2023-07-22 11:42:44

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 00/14] Add Secure TSC support for SNP guests

Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the
parameters being used cannot be changed by hypervisor once the guest is
launched. More details in the AMD64 APM Vol 2, Section "Secure TSC".

During the boot-up of the secondary cpus, SecureTSC enabled guests need to query
TSC info from AMD Security Processor. This communication channel is encrypted
between the AMD Security Processor and the guest, the hypervisor is just the
conduit to deliver the guest messages to the AMD Security Processor. Each
message is protected with an AEAD (AES-256 GCM). See "SEV Secure Nested Paging
Firmware ABI Specification" document (currently at
https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info"

Use a minimal GCM library to encrypt/decrypt SNP Guest messages to communicate
with the AMD Security Processor which is available at early boot.

SEV-guest driver has the implementation for guest and AMD Security Processor
communication. As the TSC_INFO needs to be initialized during early boot before
smp cpus are started, move most of the sev-guest driver code to kernel/sev.c and
provide well defined APIs to the sev-guest driver to use the interface to avoid
code-duplication.

Patches:
01-07: Preparation and movement of sev-guest driver code
08-14: SecureTSC enablement patches.

Testing SecureTSC
-----------------

SecureTSC hypervisor patches based on top of SEV-SNP UPM series:
https://github.com/nikunjad/linux/tree/snp-host-latest-securetsc

QEMU changes:
https://github.com/nikunjad/qemu/tree/snp_securetsc

QEMU commandline SEV-SNP-UPM with SecureTSC:

qemu-system-x86_64 -cpu EPYC-Milan-v2,+secure-tsc \
-object memory-backend-memfd-private,id=ram1,size=1G,share=true \
-object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
-machine q35,confidential-guest-support=sev0,memory-backend=ram1,kvm-type=protected \
...

Changelog:
----------
v3:
* Updated commit messages
* Made snp_setup_psp_messaging() generic that is accessed by both the
kernel and the driver
* Moved most of the context information to sev.c, sev-guest driver
does not need to know the secrets page layout anymore
* Add CC_ATTR_GUEST_SECURE_TSC early in the series therefore it can be
used in later patches.
* Removed data_gpa and data_npages from struct snp_req_data, as certs_data
and its size is passed to handle_guest_request_ext()
* Make vmpck_id as unsigned int
* Dropped unnecessary usage of memzero_explicit()
* Cache secrets_pa instead of remapping the cc_blob always
* Rebase on top of v6.4 kernel

v2:
* Rebased on top of v6.3-rc3 that has Boris's sev-guest cleanup series
https://lore.kernel.org/r/[email protected]/

v1: https://lore.kernel.org/r/[email protected]/

Nikunj A Dadhania (14):
virt: sev-guest: Use AES GCM crypto library
virt: sev-guest: Move mutex to SNP guest device structure
virt: sev-guest: Replace pr_debug with dev_dbg
virt: sev-guest: Add SNP guest request structure
virt: sev-guest: Add vmpck_id to snp_guest_dev struct
x86/sev: Cache the secrets page address
x86/sev: Move and reorganize sev guest request api
x86/mm: Add generic guest initialization hook
x86/sev: Add Secure TSC support for SNP guests
x86/sev: Change TSC MSR behavior for Secure TSC enabled guests
x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled
guests
x86/kvmclock: Skip kvmclock when Secure TSC is available
x86/tsc: Mark Secure TSC as reliable clocksource
x86/sev: Enable Secure TSC for SNP guests

arch/x86/Kconfig | 1 +
arch/x86/boot/compressed/sev.c | 2 +-
arch/x86/coco/core.c | 3 +
arch/x86/include/asm/sev-guest.h | 175 +++++++
arch/x86/include/asm/sev.h | 19 +-
arch/x86/include/asm/svm.h | 6 +-
arch/x86/include/asm/x86_init.h | 2 +
arch/x86/kernel/kvmclock.c | 2 +-
arch/x86/kernel/sev-shared.c | 7 +
arch/x86/kernel/sev.c | 631 +++++++++++++++++++++--
arch/x86/kernel/tsc.c | 2 +-
arch/x86/kernel/x86_init.c | 2 +
arch/x86/mm/mem_encrypt.c | 13 +-
arch/x86/mm/mem_encrypt_amd.c | 6 +
drivers/virt/coco/sev-guest/Kconfig | 2 -
drivers/virt/coco/sev-guest/sev-guest.c | 638 +++---------------------
drivers/virt/coco/sev-guest/sev-guest.h | 63 ---
include/linux/cc_platform.h | 8 +
18 files changed, 882 insertions(+), 700 deletions(-)
create mode 100644 arch/x86/include/asm/sev-guest.h
delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h


base-commit: 6995e2de6891c724bfeb2db33d7b87775f913ad1
--
2.34.1



2023-07-22 11:42:56

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct

Drop vmpck and os_area_msg_seqno pointers so that secret page layout
does not need to be exposed to the sev-guest driver after the rework.
Instead, add helper APIs to access vmpck and os_area_msg_seqno when
needed.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
drivers/virt/coco/sev-guest/sev-guest.c | 84 +++++++++++++------------
1 file changed, 43 insertions(+), 41 deletions(-)

diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index d4241048b397..8ad43e007d3b 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -50,8 +50,7 @@ struct snp_guest_dev {

struct snp_secrets_page_layout *layout;
struct snp_req_data input;
- u32 *os_area_msg_seqno;
- u8 *vmpck;
+ unsigned int vmpck_id;
};

static u32 vmpck_id;
@@ -67,12 +66,23 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
return 0;
}

-static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
+static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev)
+{
+ return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN;
+}
+
+static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev)
+{
+ return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id;
+}
+
+static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)
{
char zero_key[VMPCK_KEY_LEN] = {0};
+ u8 *key = snp_get_vmpck(snp_dev);

- if (snp_dev->vmpck)
- return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
+ if (key)
+ return !memcmp(key, zero_key, VMPCK_KEY_LEN);

return true;
}
@@ -96,20 +106,22 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
*/
static void snp_disable_vmpck(struct snp_guest_dev *snp_dev)
{
+ u8 *key = snp_get_vmpck(snp_dev);
+
dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n",
- vmpck_id);
- memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN);
- snp_dev->vmpck = NULL;
+ snp_dev->vmpck_id);
+ memzero_explicit(key, VMPCK_KEY_LEN);
}

static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev)
{
+ u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev);
u64 count;

lockdep_assert_held(&snp_dev->cmd_mutex);

/* Read the current message sequence counter from secrets pages */
- count = *snp_dev->os_area_msg_seqno;
+ count = *os_area_msg_seqno;

return count + 1;
}
@@ -137,11 +149,13 @@ static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev)

static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev)
{
+ u32 *os_area_msg_seqno = snp_get_os_area_msg_seqno(snp_dev);
+
/*
* The counter is also incremented by the PSP, so increment it by 2
* and save in secrets page.
*/
- *snp_dev->os_area_msg_seqno += 2;
+ *os_area_msg_seqno += 2;
}

static inline struct snp_guest_dev *to_snp_dev(struct file *file)
@@ -151,15 +165,22 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file)
return container_of(dev, struct snp_guest_dev, misc);
}

-static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen)
+static struct aesgcm_ctx *snp_init_crypto(struct snp_guest_dev *snp_dev)
{
struct aesgcm_ctx *ctx;
+ u8 *key;
+
+ if (snp_is_vmpck_empty(snp_dev)) {
+ pr_err("SNP: vmpck id %d is null\n", snp_dev->vmpck_id);
+ return NULL;
+ }

ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT);
if (!ctx)
return NULL;

- if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) {
+ key = snp_get_vmpck(snp_dev);
+ if (aesgcm_expandkey(ctx, key, VMPCK_KEY_LEN, AUTHTAG_LEN)) {
pr_err("SNP: crypto init failed\n");
kfree(ctx);
return NULL;
@@ -606,7 +627,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
mutex_lock(&snp_dev->cmd_mutex);

