutdown(NULL);
-		sev->state = SEV_STATE_UNINIT;
-	}
-
 	if (sev_version_greater_or_equal(0, 15) &&
 	    sev_update_firmware(sev->dev) == 0)
 		sev_get_api_version();
@@ -1115,17 +1119,10 @@ void sev_pci_init(void)
 
 void sev_pci_exit(void)
 {
-	if (!psp_master->sev_data)
-		return;
-
-	sev_platform_shutdown(NULL);
+	struct sev_device *sev = psp_master->sev_data;
 
-	if (sev_es_tmr) {
-		/* The TMR area was encrypted, flush it from the cache */
-		wbinvd_on_all_cpus();
+	if (!sev)
+		return;
 
-		free_pages((unsigned long)sev_es_tmr,
-			   get_order(SEV_ES_TMR_SIZE));
-		sev_es_tmr = NULL;
-	}
+	sev_firmware_shutdown(sev);
 }
diff --git a/drivers/crypto/ccp/sp-pci.c b/drivers/crypto/ccp/sp-pci.c
index 6fb6ba35f89d..9bcc1884c06a 100644
--- a/drivers/crypto/ccp/sp-pci.c
+++ b/drivers/crypto/ccp/sp-pci.c
@@ -241,6 +241,17 @@ static int sp_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id)
 	return ret;
 }
 
+static void sp_pci_shutdown(struct pci_dev *pdev)
+{
+	struct device *dev = &pdev->dev;
+	struct sp_device *sp = dev_get_drvdata(dev);
+
+	if (!sp)
+		return;
+
+	sp_destroy(sp);
+}
+
 static void sp_pci_remove(struct pci_dev *pdev)
 {
 	struct device *dev = &pdev->dev;
@@ -371,6 +382,7 @@ static struct pci_driver sp_pci_driver = {
 	.id_table = sp_pci_table,
 	.probe = sp_pci_probe,
 	.remove = sp_pci_remove,
+	.shutdown = sp_pci_shutdown,
 	.driver.pm = &sp_pci_pm_ops,
 };
 
-- 
2.17.1

Re: [PATCH] crypto: ccp: shutdown SEV firmware on kexec

[Tom Lendacky]

On 7/28/21 10:15 AM, Brijesh Singh wrote:
> The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
> PSP driver") added support to allocate Trusted Memory Region (TMR)
> used during the SEV-ES firmware initialization. The TMR gets locked
> during the firmware initialization and unlocked during the shutdown.
> While the TMR is locked, access to it is disallowed.
> 
> Currently, the CCP driver does not shutdown the firmware during the
> kexec reboot, leaving the TMR memory locked.
> 
> Register a callback to shutdown the SEV firmware on the kexec boot.
> 
> Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
> Reported-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> Tested-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> Cc: <stable@kernel.org>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Joerg Roedel <jroedel@suse.de>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: David Rientjes <rientjes@google.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>

Acked-by: Tom Lendacky <thomas.lendacky@gmail.com>

> ---
>  drivers/crypto/ccp/sev-dev.c | 49 +++++++++++++++++-------------------
>  drivers/crypto/ccp/sp-pci.c  | 12 +++++++++
>  2 files changed, 35 insertions(+), 26 deletions(-)
> 

Re: [PATCH] crypto: ccp: shutdown SEV firmware on kexec

[Herbert Xu]

On Wed, Jul 28, 2021 at 10:15:21AM -0500, Brijesh Singh wrote:
> The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
> PSP driver") added support to allocate Trusted Memory Region (TMR)
> used during the SEV-ES firmware initialization. The TMR gets locked
> during the firmware initialization and unlocked during the shutdown.
> While the TMR is locked, access to it is disallowed.
> 
> Currently, the CCP driver does not shutdown the firmware during the
> kexec reboot, leaving the TMR memory locked.
> 
> Register a callback to shutdown the SEV firmware on the kexec boot.
> 
> Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
> Reported-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> Tested-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> Cc: <stable@kernel.org>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Joerg Roedel <jroedel@suse.de>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: David Rientjes <rientjes@google.com>
> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> ---
>  drivers/crypto/ccp/sev-dev.c | 49 +++++++++++++++++-------------------
>  drivers/crypto/ccp/sp-pci.c  | 12 +++++++++
>  2 files changed, 35 insertions(+), 26 deletions(-)

Patch applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: [PATCH] crypto: ccp: shutdown SEV firmware on kexec

[Lucas Nussbaum]

On 06/08/21 at 20:14 +0800, Herbert Xu wrote:
> On Wed, Jul 28, 2021 at 10:15:21AM -0500, Brijesh Singh wrote:
> > The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the
> > PSP driver") added support to allocate Trusted Memory Region (TMR)
> > used during the SEV-ES firmware initialization. The TMR gets locked
> > during the firmware initialization and unlocked during the shutdown.
> > While the TMR is locked, access to it is disallowed.
> > 
> > Currently, the CCP driver does not shutdown the firmware during the
> > kexec reboot, leaving the TMR memory locked.
> > 
> > Register a callback to shutdown the SEV firmware on the kexec boot.
> > 
> > Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver")
> > Reported-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> > Tested-by: Lucas Nussbaum <lucas.nussbaum@inria.fr>
> > Cc: <stable@kernel.org>
> > Cc: Tom Lendacky <thomas.lendacky@amd.com>
> > Cc: Joerg Roedel <jroedel@suse.de>
> > Cc: Herbert Xu <herbert@gondor.apana.org.au>
> > Cc: David Rientjes <rientjes@google.com>
> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
> > ---
> >  drivers/crypto/ccp/sev-dev.c | 49 +++++++++++++++++-------------------
> >  drivers/crypto/ccp/sp-pci.c  | 12 +++++++++
> >  2 files changed, 35 insertions(+), 26 deletions(-)
> 
> Patch applied.  Thanks.

Could this be backported to 5.10 as well?

Thanks
-- 
Lucas Nussbaum   <lucas.nussbaum@inria.fr>   +33 3 54 95 86 19
Responsable du programme plateformes d'expérimentation
DDO-SDT - Direction Générale Déléguée à l'Innovation - Inria