From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <x86@kernel.org>
Cc: <bp@alien8.de>, <thomas.lendacky@amd.com>,
<dionnaglaze@google.com>, <pgonda@google.com>, <jroedel@suse.de>,
<mingo@redhat.com>, <tglx@linutronix.de>,
<dave.hansen@linux.intel.com>, <seanjc@google.com>,
<pbonzini@redhat.com>, <nikunj@amd.com>, <michael.roth@amd.com>,
<ketanch@iitk.ac.in>
Subject: [RFC PATCH 03/11] virt: sev-guest: Add snp_guest_req structure
Date: Mon, 30 Jan 2023 17:33:19 +0530 [thread overview]
Message-ID: <20230130120327.977460-4-nikunj@amd.com> (raw)
In-Reply-To: <20230130120327.977460-1-nikunj@amd.com>
Add a snp_guest_req structure to simplify the function arguments. The
structure will be used to call the SNP Guest message request API
instead of passing a long list of parameters.
Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
---
drivers/virt/coco/sev-guest/sev-guest.c | 84 ++++++++++++++-----------
drivers/virt/coco/sev-guest/sev-guest.h | 19 ++++++
2 files changed, 66 insertions(+), 37 deletions(-)
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 106cabce1ccd..af5b965c6c29 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -57,16 +57,6 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
return 0;
}
-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
-{
- char zero_key[VMPCK_KEY_LEN] = {0};
-
- if (snp_dev->vmpck)
- return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
-
- return true;
-}
-
/*
* If an error is received from the host or AMD Secure Processor (ASP) there
* are two options. Either retry the exact same encrypted request or discontinue
@@ -195,8 +185,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
struct aesgcm_ctx *ctx = snp_dev->ctx;
- dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
- resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
+ pr_debug("response [seqno %lld type %d version %d sz %d]\n",
+ resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
+ resp_hdr->msg_sz);
/* Verify that the sequence counter is incremented by 1 */
if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1)))
@@ -218,41 +209,42 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
return dec_payload(ctx, resp, payload, resp_hdr->msg_sz);
}
-static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
- void *payload, size_t sz)
+static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno,
+ struct snp_guest_req *req, u8 __vmpck_id)
{
- struct snp_guest_msg *req = snp_dev->request;
- struct snp_guest_msg_hdr *hdr = &req->hdr;
+ struct snp_guest_msg *msg = snp_dev->request;
+ struct snp_guest_msg_hdr *hdr = &msg->hdr;
- memset(req, 0, sizeof(*req));
+ memset(msg, 0, sizeof(*msg));
hdr->algo = SNP_AEAD_AES_256_GCM;
hdr->hdr_version = MSG_HDR_VER;
hdr->hdr_sz = sizeof(*hdr);
- hdr->msg_type = type;
- hdr->msg_version = version;
+ hdr->msg_type = req->msg_type;
+ hdr->msg_version = req->msg_version;
hdr->msg_seqno = seqno;
- hdr->msg_vmpck = vmpck_id;
- hdr->msg_sz = sz;
+ hdr->msg_vmpck = __vmpck_id;
+ hdr->msg_sz = req->req_sz;
/* Verify the sequence number is non-zero */
if (!hdr->msg_seqno)
return -ENOSR;
- dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
+ pr_debug("request [seqno %lld type %d version %d sz %d]\n",
hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
- return __enc_payload(snp_dev->ctx, req, payload, sz);
+ return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz);
}
-static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
- u8 type, void *req_buf, size_t req_sz, void *resp_buf,
- u32 resp_sz, __u64 *fw_err)
+static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
{
unsigned long err;
u64 seqno;
int rc;
+ if (!snp_dev || !req)
+ return -ENODEV;
+
/* Get message sequence and verify that its a non-zero */
seqno = snp_get_msg_seqno(snp_dev);
if (!seqno)
@@ -261,7 +253,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
/* Encrypt the userspace provided payload */
- rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
+ rc = enc_payload(snp_dev, seqno, req, vmpck_id);
if (rc)
return rc;
@@ -271,7 +263,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* sequence number must be incremented or the VMPCK must be deleted to
* prevent reuse of the IV.
*/
- rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+ rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
/*
* If the extended guest request fails due to having too small of a
@@ -279,11 +271,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* extended data request in order to increment the sequence number
* and thus avoid IV reuse.
*/
- if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
+ if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
err == SNP_GUEST_REQ_INVALID_LEN) {
const unsigned int certs_npages = snp_dev->input.data_npages;
- exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+ req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
/*
* If this call to the firmware succeeds, the sequence number can
@@ -293,7 +285,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
* of the VMPCK and the error code being propagated back to the
* user as an ioctl() return code.
