On Wed, Feb 19, 2025 at 12:53 PM Ashish Kalra <Ashish.Kalra@xxxxxxx> wrote:
>
> From: Ashish Kalra <ashish.kalra@xxxxxxx>
>
> Modify the behavior of implicit SEV initialization in some of the
> SEV ioctls to do both SEV initialization and shutdown and add
> implicit SNP initialization and shutdown to some of the SNP ioctls
> so that the change of SEV/SNP platform initialization not being
> done during PSP driver probe time does not break userspace tools
> such as sevtool, etc.
>
> Prior to this patch, SEV has always been initialized before these
> ioctls as SEV initialization is done as part of PSP module probe,
> but now with SEV initialization being moved to KVM module load instead
> of PSP driver probe, the implied SEV INIT actually makes sense and gets
> used and additionally to maintain SEV platform state consistency
> before and after the ioctl SEV shutdown needs to be done after the
> firmware call.
>
> It is important to do SEV Shutdown here with the SEV/SNP initialization
> moving to KVM, an implicit SEV INIT here as part of the SEV ioctls not
> followed with SEV Shutdown will cause SEV to remain in INIT state and
> then a future SNP INIT in KVM module load will fail.
>
> Similarly, prior to this patch, SNP has always been initialized before
> these ioctls as SNP initialization is done as part of PSP module probe,
> therefore, to keep a consistent behavior, SNP init needs to be done
> here implicitly as part of these ioctls followed with SNP shutdown
> before returning from the ioctl to maintain the consistent platform
> state before and after the ioctl.
>
> Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
> ---
> drivers/crypto/ccp/sev-dev.c | 117 ++++++++++++++++++++++++++++-------
> 1 file changed, 93 insertions(+), 24 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 8f5c474b9d1c..b06f43eb18f7 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -1461,7 +1461,8 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
> static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
> {
> struct sev_device *sev = psp_master->sev_data;
> - int rc;
> + bool shutdown_required = false;
> + int rc, error;
>
> if (!writable)
> return -EPERM;
> @@ -1470,19 +1471,26 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool wr
> rc = __sev_platform_init_locked(&argp->error);
> if (rc)
> return rc;
> + shutdown_required = true;
> }
>
> - return __sev_do_cmd_locked(cmd, NULL, &argp->error);
> + rc = __sev_do_cmd_locked(cmd, NULL, &argp->error);
> +
> + if (shutdown_required)
> + __sev_platform_shutdown_locked(&error);
This error is discarded. Is that by design? If so, It'd be better to
call this ignored_error.
> +
> + return rc;
> }
>
> static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> {
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_csr input;
> + bool shutdown_required = false;
> struct sev_data_pek_csr data;
> void __user *input_address;
> void *blob = NULL;
> - int ret;
> + int ret, error;
>
> if (!writable)
> return -EPERM;
> @@ -1513,6 +1521,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> ret = __sev_platform_init_locked(&argp->error);
> if (ret)
> goto e_free_blob;
> + shutdown_required = true;
> }
>
> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
> @@ -1531,6 +1540,9 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> }
>
> e_free_blob:
> + if (shutdown_required)
> + __sev_platform_shutdown_locked(&error);
Another discarded error. This function is called in different
locations in sev-dev.c with and without checking the result, which
seems problematic.
> +
> kfree(blob);
> return ret;
> }
> @@ -1747,8 +1759,9 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_cert_import input;
> struct sev_data_pek_cert_import data;
> + bool shutdown_required = false;
> void *pek_blob, *oca_blob;
> - int ret;
> + int ret, error;
>
> if (!writable)
> return -EPERM;
> @@ -1780,11 +1793,15 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
> ret = __sev_platform_init_locked(&argp->error);
> if (ret)
> goto e_free_oca;
> + shutdown_required = true;
> }
>
> ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
>
> e_free_oca:
> + if (shutdown_required)
> + __sev_platform_shutdown_locked(&error);
Again.
> +
> kfree(oca_blob);
> e_free_pek:
> kfree(pek_blob);
> @@ -1901,17 +1918,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> struct sev_data_pdh_cert_export data;
> void __user *input_cert_chain_address;
> void __user *input_pdh_cert_address;
> - int ret;
> -
> - /* If platform is not in INIT state then transition it to INIT. */
> - if (sev->state != SEV_STATE_INIT) {
> - if (!writable)
> - return -EPERM;
> -
> - ret = __sev_platform_init_locked(&argp->error);
> - if (ret)
> - return ret;
> - }
> + bool shutdown_required = false;
> + int ret, error;
>
> if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
> return -EFAULT;
> @@ -1952,6 +1960,16 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> data.cert_chain_len = input.cert_chain_len;
>
> cmd:
> + /* If platform is not in INIT state then transition it to INIT. */
> + if (sev->state != SEV_STATE_INIT) {
> + if (!writable)
> + goto e_free_cert;
> + ret = __sev_platform_init_locked(&argp->error);
Using argp->error for init instead of the ioctl-requested command
means that the user will have difficulty distinguishing which process
is at fault, no?
