virt: sev-guest: Move SNP Guest Request data pages handling under snp_cmd_mutex

author Alexey Kardashevskiy <aik@amd.com>

Fri, 7 Mar 2025 01:37:00 +0000 (12:37 +1100)

committer Borislav Petkov (AMD) <bp@alien8.de>

Fri, 7 Mar 2025 13:09:33 +0000 (14:09 +0100)
author Alexey Kardashevskiy <aik@amd.com>
Fri, 7 Mar 2025 01:37:00 +0000 (12:37 +1100)
committer Borislav Petkov (AMD) <bp@alien8.de>
Fri, 7 Mar 2025 13:09:33 +0000 (14:09 +0100)
diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c

index 82492efc5d9499d16495c536f4eb61f747561b4d..96c7bc698e6b628ae3522e656c4882b29d3fc2d7 100644 (file)
--- a/arch/x86/coco/sev/core.c
+++ b/arch/x86/coco/sev/core.c
@@ -2853,19 +2853,8 @@ struct snp_msg_desc *snp_msg_alloc(void)
         if (!mdesc->response)
                 goto e_free_request;
  
-       mdesc->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE);
-       if (!mdesc->certs_data)
-               goto e_free_response;
-
-       /* initial the input address for guest request */
-       mdesc->input.req_gpa = __pa(mdesc->request);
-       mdesc->input.resp_gpa = __pa(mdesc->response);
-       mdesc->input.data_gpa = __pa(mdesc->certs_data);
-
         return mdesc;
  
-e_free_response:
-       free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg));
  e_free_request:
         free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg));
  e_unmap:
@@ -2885,7 +2874,6 @@ void snp_msg_free(struct snp_msg_desc *mdesc)
         kfree(mdesc->ctx);
         free_shared_pages(mdesc->response, sizeof(struct snp_guest_msg));
         free_shared_pages(mdesc->request, sizeof(struct snp_guest_msg));
-       free_shared_pages(mdesc->certs_data, SEV_FW_BLOB_MAX_SIZE);
         iounmap((__force void __iomem *)mdesc->secrets);
  
         memset(mdesc, 0, sizeof(*mdesc));
@@ -3054,7 +3042,7 @@ retry_request:
          * sequence number must be incremented or the VMPCK must be deleted to
          * prevent reuse of the IV.
          */
-       rc = snp_issue_guest_request(req, &mdesc->input, rio);
+       rc = snp_issue_guest_request(req, &req->input, rio);
         switch (rc) {
         case -ENOSPC:
                 /*
@@ -3064,7 +3052,7 @@ retry_request:
                  * order to increment the sequence number and thus avoid
                  * IV reuse.
                  */
-               override_npages = mdesc->input.data_npages;
+               override_npages = req->input.data_npages;
                 req->exit_code  = SVM_VMGEXIT_GUEST_REQUEST;
  
                 /*
@@ -3120,7 +3108,7 @@ retry_request:
         }
  
         if (override_npages)
-               mdesc->input.data_npages = override_npages;
+               req->input.data_npages = override_npages;
  
         return rc;
  }
@@ -3158,6 +3146,11 @@ int snp_send_guest_request(struct snp_msg_desc *mdesc, struct snp_guest_req *req
          */
         memcpy(mdesc->request, &mdesc->secret_request, sizeof(mdesc->secret_request));
  
+       /* Initialize the input address for guest request */
+       req->input.req_gpa = __pa(mdesc->request);
+       req->input.resp_gpa = __pa(mdesc->response);
+       req->input.data_gpa = req->certs_data ? __pa(req->certs_data) : 0;
+
         rc = __handle_guest_request(mdesc, req, rio);
         if (rc) {
                 if (rc == -EIO &&
diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h

index 1581246491b544b106cd65b8955a12a11cc1de8b..ba7999f66abe6de599b3e5bc19fcf8ca2dd9131d 100644 (file)
--- a/arch/x86/include/asm/sev.h
+++ b/arch/x86/include/asm/sev.h
@@ -203,6 +203,9 @@ struct snp_guest_req {
         unsigned int vmpck_id;
         u8 msg_version;
         u8 msg_type;
+
+       struct snp_req_data input;
+       void *certs_data;
  };
  
