Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp1734254pxb; Thu, 16 Sep 2021 14:18:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrYoEv07oWfB/HKRk9ZgKa0BNbbUVNzU6DgCRqmRlecHwsnL+Ist+cWPJ02iKmALSJh200 X-Received: by 2002:a92:c888:: with SMTP id w8mr5429523ilo.188.1631827109010; Thu, 16 Sep 2021 14:18:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631827109; cv=none; d=google.com; s=arc-20160816; b=eTIvuPMKJR8sV+094zdZGYivXKie9zvzP+ohyH8HLSYkVm3VUgfvuHkeqhJ373vpiT QnGY8gCwSyJqTRMYeaLBzLRCKOk7rV0Yn74CV51XGZY8pabJzwS8EokkQ92yGRXLdQtR ScGK1oiAx3rRgOP1M5SvJFAuAkW5J25f3/sS6bkcoQF0/xBiz+AxkOSAq/8TUm/4+6Tz xIwUgWpuNWxX1URZqPbSNcvfL37BJmgXiRBIp1HSSIxnn7Oe2+Y2JmHw1JHhKOnMXDPV zrXsXPlTabssjX+5i1YCx020E0P6p18dfVVWxjsMnVqlFlmZtptjho8M+wVStdfAn9u/ gl5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=SbTQn5d0zWYkP8Myd0IN+lWZtPWqRRAfd9fDpSy7+80=; b=VrC0yi1LfcYmVsWuCT1gcjudd2LeTYmcM//FUBqXGtaopSc0nMdEb+y6hBUTH9H8JX f9i+YL+3XD93S5wgyvI9vGK5WoP9u0W8h+kW9OxPoYn6qKicmhaD5GosWbSIuOFQitWI ZOMxNdyy02vts2FlwEAwe21BnMGhAglTpQRsvt4RRDwlAKwYsuW7lCiArV5e5AtpSmS/ I7WRP4Ml5AjashpxEua6NShUWcLj03harughTEsy852U8fsdsZNu5ZJFSdLPGccI1aT1 S2R4Kuz3mRd4x4Yl0dgB/z2pCChyuGHEXr4OYpUz80NW5LzMh+qO+zurCcAY6cLZQZ1p wDyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Rrh+YG4U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b8si4129771ios.88.2021.09.16.14.18.17; Thu, 16 Sep 2021 14:18:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=Rrh+YG4U; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244931AbhIPQj4 (ORCPT + 99 others); Thu, 16 Sep 2021 12:39:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:44350 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241480AbhIPQdM (ORCPT ); Thu, 16 Sep 2021 12:33:12 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 10D59613BD; Thu, 16 Sep 2021 16:20:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1631809213; bh=y5zwYu7lDFof+ZiAvj92o91Nt3I/SpT/ccGWX4iNuB8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Rrh+YG4U1VHnRd01MrbZqYdtD2vm9R7+D4jpo5Eh66HeNHBhpJNg/drf/dG1QYQxm LvlXwzt1v98mtwGRpJmdYPeweT2Wy2gvBBFIobLt4Uos56n5NgsGrGTxOvK1fbOnvi vfNz6daNuqIojQxb5JjwGCX0DqsyriYHZxnAdPy8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lucas Nussbaum , stable@kernel.org, Tom Lendacky , Joerg Roedel , Herbert Xu , David Rientjes , Brijesh Singh , Tom Lendacky Subject: [PATCH 5.13 041/380] crypto: ccp - shutdown SEV firmware on kexec Date: Thu, 16 Sep 2021 17:56:38 +0200 Message-Id: <20210916155805.367705815@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210916155803.966362085@linuxfoundation.org> References: <20210916155803.966362085@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Brijesh Singh commit 5441a07a127f106c9936e4f9fa1a8a93e3f31828 upstream. The commit 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver") added support to allocate Trusted Memory Region (TMR) used during the SEV-ES firmware initialization. The TMR gets locked during the firmware initialization and unlocked during the shutdown. While the TMR is locked, access to it is disallowed. Currently, the CCP driver does not shutdown the firmware during the kexec reboot, leaving the TMR memory locked. Register