linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Nikunj A Dadhania <nikunj@amd.com>
To: <linux-kernel@vger.kernel.org>, <x86@kernel.org>
Cc: <bp@alien8.de>, <thomas.lendacky@amd.com>,
	<dionnaglaze@google.com>, <pgonda@google.com>, <jroedel@suse.de>,
	<mingo@redhat.com>, <tglx@linutronix.de>,
	<dave.hansen@linux.intel.com>, <seanjc@google.com>,
	<pbonzini@redhat.com>, <nikunj@amd.com>, <michael.roth@amd.com>,
	<ketanch@iitk.ac.in>
Subject: [RFC PATCH 03/11] virt: sev-guest: Add snp_guest_req structure
Date: Mon, 30 Jan 2023 17:33:19 +0530	[thread overview]
Message-ID: <20230130120327.977460-4-nikunj@amd.com> (raw)
In-Reply-To: <20230130120327.977460-1-nikunj@amd.com>

Add a snp_guest_req structure to simplify the function arguments. The
structure will be used to call the SNP Guest message request API
instead of passing a long list of parameters.

Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
---
 drivers/virt/coco/sev-guest/sev-guest.c | 84 ++++++++++++++-----------
 drivers/virt/coco/sev-guest/sev-guest.h | 19 ++++++
 2 files changed, 66 insertions(+), 37 deletions(-)

diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 106cabce1ccd..af5b965c6c29 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -57,16 +57,6 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
 	return 0;
 }
 
-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
-{
-	char zero_key[VMPCK_KEY_LEN] = {0};
-
-	if (snp_dev->vmpck)
-		return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
-
-	return true;
-}
-
 /*
  * If an error is received from the host or AMD Secure Processor (ASP) there
  * are two options. Either retry the exact same encrypted request or discontinue
@@ -195,8 +185,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
 	struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
 	struct aesgcm_ctx *ctx = snp_dev->ctx;
 
-	dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
-		resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
+	pr_debug("response [seqno %lld type %d version %d sz %d]\n",
+		 resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
+		 resp_hdr->msg_sz);
 
 	/* Verify that the sequence counter is incremented by 1 */
 	if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1)))
@@ -218,41 +209,42 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
 	return dec_payload(ctx, resp, payload, resp_hdr->msg_sz);
 }
 
-static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
-			void *payload, size_t sz)
+static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno,
+		       struct snp_guest_req *req, u8 __vmpck_id)
 {
-	struct snp_guest_msg *req = snp_dev->request;
-	struct snp_guest_msg_hdr *hdr = &req->hdr;
+	struct snp_guest_msg *msg = snp_dev->request;
+	struct snp_guest_msg_hdr *hdr = &msg->hdr;
 
-	memset(req, 0, sizeof(*req));
+	memset(msg, 0, sizeof(*msg));
 
 	hdr->algo = SNP_AEAD_AES_256_GCM;
 	hdr->hdr_version = MSG_HDR_VER;
 	hdr->hdr_sz = sizeof(*hdr);
-	hdr->msg_type = type;
-	hdr->msg_version = version;
+	hdr->msg_type = req->msg_type;
+	hdr->msg_version = req->msg_version;
 	hdr->msg_seqno = seqno;
-	hdr->msg_vmpck = vmpck_id;
-	hdr->msg_sz = sz;
+	hdr->msg_vmpck = __vmpck_id;
+	hdr->msg_sz = req->req_sz;
 
 	/* Verify the sequence number is non-zero */
 	if (!hdr->msg_seqno)
 		return -ENOSR;
 
-	dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
+	pr_debug("request [seqno %lld type %d version %d sz %d]\n",
 		hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
 
-	return __enc_payload(snp_dev->ctx, req, payload, sz);
+	return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz);
 }
 
-static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
-				u8 type, void *req_buf, size_t req_sz, void *resp_buf,
-				u32 resp_sz, __u64 *fw_err)
+static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
 {
 	unsigned long err;
 	u64 seqno;
 	int rc;
 
+	if (!snp_dev || !req)
+		return -ENODEV;
+
 	/* Get message sequence and verify that its a non-zero */
 	seqno = snp_get_msg_seqno(snp_dev);
 	if (!seqno)
@@ -261,7 +253,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 	memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
 
 	/* Encrypt the userspace provided payload */
-	rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
+	rc = enc_payload(snp_dev, seqno, req, vmpck_id);
 	if (rc)
 		return rc;
 
@@ -271,7 +263,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 	 * sequence number must be incremented or the VMPCK must be deleted to
 	 * prevent reuse of the IV.
 	 */
-	rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+	rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
 
 	/*
 	 * If the extended guest request fails due to having too small of a
@@ -279,11 +271,11 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 	 * extended data request in order to increment the sequence number
 	 * and thus avoid IV reuse.
 	 */
-	if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
+	if (req->exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
 	    err == SNP_GUEST_REQ_INVALID_LEN) {
 		const unsigned int certs_npages = snp_dev->input.data_npages;
 
-		exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+		req->exit_code = SVM_VMGEXIT_GUEST_REQUEST;
 
