[6.6]Hygon: CSV3: Support launch_encrypt_data for non-4K aligned data and more than once, support inject secret #472
Conversation
… Hygon CPUs
hygon inclusion
category: bugfix
CVE: NA
---------------------------
Assume the userspace request CSV3's KVM ioctl interface on Hygon CPUs
before C86-4G, the vm_size if as value sizeof(struct kvm_svm), and
functions for the CSV3's KVM ioctl interface try to check whether the
guest is a CSV3 guest by access the structure as below:
struct kvm_csv_info {
......
bool csv3_active;
......
};
struct kvm_svm_csv {
struct kvm_svm kvm_svm;
struct kvm_csv_info csv_info;
};
But the csv_info field of struct kvm_svm_csv will not be allocated, the
functions for the CSV3's KVM ioctl interface will not get value of
csv3_active field of struct kvm_csv_info.
Always fix the vm_size in csv_init() to address the above issue.
Fixes: 58ebba1 ("KVM: SVM: CSV: Add KVM_CSV3_INIT command")
Fixes: 51d2171 ("KVM: SVM: CSV: Add KVM_CSV3_LAUNCH_ENCRYPT_DATA command")
Fixes: 0ccf676 ("KVM: SVM: CSV: Add KVM_CSV3_LAUNCH_ENCRYPT_VMCB command")
Fixes: a103ec4 ("KVM: SVM: CSV: Manage CSV3 guest's nested page table")
Fixes: adc5998 ("KVM: SVM: CSV: Add KVM_CSV3_SEND_ENCRYPT_DATA command")
Fixes: 2eec03f ("KVM: SVM: CSV: Add KVM_CSV3_SEND_ENCRYPT_CONTEXT command")
Fixes: 943b908 ("KVM: SVM: CSV: Add KVM_CSV3_RECEIVE_ENCRYPT_DATA command")
Fixes: 5032e75 ("KVM: SVM: CSV: Add KVM_CSV3_RECEIVE_ENCRYPT_CONTEXT command")
Fixes: 7193548 ("KVM: SVM: CSV: Add ioctl API to unpin shared pages of CSV3 guest")
Signed-off-by: hanliyang <[email protected]>
…runtime hygon inclusion category: bugfix CVE: NA --------------------------- The commit 0aa9a16 ("crypto: ccp: Implement CSV_DOWNLOAD_FIRMWARE ioctl command") support update Hygon CSV firmware at runtime, but it don't update API version info in the driver after issues the DOWNLOAD_FIRMWARE command. When we want use the new features in the updated firmware, the version check in this driver will fail. To address this problem, we should regain the api version when DOWNLOAD_FIRMWARE command returns. Fixes: 0aa9a16 ("crypto: ccp: Implement CSV_DOWNLOAD_FIRMWARE ioctl command") Signed-off-by: hanliyang <[email protected]>
…e LAUNCH_ENCRYPT_VMCB hygon inclusion category: feature CVE: NA --------------------------- Even though most of the GPRs is zero at reset state, we should explicitly set these before LAUNCH_ENCRYPT_VMCB. The DR6 register is not zero at reset state, we should explicitly set DR6 before LAUNCH_ENCRYPT_VMCB. The PKRU currently is unsupported on Hygon CPUs, this register is zero at reset state, nevertheless explicitly set PKRU before LAUNCH_ENCRYPT_VMCB. Signed-off-by: hanliyang <[email protected]>
…f newer CSV firmware hygon inclusion category: feature CVE: NA --------------------------- As more and more confidential computing features are provided, the hypervisor and userspace VMM should recognize the extended features. Provide csv_get_extension_info() to present the extended confidential computing features of the newer CSV firmware so that the hypervisor can utilize the extended features when launch and running a confidential guest. Signed-off-by: hanliyang <[email protected]>