/* Check if the VMPCK is not empty */
- if (is_vmpck_empty(snp_dev)) {
+ if (snp_is_vmpck_empty(snp_dev)) {
dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
mutex_unlock(&snp_dev->cmd_mutex);
return -ENOTTY;
@@ -676,32 +697,14 @@ static const struct file_operations snp_guest_fops = {
.unlocked_ioctl = snp_guest_ioctl,
};

-static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno)
+bool snp_assign_vmpck(struct snp_guest_dev *dev, int vmpck_id)
{
- u8 *key = NULL;
+ if (WARN_ON(vmpck_id > 3))
+ return false;

- switch (id) {
- case 0:
- *seqno = &layout->os_area.msg_seqno_0;
- key = layout->vmpck0;
- break;
- case 1:
- *seqno = &layout->os_area.msg_seqno_1;
- key = layout->vmpck1;
- break;
- case 2:
- *seqno = &layout->os_area.msg_seqno_2;
- key = layout->vmpck2;
- break;
- case 3:
- *seqno = &layout->os_area.msg_seqno_3;
- key = layout->vmpck3;
- break;
- default:
- break;
- }
+ dev->vmpck_id = vmpck_id;

- return key;
+ return true;
}

static int __init sev_guest_probe(struct platform_device *pdev)
@@ -733,14 +736,14 @@ static int __init sev_guest_probe(struct platform_device *pdev)
goto e_unmap;

ret = -EINVAL;
- snp_dev->vmpck = get_vmpck(vmpck_id, layout, &snp_dev->os_area_msg_seqno);
- if (!snp_dev->vmpck) {
+ snp_dev->layout = layout;
+ if (!snp_assign_vmpck(snp_dev, vmpck_id)) {
dev_err(dev, "invalid vmpck id %d\n", vmpck_id);
goto e_unmap;
}

/* Verify that VMPCK is not zero. */
- if (is_vmpck_empty(snp_dev)) {
+ if (snp_is_vmpck_empty(snp_dev)) {
dev_err(dev, "vmpck id %d is null\n", vmpck_id);
goto e_unmap;
}
@@ -748,7 +751,6 @@ static int __init sev_guest_probe(struct platform_device *pdev)
mutex_init(&snp_dev->cmd_mutex);
platform_set_drvdata(pdev, snp_dev);
snp_dev->dev = dev;
- snp_dev->layout = layout;

/* Allocate the shared page used for the request and response message. */
snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg));
@@ -764,7 +766,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
goto e_free_response;

ret = -EIO;
- snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN);
+ snp_dev->ctx = snp_init_crypto(snp_dev);
if (!snp_dev->ctx)
goto e_free_cert_data;

--
2.34.1


2023-07-22 11:51:38

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 08/14] x86/mm: Add generic guest initialization hook

Add generic enc_init guest hook for performing any type of
initialization that is vendor specific.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/include/asm/x86_init.h | 2 ++
arch/x86/kernel/x86_init.c | 2 ++
arch/x86/mm/mem_encrypt.c | 3 +++
3 files changed, 7 insertions(+)

diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h
index 88085f369ff6..5bca02769074 100644
--- a/arch/x86/include/asm/x86_init.h
+++ b/arch/x86/include/asm/x86_init.h
@@ -148,12 +148,14 @@ struct x86_init_acpi {
* @enc_status_change_finish Notify HV after the encryption status of a range is changed
* @enc_tlb_flush_required Returns true if a TLB flush is needed before changing page encryption status
* @enc_cache_flush_required Returns true if a cache flush is needed before changing page encryption status
+ * @enc_init Prepare and initialize encryption features
*/
struct x86_guest {
void (*enc_status_change_prepare)(unsigned long vaddr, int npages, bool enc);
bool (*enc_status_change_finish)(unsigned long vaddr, int npages, bool enc);
bool (*enc_tlb_flush_required)(bool enc);
bool (*enc_cache_flush_required)(void);
+ void (*enc_init)(void);
};

/**
diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c
index d82f4fa2f1bf..451e0f39d053 100644
--- a/arch/x86/kernel/x86_init.c
+++ b/arch/x86/kernel/x86_init.c
@@ -135,6 +135,7 @@ static bool enc_status_change_finish_noop(unsigned long vaddr, int npages, bool
static bool enc_tlb_flush_required_noop(bool enc) { return false; }
static bool enc_cache_flush_required_noop(void) { return false; }
static bool is_private_mmio_noop(u64 addr) {return false; }
+static void enc_init_noop(void) { }

struct x86_platform_ops x86_platform __ro_after_init = {
.calibrate_cpu = native_calibrate_cpu_early,
@@ -157,6 +158,7 @@ struct x86_platform_ops x86_platform __ro_after_init = {
.enc_status_change_finish = enc_status_change_finish_noop,
.enc_tlb_flush_required = enc_tlb_flush_required_noop,
.enc_cache_flush_required = enc_cache_flush_required_noop,
+ .enc_init = enc_init_noop,
},
};

diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 9f27e14e185f..01abecc9a774 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -84,5 +84,8 @@ void __init mem_encrypt_init(void)
/* Call into SWIOTLB to update the SWIOTLB DMA buffers */
swiotlb_update_mem_attributes();

+ if (x86_platform.guest.enc_init)
+ x86_platform.guest.enc_init();
+
print_mem_encrypt_feature_info();
}
--
2.34.1


2023-07-22 11:51:53

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 03/14] virt: sev-guest: Replace pr_debug with dev_dbg

In preparation of moving code to arch/x86/kernel/sev.c,
replace dev_dbg with pr_debug.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
drivers/virt/coco/sev-guest/sev-guest.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 8ba624088d73..538c42e64baa 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -206,8 +206,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
struct aesgcm_ctx *ctx = snp_dev->ctx;

- dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
- resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
+ pr_debug("response [seqno %lld type %d version %d sz %d]\n",
+ resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
+ resp_hdr->msg_sz);

/* Copy response from shared memory to encrypted memory. */
memcpy(resp, snp_dev->response, sizeof(*resp));
@@ -253,8 +254,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
if (!hdr->msg_seqno)
return -ENOSR;

- dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
- hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
+ pr_debug("request [seqno %lld type %d version %d sz %d]\n",
+ hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);

return __enc_payload(snp_dev->ctx, req, payload, sz);
}
--
2.34.1


2023-07-22 11:52:13

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 01/14] virt: sev-guest: Use AES GCM crypto library

The sev-guest driver encryption code uses Crypto API for SNP guest
messaging to interact with AMD Security processor. For enabling SecureTSC,
SEV-SNP guests need to send a TSC_INFO request guest message before the
smpboot phase starts. Details from the TSC_INFO response will be used to
program the VMSA before the secondary CPUs are brought up. The Crypto API
is not available this early in the boot phase.

In preparation of moving the encryption code out of sev-guest driver to
support SecureTSC and make reviewing the diff easier, start using AES GCM
library implementation instead of Crypto API.

Link: https://lore.kernel.org/all/[email protected]
CC: Ard Biesheuvel <[email protected]>
Signed-off-by: Nikunj A Dadhania <[email protected]>
---
drivers/virt/coco/sev-guest/Kconfig | 3 +-
drivers/virt/coco/sev-guest/sev-guest.c | 172 +++++++-----------------
drivers/virt/coco/sev-guest/sev-guest.h | 3 +
3 files changed, 53 insertions(+), 125 deletions(-)

diff --git a/drivers/virt/coco/sev-guest/Kconfig b/drivers/virt/coco/sev-guest/Kconfig
index f9db0799ae67..bcc760bfb468 100644
--- a/drivers/virt/coco/sev-guest/Kconfig
+++ b/drivers/virt/coco/sev-guest/Kconfig
@@ -2,8 +2,7 @@ config SEV_GUEST
tristate "AMD SEV Guest driver"
default m
depends on AMD_MEM_ENCRYPT
- select CRYPTO_AEAD2
- select CRYPTO_GCM
+ select CRYPTO_LIB_AESGCM
help
SEV-SNP firmware provides the guest a mechanism to communicate with
the PSP without risk from a malicious hypervisor who wishes to read,
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
index 97dbe715e96a..520e2b6613a7 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -16,8 +16,7 @@
#include <linux/miscdevice.h>
#include <linux/set_memory.h>
#include <linux/fs.h>
-#include <crypto/aead.h>
-#include <linux/scatterlist.h>
+#include <crypto/gcm.h>
#include <linux/psp-sev.h>
#include <uapi/linux/sev-guest.h>
#include <uapi/linux/psp-sev.h>
@@ -28,24 +27,16 @@
#include "sev-guest.h"

#define DEVICE_NAME "sev-guest"
-#define AAD_LEN 48
-#define MSG_HDR_VER 1

#define SNP_REQ_MAX_RETRY_DURATION (60*HZ)
#define SNP_REQ_RETRY_DELAY (2*HZ)

-struct snp_guest_crypto {
- struct crypto_aead *tfm;
- u8 *iv, *authtag;
- int iv_len, a_len;
-};
-
struct snp_guest_dev {
struct device *dev;
struct miscdevice misc;

void *certs_data;
- struct snp_guest_crypto *crypto;
+ struct aesgcm_ctx *ctx;
/* request and response are in unencrypted memory */
struct snp_guest_msg *request, *response;

@@ -68,6 +59,15 @@ MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP.
/* Mutex to serialize the shared buffer access and command handling. */
static DEFINE_MUTEX(snp_cmd_mutex);

+static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
+{
+ if (snp_dev && snp_dev->ctx)
+ return snp_dev->ctx->authsize;
+
+ WARN_ONCE(1, "Unable to get crypto authsize\n");
+ return 0;
+}
+
static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
{
char zero_key[VMPCK_KEY_LEN] = {0};
@@ -152,132 +152,59 @@ static inline struct snp_guest_dev *to_snp_dev(struct file *file)
return container_of(dev, struct snp_guest_dev, misc);
}

-static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen)
+static struct aesgcm_ctx *snp_init_crypto(u8 *key, size_t keylen)
{
- struct snp_guest_crypto *crypto;
+ struct aesgcm_ctx *ctx;

- crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT);
- if (!crypto)
+ ctx = kzalloc(sizeof(*ctx), GFP_KERNEL_ACCOUNT);
+ if (!ctx)
return NULL;

- crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
- if (IS_ERR(crypto->tfm))
- goto e_free;
-
- if (crypto_aead_setkey(crypto->tfm, key, keylen))
- goto e_free_crypto;
-
- crypto->iv_len = crypto_aead_ivsize(crypto->tfm);
- crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT);
- if (!crypto->iv)
- goto e_free_crypto;
-
- if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) {
- if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) {
- dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN);
- goto e_free_iv;
- }
+ if (aesgcm_expandkey(ctx, key, keylen, AUTHTAG_LEN)) {
+ pr_err("SNP: crypto init failed\n");
+ kfree(ctx);
+ return NULL;
}

- crypto->a_len = crypto_aead_authsize(crypto->tfm);
- crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT);
- if (!crypto->authtag)
- goto e_free_iv;
-
- return crypto;
-
-e_free_iv:
- kfree(crypto->iv);
-e_free_crypto:
- crypto_free_aead(crypto->tfm);
-e_free:
- kfree(crypto);
-
- return NULL;
+ return ctx;
}

-static void deinit_crypto(struct snp_guest_crypto *crypto)
-{
- crypto_free_aead(crypto->tfm);
- kfree(crypto->iv);
- kfree(crypto->authtag);
- kfree(crypto);
-}
-
-static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg,
- u8 *src_buf, u8 *dst_buf, size_t len, bool enc)
-{
- struct snp_guest_msg_hdr *hdr = &msg->hdr;
- struct scatterlist src[3], dst[3];
- DECLARE_CRYPTO_WAIT(wait);
- struct aead_request *req;
- int ret;
-
- req = aead_request_alloc(crypto->tfm, GFP_KERNEL);
- if (!req)
- return -ENOMEM;
-
- /*
- * AEAD memory operations:
- * +------ AAD -------+------- DATA -----+---- AUTHTAG----+
- * | msg header | plaintext | hdr->authtag |
- * | bytes 30h - 5Fh | or | |
- * | | cipher | |
- * +------------------+------------------+----------------+
- */
- sg_init_table(src, 3);
- sg_set_buf(&src[0], &hdr->algo, AAD_LEN);
- sg_set_buf(&src[1], src_buf, hdr->msg_sz);
- sg_set_buf(&src[2], hdr->authtag, crypto->a_len);
-
- sg_init_table(dst, 3);
- sg_set_buf(&dst[0], &hdr->algo, AAD_LEN);
- sg_set_buf(&dst[1], dst_buf, hdr->msg_sz);
- sg_set_buf(&dst[2], hdr->authtag, crypto->a_len);
-
- aead_request_set_ad(req, AAD_LEN);
- aead_request_set_tfm(req, crypto->tfm);
- aead_request_set_callback(req, 0, crypto_req_done, &wait);
-
- aead_request_set_crypt(req, src, dst, len, crypto->iv);
- ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait);
-
- aead_request_free(req);
- return ret;
-}
-
-static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg,
+static int __enc_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg,
void *plaintext, size_t len)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_guest_msg_hdr *hdr = &msg->hdr;
+ u8 iv[GCM_AES_IV_SIZE] = {};

- memset(crypto->iv, 0, crypto->iv_len);
- memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno));
+ if (WARN_ON((hdr->msg_sz + ctx->authsize) > sizeof(msg->payload)))
+ return -EBADMSG;

- return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true);
+ memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno));
+ aesgcm_encrypt(ctx, msg->payload, plaintext, len, &hdr->algo, AAD_LEN,
+ iv, hdr->authtag);
+ return 0;
}

-static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg,
+static int dec_payload(struct aesgcm_ctx *ctx, struct snp_guest_msg *msg,
void *plaintext, size_t len)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_guest_msg_hdr *hdr = &msg->hdr;
+ u8 iv[GCM_AES_IV_SIZE] = {};

- /* Build IV with response buffer sequence number */
- memset(crypto->iv, 0, crypto->iv_len);
- memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno));
-
- return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false);
+ memcpy(iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno));
+ if (aesgcm_decrypt(ctx, plaintext, msg->payload, len, &hdr->algo,
+ AAD_LEN, iv, hdr->authtag))
+ return 0;
+ else
+ return -EBADMSG;
}

static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_guest_msg *resp = &snp_dev->secret_response;
struct snp_guest_msg *req = &snp_dev->secret_request;
struct snp_guest_msg_hdr *req_hdr = &req->hdr;
struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
+ struct aesgcm_ctx *ctx = snp_dev->ctx;

dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
@@ -298,11 +225,11 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
* If the message size is greater than our buffer length then return
* an error.
*/
- if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz))
+ if (unlikely((resp_hdr->msg_sz + ctx->authsize) > sz))
return -EBADMSG;

/* Decrypt the payload */
- return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len);
+ return dec_payload(ctx, resp, payload, resp_hdr->msg_sz);
}

static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
@@ -329,7 +256,7 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);

- return __enc_payload(snp_dev, req, payload, sz);
+ return __enc_payload(snp_dev->ctx, req, payload, sz);
}

static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
@@ -472,7 +399,6 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,

static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_report_resp *resp;
struct snp_report_req req;
int rc, resp_len;
@@ -490,7 +416,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io
* response payload. Make sure that it has enough space to cover the
* authtag.
*/
- resp_len = sizeof(resp->data) + crypto->a_len;
+ resp_len = sizeof(resp->data) + get_ctx_authsize(snp_dev);
resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
if (!resp)
return -ENOMEM;
@@ -511,7 +437,6 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io

static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_derived_key_resp resp = {0};
struct snp_derived_key_req req;
int rc, resp_len;
@@ -528,7 +453,7 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque
* response payload. Make sure that it has enough space to cover the
* authtag.
*/
- resp_len = sizeof(resp.data) + crypto->a_len;
+ resp_len = sizeof(resp.data) + get_ctx_authsize(snp_dev);
if (sizeof(buf) < resp_len)
return -ENOMEM;

