Re: [PATCH v2 17/25] crypto: ccp: Handle non-volatile INIT_EX data when SNP is enabled
From: Borislav Petkov
Date: Mon Jan 29 2024 - 10:13:07 EST
On Thu, Jan 25, 2024 at 10:11:17PM -0600, Michael Roth wrote:
> - if (sev_init_ex_buffer) {
> + /*
> + * If an init_ex_path is provided allocate a buffer for the file and
> + * read in the contents. Additionally, if SNP is initialized, convert
> + * the buffer pages to firmware pages.
> + */
> + if (init_ex_path && !sev_init_ex_buffer) {
> + struct page *page;
> +
> + page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
> + if (!page) {
> + dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
> + return -ENOMEM;
> + }
> +
> + sev_init_ex_buffer = page_address(page);
> +
> rc = sev_read_init_ex_file();
> if (rc)
> return rc;
> +
> + /* If SEV-SNP is initialized, transition to firmware page. */
> + if (sev->snp_initialized) {
> + unsigned long npages;
> +
> + npages = 1UL << get_order(NV_LENGTH);
> + if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer),
> + npages, false)) {
> + dev_err(sev->dev,
> + "SEV: INIT_EX NV memory page state change failed.\n");
> + return -ENOMEM;
> + }
> + }
> }
Ontop:
---
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index c364ad33f376..5ec563611953 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -775,6 +775,48 @@ static void __sev_platform_init_handle_tmr(struct sev_device *sev)
}
}
+/*
+ * If an init_ex_path is provided allocate a buffer for the file and
+ * read in the contents. Additionally, if SNP is initialized, convert
+ * the buffer pages to firmware pages.
+ */
+static int __sev_platform_init_handle_init_ex_path(struct sev_device *sev)
+{
+ struct page *page;
+ int rc;
+
+ if (!init_ex_path)
+ return 0;
+
+ if (sev_init_ex_buffer)
+ return 0;
+
+ page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
+ if (!page) {
+ dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
+ return -ENOMEM;
+ }
+
+ sev_init_ex_buffer = page_address(page);
+
+ rc = sev_read_init_ex_file();
+ if (rc)
+ return rc;
+
+ /* If SEV-SNP is initialized, transition to firmware page. */
+ if (sev->snp_initialized) {
+ unsigned long npages;
+
+ npages = 1UL << get_order(NV_LENGTH);
+ if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer), npages, false)) {
+ dev_err(sev->dev, "SEV: INIT_EX NV memory page state change failed.\n");
+ return -ENOMEM;
+ }
+ }
+
+ return 0;
+}
+
static int __sev_platform_init_locked(int *error)
{
int rc, psp_ret = SEV_RET_NO_FW_CALL;
@@ -790,39 +832,9 @@ static int __sev_platform_init_locked(int *error)
__sev_platform_init_handle_tmr(sev);
- /*
- * If an init_ex_path is provided allocate a buffer for the file and
- * read in the contents. Additionally, if SNP is initialized, convert
- * the buffer pages to firmware pages.
- */
- if (init_ex_path && !sev_init_ex_buffer) {
- struct page *page;
-
- page = alloc_pages(GFP_KERNEL, get_order(NV_LENGTH));
- if (!page) {
- dev_err(sev->dev, "SEV: INIT_EX NV memory allocation failed\n");
- return -ENOMEM;
- }
-
- sev_init_ex_buffer = page_address(page);
-
- rc = sev_read_init_ex_file();
- if (rc)
- return rc;
-
- /* If SEV-SNP is initialized, transition to firmware page. */
- if (sev->snp_initialized) {
- unsigned long npages;
-
- npages = 1UL << get_order(NV_LENGTH);
- if (rmp_mark_pages_firmware(__pa(sev_init_ex_buffer),
- npages, false)) {
- dev_err(sev->dev,
- "SEV: INIT_EX NV memory page state change failed.\n");
- return -ENOMEM;
- }
- }
- }
+ rc = __sev_platform_init_handle_init_ex_path(sev);
+ if (rc)
+ return rc;
rc = __sev_do_init_locked(&psp_ret);
if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) {
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette