LinuxLists.cc - Re: [PATCH] crypto: ccp: Add support for SEV-ES to the PSP driver

2020-04-21 12:34:04

Subject: Re: [PATCH] crypto: ccp: Add support for SEV-ES to the PSP driver

Hi Tom,

On Mon, Apr 20, 2020 at 02:54:58PM -0500, Tom Lendacky wrote:
> static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
> {
> struct sev_device *sev = psp_master->sev_data;
> @@ -214,6 +226,21 @@ static int __sev_platform_init_locked(int *error)
> if (sev->state == SEV_STATE_INIT)
> return 0;
>
> + if (sev_es_tmr) {
> + u64 tmr_pa;
> +
> + /*
> + * Do not include the encryption mask on the physical
> + * address of the TMR (firmware should clear it anyway).
> + */
> + tmr_pa = __pa(sev_es_tmr);
> + tmr_pa = ALIGN(tmr_pa, SEV_ES_TMR_ALIGN);

No need to manually align the region, see below.

> + /* Obtain the TMR memory area for SEV-ES use */
> + tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_LEN));
> + if (tmr_page) {
> + sev_es_tmr = page_address(tmr_page);
> + } else {
> + sev_es_tmr = NULL;
> + dev_warn(sev->dev,
> + "SEV: TMR allocation failed, SEV-ES support unavailable\n");
> + }

This allocates a 2M region where 1M is needed. The page allocator gives
you naturally aligned region for any allocation order, so when you
allocate 1M, it will automatically be 1M aligned.

Other than that this patch looks good to me.

Regards,

Joerg

2020-04-21 13:15:57

by Tom Lendacky

[permalink] [raw]

Subject: Re: [PATCH] crypto: ccp: Add support for SEV-ES to the PSP driver

On 4/21/20 7:33 AM, Joerg Roedel wrote:
> Hi Tom,
>
> On Mon, Apr 20, 2020 at 02:54:58PM -0500, Tom Lendacky wrote:
>> static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
>> {
>> struct sev_device *sev = psp_master->sev_data;
>> @@ -214,6 +226,21 @@ static int __sev_platform_init_locked(int *error)
>> if (sev->state == SEV_STATE_INIT)
>> return 0;
>>
>> + if (sev_es_tmr) {
>> + u64 tmr_pa;
>> +
>> + /*
>> + * Do not include the encryption mask on the physical
>> + * address of the TMR (firmware should clear it anyway).
>> + */
>> + tmr_pa = __pa(sev_es_tmr);
>> + tmr_pa = ALIGN(tmr_pa, SEV_ES_TMR_ALIGN);
>
> No need to manually align the region, see below.
>
>> + /* Obtain the TMR memory area for SEV-ES use */
>> + tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_LEN));
>> + if (tmr_page) {
>> + sev_es_tmr = page_address(tmr_page);
>> + } else {
>> + sev_es_tmr = NULL;
>> + dev_warn(sev->dev,
>> + "SEV: TMR allocation failed, SEV-ES support unavailable\n");
>> + }
>
> This allocates a 2M region where 1M is needed. The page allocator gives
> you naturally aligned region for any allocation order, so when you
> allocate 1M, it will automatically be 1M aligned.

Ah, I did not realize that. I'll update the patch to allocate just 1M then.

Thanks,
Tom

>
> Other than that this patch looks good to me.
>
> Regards,
>
> Joerg
>