@@ -552,7 +477,6 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque

static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
{
- struct snp_guest_crypto *crypto = snp_dev->crypto;
struct snp_ext_report_req req;
struct snp_report_resp *resp;
int ret, npages = 0, resp_len;
@@ -590,7 +514,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
* response payload. Make sure that it has enough space to cover the
* authtag.
*/
- resp_len = sizeof(resp->data) + crypto->a_len;
+ resp_len = sizeof(resp->data) + get_ctx_authsize(snp_dev);
resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
if (!resp)
return -ENOMEM;
@@ -802,8 +726,8 @@ static int __init sev_guest_probe(struct platform_device *pdev)
goto e_free_response;

ret = -EIO;
- snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN);
- if (!snp_dev->crypto)
+ snp_dev->ctx = snp_init_crypto(snp_dev->vmpck, VMPCK_KEY_LEN);
+ if (!snp_dev->ctx)
goto e_free_cert_data;

misc = &snp_dev->misc;
@@ -818,11 +742,13 @@ static int __init sev_guest_probe(struct platform_device *pdev)

ret = misc_register(misc);
if (ret)
- goto e_free_cert_data;
+ goto e_free_ctx;

dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id);
return 0;

+e_free_ctx:
+ kfree(snp_dev->ctx);
e_free_cert_data:
free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE);
e_free_response:
@@ -841,7 +767,7 @@ static int __exit sev_guest_remove(struct platform_device *pdev)
free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE);
free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg));
free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg));
- deinit_crypto(snp_dev->crypto);
+ kfree(snp_dev->ctx);
misc_deregister(&snp_dev->misc);

return 0;
diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
index 21bda26fdb95..ceb798a404d6 100644
--- a/drivers/virt/coco/sev-guest/sev-guest.h
+++ b/drivers/virt/coco/sev-guest/sev-guest.h
@@ -13,6 +13,9 @@
#include <linux/types.h>

#define MAX_AUTHTAG_LEN 32
+#define AUTHTAG_LEN 16
+#define AAD_LEN 48
+#define MSG_HDR_VER 1

/* See SNP spec SNP_GUEST_REQUEST section for the structure */
enum msg_type {
--
2.34.1


2023-07-22 11:52:41

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 09/14] x86/sev: Add Secure TSC support for SNP guests

Add support for Secure TSC in SNP enabled guests. Secure TSC allows
guest to securely use RDTSC/RDTSCP instructions as the parameters
being used cannot be changed by hypervisor once the guest is launched.

During the boot-up of the secondary cpus, SecureTSC enabled guests
need to query TSC info from AMD Security Processor. This communication
channel is encrypted between the AMD Security Processor and the guest,
the hypervisor is just the conduit to deliver the guest messages to
the AMD Security Processor. Each message is protected with an
AEAD (AES-256 GCM). Use minimal AES GCM library to encrypt/decrypt SNP
Guest messages to communicate with the PSP.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/coco/core.c | 3 ++
arch/x86/include/asm/sev-guest.h | 18 +++++++
arch/x86/include/asm/sev.h | 2 +
arch/x86/include/asm/svm.h | 6 ++-
arch/x86/kernel/sev.c | 82 ++++++++++++++++++++++++++++++++
arch/x86/mm/mem_encrypt_amd.c | 6 +++
include/linux/cc_platform.h | 8 ++++
7 files changed, 123 insertions(+), 2 deletions(-)

diff --git a/arch/x86/coco/core.c b/arch/x86/coco/core.c
index 73f83233d25d..1cfb86c6bd78 100644
--- a/arch/x86/coco/core.c
+++ b/arch/x86/coco/core.c
@@ -89,6 +89,9 @@ static bool amd_cc_platform_has(enum cc_attr attr)
case CC_ATTR_GUEST_SEV_SNP:
return sev_status & MSR_AMD64_SEV_SNP_ENABLED;

+ case CC_ATTR_GUEST_SECURE_TSC:
+ return sev_status & MSR_AMD64_SNP_SECURE_TSC;
+
default:
return false;
}
diff --git a/arch/x86/include/asm/sev-guest.h b/arch/x86/include/asm/sev-guest.h
index e6f94208173d..58739173eba9 100644
--- a/arch/x86/include/asm/sev-guest.h
+++ b/arch/x86/include/asm/sev-guest.h
@@ -39,6 +39,8 @@ enum msg_type {
SNP_MSG_ABSORB_RSP,
SNP_MSG_VMRK_REQ,
SNP_MSG_VMRK_RSP,
+ SNP_MSG_TSC_INFO_REQ = 17,
+ SNP_MSG_TSC_INFO_RSP,

SNP_MSG_TYPE_MAX
};
@@ -111,6 +113,22 @@ struct snp_guest_req {
u8 msg_type;
};

+struct snp_tsc_info_req {
+#define SNP_TSC_INFO_REQ_SZ 128
+ /* Must be zero filled */
+ u8 rsvd[SNP_TSC_INFO_REQ_SZ];
+} __packed;
+
+struct snp_tsc_info_resp {
+ /* Status of TSC_INFO message */
+ u32 status;
+ u32 rsvd1;
+ u64 tsc_scale;
+ u64 tsc_offset;
+ u32 tsc_factor;
+ u8 rsvd2[100];
+} __packed;
+
int snp_setup_psp_messaging(struct snp_guest_dev *snp_dev);
int snp_send_guest_request(struct snp_guest_dev *dev, struct snp_guest_req *req,
struct snp_guest_request_ioctl *rio);
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h
index 807f85f8014c..d5b35da1b583 100644
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -189,6 +189,7 @@ void snp_set_memory_private(unsigned long vaddr, unsigned int npages);
void snp_set_wakeup_secondary_cpu(void);
bool snp_init(struct boot_params *bp);
void __init __noreturn snp_abort(void);
+void __init snp_secure_tsc_prepare(void);
#else
static inline void sev_es_ist_enter(struct pt_regs *regs) { }
static inline void sev_es_ist_exit(void) { }
@@ -208,6 +209,7 @@ static inline void snp_set_memory_private(unsigned long vaddr, unsigned int npag
static inline void snp_set_wakeup_secondary_cpu(void) { }
static inline bool snp_init(struct boot_params *bp) { return false; }
static inline void snp_abort(void) { }
+static inline void __init snp_secure_tsc_prepare(void) { }
#endif

#endif
diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
index e7c7379d6ac7..3956c5095109 100644
--- a/arch/x86/include/asm/svm.h
+++ b/arch/x86/include/asm/svm.h
@@ -412,7 +412,9 @@ struct sev_es_save_area {
u8 reserved_0x298[80];
u32 pkru;
u32 tsc_aux;
- u8 reserved_0x2f0[24];
+ u64 tsc_scale;
+ u64 tsc_offset;
+ u8 reserved_0x300[8];
u64 rcx;
u64 rdx;
u64 rbx;
@@ -544,7 +546,7 @@ static inline void __unused_size_checks(void)
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x1c0);
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x248);
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x298);
- BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x2f0);
+ BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x300);
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x320);
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x380);
BUILD_BUG_RESERVED_OFFSET(sev_es_save_area, 0x3f0);
diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index 72e76c58aebd..d55562cd395d 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -76,6 +76,10 @@ static u64 sev_hv_features __ro_after_init;
/* Secrets page physical address from the CC blob */
static u64 secrets_pa __ro_after_init;