> + if (ret)
> + goto e_free_cert;
> + shutdown_required = true;
> + }
> +
> ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, &data, &argp->error);
>
> /* If we query the length, FW responded with expected data. */
> @@ -1978,6 +1996,9 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> }
>
> e_free_cert:
> + if (shutdown_required)
> + __sev_platform_shutdown_locked(&error);
Again.
> +
> kfree(cert_blob);
> e_free_pdh:
> kfree(pdh_blob);
> @@ -1987,12 +2008,13 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
> {
> struct sev_device *sev = psp_master->sev_data;
> + bool shutdown_required = false;
> struct sev_data_snp_addr buf;
> struct page *status_page;
> + int ret, error;
> void *data;
> - int ret;
>
> - if (!sev->snp_initialized || !argp->data)
> + if (!argp->data)
> return -EINVAL;
>
> status_page = alloc_page(GFP_KERNEL_ACCOUNT);
> @@ -2001,6 +2023,13 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
>
> data = page_address(status_page);
>
> + if (!sev->snp_initialized) {
> + ret = __sev_snp_init_locked(&argp->error);
Error provenance confusion.
> + if (ret)
> + goto cleanup;
> + shutdown_required = true;
> + }
> +
> /*
> * Firmware expects status page to be in firmware-owned state, otherwise
> * it will report firmware error code INVALID_PAGE_STATE (0x1A).
> @@ -2029,6 +2058,9 @@ static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
> ret = -EFAULT;
>
> cleanup:
> + if (shutdown_required)
> + __sev_snp_shutdown_locked(&error, false);
> +
> __free_pages(status_page, 0);
> return ret;
> }
> @@ -2037,21 +2069,34 @@ static int sev_ioctl_do_snp_commit(struct sev_issue_cmd *argp)
> {
> struct sev_device *sev = psp_master->sev_data;
> struct sev_data_snp_commit buf;
> + bool shutdown_required = false;
> + int ret, error;
>
> - if (!sev->snp_initialized)
> - return -EINVAL;
> + if (!sev->snp_initialized) {
> + ret = __sev_snp_init_locked(&argp->error);
Error provenance confusion.
> + if (ret)
> + return ret;
> + shutdown_required = true;
> + }
>
> buf.len = sizeof(buf);
>
> - return __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error);
> + ret = __sev_do_cmd_locked(SEV_CMD_SNP_COMMIT, &buf, &argp->error);
> +
> + if (shutdown_required)
> + __sev_snp_shutdown_locked(&error, false);
Again.
> +
> + return ret;
> }
>
> static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable)
> {
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_snp_config config;
> + bool shutdown_required = false;
> + int ret, error;
>
> - if (!sev->snp_initialized || !argp->data)
> + if (!argp->data)
> return -EINVAL;
>
> if (!writable)
> @@ -2060,17 +2105,30 @@ static int sev_ioctl_do_snp_set_config(struct sev_issue_cmd *argp, bool writable
> if (copy_from_user(&config, (void __user *)argp->data, sizeof(config)))
> return -EFAULT;
>
> - return __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error);
> + if (!sev->snp_initialized) {
> + ret = __sev_snp_init_locked(&argp->error);
Error provenance problem again.
> + if (ret)
> + return ret;
> + shutdown_required = true;
> + }
> +
> + ret = __sev_do_cmd_locked(SEV_CMD_SNP_CONFIG, &config, &argp->error);
> +
> + if (shutdown_required)
> + __sev_snp_shutdown_locked(&error, false);
> +
> + return ret;
> }
>
> static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable)
> {
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_snp_vlek_load input;
> + bool shutdown_required = false;
> + int ret, error;
> void *blob;
> - int ret;
>
> - if (!sev->snp_initialized || !argp->data)
> + if (!argp->data)
> return -EINVAL;
>
> if (!writable)
> @@ -2089,8 +2147,19 @@ static int sev_ioctl_do_snp_vlek_load(struct sev_issue_cmd *argp, bool writable)
>
> input.vlek_wrapped_address = __psp_pa(blob);
>
> + if (!sev->snp_initialized) {
> + ret = __sev_snp_init_locked(&argp->error);
Error provenance confusion.
> + if (ret)
> + goto cleanup;
> + shutdown_required = true;
> + }
> +
> ret = __sev_do_cmd_locked(SEV_CMD_SNP_VLEK_LOAD, &input, &argp->error);
>
> + if (shutdown_required)
> + __sev_snp_shutdown_locked(&error, false);
Again.
> +
> +cleanup:
> kfree(blob);
>
> return ret;
> --
> 2.34.1
>
--
-Dionna Glaze, PhD, CISSP, CCSP (she/her)
