Re: [PATCH v1 18/26] crypto: ccp: Handle legacy SEV commands when SNP is enabled
From: Tom Lendacky
Date: Fri Jan 19 2024 - 12:37:09 EST
On 1/19/24 11:18, Borislav Petkov wrote:
On Sat, Dec 30, 2023 at 10:19:46AM -0600, Michael Roth wrote:
From: Brijesh Singh <brijesh.singh@xxxxxxx>
The behavior of legacy SEV commands is altered when the firmware is
initialized for SNP support. In that case, all command buffer memory
that may get written to by legacy SEV commands must be marked as
firmware-owned in the RMP table prior to issuing the command.
Additionally, when a command buffer contains a system physical address
that points to additional buffers that firmware may write to, special
handling is needed depending on whether:
1) the system physical address points to guest memory
2) the system physical address points to host memory
To handle case #1, the pages of these buffers are changed to
firmware-owned in the RMP table before issuing the command, and restored
to after the command completes.
For case #2, a bounce buffer is used instead of the original address.
Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
Co-developed-by: Michael Roth <michael.roth@xxxxxxx>
Signed-off-by: Michael Roth <michael.roth@xxxxxxx>
Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
---
drivers/crypto/ccp/sev-dev.c | 421 ++++++++++++++++++++++++++++++++++-
drivers/crypto/ccp/sev-dev.h | 3 +
2 files changed, 414 insertions(+), 10 deletions(-)
Definitely better, thanks.
Some cleanups ontop:
---
@@ -904,7 +904,7 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
ret = snp_prep_cmd_buf(cmd, cmd_buf, desc_list);
if (ret) {
dev_err(sev->dev,
- "SEV: failed to prepare buffer for legacy command %#x. Error: %d\n",
+ "SEV: failed to prepare buffer for legacy command 0x%#x. Error: %d\n",
Using %#x will produce the 0x in the output (except if the value is zero
for some reason). So I would say make that 0x%x.
Thanks,
Tom
cmd, ret);
return ret;
}