+/* Secure TSC values read using TSC_INFO SNP Guest request */
+static u64 guest_tsc_scale __ro_after_init;
+static u64 guest_tsc_offset __ro_after_init;
+
/* #VC handler runtime per-CPU data */
struct sev_es_runtime_data {
struct ghcb ghcb_page;
@@ -1411,6 +1415,78 @@ bool snp_assign_vmpck(struct snp_guest_dev *dev, unsigned int vmpck_id)
}
EXPORT_SYMBOL_GPL(snp_assign_vmpck);

+static struct snp_guest_dev tsc_snp_dev __initdata;
+
+static int __init snp_get_tsc_info(void)
+{
+ static u8 buf[SNP_TSC_INFO_REQ_SZ + AUTHTAG_LEN];
+ struct snp_guest_request_ioctl rio;
+ struct snp_tsc_info_resp tsc_resp;
+ struct snp_tsc_info_req tsc_req;
+ struct snp_guest_req req;
+ int rc, resp_len;
+
+ /*
+ * The intermediate response buffer is used while decrypting the
+ * response payload. Make sure that it has enough space to cover the
+ * authtag.
+ */
+ resp_len = sizeof(tsc_resp) + AUTHTAG_LEN;
+ if (sizeof(buf) < resp_len)
+ return -EINVAL;
+
+ memset(&tsc_req, 0, sizeof(tsc_req));
+ memset(&req, 0, sizeof(req));
+ memset(&rio, 0, sizeof(rio));
+ memset(buf, 0, sizeof(buf));
+
+ if (!snp_assign_vmpck(&tsc_snp_dev, 0))
+ return -EINVAL;
+
+ /* Initialize the PSP channel to send snp messages */
+ if (snp_setup_psp_messaging(&tsc_snp_dev))
+ sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
+
+ req.msg_version = MSG_HDR_VER;
+ req.msg_type = SNP_MSG_TSC_INFO_REQ;
+ req.vmpck_id = tsc_snp_dev.vmpck_id;
+ req.req_buf = &tsc_req;
+ req.req_sz = sizeof(tsc_req);
+ req.resp_buf = buf;
+ req.resp_sz = resp_len;
+ req.exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+ rc = snp_send_guest_request(&tsc_snp_dev, &req, &rio);
+ if (rc)
+ goto err_req;
+
+ memcpy(&tsc_resp, buf, sizeof(tsc_resp));
+ pr_debug("%s: Valid response status %x scale %llx offset %llx factor %x\n",
+ __func__, tsc_resp.status, tsc_resp.tsc_scale, tsc_resp.tsc_offset,
+ tsc_resp.tsc_factor);
+
+ guest_tsc_scale = tsc_resp.tsc_scale;
+ guest_tsc_offset = tsc_resp.tsc_offset;
+
+err_req:
+ /* The response buffer contains the sensitive data, explicitly clear it. */
+ memzero_explicit(buf, sizeof(buf));
+ memzero_explicit(&tsc_resp, sizeof(tsc_resp));
+ memzero_explicit(&req, sizeof(req));
+
+ return rc;
+}
+
+void __init snp_secure_tsc_prepare(void)
+{
+ if (!cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
+ return;
+
+ if (snp_get_tsc_info())
+ sev_es_terminate(SEV_TERM_SET_GEN, GHCB_SNP_UNSUPPORTED);
+
+ pr_debug("SecureTSC enabled\n");
+}
+
static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
{
struct sev_es_save_area *cur_vmsa, *vmsa;
@@ -1511,6 +1587,12 @@ static int wakeup_cpu_via_vmgexit(int apic_id, unsigned long start_ip)
vmsa->vmpl = 0;
vmsa->sev_features = sev_status >> 2;

+ /* Setting Secure TSC parameters */
+ if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) {
+ vmsa->tsc_scale = guest_tsc_scale;
+ vmsa->tsc_offset = guest_tsc_offset;
+ }
+
/* Switch the page over to a VMSA page now that it is initialized */
ret = snp_set_vmsa(vmsa, true);
if (ret) {
diff --git a/arch/x86/mm/mem_encrypt_amd.c b/arch/x86/mm/mem_encrypt_amd.c
index e0b51c09109f..fc25749fb2e5 100644
--- a/arch/x86/mm/mem_encrypt_amd.c
+++ b/arch/x86/mm/mem_encrypt_amd.c
@@ -215,6 +215,11 @@ void __init sme_map_bootdata(char *real_mode_data)
__sme_early_map_unmap_mem(__va(cmdline_paddr), COMMAND_LINE_SIZE, true);
}

+void __init amd_enc_init(void)
+{
+ snp_secure_tsc_prepare();
+}
+
void __init sev_setup_arch(void)
{
phys_addr_t total_mem = memblock_phys_mem_size();
@@ -501,6 +506,7 @@ void __init sme_early_init(void)
x86_platform.guest.enc_status_change_finish = amd_enc_status_change_finish;
x86_platform.guest.enc_tlb_flush_required = amd_enc_tlb_flush_required;
x86_platform.guest.enc_cache_flush_required = amd_enc_cache_flush_required;
+ x86_platform.guest.enc_init = amd_enc_init;
}

void __init mem_encrypt_free_decrypted_mem(void)
diff --git a/include/linux/cc_platform.h b/include/linux/cc_platform.h
index cb0d6cd1c12f..e081ca4d5da2 100644
--- a/include/linux/cc_platform.h
+++ b/include/linux/cc_platform.h
@@ -90,6 +90,14 @@ enum cc_attr {
* Examples include TDX Guest.
*/
CC_ATTR_HOTPLUG_DISABLED,
+
+ /**
+ * @CC_ATTR_GUEST_SECURE_TSC: Secure TSC is active.
+ *
+ * The platform/OS is running as a guest/virtual machine and actively
+ * using AMD SEV-SNP Secure TSC feature.
+ */
+ CC_ATTR_GUEST_SECURE_TSC,
};

#ifdef CONFIG_ARCH_HAS_CC_PLATFORM
--
2.34.1


2023-07-22 11:53:02

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 12/14] x86/kvmclock: Skip kvmclock when Secure TSC is available

For AMD SNP guests having Secure TSC enabled, skip using the kvmclock.
The guest kernel will fallback and use Secure TSC based clocksource.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/kernel/kvmclock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c
index 0f35d44c56fe..1be342064851 100644
--- a/arch/x86/kernel/kvmclock.c
+++ b/arch/x86/kernel/kvmclock.c
@@ -288,7 +288,7 @@ void __init kvmclock_init(void)
{
u8 flags;

- if (!kvm_para_available() || !kvmclock)
+ if (!kvm_para_available() || !kvmclock || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
return;

if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE2)) {
--
2.34.1


2023-07-22 11:53:23

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 11/14] x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled guests

The hypervisor should not be intercepting RDTSC/RDTSCP when Secure TSC
is enabled. A #VC exception will be generated if the RDTSC/RDTSCP
instructions are being intercepted. If this should occur and Secure
TSC is enabled, terminate guest execution.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/kernel/sev-shared.c | 7 +++++++
1 file changed, 7 insertions(+)

diff --git a/arch/x86/kernel/sev-shared.c b/arch/x86/kernel/sev-shared.c
index 3a5b0c9c4fcc..1c22025b298f 100644
--- a/arch/x86/kernel/sev-shared.c
+++ b/arch/x86/kernel/sev-shared.c
@@ -912,6 +912,13 @@ static enum es_result vc_handle_rdtsc(struct ghcb *ghcb,
bool rdtscp = (exit_code == SVM_EXIT_RDTSCP);
enum es_result ret;

+ /*
+ * RDTSC and RDTSCP should not be intercepted when Secure TSC is
+ * enabled. Terminate the SNP guest when the interception is enabled.
+ */
+ if (sev_status & MSR_AMD64_SNP_SECURE_TSC)
+ return ES_VMM_ERROR;
+
ret = sev_es_ghcb_hv_call(ghcb, ctxt, exit_code, 0, 0);
if (ret != ES_OK)
return ret;
--
2.34.1


2023-07-22 11:53:34

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 13/14] x86/tsc: Mark Secure TSC as reliable clocksource

AMD SNP guests may have Secure TSC feature enabled. Secure TSC as
clocksource is wrongly marked as unstable, mark Secure TSC as
reliable.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/kernel/tsc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/x86/kernel/tsc.c b/arch/x86/kernel/tsc.c
index 344698852146..5f1e2b51ae3b 100644
--- a/arch/x86/kernel/tsc.c
+++ b/arch/x86/kernel/tsc.c
@@ -1221,7 +1221,7 @@ static void __init check_system_tsc_reliable(void)
tsc_clocksource_reliable = 1;
}
#endif
- if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE))
+ if (boot_cpu_has(X86_FEATURE_TSC_RELIABLE) || cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
tsc_clocksource_reliable = 1;

/*
--
2.34.1


2023-07-22 11:53:35

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 10/14] x86/sev: Change TSC MSR behavior for Secure TSC enabled guests

Secure TSC enabled guests should not write MSR_IA32_TSC(10H) register
as the subsequent TSC value reads are undefined. MSR_IA32_TSC related
accesses should not exit to the hypervisor for such guests.