  /*
@@ -263,9 +266,6 @@ struct snp_msg_desc {
         struct snp_guest_msg secret_request, secret_response;
  
         struct snp_secrets_page *secrets;
-       struct snp_req_data input;
-
-       void *certs_data;
  
         struct aesgcm_ctx *ctx;
  
diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c

index 23ac177472beb896e1a584d73f9c7891736c78e0..70fbc9a3e703d1789b969fcacba8bc3406e83ddb 100644 (file)
--- a/drivers/virt/coco/sev-guest/sev-guest.c
+++ b/drivers/virt/coco/sev-guest/sev-guest.c
@@ -176,6 +176,7 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
         struct snp_guest_req req = {};
         int ret, npages = 0, resp_len;
         sockptr_t certs_address;
+       struct page *page;
  
         if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data))
                 return -EINVAL;
@@ -209,8 +210,20 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
          * the host. If host does not supply any certs in it, then copy
          * zeros to indicate that certificate data was not provided.
          */
-       memset(mdesc->certs_data, 0, report_req->certs_len);
         npages = report_req->certs_len >> PAGE_SHIFT;
+       page = alloc_pages(GFP_KERNEL_ACCOUNT | __GFP_ZERO,
+                          get_order(report_req->certs_len));
+       if (!page)
+               return -ENOMEM;
+
+       req.certs_data = page_address(page);
+       ret = set_memory_decrypted((unsigned long)req.certs_data, npages);
+       if (ret) {
+               pr_err("failed to mark page shared, ret=%d\n", ret);
+               __free_pages(page, get_order(report_req->certs_len));
+               return -EFAULT;
+       }
+
  cmd:
         /*
          * The intermediate response buffer is used while decrypting the
@@ -219,10 +232,12 @@ cmd:
          */
         resp_len = sizeof(report_resp->data) + mdesc->ctx->authsize;
         report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
-       if (!report_resp)
-               return -ENOMEM;
+       if (!report_resp) {
+               ret = -ENOMEM;
+               goto e_free_data;
+       }
  
-       mdesc->input.data_npages = npages;
+       req.input.data_npages = npages;
  
         req.msg_version = arg->msg_version;
         req.msg_type = SNP_MSG_REPORT_REQ;
@@ -237,7 +252,7 @@ cmd:
  
         /* If certs length is invalid then copy the returned length */
         if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) {
-               report_req->certs_len = mdesc->input.data_npages << PAGE_SHIFT;
+               report_req->certs_len = req.input.data_npages << PAGE_SHIFT;
  
                 if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req)))
                         ret = -EFAULT;
@@ -246,7 +261,7 @@ cmd:
         if (ret)
                 goto e_free;
  
-       if (npages && copy_to_sockptr(certs_address, mdesc->certs_data, report_req->certs_len)) {
+       if (npages && copy_to_sockptr(certs_address, req.certs_data, report_req->certs_len)) {
                 ret = -EFAULT;
                 goto e_free;
         }
@@ -256,6 +271,13 @@ cmd:
  
  e_free:
         kfree(report_resp);
+e_free_data:
+       if (npages) {
+               if (set_memory_encrypted((unsigned long)req.certs_data, npages))
+                       WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n");
+               else
+                       __free_pages(page, get_order(report_req->certs_len));
+       }
         return ret;
  }
author	Alexey Kardashevskiy <aik@amd.com>
	Fri, 7 Mar 2025 01:37:00 +0000 (12:37 +1100)
committer	Borislav Petkov (AMD) <bp@alien8.de>
	Fri, 7 Mar 2025 13:09:33 +0000 (14:09 +0100)
arch/x86/coco/sev/core.c		patch \| blob \| history
arch/x86/include/asm/sev.h		patch \| blob \| history
drivers/virt/coco/sev-guest/sev-guest.c		patch \| blob \| history