 		/*
 		 * If this call to the firmware succeeds, the sequence number can
@@ -293,7 +285,7 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 		 * of the VMPCK and the error code being propagated back to the
 		 * user as an ioctl() return code.
 		 */
-		rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
+		rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
 
 		/*
 		 * Override the error to inform callers the given extended
@@ -304,17 +296,17 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 		snp_dev->input.data_npages = certs_npages;
 	}
 
-	if (fw_err)
-		*fw_err = err;
+	if (req->fw_err)
+		*req->fw_err = err;
 
 	if (rc) {
 		dev_alert(snp_dev->dev,
 			  "Detected error from ASP request. rc: %d, fw_err: %llu\n",
-			  rc, *fw_err);
+			  rc, *req->fw_err);
 		goto disable_vmpck;
 	}
 
-	rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
+	rc = verify_and_dec_payload(snp_dev, req->resp_buf, req->resp_sz);
 	if (rc) {
 		dev_alert(snp_dev->dev,
 			  "Detected unexpected decode failure from ASP. rc: %d\n",
@@ -332,6 +324,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
 	return rc;
 }
 
+
+static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, u8 msg_version,
+				u8 msg_type, void *req_buf, size_t req_sz, void *resp_buf,
+				u32 resp_sz, __u64 *fw_err)
+{
+	struct snp_guest_req guest_req = {
+		.msg_version = msg_version,
+		.msg_type = msg_type,
+		.req_buf = req_buf,
+		.req_sz = req_sz,
+		.resp_buf = resp_buf,
+		.resp_sz = resp_sz,
+		.fw_err = fw_err,
+		.exit_code = exit_code,
+	};
+	return snp_send_guest_request(snp_dev, &guest_req);
+}
+
 static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
 {
 	struct snp_report_resp *resp;
@@ -505,7 +515,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
 	mutex_lock(&snp_dev->cmd_mutex);
 
 	/* Check if the VMPCK is not empty */
-	if (is_vmpck_empty(snp_dev)) {
+	if (is_vmpck_empty(snp_dev->vmpck)) {
 		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
 		mutex_unlock(&snp_dev->cmd_mutex);
 		return -ENOTTY;
@@ -636,7 +646,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
 	}
 
 	/* Verify that VMPCK is not zero. */
-	if (is_vmpck_empty(snp_dev)) {
+	if (is_vmpck_empty(snp_dev->vmpck)) {
 		dev_err(dev, "vmpck id %d is null\n", vmpck_id);
 		goto e_unmap;
 	}
diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
index ceb798a404d6..d245578d988e 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.h
+++ b/drivers/virt/coco/sev-guest/sev-guest.h
@@ -63,4 +63,23 @@ struct snp_guest_msg {
 	u8 payload[4000];
 } __packed;
 
+struct snp_guest_req {
+	void *req_buf, *resp_buf;
+	size_t req_sz, resp_sz;
+	u64 exit_code;
+	u64 *fw_err;
+	u8 msg_version;
+	u8 msg_type;
+};
+
+static inline bool is_vmpck_empty(u8 *vmpck)
+{
+	char zero_key[VMPCK_KEY_LEN] = {0};
+
+	if (vmpck)
+		return !memcmp(vmpck, zero_key, VMPCK_KEY_LEN);
+
+	return true;
+}
+
 #endif /* __VIRT_SEVGUEST_H__ */
-- 
2.32.0


  parent reply	other threads:[~2023-01-30 12:05 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-30 12:03 [RFC PATCH 00/11] Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 01/11] virt: sev-guest: Use AES GCM crypto library Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 02/11] virt: sev-guest: Move mutex to SNP guest device structure Nikunj A Dadhania
2023-01-30 12:03 ` Nikunj A Dadhania [this message]
2023-01-30 18:45   ` [RFC PATCH 03/11] virt: sev-guest: Add snp_guest_req structure Dionna Amalie Glaze
2023-01-31  3:08     ` Nikunj A. Dadhania
2023-01-30 12:03 ` [RFC PATCH 04/11] virt: sev-guest: Add simplified helper to assign vmpck Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 05/11] x86/sev: Move and reorganize sev guest request api Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 06/11] x86/mm: Add generic guest initialization hook Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 07/11] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 08/11] x86/sev: Add Secure TSC support for SNP guests Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 09/11] x86/kvmclock: Use Secure TSC as clock if available Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 10/11] x86/tsc: Mark Secure TSC as reliable clocksource Nikunj A Dadhania
2023-01-30 12:03 ` [RFC PATCH 11/11] x86/sev: Enable Secure TSC for SNP guests Nikunj A Dadhania

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230130120327.977460-4-nikunj@amd.com \
    --to=nikunj@amd.com \
    --cc=bp@alien8.de \
    --cc=dave.hansen@linux.intel.com \
    --cc=dionnaglaze@google.com \
    --cc=jroedel@suse.de \
    --cc=ketanch@iitk.ac.in \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michael.roth@amd.com \
    --cc=mingo@redhat.com \
    --cc=pbonzini@redhat.com \
    --cc=pgonda@google.com \
    --cc=seanjc@google.com \
    --cc=tglx@linutronix.de \
    --cc=thomas.lendacky@amd.com \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).