Accesses to MSR_IA32_TSC needs special handling in the #VC handler for
the guests with Secure TSC enabled. Writes to MSR_IA32_TSC should be
ignored, and reads of MSR_IA32_TSC should return the result of the
RDTSC instruction.

Signed-off-by: Nikunj A Dadhania <[email protected]>
Reviewed-by: Tom Lendacky <[email protected]>
---
arch/x86/kernel/sev.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)

diff --git a/arch/x86/kernel/sev.c b/arch/x86/kernel/sev.c
index d55562cd395d..2d42822fa01c 100644
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -1729,6 +1729,30 @@ static enum es_result vc_handle_msr(struct ghcb *ghcb, struct es_em_ctxt *ctxt)
/* Is it a WRMSR? */
exit_info_1 = (ctxt->insn.opcode.bytes[1] == 0x30) ? 1 : 0;

+ /*
+ * TSC related accesses should not exit to the hypervisor when a
+ * guest is executing with SecureTSC enabled, so special handling
+ * is required for accesses of MSR_IA32_TSC:
+ *
+ * Writes: Writing to MSR_IA32_TSC can cause subsequent reads
+ * of the TSC to return undefined values, so ignore all
+ * writes.
+ * Reads: Reads of MSR_IA32_TSC should return the current TSC
+ * value, use the value returned by RDTSC.
+ */
+ if (regs->cx == MSR_IA32_TSC && cc_platform_has(CC_ATTR_GUEST_SECURE_TSC)) {
+ u64 tsc;
+
+ if (exit_info_1)
+ return ES_OK;
+
+ tsc = rdtsc();
+ regs->ax = UINT_MAX & tsc;
+ regs->dx = UINT_MAX & (tsc >> 32);
+
+ return ES_OK;
+ }
+
ghcb_set_rcx(ghcb, regs->cx);
if (exit_info_1) {
ghcb_set_rax(ghcb, regs->ax);
--
2.34.1


2023-07-22 12:04:30

by Nikunj A. Dadhania

[permalink] [raw]
Subject: [PATCH v3 14/14] x86/sev: Enable Secure TSC for SNP guests

Now that all the required plumbing is done for enabling SNP
Secure TSC feature, add Secure TSC to snp features present list.

The CC_ATTR_GUEST_SECURE_TSC can be used by the guest to query whether
the SNP guest has Secure TSC feature active.

Signed-off-by: Nikunj A Dadhania <[email protected]>
---
arch/x86/boot/compressed/sev.c | 2 +-
arch/x86/mm/mem_encrypt.c | 10 ++++++++--
2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/arch/x86/boot/compressed/sev.c b/arch/x86/boot/compressed/sev.c
index 014b89c89088..11f951caf2de 100644
--- a/arch/x86/boot/compressed/sev.c
+++ b/arch/x86/boot/compressed/sev.c
@@ -313,7 +313,7 @@ static void enforce_vmpl0(void)
* by the guest kernel. As and when a new feature is implemented in the
* guest kernel, a corresponding bit should be added to the mask.
*/
-#define SNP_FEATURES_PRESENT (0)
+#define SNP_FEATURES_PRESENT (MSR_AMD64_SNP_SECURE_TSC)

void snp_check_features(void)
{
diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c
index 01abecc9a774..26608b9f2ca7 100644
--- a/arch/x86/mm/mem_encrypt.c
+++ b/arch/x86/mm/mem_encrypt.c
@@ -69,8 +69,14 @@ static void print_mem_encrypt_feature_info(void)
pr_cont(" SEV-ES");

/* Secure Nested Paging */
- if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP))
- pr_cont(" SEV-SNP");
+ if (cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) {
+ pr_cont(" SEV-SNP\n");
+ pr_cont("SNP Features active: ");
+
+ /* SNP Secure TSC */
+ if (cc_platform_has(CC_ATTR_GUEST_SECURE_TSC))
+ pr_cont(" SECURE-TSC");
+ }

pr_cont("\n");
}
--
2.34.1


2023-08-01 05:32:38

by Nikunj A. Dadhania

[permalink] [raw]
Subject: Re: [PATCH v3 00/14] Add Secure TSC support for SNP guests

On 7/22/2023 4:48 PM, Nikunj A Dadhania wrote:
> Secure TSC allows guests to securely use RDTSC/RDTSCP instructions as the
> parameters being used cannot be changed by hypervisor once the guest is
> launched. More details in the AMD64 APM Vol 2, Section "Secure TSC".
>
> During the boot-up of the secondary cpus, SecureTSC enabled guests need to query
> TSC info from AMD Security Processor. This communication channel is encrypted
> between the AMD Security Processor and the guest, the hypervisor is just the
> conduit to deliver the guest messages to the AMD Security Processor. Each
> message is protected with an AEAD (AES-256 GCM). See "SEV Secure Nested Paging
> Firmware ABI Specification" document (currently at
> https://www.amd.com/system/files/TechDocs/56860.pdf) section "TSC Info"
>
> Use a minimal GCM library to encrypt/decrypt SNP Guest messages to communicate
> with the AMD Security Processor which is available at early boot.
>
> SEV-guest driver has the implementation for guest and AMD Security Processor
> communication. As the TSC_INFO needs to be initialized during early boot before
> smp cpus are started, move most of the sev-guest driver code to kernel/sev.c and
> provide well defined APIs to the sev-guest driver to use the interface to avoid
> code-duplication.
>
> Patches:
> 01-07: Preparation and movement of sev-guest driver code
> 08-14: SecureTSC enablement patches.

A gentle reminder.

