From: Sean Christopherson <seanjc@google.com>
To: Peter Gonda <pgonda@google.com>
Cc: thomas.lendacky@amd.com, Marc Orr <marcorr@google.com>,
David Rientjes <rientjes@google.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Joerg Roedel <jroedel@suse.de>,
Herbert Xu <herbert@gondor.apana.org.au>,
John Allen <john.allen@amd.com>,
"David S. Miller" <davem@davemloft.net>,
Paolo Bonzini <pbonzini@redhat.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH V3 1/4] crypto: ccp - Fix SEV_INIT error logging on init
Date: Tue, 9 Nov 2021 16:26:55 +0000 [thread overview]
Message-ID: <YYqhT+Enba5xa4cO@google.com> (raw)
In-Reply-To: <20211102142331.3753798-2-pgonda@google.com>
On Tue, Nov 02, 2021, Peter Gonda wrote:
> Currently only the firmware error code is printed. This is incomplete
> and also incorrect as error cases exists where the firmware is never
> called and therefore does not set an error code. This change zeros the
> firmware error code in case the call does not get that far and prints
> the return code for non firmware errors.
>
> Signed-off-by: Peter Gonda <pgonda@google.com>
> Reviewed-by: Marc Orr <marcorr@google.com>
> Acked-by: David Rientjes <rientjes@google.com>
> Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Tom Lendacky <thomas.lendacky@amd.com>
> Cc: Brijesh Singh <brijesh.singh@amd.com>
> Cc: Marc Orr <marcorr@google.com>
> Cc: Joerg Roedel <jroedel@suse.de>
> Cc: Herbert Xu <herbert@gondor.apana.org.au>
> Cc: David Rientjes <rientjes@google.com>
> Cc: John Allen <john.allen@amd.com>
> Cc: "David S. Miller" <davem@davemloft.net>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> ---
> drivers/crypto/ccp/sev-dev.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 2ecb0e1f65d8..ec89a82ba267 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -1065,7 +1065,7 @@ void sev_pci_init(void)
> {
> struct sev_device *sev = psp_master->sev_data;
> struct page *tmr_page;
> - int error, rc;
> + int error = 0, rc;
Wouldn't it be more appropriate to use something the PSP can't return, e.g. -1?
'0' is SEV_RET_SUCCESS, which is quite misleading, e.g. the below error message
will print
SEV: failed to INIT error 0, rc -16
which a bit head scratching without looking at the code. AFAICT, the PSP return
codes aren't intrinsically hex, so printing error as a signed demical and thus
SEV: failed to INIT error -1, rc -16
would be less confusing.
And IMO requiring the caller to initialize error is will be neverending game of
whack-a-mole. E.g. sev_ioctl() fails to set "error" in the userspace structure,
and literally every function exposed via include/linux/psp-sev.h has this same
issue. Case in point, the retry path fails to re-initialize "error" and will
display stale information if the second sev_platform_init() fails without reaching
the PSP.
rc = sev_platform_init(&error);
if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
/*
* INIT command returned an integrity check failure
* status code, meaning that firmware load and
* validation of SEV related persistent data has
* failed and persistent state has been erased.
* Retrying INIT command here should succeed.
*/
dev_dbg(sev->dev, "SEV: retrying INIT command");
rc = sev_platform_init(&error); <------ error may or may not be set
}
Ideally, error wouldn't be an output param and instead would be squished into the
true return value, but that'd required quite the refactoring, and might yield ugly
code generation on non-64-bit architectures (does this code support those?).
As a minimal step toward sanity, sev_ioctl(), __sev_platform_init_locked(), and
__sev_do_cmd_locked() should initialize the incoming error. Long term, sev-dev
really needs to either have well-defined API for when "error" is meaningful, or
ensure the pointer is initialized in all paths.
E.g.
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index ec89a82ba267..549686a1e812 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -149,6 +149,9 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
unsigned int reg, ret = 0;
int buf_len;
+ if (psp_ret)
+ *psp_ret = -1;
+
if (!psp || !psp->sev_data)
return -ENODEV;
@@ -192,9 +195,6 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
/* wait for command completion */
ret = sev_wait_cmd_ioc(sev, ®, psp_timeout);
if (ret) {
- if (psp_ret)
- *psp_ret = 0;
-
dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
psp_dead = true;
@@ -243,6 +243,9 @@ static int __sev_platform_init_locked(int *error)
struct sev_device *sev;
int rc = 0;
+ if (error)
+ *error = -1;
+
if (!psp || !psp->sev_data)
return -ENODEV;
@@ -838,6 +841,8 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
if (input.cmd > SEV_MAX)
return -EINVAL;
+ input.error = -1;
+
mutex_lock(&sev_cmd_mutex);
switch (input.cmd) {
> if (!sev)
> return;
> @@ -1104,7 +1104,8 @@ void sev_pci_init(void)
> }
>
> if (rc) {
> - dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
> + dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
> + error, rc);
> return;
> }
>
> --
> 2.33.1.1089.g2158813163f-goog
>
next prev parent reply other threads:[~2021-11-09 16:27 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 14:23 [PATCH V3 0/4] Add SEV_INIT_EX support Peter Gonda
2021-11-02 14:23 ` [PATCH V3 1/4] crypto: ccp - Fix SEV_INIT error logging on init Peter Gonda
2021-11-09 16:26 ` Sean Christopherson [this message]
2021-11-09 16:46 ` Peter Gonda
2021-11-09 19:25 ` Tom Lendacky
2021-11-10 17:29 ` Peter Gonda
2021-11-11 14:10 ` Tom Lendacky
2021-11-02 14:23 ` [PATCH V3 2/4] crypto: ccp - Move SEV_INIT retry for corrupted data Peter Gonda
2021-11-09 16:31 ` Sean Christopherson
2021-11-09 16:56 ` Peter Gonda
2021-11-09 17:30 ` Sean Christopherson
2021-11-09 18:42 ` Peter Gonda
2021-11-02 14:23 ` [PATCH V3 3/4] crypto: ccp - Refactor out sev_fw_alloc() Peter Gonda
2021-11-02 14:23 ` [PATCH V3 4/4] crypto: ccp - Add SEV_INIT_EX support Peter Gonda
2021-11-02 15:38 ` Tom Lendacky
2021-11-02 16:28 ` Peter Gonda
2021-11-09 17:21 ` Sean Christopherson
2021-11-09 20:09 ` Peter Gonda
2021-11-09 20:26 ` Sean Christopherson
2021-11-09 20:46 ` Peter Gonda
2021-11-09 22:19 ` Brijesh Singh
2021-11-10 15:32 ` Peter Gonda
2021-11-12 16:55 ` Peter Gonda
2021-11-12 17:46 ` Marc Orr
2021-11-12 17:49 ` Peter Gonda
2021-11-12 18:28 ` Marc Orr
2021-11-12 23:39 ` Brijesh Singh
2021-11-12 23:44 ` Peter Gonda
2021-11-12 23:50 ` Brijesh Singh
2021-11-15 17:42 ` Peter Gonda
2021-11-02 16:05 ` [PATCH V3 0/4] " Sean Christopherson
2021-11-02 16:25 ` Peter Gonda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YYqhT+Enba5xa4cO@google.com \
--to=seanjc@google.com \
--cc=brijesh.singh@amd.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=john.allen@amd.com \
--cc=jroedel@suse.de \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marcorr@google.com \
--cc=pbonzini@redhat.com \
--cc=pgonda@google.com \
--cc=rientjes@google.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.