crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The PSP can return a "firmware error" code of -1 in circumstances where
the PSP has not actually been called. To make this protocol unambiguous,
name the value SEV_RET_NO_FW_CALL.

[ bp: Massage a bit. ]

Signed-off-by: Peter Gonda <pgonda@google.com>
Signed-off-by: Dionna Glaze <dionnaglaze@google.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20221207010210.2563293-2-dionnaglaze@google.com

authored by

Peter Gonda and committed by

Borislav Petkov (AMD) 3 years ago efb339a8 e8d018dd

+14 -5

3 changed files

expand all

Documentation

virt

coco

sev-guest.rst

drivers

crypto

ccp

sev-dev.c

include

uapi

linux

psp-sev.h

+2 -2

Documentation/virt/coco/sev-guest.rst

··· 40 40 The guest ioctl should be issued on a file descriptor of the /dev/sev-guest device. 41 41 The ioctl accepts struct snp_user_guest_request. The input and output structure is 42 42 specified through the req_data and resp_data field respectively. If the ioctl fails 43 - to execute due to a firmware error, then fw_err code will be set otherwise the 44 - fw_err will be set to 0x00000000000000ff. 43 + to execute due to a firmware error, then fw_err code will be set. Otherwise, fw_err 44 + will be set to 0x00000000ffffffff, i.e., the lower 32-bits are -1. 45 45 46 46 The firmware checks that the message sequence counter is one greater than 47 47 the guests message sequence counter. If guest driver fails to increment message

+5 -3

drivers/crypto/ccp/sev-dev.c

··· 444 444 445 445 static int __sev_platform_init_locked(int *error) 446 446 { 447 + int rc = 0, psp_ret = SEV_RET_NO_FW_CALL; 447 448 struct psp_device *psp = psp_master; 448 - struct sev_device *sev; 449 - int rc = 0, psp_ret = -1; 450 449 int (*init_function)(int *error); 450 + struct sev_device *sev; 451 451 452 452 if (!psp || !psp->sev_data) 453 453 return -ENODEV; ··· 475 475 * initialization function should succeed by replacing the state 476 476 * with a reset state. 477 477 */ 478 - dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); 478 + dev_err(sev->dev, 479 + "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state."); 479 480 rc = init_function(&psp_ret); 480 481 } 482 + 481 483 if (error) 482 484 *error = psp_ret; 483 485

include/uapi/linux/psp-sev.h

··· 36 36 * SEV Firmware status code 37 37 */ 38 38 typedef enum { 39 + /* 40 + * This error code is not in the SEV spec. Its purpose is to convey that 41 + * there was an error that prevented the SEV firmware from being called. 42 + * The SEV API error codes are 16 bits, so the -1 value will not overlap 43 + * with possible values from the specification. 44 + */ 45 + SEV_RET_NO_FW_CALL = -1, 39 46 SEV_RET_SUCCESS = 0, 40 47 SEV_RET_INVALID_PLATFORM_STATE, 41 48 SEV_RET_INVALID_GUEST_STATE,