Thanks
Nikunj

>
> Testing SecureTSC
> -----------------
>
> SecureTSC hypervisor patches based on top of SEV-SNP UPM series:
> https://github.com/nikunjad/linux/tree/snp-host-latest-securetsc
>
> QEMU changes:
> https://github.com/nikunjad/qemu/tree/snp_securetsc
>
> QEMU commandline SEV-SNP-UPM with SecureTSC:
>
> qemu-system-x86_64 -cpu EPYC-Milan-v2,+secure-tsc \
> -object memory-backend-memfd-private,id=ram1,size=1G,share=true \
> -object sev-snp-guest,id=sev0,cbitpos=51,reduced-phys-bits=1,secure-tsc=on \
> -machine q35,confidential-guest-support=sev0,memory-backend=ram1,kvm-type=protected \
> ...
>
> Changelog:
> ----------
> v3:
> * Updated commit messages
> * Made snp_setup_psp_messaging() generic that is accessed by both the
> kernel and the driver
> * Moved most of the context information to sev.c, sev-guest driver
> does not need to know the secrets page layout anymore
> * Add CC_ATTR_GUEST_SECURE_TSC early in the series therefore it can be
> used in later patches.
> * Removed data_gpa and data_npages from struct snp_req_data, as certs_data
> and its size is passed to handle_guest_request_ext()
> * Make vmpck_id as unsigned int
> * Dropped unnecessary usage of memzero_explicit()
> * Cache secrets_pa instead of remapping the cc_blob always
> * Rebase on top of v6.4 kernel
>
> v2:
> * Rebased on top of v6.3-rc3 that has Boris's sev-guest cleanup series
> https://lore.kernel.org/r/[email protected]/
>
> v1: https://lore.kernel.org/r/[email protected]/
>
> Nikunj A Dadhania (14):
> virt: sev-guest: Use AES GCM crypto library
> virt: sev-guest: Move mutex to SNP guest device structure
> virt: sev-guest: Replace pr_debug with dev_dbg
> virt: sev-guest: Add SNP guest request structure
> virt: sev-guest: Add vmpck_id to snp_guest_dev struct
> x86/sev: Cache the secrets page address
> x86/sev: Move and reorganize sev guest request api
> x86/mm: Add generic guest initialization hook
> x86/sev: Add Secure TSC support for SNP guests
> x86/sev: Change TSC MSR behavior for Secure TSC enabled guests
> x86/sev: Prevent RDTSC/RDTSCP interception for Secure TSC enabled
> guests
> x86/kvmclock: Skip kvmclock when Secure TSC is available
> x86/tsc: Mark Secure TSC as reliable clocksource
> x86/sev: Enable Secure TSC for SNP guests
>
> arch/x86/Kconfig | 1 +
> arch/x86/boot/compressed/sev.c | 2 +-
> arch/x86/coco/core.c | 3 +
> arch/x86/include/asm/sev-guest.h | 175 +++++++
> arch/x86/include/asm/sev.h | 19 +-
> arch/x86/include/asm/svm.h | 6 +-
> arch/x86/include/asm/x86_init.h | 2 +
> arch/x86/kernel/kvmclock.c | 2 +-
> arch/x86/kernel/sev-shared.c | 7 +
> arch/x86/kernel/sev.c | 631 +++++++++++++++++++++--
> arch/x86/kernel/tsc.c | 2 +-
> arch/x86/kernel/x86_init.c | 2 +
> arch/x86/mm/mem_encrypt.c | 13 +-
> arch/x86/mm/mem_encrypt_amd.c | 6 +
> drivers/virt/coco/sev-guest/Kconfig | 2 -
> drivers/virt/coco/sev-guest/sev-guest.c | 638 +++---------------------
> drivers/virt/coco/sev-guest/sev-guest.h | 63 ---
> include/linux/cc_platform.h | 8 +
> 18 files changed, 882 insertions(+), 700 deletions(-)
> create mode 100644 arch/x86/include/asm/sev-guest.h
> delete mode 100644 drivers/virt/coco/sev-guest/sev-guest.h
>
>
> base-commit: 6995e2de6891c724bfeb2db33d7b87775f913ad1


2023-08-01 16:53:35

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH v3 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct

On 7/22/23 06:19, Nikunj A Dadhania wrote:
> Drop vmpck and os_area_msg_seqno pointers so that secret page layout
> does not need to be exposed to the sev-guest driver after the rework.
> Instead, add helper APIs to access vmpck and os_area_msg_seqno when
> needed.
>
> Signed-off-by: Nikunj A Dadhania <[email protected]>
> ---
> drivers/virt/coco/sev-guest/sev-guest.c | 84 +++++++++++++------------
> 1 file changed, 43 insertions(+), 41 deletions(-)
>
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> index d4241048b397..8ad43e007d3b 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> @@ -50,8 +50,7 @@ struct snp_guest_dev {
>
> struct snp_secrets_page_layout *layout;
> struct snp_req_data input;
> - u32 *os_area_msg_seqno;
> - u8 *vmpck;
> + unsigned int vmpck_id;
> };
>
> static u32 vmpck_id;
> @@ -67,12 +66,23 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
> return 0;
> }
>
> -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
> +static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev)
> +{
> + return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN;
> +}
> +
> +static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev)
> +{
> + return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id;
> +}
> +
> +static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)

I noticed this name change from is_vmpck_empty() to snp_is_vmpck_empty().
Is that in prep for moving, too? Is so, maybe call that out in the commit
message.

> {
> char zero_key[VMPCK_KEY_LEN] = {0};
> + u8 *key = snp_get_vmpck(snp_dev);
>
> - if (snp_dev->vmpck)
> - return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
> + if (key)
> + return !memcmp(key, zero_key, VMPCK_KEY_LEN);

I believe key can't be NULL, so this check isn't required.

Thanks,
Tom

>
> return true;
> }


2023-08-01 17:41:10

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH v3 03/14] virt: sev-guest: Replace pr_debug with dev_dbg

On 7/22/23 06:18, Nikunj A Dadhania wrote:
> In preparation of moving code to arch/x86/kernel/sev.c,
> replace dev_dbg with pr_debug.
>
> Signed-off-by: Nikunj A Dadhania <[email protected]>

The subject is backwards, you're replacing dev_dbg with pr_debug. With that:

Reviewed-by: Tom Lendacky <[email protected]>

> ---
> drivers/virt/coco/sev-guest/sev-guest.c | 9 +++++----
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> index 8ba624088d73..538c42e64baa 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> @@ -206,8 +206,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
> struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
> struct aesgcm_ctx *ctx = snp_dev->ctx;
>
> - dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
> - resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
> + pr_debug("response [seqno %lld type %d version %d sz %d]\n",
> + resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
> + resp_hdr->msg_sz);
>
> /* Copy response from shared memory to encrypted memory. */
> memcpy(resp, snp_dev->response, sizeof(*resp));
> @@ -253,8 +254,8 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
> if (!hdr->msg_seqno)
> return -ENOSR;
>
> - dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
> - hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
> + pr_debug("request [seqno %lld type %d version %d sz %d]\n",
> + hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
>
> return __enc_payload(snp_dev->ctx, req, payload, sz);
> }

2023-08-01 18:33:02

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH v3 01/14] virt: sev-guest: Use AES GCM crypto library

On 7/22/23 06:18, Nikunj A Dadhania wrote:
> The sev-guest driver encryption code uses Crypto API for SNP guest
> messaging to interact with AMD Security processor. For enabling SecureTSC,
> SEV-SNP guests need to send a TSC_INFO request guest message before the
> smpboot phase starts. Details from the TSC_INFO response will be used to
> program the VMSA before the secondary CPUs are brought up. The Crypto API
> is not available this early in the boot phase.
>
> In preparation of moving the encryption code out of sev-guest driver to
> support SecureTSC and make reviewing the diff easier, start using AES GCM
> library implementation instead of Crypto API.
>
> Link: https://lore.kernel.org/all/[email protected]
> CC: Ard Biesheuvel <[email protected]>
> Signed-off-by: Nikunj A Dadhania <[email protected]>

Reviewed-by: Tom Lendacky <[email protected]>

> ---
> drivers/virt/coco/sev-guest/Kconfig | 3 +-
> drivers/virt/coco/sev-guest/sev-guest.c | 172 +++++++-----------------
> drivers/virt/coco/sev-guest/sev-guest.h | 3 +
> 3 files changed, 53 insertions(+), 125 deletions(-)
>

2023-08-02 05:00:07

by Nikunj A. Dadhania

[permalink] [raw]
Subject: Re: [PATCH v3 03/14] virt: sev-guest: Replace pr_debug with dev_dbg

On 8/1/2023 9:04 PM, Tom Lendacky wrote:
>> In preparation of moving code to arch/x86/kernel/sev.c,
>> replace dev_dbg with pr_debug.
>>
>> Signed-off-by: Nikunj A Dadhania <[email protected]>
>
> The subject is backwards, you're replacing dev_dbg with pr_debug. With that:

Sure, will fix the subject.