a callback to shutdown the SEV firmware on the kexec boot. Fixes: 97f9ac3db6612 ("crypto: ccp - Add support for SEV-ES to the PSP driver") Reported-by: Lucas Nussbaum Tested-by: Lucas Nussbaum Cc: Cc: Tom Lendacky Cc: Joerg Roedel Cc: Herbert Xu Cc: David Rientjes Signed-off-by: Brijesh Singh Acked-by: Tom Lendacky Signed-off-by: Herbert Xu Signed-off-by: Greg Kroah-Hartman --- drivers/crypto/ccp/sev-dev.c | 49 ++++++++++++++++++++----------------------- drivers/crypto/ccp/sp-pci.c | 12 ++++++++++ 2 files changed, 35 insertions(+), 26 deletions(-) --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -300,6 +300,9 @@ static int __sev_platform_shutdown_locke struct sev_device *sev = psp_master->sev_data; int ret; + if (sev->state == SEV_STATE_UNINIT) + return 0; + ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error); if (ret) return ret; @@ -1019,6 +1022,20 @@ e_err: return ret; } +static void sev_firmware_shutdown(struct sev_device *sev) +{ + sev_platform_shutdown(NULL); + + if (sev_es_tmr) { + /* The TMR area was encrypted, flush it from the cache */ + wbinvd_on_all_cpus(); + + free_pages((unsigned long)sev_es_tmr, + get_order(SEV_ES_TMR_SIZE)); + sev_es_tmr = NULL; + } +} + void sev_dev_destroy(struct psp_device *psp) { struct sev_device *sev = psp->sev_data; @@ -1026,6 +1043,8 @@ void sev_dev_destroy(struct psp_device * if (!sev) return; + sev_firmware_shutdown(sev); + if (sev->misc) kref_put(&misc_dev->refcount, sev_exit); @@ -1056,21 +1075,6 @@ void sev_pci_init(void) if (sev_get_api_version()) goto err; - /* - * If platform is not in UNINIT state then firmware upgrade and/or - * platform INIT command will fail. These command require UNINIT state. - * - * In a normal boot we should never run into case where the firmware - * is not in UNINIT state on boot. But in case of kexec boot, a reboot - * may not go through a typical shutdown sequence and may leave the - * firmware in INIT or WORKING state. - */ - - if (sev->state != SEV_STATE_UNINIT) { - sev_platform_shutdown(NULL); - sev->state = SEV_STATE_UNINIT; - } - if (sev_version_greater_or_equal(0, 15) && sev_update_firmware(sev->dev) == 0) sev_get_api_version(); @@ -1115,17 +1119,10 @@ err: void sev_pci_exit(void) { - if (!psp_master->sev_data) - return; - - sev_platform_shutdown(NULL); + struct sev_device *sev = psp_master->sev_data; - if (sev_es_tmr) { - /* The TMR area was encrypted, flush it from the cache */ - wbinvd_on_all_cpus(); + if (!sev) + return; - free_pages((unsigned long)sev_es_tmr, - get_order(SEV_ES_TMR_SIZE)); - sev_es_tmr = NULL; - } + sev_firmware_shutdown(sev); } --- a/drivers/crypto/ccp/sp-pci.c +++ b/drivers/crypto/ccp/sp-pci.c @@ -241,6 +241,17 @@ e_err: return ret; } +static void sp_pci_shutdown(struct pci_dev *pdev) +{ + struct device *dev = &pdev->dev; + struct sp_device *sp = dev_get_drvdata(dev); + + if (!sp) + return; + + sp_destroy(sp); +} + static void sp_pci_remove(struct pci_dev *pdev) { struct device *dev = &pdev->dev; @@ -371,6 +382,7 @@ static struct pci_driver sp_pci_driver = .id_table = sp_pci_table, .probe = sp_pci_probe, .remove = sp_pci_remove, + .shutdown = sp_pci_shutdown, .driver.pm = &sp_pci_pm_ops, };