This is a note to let you know that I've just added the patch titled
virt/coco/sev-guest: Simplify extended guest request handling
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
virt-coco-sev-guest-simplify-extended-guest-request-handling.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 970ab823743fb54b42002ec76c51481f67436444 Mon Sep 17 00:00:00 2001
From: "Borislav Petkov (AMD)" <bp@xxxxxxxxx>
Date: Wed, 15 Feb 2023 11:39:41 +0100
Subject: virt/coco/sev-guest: Simplify extended guest request handling
From: Borislav Petkov (AMD) <bp@xxxxxxxxx>
commit 970ab823743fb54b42002ec76c51481f67436444 upstream.
Return a specific error code - -ENOSPC - to signal the too small cert
data buffer instead of checking exit code and exitinfo2.
While at it, hoist the *fw_err assignment in snp_issue_guest_request()
so that a proper error value is returned to the callers.
[ Tom: check override_err instead of err. ]
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Signed-off-by: Tom Lendacky <thomas.lendacky@xxxxxxx>
Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
Link: https://lore.kernel.org/r/20230307192449.24732-4-bp@xxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
arch/x86/kernel/sev.c | 11 ++++---
drivers/virt/coco/sev-guest/sev-guest.c | 48 +++++++++++++++++---------------
2 files changed, 32 insertions(+), 27 deletions(-)
--- a/arch/x86/kernel/sev.c
+++ b/arch/x86/kernel/sev.c
@@ -2209,15 +2209,16 @@ int snp_issue_guest_request(u64 exit_cod
if (ret)
goto e_put;
+ *fw_err = ghcb->save.sw_exit_info_2;
if (ghcb->save.sw_exit_info_2) {
/* Number of expected pages are returned in RBX */
if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
- ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN)
+ ghcb->save.sw_exit_info_2 == SNP_GUEST_REQ_INVALID_LEN) {
input->data_npages = ghcb_get_rbx(ghcb);
-
- *fw_err = ghcb->save.sw_exit_info_2;
-
- ret = -EIO;
+ ret = -ENOSPC;
+ } else {
+ ret = -EIO;
+ }
}
e_put:
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -324,7 +324,8 @@ static int handle_guest_request(struct s
u8 type, void *req_buf, size_t req_sz, void *resp_buf,
u32 resp_sz, __u64 *fw_err)
{
- unsigned long err;
+ unsigned long err, override_err = 0;
+ unsigned int override_npages = 0;
u64 seqno;
int rc;
@@ -340,6 +341,7 @@ static int handle_guest_request(struct s
if (rc)
return rc;
+retry_request:
/*
* Call firmware to process the request. In this function the encrypted
* message enters shared memory with the host. So after this call the
@@ -348,17 +350,24 @@ static int handle_guest_request(struct s
*/
rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
- /*
- * If the extended guest request fails due to having too small of a
- * certificate data buffer, retry the same guest request without the
- * extended data request in order to increment the sequence number
- * and thus avoid IV reuse.
- */
- if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST &&
- err == SNP_GUEST_REQ_INVALID_LEN) {
- const unsigned int certs_npages = snp_dev->input.data_npages;
+ switch (rc) {
+ case -ENOSPC:
+ /*
+ * If the extended guest request fails due to having too
+ * small of a certificate data buffer, retry the same
+ * guest request without the extended data request in
+ * order to increment the sequence number and thus avoid
+ * IV reuse.
+ */
+ override_npages = snp_dev->input.data_npages;
+ exit_code = SVM_VMGEXIT_GUEST_REQUEST;
- exit_code = SVM_VMGEXIT_GUEST_REQUEST;
+ /*
+ * Override the error to inform callers the given extended
+ * request buffer size was too small and give the caller the
+ * required buffer size.
+ */
+ override_err = SNP_GUEST_REQ_INVALID_LEN;
/*
* If this call to the firmware succeeds, the sequence number can
@@ -368,15 +377,7 @@ static int handle_guest_request(struct s
* of the VMPCK and the error code being propagated back to the
* user as an ioctl() return code.
*/
- rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
-
- /*
- * Override the error to inform callers the given extended
- * request buffer size was too small and give the caller the
- * required buffer size.
- */
- err = SNP_GUEST_REQ_INVALID_LEN;
- snp_dev->input.data_npages = certs_npages;
+ goto retry_request;
}
/*
@@ -388,7 +389,10 @@ static int handle_guest_request(struct s
snp_inc_msg_seqno(snp_dev);
if (fw_err)
- *fw_err = err;
+ *fw_err = override_err ?: err;
+
+ if (override_npages)
+ snp_dev->input.data_npages = override_npages;
/*
* If an extended guest request was issued and the supplied certificate
@@ -396,7 +400,7 @@ static int handle_guest_request(struct s
* prevent IV reuse. If the standard request was successful, return -EIO
* back to the caller as would have originally been returned.
*/
- if (!rc && err == SNP_GUEST_REQ_INVALID_LEN)
+ if (!rc && override_err == SNP_GUEST_REQ_INVALID_LEN)
return -EIO;
if (rc) {
Patches currently in stable-queue which might be from bp@xxxxxxxxx are
queue-6.1/virt-coco-sev-guest-do-some-code-style-cleanups.patch
queue-6.1/virt-coco-sev-guest-add-throttling-awareness.patch
queue-6.1/virt-coco-sev-guest-simplify-extended-guest-request-handling.patch
queue-6.1/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
queue-6.1/ftrace-kcfi-define-ftrace_stub_graph-conditionally.patch
queue-6.1/x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch
queue-6.1/virt-coco-sev-guest-convert-the-sw_exit_info_2-checking-to-a-switch-case.patch
queue-6.1/virt-coco-sev-guest-remove-the-disable_vmpck-label-in-handle_guest_request.patch
queue-6.1/virt-coco-sev-guest-carve-out-the-request-issuing-logic-into-a-helper.patch
queue-6.1/virt-coco-sev-guest-check-sev_snp-attribute-at-probe-time.patch
