| Message ID | f1caff4423a46c50564e625fd98932fde2a9a3fc.1739997129.git.ashish.kalra@amd.com |
|---|---|
| State | New |
| Headers | show |
| Series | Move initializing SEV/SNP functionality to KVM | expand |
On Thu, Feb 20, 2025 at 12:07 PM Kalra, Ashish <ashish.kalra@amd.com> wrote: > > Hello Dionna, > > On 2/20/2025 10:44 AM, Dionna Amalie Glaze wrote: > > On Wed, Feb 19, 2025 at 12:53 PM Ashish Kalra <Ashish.Kalra@amd.com> wrote: > >> > >> From: Ashish Kalra <ashish.kalra@amd.com> > >> > >> Modify the behavior of implicit SEV initialization in some of the > >> SEV ioctls to do both SEV initialization and shutdown and add > >> implicit SNP initialization and shutdown to some of the SNP ioctls > >> so that the change of SEV/SNP platform initialization not being > >> done during PSP driver probe time does not break userspace tools > >> such as sevtool, etc. > >> > >> Prior to this patch, SEV has always been initialized before these > >> ioctls as SEV initialization is done as part of PSP module probe, > >> but now with SEV initialization being moved to KVM module load instead > >> of PSP driver probe, the implied SEV INIT actually makes sense and gets > >> used and additionally to maintain SEV platform state consistency > >> before and after the ioctl SEV shutdown needs to be done after the > >> firmware call. > >> > >> It is important to do SEV Shutdown here with the SEV/SNP initialization > >> moving to KVM, an implicit SEV INIT here as part of the SEV ioctls not > >> followed with SEV Shutdown will cause SEV to remain in INIT state and > >> then a future SNP INIT in KVM module load will fail. > >> > >> Similarly, prior to this patch, SNP has always been initialized before > >> these ioctls as SNP initialization is done as part of PSP module probe, > >> therefore, to keep a consistent behavior, SNP init needs to be done > >> here implicitly as part of these ioctls followed with SNP shutdown > >> before returning from the ioctl to maintain the consistent platform > >> state before and after the ioctl. > >> > >> Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > >> --- > >> drivers/crypto/ccp/sev-dev.c | 117 ++++++++++++++++++++++++++++------- > >> 1 file changed, 93 insertions(+), 24 deletions(-) > >> > >> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > >> index 8f5c474b9d1c..b06f43eb18f7 100644 > >> --- a/drivers/crypto/ccp/sev-dev.c > >> +++ b/drivers/crypto/ccp/sev-dev.c > >> @@ -1461,7 +1461,8 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp) > >> static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable) > >> { > >> struct sev_device *sev = psp_master->sev_data; > >> - int rc; > >> + bool shutdown_required = false; > >> + int rc, error; > >> > >> if (!writable) > >> return -EPERM; > >> @@ -1470,19 +1471,26 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool wr > >> rc = __sev_platform_init_locked(&argp->error); > >> if (rc) > >> return rc; > >> + shutdown_required = true; > >> } > >> > >> - return __sev_do_cmd_locked(cmd, NULL, &argp->error); > >> + rc = __sev_do_cmd_locked(cmd, NULL, &argp->error); > >> + > >> + if (shutdown_required) > >> + __sev_platform_shutdown_locked(&error); > > > > This error is discarded. Is that by design? If so, It'd be better to > > call this ignored_error. > > > > This is by design, we cannot overwrite the error for the original command being issued > here which in this case is do_pek_pdh_gen, hence we use a local error for the shutdown command. > And __sev_platform_shutdown_locked() has it's own error logging code, so it will be printing > the error message for the shutdown command failure, so the shutdown error is not eventually > being ignored, that error log will assist in any inconsistent SEV/SNP platform state and > subsequent errors. > > >> + > >> + return rc; > >> } > >> > >> static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) > >> { > >> struct sev_device *sev = psp_master->sev_data; > >> struct sev_user_data_pek_csr input; > >> + bool shutdown_required = false; > >> struct sev_data_pek_csr data; > >> void __user *input_address; > >> void *blob = NULL; > >> - int ret; > >> + int ret, error; > >> > >> if (!writable) > >> return -EPERM; > >> @@ -1513,6 +1521,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) > >> ret = __sev_platform_init_locked(&argp->error); > >> if (ret) > >> goto e_free_blob; > >> + shutdown_required = true; > >> } > >> > >> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error); > >> @@ -1531,6 +1540,9 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) > >> } > >> > >> e_free_blob: > >> + if (shutdown_required) > >> + __sev_platform_shutdown_locked(&error); > > > > Another discarded error. This function is called in different > > locations in sev-dev.c with and without checking the result, which > > seems problematic. > > Not really, if shutdown fails for any reason, the error is printed. > The return value here reflects the value of the original command/function. > The command/ioctl could have succeeded but the shutdown failed, hence, > shutdown error is printed, but the return value reflects that the ioctl succeeded. > > Additionally, in case of INIT before the command is issued, the command may > have failed without the SEV state being in INIT state, hence the error for the > INIT command failure is returned back from the ioctl. > > > > >> + > >> kfree(blob); > >> return ret; > >> } > >> @@ -1747,8 +1759,9 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) > >> struct sev_device *sev = psp_master->sev_data; > >> struct sev_user_data_pek_cert_import input; > >> struct sev_data_pek_cert_import data; > >> + bool shutdown_required = false; > >> void *pek_blob, *oca_blob; > >> - int ret; > >> + int ret, error; > >> > >> if (!writable) > >> return -EPERM; > >> @@ -1780,11 +1793,15 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) > >> ret = __sev_platform_init_locked(&argp->error); > >> if (ret) > >> goto e_free_oca; > >> + shutdown_required = true; > >> } > >> > >> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error); > >> > >> e_free_oca: > >> + if (shutdown_required) > >> + __sev_platform_shutdown_locked(&error); > > > > Again. > > > >> + > >> kfree(oca_blob); > >> e_free_pek: > >> kfree(pek_blob); > >> @@ -1901,17 +1918,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) > >> struct sev_data_pdh_cert_export data; > >> void __user *input_cert_chain_address; > >> void __user *input_pdh_cert_address; > >> - int ret; > >> - > >> - /* If platform is not in INIT state then transition it to INIT. */ > >> - if (sev->state != SEV_STATE_INIT) { > >> - if (!writable) > >> - return -EPERM; > >> - > >> - ret = __sev_platform_init_locked(&argp->error); > >> - if (ret) > >> - return ret; > >> - } > >> + bool shutdown_required = false; > >> + int ret, error; > >> > >> if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) > >> return -EFAULT; > >> @@ -1952,6 +1960,16 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) > >> data.cert_chain_len = input.cert_chain_len; > >> > >> cmd: > >> + /* If platform is not in INIT state then transition it to INIT. */ > >> + if (sev->state != SEV_STATE_INIT) { > >> + if (!writable) > >> + goto e_free_cert; > >> + ret = __sev_platform_init_locked(&argp->error); > > > > Using argp->error for init instead of the ioctl-requested command > > means that the user will have difficulty distinguishing which process > > is at fault, no? > > > > Not really, in case the SEV command has still not been issued, argp->error is still usable > and returned back to the caller (no need to use a local error here), we are not overwriting > the argp->error used for the original command/ioctl here. > I mean in the case that argp->error is set to a value shared by the command and init, it's hard to know what the problem was. I'd like to ensure that the documentation is updated to reflect that (in this case) if PDH_CERT_EXPORT returns INVALID_PLATFORM_STATE, then it's because the platform was not in PSTATE.UNINIT state. The new behavior of initializing when you need to now means that you should have ruled out INVALID_PLATFORM_STATE as a possible value from PDH_EXPORT_CERT. Same for SNP_CONFIG. There is not a 1-to-1 mapping between the ioctl commands and the SEV commands now, so I think you need extra documentation to clarify the new error space for at least pdh_export and set_config SNP_PLATFORM_STATUS, VLEK_LOAD, and SNP_COMMIT appear to not necessarily have a provenance confusion after looking closer.
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 8f5c474b9d1c..b06f43eb18f7 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -1461,7 +1461,8 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp) static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; - int rc; + bool shutdown_required = false; + int rc, error; if (!writable) return -EPERM; @@ -1470,19 +1471,26 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool wr rc = __sev_platform_init_locked(&argp->error); if (rc) return rc; + shutdown_required = true; } - return __sev_do_cmd_locked(cmd, NULL, &argp->error); + rc = __sev_do_cmd_locked(cmd, NULL, &argp->error); + + if (shutdown_required) + __sev_platform_shutdown_locked(&error); + + return rc; } static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; struct sev_user_data_pek_csr input; + bool shutdown_required = false; struct sev_data_pek_csr data; void __user *input_address; void *blob = NULL; - int ret; + int ret, error; if (!writable) return -EPERM; @@ -1513,6 +1521,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) ret = __sev_platform_init_locked(&argp->error); if (ret) goto e_free_blob; + shutdown_required = true; } ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error); @@ -1531,6 +1540,9 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable) } e_free_blob: + if (shutdown_required) + __sev_platform_shutdown_locked(&error); + kfree(blob); return ret; } @@ -1747,8 +1759,9 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) struct sev_device *sev = psp_master->sev_data; struct sev_user_data_pek_cert_import input; struct sev_data_pek_cert_import data; + bool shutdown_required = false; void *pek_blob, *oca_blob; - int ret; + int ret, error; if (!writable) return -EPERM; @@ -1780,11 +1793,15 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable) ret = __sev_platform_init_locked(&argp->error); if (ret) goto e_free_oca; + shutdown_required = true; } ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error); e_free_oca: + if (shutdown_required) + __sev_platform_shutdown_locked(&error); + kfree(oca_blob); e_free_pek: kfree(pek_blob); @@ -1901,17 +1918,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) struct sev_data_pdh_cert_export data; void __user *input_cert_chain_address; void __user *input_pdh_cert_address; - int ret; - - /* If platform is not in INIT state then transition it to INIT. */ - if (sev->state != SEV_STATE_INIT) { - if (!writable) - return -EPERM; - - ret = __sev_platform_init_locked(&argp->error); - if (ret) - return ret; - } + bool shutdown_required = false; + int ret, error; if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) return -EFAULT; @@ -1952,6 +1960,16 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) data.cert_chain_len = input.cert_chain_len; cmd: + /* If platform is not in INIT state then transition it to INIT. */ + if (sev->state != SEV_STATE_INIT) { + if (!writable) + goto e_free_cert; + ret = __sev_platform_init_locked(&argp->error); + if (ret) + goto e_free_cert; + shutdown_required = true; + } + ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, &data, &argp->error); /* If we query the length, FW responded with expected data. */ @@ -1978,6 +1996,9 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) } e_free_cert: + if (shutdown_required) + __sev_platform_shutdown_locked(&error); + kfree(cert_blob); e_free_pdh: kfree(pdh_blob); @@ -1987,12 +2008,13 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable) static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp) { struct sev_device *sev = psp_master->sev_data; + bool shutdown_required = false; struct sev_data_snp_addr buf; struct page *status_page; + int ret, error; void *data; - int ret; - if (!sev->snp_initialized || !argp->data) + if (!argp->data) return -EINVAL; status_page = alloc_page(GFP_KERNEL_ACCOUNT); @@ -2001,6 +2023,13 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp) data = page_address(status_page); + if (!sev->snp_initialized) { + ret = __sev_snp_init_locked(&argp->error); + if (ret) + goto cleanup; + shutdown_required = true; + } + /* * Firmware expects status page to be in firmware-owned state, otherwise * it will report firmware error code INVALID_PAGE_STATE (0x1A). @@ -2029,6 +2058,9 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp) ret = -EFAULT; cleanup: + if (shutdown_required) + __sev_snp_shutdown_locked(&error, false); + __free_pages(status_page, 0); return ret; } @@ -2037,21 +2069,34 @@ static int sev_ioctl_do_snp_commit(struct sev_issue_cmd *argp) { struct sev_device *sev = psp_master->sev_data; struct sev_data_snp_commit buf; + bool shutdown_required = false; + int ret, error; - if (!sev->snp_initialized) - return -EINVAL; + if (!sev->snp_initialized) { + ret = __sev_snp_init_locked(&argp->error); + if (ret) + return ret; + shutdown_required = true; + } buf.len = sizeof(buf); - return __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error); + ret = __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error); + + if (shutdown_required) + __sev_snp_shutdown_locked(&error, false); + + return ret; } static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; struct sev_user_data_snp_config config; + bool shutdown_required = false; + int ret, error; - if (!sev->snp_initialized || !argp->data) + if (!argp->data) return -EINVAL; if (!writable) @@ -2060,17 +2105,30 @@ static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable if (copy_from_user(&config, (void __user *)argp->data, sizeof(config))) return -EFAULT; - return __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error); + if (!sev->snp_initialized) { + ret = __sev_snp_init_locked(&argp->error); + if (ret) + return ret; + shutdown_required = true; + } + + ret = __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error); + + if (shutdown_required) + __sev_snp_shutdown_locked(&error, false); + + return ret; } static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; struct sev_user_data_snp_vlek_load input; + bool shutdown_required = false; + int ret, error; void *blob; - int ret; - if (!sev->snp_initialized || !argp->data) + if (!argp->data) return -EINVAL; if (!writable) @@ -2089,8 +2147,19 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable) input.vlek_wrapped_address = __psp_pa(blob); + if (!sev->snp_initialized) { + ret = __sev_snp_init_locked(&argp->error); + if (ret) + goto cleanup; + shutdown_required = true; + } + ret = __sev_do_cmd_locked(SEV_CMD_SNP_VLEK_LOAD, &input, &argp->error); + if (shutdown_required) + __sev_snp_shutdown_locked(&error, false); + +cleanup: kfree(blob); return ret;