>
> Reviewed-by: Tom Lendacky <[email protected]>

Thanks,
Nikunj

2023-08-02 06:35:17

by Nikunj A. Dadhania

[permalink] [raw]
Subject: Re: [PATCH v3 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct

On 8/1/2023 10:00 PM, Tom Lendacky wrote:
> On 7/22/23 06:19, Nikunj A Dadhania wrote:
>> Drop vmpck and os_area_msg_seqno pointers so that secret page layout
>> does not need to be exposed to the sev-guest driver after the rework.
>> Instead, add helper APIs to access vmpck and os_area_msg_seqno when
>> needed.
>>
>> Signed-off-by: Nikunj A Dadhania <[email protected]>
>> ---
>>   drivers/virt/coco/sev-guest/sev-guest.c | 84 +++++++++++++------------
>>   1 file changed, 43 insertions(+), 41 deletions(-)
>>
>> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
>> index d4241048b397..8ad43e007d3b 100644
>> --- a/drivers/virt/coco/sev-guest/sev-guest.c
>> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
>> @@ -50,8 +50,7 @@ struct snp_guest_dev {
>>         struct snp_secrets_page_layout *layout;
>>       struct snp_req_data input;
>> -    u32 *os_area_msg_seqno;
>> -    u8 *vmpck;
>> +    unsigned int vmpck_id;
>>   };
>>     static u32 vmpck_id;
>> @@ -67,12 +66,23 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
>>       return 0;
>>   }
>>   -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
>> +static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev)
>> +{
>> +    return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN;
>> +}
>> +
>> +static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev)
>> +{
>> +    return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id;
>> +}
>> +
>> +static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)
>
> I noticed this name change from is_vmpck_empty() to snp_is_vmpck_empty(). Is that in prep for moving, too? Is so, maybe call that out in the commit message.

Yes, will add to the commit.

>
>>   {
>>       char zero_key[VMPCK_KEY_LEN] = {0};
>> +    u8 *key = snp_get_vmpck(snp_dev);
>>   -    if (snp_dev->vmpck)
>> -        return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
>> +    if (key)
>> +        return !memcmp(key, zero_key, VMPCK_KEY_LEN);
>
> I believe key can't be NULL, so this check isn't required.

Sure, will update.

Regards
Nikunj


2023-08-02 17:27:52

by Tom Lendacky

[permalink] [raw]
Subject: Re: [PATCH v3 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct

On 8/1/23 23:12, Nikunj A. Dadhania wrote:
> On 8/1/2023 10:00 PM, Tom Lendacky wrote:
>> On 7/22/23 06:19, Nikunj A Dadhania wrote:
>>> Drop vmpck and os_area_msg_seqno pointers so that secret page layout
>>> does not need to be exposed to the sev-guest driver after the rework.
>>> Instead, add helper APIs to access vmpck and os_area_msg_seqno when
>>> needed.
>>>
>>> Signed-off-by: Nikunj A Dadhania <[email protected]>
>>> ---
>>>   drivers/virt/coco/sev-guest/sev-guest.c | 84 +++++++++++++------------
>>>   1 file changed, 43 insertions(+), 41 deletions(-)
>>>
>>> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
>>> index d4241048b397..8ad43e007d3b 100644
>>> --- a/drivers/virt/coco/sev-guest/sev-guest.c
>>> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
>>> @@ -50,8 +50,7 @@ struct snp_guest_dev {
>>>         struct snp_secrets_page_layout *layout;
>>>       struct snp_req_data input;
>>> -    u32 *os_area_msg_seqno;
>>> -    u8 *vmpck;
>>> +    unsigned int vmpck_id;
>>>   };
>>>     static u32 vmpck_id;
>>> @@ -67,12 +66,23 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
>>>       return 0;
>>>   }
>>>   -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
>>> +static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev)
>>> +{
>>> +    return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN;
>>> +}
>>> +
>>> +static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev)
>>> +{
>>> +    return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id;
>>> +}
>>> +
>>> +static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)
>>
>> I noticed this name change from is_vmpck_empty() to snp_is_vmpck_empty(). Is that in prep for moving, too? Is so, maybe call that out in the commit message.
>
> Yes, will add to the commit.
>
>>
>>>   {
>>>       char zero_key[VMPCK_KEY_LEN] = {0};
>>> +    u8 *key = snp_get_vmpck(snp_dev);
>>>   -    if (snp_dev->vmpck)
>>> -        return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
>>> +    if (key)
>>> +        return !memcmp(key, zero_key, VMPCK_KEY_LEN);
>>
>> I believe key can't be NULL, so this check isn't required.
>
> Sure, will update.

Ah, although I noticed that when the various functions are moved over to
the other file, the key return value can be NULL, so probably not worth
changing here.

Thanks,
Tom

>
> Regards
> Nikunj
>

2023-08-03 06:10:30

by Nikunj A. Dadhania

[permalink] [raw]
Subject: Re: [PATCH v3 05/14] virt: sev-guest: Add vmpck_id to snp_guest_dev struct

On 8/2/2023 10:25 PM, Tom Lendacky wrote:
> On 8/1/23 23:12, Nikunj A. Dadhania wrote:
>> On 8/1/2023 10:00 PM, Tom Lendacky wrote:
>>> On 7/22/23 06:19, Nikunj A Dadhania wrote:
>>>> Drop vmpck and os_area_msg_seqno pointers so that secret page layout
>>>> does not need to be exposed to the sev-guest driver after the rework.
>>>> Instead, add helper APIs to access vmpck and os_area_msg_seqno when
>>>> needed.
>>>>
>>>> Signed-off-by: Nikunj A Dadhania <[email protected]>
>>>> ---
>>>>    drivers/virt/coco/sev-guest/sev-guest.c | 84 +++++++++++++------------
>>>>    1 file changed, 43 insertions(+), 41 deletions(-)
>>>>
>>>> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
>>>> index d4241048b397..8ad43e007d3b 100644
>>>> --- a/drivers/virt/coco/sev-guest/sev-guest.c
>>>> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
>>>> @@ -50,8 +50,7 @@ struct snp_guest_dev {
>>>>          struct snp_secrets_page_layout *layout;
>>>>        struct snp_req_data input;
>>>> -    u32 *os_area_msg_seqno;
>>>> -    u8 *vmpck;
>>>> +    unsigned int vmpck_id;
>>>>    };
>>>>      static u32 vmpck_id;
>>>> @@ -67,12 +66,23 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
>>>>        return 0;
>>>>    }
>>>>    -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
>>>> +static inline u8 *snp_get_vmpck(struct snp_guest_dev *snp_dev)
>>>> +{
>>>> +    return snp_dev->layout->vmpck0 + snp_dev->vmpck_id * VMPCK_KEY_LEN;
>>>> +}
>>>> +
>>>> +static inline u32 *snp_get_os_area_msg_seqno(struct snp_guest_dev *snp_dev)
>>>> +{
>>>> +    return &snp_dev->layout->os_area.msg_seqno_0 + snp_dev->vmpck_id;
>>>> +}
>>>> +
>>>> +static bool snp_is_vmpck_empty(struct snp_guest_dev *snp_dev)
>>>
>>> I noticed this name change from is_vmpck_empty() to snp_is_vmpck_empty(). Is that in prep for moving, too? Is so, maybe call that out in the commit message.
>>
>> Yes, will add to the  commit.
>>
>>>
>>>>    {
>>>>        char zero_key[VMPCK_KEY_LEN] = {0};
>>>> +    u8 *key = snp_get_vmpck(snp_dev);
>>>>    -    if (snp_dev->vmpck)
>>>> -        return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
>>>> +    if (key)
>>>> +        return !memcmp(key, zero_key, VMPCK_KEY_LEN);
>>>
>>> I believe key can't be NULL, so this check isn't required.
>>
>> Sure, will update.
>
> Ah, although I noticed that when the various functions are moved over to the other file, the key return value can be NULL, so probably not worth changing here.

I have removed the check in this patch, but the check is retained in the later patch where key can be NULL.

Regards
Nikunj