From: Borislav Petkov <bp@alien8.de>
To: Dionna Amalie Glaze <dionnaglaze@google.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org,
Peter Gonda <pgonda@google.com>,
Thomas Lendacky <Thomas.Lendacky@amd.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Joerg Roedel <jroedel@suse.de>, Ingo Molnar <mingo@redhat.com>,
Andy Lutomirsky <luto@kernel.org>,
John Allen <john.allen@amd.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH v8 1/4] crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL
Date: Sat, 3 Dec 2022 20:37:51 +0100 [thread overview]
Message-ID: <Y4ulj38eMr1NiRdX@zn.tnic> (raw)
In-Reply-To: <CAAH4kHYz-46syE4wKPzo1N9P34wLHcs85obOCjqb6eQ=iv=n3w@mail.gmail.com>
On Sat, Dec 03, 2022 at 10:58:39AM -0800, Dionna Amalie Glaze wrote:
> It doesn't always overwrite psp_ret, such as the initial error checking.
> The value remains uninitialized for -ENODEV, -EBUSY, -EINVAL.
> Thus *error in __sev_platform_init_locked can be set to uninitialized
> memory if psp_ret is not first initialized.
Lemme see if I understand it correctly: you wanna signal that all early
return cases in __sev_do_cmd_locked() are such that no firmware was
called?
I.e., everything before the first iowrite into the command buffer?
But then the commit message says:
"The PSP can return a "firmware error" code of -1 in circumstances where
the PSP is not actually called."
which is confusing. How can the PSP return something if it wasn't called?
Or you mean those cases above where it would fail on some of the checks
before issuing a SEV command? I think you do...
So I see Tom has ACKed this but I have to ask: is the SEV spec not going
to use -1 ever?
Also, if this behavior is going to be user-visible, where are we
documenting it? Especially if nothing in the kernel is looking at
that value but only assigning it to a retval which gets looked at by
userspace. Especially then this should be documented.
Dunno, maybe somewhere in Documentation/x86/amd-memory-encryption.rst or
maybe Tom would have a better idea.
> That error points to the kernel copy of the user's argument struct,
> which the ioctl always copies back. In the case of those error codes
> then, without SEV_RET_NO_FW_CALL, user space will get uninitialized
> kernel memory.
Right, but having a return value which means "firmware wasn't called"
sounds weird. Why does userspace care?
I mean, you can just as well return any of the negative values -ENODEV,
-EBUSY, -EINVAL too, depending on where you exit. Having three different
retvals could tell you where exactly it failed, even.
But the question remains: why does userspace needs to know that the
failure happened and firmware wasn't called, as long as it is getting
something negative to signal an error?
Thx.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2022-12-03 19:43 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-04 23:00 [PATCH v8 0/4] Add throttling detection to sev-guest Dionna Glaze
2022-11-04 23:00 ` [PATCH v8 1/4] crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL Dionna Glaze
2022-11-14 20:53 ` Tom Lendacky
2022-12-03 12:26 ` Borislav Petkov
2022-12-03 18:58 ` Dionna Amalie Glaze
2022-12-03 19:37 ` Borislav Petkov [this message]
2022-12-05 17:05 ` Dionna Amalie Glaze
2022-12-06 20:36 ` Tom Lendacky
2022-12-06 21:26 ` Borislav Petkov
2022-11-04 23:00 ` [PATCH v8 2/4] x86/sev: Change snp_guest_issue_request's fw_err Dionna Glaze
2022-11-05 1:33 ` Peter Gonda
2022-11-14 21:01 ` Tom Lendacky
2022-12-05 16:34 ` Borislav Petkov
2022-11-04 23:00 ` [PATCH v8 3/4] virt: sev-guest: Remove err in handle_guest_request Dionna Glaze
2022-11-05 1:33 ` Peter Gonda
2022-11-14 21:12 ` Tom Lendacky
2022-11-04 23:00 ` [PATCH v8 4/4] virt: sev-guest: interpret VMM errors from guest request Dionna Glaze
2022-11-05 1:33 ` Peter Gonda
2022-11-07 17:24 ` Peter Gonda
2022-11-14 21:21 ` Tom Lendacky
[not found] ` <CAAH4kHY-zq_WrZK1-Jne8LURwY5K_6orK3NuZbVn9u+gwQdN=w@mail.gmail.com>
2022-11-16 0:40 ` Dionna Amalie Glaze
2022-11-29 17:18 ` Dionna Amalie Glaze
2022-12-02 13:42 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y4ulj38eMr1NiRdX@zn.tnic \
--to=bp@alien8.de \
--cc=Thomas.Lendacky@amd.com \
--cc=davem@davemloft.net \
--cc=dionnaglaze@google.com \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=jroedel@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.