*/
- rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+ rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
/*
* Override the error to inform callers the given extended
@@ -304,17 +296,17 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
snp_dev->input.data_npages = certs_npages;
}
- if (fw_err)
- *fw_err = err;
+ if (req->fw_err)
+ *req->fw_err = err;
if (rc) {
dev_alert(snp_dev->dev,
"Detected error from ASP request. rc: %d, fw_err: %llu\n",
- rc, *fw_err);
+ rc, *req->fw_err);
goto disable_vmpck;
}
- rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
+ rc = verify_and_dec_payload(snp_dev, req->resp_buf, req->resp_sz);
if (rc) {
dev_alert(snp_dev->dev,
"Detected unexpected decode failure from ASP. rc: %d\n",
@@ -332,6 +324,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
return rc;
}
+
+static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, u8 msg_version,
+ u8 msg_type, void *req_buf, size_t req_sz, void *resp_buf,
+ u32 resp_sz, __u64 *fw_err)
+{
+ struct snp_guest_req guest_req = {
+ .msg_version = msg_version,
+ .msg_type = msg_type,
+ .req_buf = req_buf,
+ .req_sz = req_sz,
+ .resp_buf = resp_buf,
+ .resp_sz = resp_sz,
+ .fw_err = fw_err,
+ .exit_code = exit_code,
+ };
+ return snp_send_guest_request(snp_dev, &guest_req);
+}
+
static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
{
struct snp_report_resp *resp;
@@ -505,7 +515,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
mutex_lock(&snp_dev->cmd_mutex);
/* Check if the VMPCK is not empty */
- if (is_vmpck_empty(snp_dev)) {
+ if (is_vmpck_empty(snp_dev->vmpck)) {
dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
mutex_unlock(&snp_dev->cmd_mutex);
return -ENOTTY;
@@ -636,7 +646,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
}
/* Verify that VMPCK is not zero. */
- if (is_vmpck_empty(snp_dev)) {
+ if (is_vmpck_empty(snp_dev->vmpck)) {
dev_err(dev, "vmpck id %d is null\n", vmpck_id);
goto e_unmap;
}
diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
index ceb798a404d6..d245578d988e 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.h
+++ b/drivers/virt/coco/sev-guest/sev-guest.h
@@ -63,4 +63,23 @@ struct snp_guest_msg {
u8 payload[4000];
} __packed;
+struct snp_guest_req {
+ void *req_buf, *resp_buf;
+ size_t req_sz, resp_sz;
+ u64 exit_code;
+ u64 *fw_err;
+ u8 msg_version;
+ u8 msg_type;
+};
+
+static inline bool is_vmpck_empty(u8 *vmpck)
+{
+ char zero_key[VMPCK_KEY_LEN] = {0};
+
+ if (vmpck)
+ return !memcmp(vmpck, zero_key, VMPCK_KEY_LEN);
+
+ return true;
+}
+
#endif /* __VIRT_SEVGUEST_H__ */
--
2.32.0
next prev parent reply other threads:[~2023-01-30 12:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-30 12:03 [RFC PATCH 00/11] Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 01/11] virt: sev-guest: Use AES GCM crypto library Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 02/11] virt: sev-guest: Move mutex to SNP guest device structure Nikunj A Dadhania
2023-01-30 12:03 ` Nikunj A Dadhania [this message]
2023-01-30 18:45 ` [RFC PATCH 03/11] virt: sev-guest: Add snp_guest_req structure Dionna Amalie Glaze
2023-01-31 3:08 ` Nikunj A. Dadhania
2023-01-30 12:03 ` [RFC PATCH 04/11] virt: sev-guest: Add simplified helper to assign vmpck Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 05/11] x86/sev: Move and reorganize sev guest request api Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 06/11] x86/mm: Add generic guest initialization hook Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 07/11] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 08/11] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 09/11] x86/kvmclock: Use Secure TSC as clock if available Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 10/11] x86/tsc: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 11/11] x86/sev: Enable Secure TSC for SNP guests Nikunj A Dadhania
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230130120327.977460-4-nikunj@amd.com \
--to=nikunj@amd.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=dionnaglaze@google.com \
--cc=jroedel@suse.de \
--cc=ketanch@iitk.ac.in \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.roth@amd.com \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=seanjc@google.com \
--cc=tglx@linutronix.de \
--cc=thomas.lendacky@amd.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).