* [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler
@ 2023-03-28 15:16 Jeremi Piotrowski
2023-03-29 23:19 ` Tom Lendacky
2023-04-06 8:50 ` Herbert Xu
0 siblings, 2 replies; 3+ messages in thread
From: Jeremi Piotrowski @ 2023-03-28 15:16 UTC (permalink / raw)
To: linux-crypto
Cc: Jeremi Piotrowski, Tom Lendacky, John Allen, Herbert Xu,
Brijesh Singh, linux-kernel, stable
The PSP IRQ is edge-triggered (MSI or MSI-X) in all cases supported by
the psp module so clear the interrupt status register early in the
handler to prevent missed interrupts. sev_irq_handler() calls wake_up()
on a wait queue, which can result in a new command being submitted from
a different CPU. This then races with the clearing of isr and can result
in missed interrupts. A missed interrupt results in a command waiting
until it times out, which results in the psp being declared dead.
This is unlikely on bare metal, but has been observed when running
virtualized. In the cases where this is observed, sev->cmdresp_reg has
PSP_CMDRESP_RESP set which indicates that the command was processed
correctly but no interrupt was asserted.
The full sequence of events looks like this:
CPU 1: submits SEV cmd #1
CPU 1: calls wait_event_timeout()
CPU 0: enters psp_irq_handler()
CPU 0: calls sev_handler()->wake_up()
CPU 1: wakes up; finishes processing cmd #1
CPU 1: submits SEV cmd #2
CPU 1: calls wait_event_timeout()
PSP: finishes processing cmd #2; interrupt status is still set; no interrupt
CPU 0: clears intsts
CPU 0: exits psp_irq_handler()
CPU 1: wait_event_timeout() times out; psp_dead=true
Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Cc: stable@vger.kernel.org
Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
---
drivers/crypto/ccp/psp-dev.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index c9c741ac8442..949a3fa0b94a 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -42,6 +42,9 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
/* Read the interrupt status: */
status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
+ /* Clear the interrupt status by writing the same value we read. */
+ iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
+
/* invoke subdevice interrupt handlers */
if (status) {
if (psp->sev_irq_handler)
@@ -51,9 +54,6 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
psp->tee_irq_handler(irq, psp->tee_irq_data, status);
}
- /* Clear the interrupt status by writing the same value we read. */
- iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
-
return IRQ_HANDLED;
}
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler
2023-03-28 15:16 [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler Jeremi Piotrowski
@ 2023-03-29 23:19 ` Tom Lendacky
2023-04-06 8:50 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Tom Lendacky @ 2023-03-29 23:19 UTC (permalink / raw)
To: Jeremi Piotrowski, linux-crypto
Cc: John Allen, Herbert Xu, Brijesh Singh, linux-kernel, stable
On 3/28/23 10:16, Jeremi Piotrowski wrote:
> The PSP IRQ is edge-triggered (MSI or MSI-X) in all cases supported by
> the psp module so clear the interrupt status register early in the
> handler to prevent missed interrupts. sev_irq_handler() calls wake_up()
> on a wait queue, which can result in a new command being submitted from
> a different CPU. This then races with the clearing of isr and can result
> in missed interrupts. A missed interrupt results in a command waiting
> until it times out, which results in the psp being declared dead.
>
> This is unlikely on bare metal, but has been observed when running
> virtualized. In the cases where this is observed, sev->cmdresp_reg has
> PSP_CMDRESP_RESP set which indicates that the command was processed
> correctly but no interrupt was asserted.
>
> The full sequence of events looks like this:
>
> CPU 1: submits SEV cmd #1
> CPU 1: calls wait_event_timeout()
> CPU 0: enters psp_irq_handler()
> CPU 0: calls sev_handler()->wake_up()
> CPU 1: wakes up; finishes processing cmd #1
> CPU 1: submits SEV cmd #2
> CPU 1: calls wait_event_timeout()
> PSP: finishes processing cmd #2; interrupt status is still set; no interrupt
> CPU 0: clears intsts
> CPU 0: exits psp_irq_handler()
> CPU 1: wait_event_timeout() times out; psp_dead=true
>
> Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
> ---
> drivers/crypto/ccp/psp-dev.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
> index c9c741ac8442..949a3fa0b94a 100644
> --- a/drivers/crypto/ccp/psp-dev.c
> +++ b/drivers/crypto/ccp/psp-dev.c
> @@ -42,6 +42,9 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
> /* Read the interrupt status: */
> status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
>
> + /* Clear the interrupt status by writing the same value we read. */
> + iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
> +
> /* invoke subdevice interrupt handlers */
> if (status) {
> if (psp->sev_irq_handler)
> @@ -51,9 +54,6 @@ static irqreturn_t psp_irq_handler(int irq, void *data)
> psp->tee_irq_handler(irq, psp->tee_irq_data, status);
> }
>
> - /* Clear the interrupt status by writing the same value we read. */
> - iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
> -
> return IRQ_HANDLED;
> }
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler
2023-03-28 15:16 [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler Jeremi Piotrowski
2023-03-29 23:19 ` Tom Lendacky
@ 2023-04-06 8:50 ` Herbert Xu
1 sibling, 0 replies; 3+ messages in thread
From: Herbert Xu @ 2023-04-06 8:50 UTC (permalink / raw)
To: Jeremi Piotrowski
Cc: linux-crypto, Tom Lendacky, John Allen, Brijesh Singh,
linux-kernel, stable
On Tue, Mar 28, 2023 at 03:16:36PM +0000, Jeremi Piotrowski wrote:
> The PSP IRQ is edge-triggered (MSI or MSI-X) in all cases supported by
> the psp module so clear the interrupt status register early in the
> handler to prevent missed interrupts. sev_irq_handler() calls wake_up()
> on a wait queue, which can result in a new command being submitted from
> a different CPU. This then races with the clearing of isr and can result
> in missed interrupts. A missed interrupt results in a command waiting
> until it times out, which results in the psp being declared dead.
>
> This is unlikely on bare metal, but has been observed when running
> virtualized. In the cases where this is observed, sev->cmdresp_reg has
> PSP_CMDRESP_RESP set which indicates that the command was processed
> correctly but no interrupt was asserted.
>
> The full sequence of events looks like this:
>
> CPU 1: submits SEV cmd #1
> CPU 1: calls wait_event_timeout()
> CPU 0: enters psp_irq_handler()
> CPU 0: calls sev_handler()->wake_up()
> CPU 1: wakes up; finishes processing cmd #1
> CPU 1: submits SEV cmd #2
> CPU 1: calls wait_event_timeout()
> PSP: finishes processing cmd #2; interrupt status is still set; no interrupt
> CPU 0: clears intsts
> CPU 0: exits psp_irq_handler()
> CPU 1: wait_event_timeout() times out; psp_dead=true
>
> Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
> Cc: stable@vger.kernel.org
> Signed-off-by: Jeremi Piotrowski <jpiotrowski@linux.microsoft.com>
> ---
> drivers/crypto/ccp/psp-dev.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
Patch applied. Thanks.
--
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-04-06 8:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-03-28 15:16 [PATCH] crypto: ccp - Clear PSP interrupt status register before calling handler Jeremi Piotrowski
2023-03-29 23:19 ` Tom Lendacky
2023-04-06 8:50 ` Herbert Xu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).