Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <403cacf7-2694-d60d-1079-b8a3efcaebed@amd.com>
Date:   Mon, 3 Apr 2023 14:59:00 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.9.0
Subject: Re: [PATCH v2 03/11] virt: sev-guest: Add snp_guest_req structure
Content-Language: en-US
To:     Nikunj A Dadhania <nikunj@amd.com>, linux-kernel@vger.kernel.org,
        x86@kernel.org
Cc:     bp@alien8.de, dionnaglaze@google.com, pgonda@google.com,
        seanjc@google.com, pbonzini@redhat.com, michael.roth@amd.com,
        ketanch@iitk.ac.in
References: <20230326144701.3039598-1-nikunj@amd.com>
 <20230326144701.3039598-4-nikunj@amd.com>
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20230326144701.3039598-4-nikunj@amd.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?U0htbzJ0SEpkYUd0MGRETDJOTzNlQUJ6aWhpSFlrNGVDeURjRGgwdEtJMTRS?=
 =?utf-8?B?TnE5cTVoV3NXWTAxTExLalpjdnRuRDQvcWxHOTB3VklFSFdENFdsdGpvVGgz?=
 =?utf-8?B?b2FwbFI0MS9aeTlaQ3BkMGNLTnFKVFdyaEpJY0Yzek5KYk9KZ3pwcDBHVUNh?=
 =?utf-8?B?MzdITWtDQWdKTkZBNDB1dDJEWHJXRzg1Z09ZNUtZL2FtbmxTUmF3ME8wV2M1?=
 =?utf-8?B?VVFDaXhVeVBaOGhzQTU0QkQ5bzF1SVRURFRaTkhkTjV1aFZWUGVvNlZIVUkz?=
 =?utf-8?B?bnVnSGNSWDFvekRZKzhvcXlUdXRGaFUwMWhLTXZNTDlmaWRSME90TGxGd3ZU?=
 =?utf-8?B?emFuUFpaK0RDazgveE1zcXhkV2lVYVdTMnY1VnZFRzgzYlFGaHRGMHV2bXZO?=
 =?utf-8?B?Wmd3MFFya2h6Y1Bxa2V0OTVyRGJyd1NWZWxicTdKVHFoK0JHak93RVZWdUZz?=
 =?utf-8?B?R3VqMXFKcTJuVjQ0cXZLdCtRUzV4MC8vVXV1RFdnQXZHNWYxTXAySEJmcGd2?=
 =?utf-8?B?cGJYRExTRnZmdm9YZUZST2p0bGNiQUdsTkZFdzl1Z0xmNlBqWVVxL0xVV2xs?=
 =?utf-8?B?V0NjQ1kzTnRQb2NRUmlqZjJ3V0M3T1g0dnAwRStXanBNaytPQkV1WVVlNGFM?=
 =?utf-8?B?QUJMMzk1c0hGZEw1bTBCMmJvR0ZLeTdFQXlQRjQ1M3BBSG1uL21yTTRHb3lp?=
 =?utf-8?B?OUlaUWw2Um83WXJyUjg0NzEwYml5SEdVUVRoTm9USkZkS1JibWNLK1ZXVWZr?=
 =?utf-8?B?WW1laWxsbmpMK1piMklrcURHaUQwdWV0cUFGTUpWRnhuR1dPQk53TzVaNDk0?=
 =?utf-8?B?SGVLSU9NQ1RXTDFOY0hmckJ4SWVxenoxdENnUkxCVEgwNlJ3L1kvQWlucnFH?=
 =?utf-8?B?WWRiM040dEVjb3FydVc2K2x6WUtFZ3V5dzEvVkVoVW1tZEdjTzhpTzlwS1hy?=
 =?utf-8?B?L1pwcWNUZkdhUm9CRlhWbkpiVGt3WFVXeDJ2SCtvVWZ4OGQyRHlyUFpGOXNq?=
 =?utf-8?B?SGRjeEpxY242bkZHeFJEeS9keFFFKzZ3SXZ3YzFOM3ZVMHVqRDNoWnZMYlpt?=
 =?utf-8?B?cloxM05EY2FoUC83a0pTSU9hdmRhZEJud1NKOWRRNGROT2taRG9jQkhmQmJp?=
 =?utf-8?B?MFJQMStoYlFyd2pnbUx3QzA2MmlBZUFBTjhDUVNLbFhSTm9BRTluRFZiajAv?=
 =?utf-8?B?eUlhSklUcjl5ZS9RT2dxcnVIU3JibU9vRVJKK0RxcytTMFc5MStWTUdYSGxx?=
 =?utf-8?B?dStwL0pSL201a0xEdVJwM1M4aW5OeFV5Q0ZTcEF1RXNYazVuZ1JqRFJSVkFv?=
 =?utf-8?B?N2dSL3h6cVYvQko5TmtldUd4cDRLSmtCQUp2Yis3aW1FNUxDZWQ2dkpwTzRP?=
 =?utf-8?B?TlVvL2VLcDhnNjJkWGhkazAreVFWcnlXRmpZMm5QWGEzQ3V5S3ZFWThuRlU3?=
 =?utf-8?B?eFFCbUFiVkdGVVlMcFdWODNEVnRINzlRSERCMktjZ3ljQkd5VmNoalR3RFY2?=
 =?utf-8?B?L2RXQ25RRVNRUkNDWnVQdG9tOUpsbnhVQnZRVkhaT1BtQlBzcUlqc08rVTRP?=
 =?utf-8?B?YlVpMXhieFoxNjIxcFhxZWx5SUdnaDdTdjY1WFVmUEp6bVV0dzVNUVpqelB6?=
 =?utf-8?B?dTFIS1JoaXVDM3V0UTFqWGhhQ20vMU9IZlFTMnJlRlNGUnR1OTBVd2dCeDFt?=
 =?utf-8?B?Q29iTEdqc1NYa2dwR1A0S0lLK0JBQUpZelhjZ3RWcEY5VVFhaWJLSEk1ZXpF?=
 =?utf-8?B?c3MxcjBLdU1DaEdGUzdkK284SUpSamIvaTZqNm9oL292Q1VtMjhTalBiS01s?=
 =?utf-8?B?YTZrbmpQT0NCQmNHTFk0Q3VXVUJlUGg0MEtPekcrNU5KVUFoT0lydXhtV2c3?=
 =?utf-8?B?WFgrVmNXQ21pSlJSMVNTNGlYQUFpUjhOd1hRYTBzd1dOZGxLN1RiNmwxQU4z?=
 =?utf-8?B?WEpHaDZzSE01VnFQVmhnSVBjTGNyNkZvejQzTGRaUVpEeGJ6RXd3T1BFUTdy?=
 =?utf-8?B?NURVVzFubmtmbW5CbnhKbThSMlg3aHJoVUpSWFp1OGlHcFhyNlJxUEh6YWor?=
 =?utf-8?B?R2ZBODh6TDhvOW1xcFJRRnR0Yk1yanNEQ2JEUFY3OUJuYUlQM3BhREJKem91?=
 =?utf-8?Q?9lv4b09V06/Pt1OlAuDmzqpr7?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a3d3d72c-d82a-49e9-8b0d-08db347ddf2f
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Apr 2023 19:59:02.4616
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 4bA25dNpxiDm/mrPwyMQq8+y9q7C1d0ZAQBwNxOp7kgcc6XgDtyO3ZQ7gP6yizaxBXX7Nmd9fMGzEPYnT6zlQw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB8044
X-Spam-Status: No, score=-0.6 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
        DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,NICE_REPLY_A,
        RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE
        autolearn=unavailable autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/26/23 09:46, Nikunj A Dadhania wrote:
> Add a snp_guest_req structure to simplify the function arguments. The
> structure will be used to call the SNP Guest message request API
> instead of passing a long list of parameters.
> 
> Signed-off-by: Nikunj A Dadhania <nikunj@amd.com>
> ---
>   drivers/virt/coco/sev-guest/sev-guest.c | 87 ++++++++++++++-----------
>   drivers/virt/coco/sev-guest/sev-guest.h | 19 ++++++
>   2 files changed, 68 insertions(+), 38 deletions(-)
> 
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> index 6ae197b57644..ec93dee330f2 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> @@ -60,16 +60,6 @@ static inline unsigned int get_ctx_authsize(struct snp_guest_dev *snp_dev)
>   	return 0;
>   }
>   
> -static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
> -{
> -	char zero_key[VMPCK_KEY_LEN] = {0};
> -
> -	if (snp_dev->vmpck)
> -		return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
> -
> -	return true;
> -}
> -

This change seems separate from the changes for snp_guest_req.

>   /*
>    * If an error is received from the host or AMD Secure Processor (ASP) there
>    * are two options. Either retry the exact same encrypted request or discontinue
> @@ -198,8 +188,9 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
>   	struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
>   	struct aesgcm_ctx *ctx = snp_dev->ctx;
>   
> -	dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
> -		resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz);
> +	pr_debug("response [seqno %lld type %d version %d sz %d]\n",
> +		 resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
> +		 resp_hdr->msg_sz);

Again, not related to the purpose of this patch.

>   
>   	/* Verify that the sequence counter is incremented by 1 */
>   	if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1)))
> @@ -221,34 +212,34 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload,
>   	return dec_payload(ctx, resp, payload, resp_hdr->msg_sz);
>   }
>   
> -static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
> -			void *payload, size_t sz)
> +static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno,
> +		       struct snp_guest_req *req, u8 __vmpck_id)

Can the vmpck_id be part of the snp_guest_req structure?

>   {
> -	struct snp_guest_msg *req = snp_dev->request;
> -	struct snp_guest_msg_hdr *hdr = &req->hdr;
> +	struct snp_guest_msg *msg = snp_dev->request;
> +	struct snp_guest_msg_hdr *hdr = &msg->hdr;
>   
> -	memset(req, 0, sizeof(*req));
> +	memset(msg, 0, sizeof(*msg));
>   
>   	hdr->algo = SNP_AEAD_AES_256_GCM;
>   	hdr->hdr_version = MSG_HDR_VER;
>   	hdr->hdr_sz = sizeof(*hdr);
> -	hdr->msg_type = type;
> -	hdr->msg_version = version;
> +	hdr->msg_type = req->msg_type;
> +	hdr->msg_version = req->msg_version;
>   	hdr->msg_seqno = seqno;
> -	hdr->msg_vmpck = vmpck_id;
> -	hdr->msg_sz = sz;
> +	hdr->msg_vmpck = __vmpck_id;
> +	hdr->msg_sz = req->req_sz;
>   
>   	/* Verify the sequence number is non-zero */
>   	if (!hdr->msg_seqno)
>   		return -ENOSR;
>   
> -	dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
> +	pr_debug("request [seqno %lld type %d version %d sz %d]\n",

Unrelated change.

>   		hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
>   
> -	return __enc_payload(snp_dev->ctx, req, payload, sz);
> +	return __enc_payload(snp_dev->ctx, msg, req->req_buf, req->req_sz);
>   }
>   
> -static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, __u64 *fw_err)
> +static int __handle_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
>   {
>   	unsigned long err = 0xff, override_err = 0;
>   	unsigned long req_start = jiffies;
> @@ -262,7 +253,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
>   	 * sequence number must be incremented or the VMPCK must be deleted to
>   	 * prevent reuse of the IV.
>   	 */
> -	rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
> +	rc = snp_issue_guest_request(req->exit_code, &snp_dev->input, &err);
>   	switch (rc) {
>   	case -ENOSPC:
>   		/*
> @@ -273,7 +264,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
>   		 * IV reuse.
>   		 */
>   		override_npages = snp_dev->input.data_npages;
> -		exit_code	= SVM_VMGEXIT_GUEST_REQUEST;
> +		req->exit_code	= SVM_VMGEXIT_GUEST_REQUEST;
>   
>   		/*
>   		 * Override the error to inform callers the given extended
> @@ -314,8 +305,8 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
>   	 */
>   	snp_inc_msg_seqno(snp_dev);
>   
> -	if (fw_err)
> -		*fw_err = override_err ?: err;
> +	if (req->fw_err)
> +		*req->fw_err = override_err ?: err;
>   
>   	if (override_npages)
>   		snp_dev->input.data_npages = override_npages;
> @@ -332,13 +323,14 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
>   	return rc;
>   }
>   
> -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
> -				u8 type, void *req_buf, size_t req_sz, void *resp_buf,
> -				u32 resp_sz, __u64 *fw_err)
> +static int snp_send_guest_request(struct snp_guest_dev *snp_dev, struct snp_guest_req *req)
>   {
>   	u64 seqno;
>   	int rc;
>   
> +	if (!snp_dev || !req)
> +		return -ENODEV;

This seems unrelated, at least the check for snp_dev. And looking at the 
only caller, a guest request is always provided. So this seems unnecessary 
- at least at this point in the series.

> +
>   	/* Get message sequence and verify that its a non-zero */
>   	seqno = snp_get_msg_seqno(snp_dev);
>   	if (!seqno)
> @@ -347,21 +339,22 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>   	memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
>   
>   	/* Encrypt the userspace provided payload */
> -	rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
> +	rc = enc_payload(snp_dev, seqno, req, vmpck_id);
>   	if (rc)
>   		return rc;
>   
> -	rc = __handle_guest_request(snp_dev, exit_code, fw_err);
> +	rc = __handle_guest_request(snp_dev, req);
>   	if (rc) {
> -		if (rc == -EIO && *fw_err == SNP_GUEST_REQ_INVALID_LEN)
> +		if (rc == -EIO && *req->fw_err == SNP_GUEST_REQ_INVALID_LEN)
>   			return rc;
>   
> -		dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n", rc, *fw_err);
> +		dev_alert(snp_dev->dev, "Detected error from ASP request. rc: %d, fw_err: %llu\n",
> +			  rc, *req->fw_err);
>   		snp_disable_vmpck(snp_dev);
>   		return rc;
>   	}
>   
> -	rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
> +	rc = verify_and_dec_payload(snp_dev, req->resp_buf, req->resp_sz);

Can't you just pass req here?

>   	if (rc) {
>   		dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc);
>   		snp_disable_vmpck(snp_dev);
> @@ -371,6 +364,24 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in
>   	return 0;
>   }
>   
> +
> +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, u8 msg_version,
> +				u8 msg_type, void *req_buf, size_t req_sz, void *resp_buf,
> +				u32 resp_sz, __u64 *fw_err)
> +{
> +	struct snp_guest_req guest_req = {
> +		.msg_version = msg_version,
> +		.msg_type = msg_type,
> +		.req_buf = req_buf,
> +		.req_sz = req_sz,
> +		.resp_buf = resp_buf,
> +		.resp_sz = resp_sz,
> +		.fw_err = fw_err,
> +		.exit_code = exit_code,
> +	};

Add a blank line here.

Thanks,
Tom

> +	return snp_send_guest_request(snp_dev, &guest_req);
> +}
> +
>   static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
>   {
>   	struct snp_report_resp *resp;
> @@ -544,7 +555,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long
>   	mutex_lock(&snp_dev->cmd_mutex);
>   
>   	/* Check if the VMPCK is not empty */
> -	if (is_vmpck_empty(snp_dev)) {
> +	if (is_vmpck_empty(snp_dev->vmpck)) {
>   		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
>   		mutex_unlock(&snp_dev->cmd_mutex);
>   		return -ENOTTY;
> @@ -678,7 +689,7 @@ static int __init sev_guest_probe(struct platform_device *pdev)
>   	}
>   
>   	/* Verify that VMPCK is not zero. */
> -	if (is_vmpck_empty(snp_dev)) {
> +	if (is_vmpck_empty(snp_dev->vmpck)) {
>   		dev_err(dev, "vmpck id %d is null\n", vmpck_id);
>   		goto e_unmap;
>   	}
> diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h
> index ceb798a404d6..d245578d988e 100644
> --- a/drivers/virt/coco/sev-guest/sev-guest.h
> +++ b/drivers/virt/coco/sev-guest/sev-guest.h
> @@ -63,4 +63,23 @@ struct snp_guest_msg {
>   	u8 payload[4000];
>   } __packed;
>   
> +struct snp_guest_req {
> +	void *req_buf, *resp_buf;
> +	size_t req_sz, resp_sz;
> +	u64 exit_code;
> +	u64 *fw_err;
> +	u8 msg_version;
> +	u8 msg_type;
> +};
> +
> +static inline bool is_vmpck_empty(u8 *vmpck)
> +{
> +	char zero_key[VMPCK_KEY_LEN] = {0};
> +
> +	if (vmpck)
> +		return !memcmp(vmpck, zero_key, VMPCK_KEY_LEN);
> +
> +	return true;
> +}
> +
>   #endif /* __VIRT_SEVGUEST_H__ */