hygon inclusion category: feature CVE: NA --------------------------- The CSV1/2/3 firmware will provide more confidential features, it's recommended that the user space VMM (e.g. Qemu) inquiry about which features are supported by the system and decide to utilise some of these supported features. Provide KVM_CAP_HYGON_COCO_EXT ioctl interface so that the user space VMM, KVM, and firmware can negotiate how to interoperate with each other. The KVM_CAP_HYGON_COCO_EXT interface will address many compatibility issues when any one of the user space VMM, KVM, or firmware is not up-to-date. Signed-off-by: hanliyang <[email protected]>
hygon inclusion category: feature CVE: NA --------------------------- For newer CSV1/2/3 firmware, multiple LAUNCH_ENCRYPT_DATA commands are allowed to be issued. However, SET_GUEST_PRIVATE_MEMORY command can only be issued once. Provide a separate ioctl interface KVM_CSV3_SET_GUEST_PRIVATE_MEMORY here. The user space VMM can negotiate with KVM on whether to enable the capability KVM_CAP_HYGON_COCO_EXT_CSV3_SET_PRIV_MEM. When this capability is enabled, the user space VMM should explicitly request the KVM_CSV3_SET_GUEST_PRIVATE_MEMORY ioctl interface, and the KVM_CSV3_LAUNCH_ENCRYPT_DATA ioctl handler will skip the process of issuing the SET_GUEST_PRIVATE_MEMORY command, in addition, the user space VMM will have the chance to request KVM_CSV3_LAUNCH_ENCRYPT_DATA ioctl interface more than once. When this capability is disabled, the user space will not request the KVM_CSV3_SET_GUEST_PRIVATE_MEMORY ioctl interface, and the KVM_CSV3_LAUNCH_ENCRYPT_DATA ioctl handler will still issue the SET_GUEST_PRIVATE_MEMORY command. Signed-off-by: hanliyang <[email protected]>
…ATA and more than once hygon inclusion category: feature CVE: NA --------------------------- So far, the KVM_CSV3_LAUNCH_ENCRYPT_DATA handler only process 4K aligned data, this is insufficient because we need encrypt Non-4K aligned data to CSV3 guest's private memory in some cases. To address this, we provide new function csv3_launch_encrypt_data_alt_2 to process Non-4K aligned data. The new function will be called only when the cap KVM_CAP_HYGON_COCO_EXT_CSV3_MULT_LUP_DATA is enabled for current CSV3 guest. In addition, to simplify the KVM_CSV3_LAUNCH_ENCRYPT_DATA request from the user space, the function csv3_launch_encrypt_data_alt_2 allows issue CSV3_CMD_LAUNCH_ENCRYPT_DATA more than once if necessary. Signed-off-by: hanliyang <[email protected]>
hygon inclusion category: feature CVE: NA --------------------------- We should provide GPA in LAUNCH_SECRET API command buffer for CSV3 guest. We introduce a appropriate function csv_launch_secret to process user space KVM_SEV_LAUNCH_SECRET ioctl request, irrespective of whether it is a CSV, CSV2 or CSV3 guest. For CSV3 guest, the member guest_uaddr of the structure kvm_sev_launch_secret should be the value of GPA. Signed-off-by: hanliyang <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Hi @wojiaohanliyang. Thanks for your PR. I'm waiting for a deepin-community member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| */ | ||
| if (!buf || !size || *size < sizeof(uint32_t)) { | ||
| if (size) | ||
| *size = sizeof(uint32_t); |
There was a problem hiding this comment.
预期是函数的调用者如果期望获取 存放扩展flag的大小,则传入buf == NULL , 以及有效的size变量地址,然后调用者根据需要分配buf;
There was a problem hiding this comment.
预期是函数的调用者如果期望获取 存放扩展flag的大小,则传入buf == NULL , 以及有效的size变量地址,然后调用者根据需要分配buf;
我的意思是这里return -EINVAL; 了, 修改 size还有意义吗?
There was a problem hiding this comment.
预期是函数的调用者如果期望获取 存放扩展flag的大小,则传入buf == NULL , 以及有效的size变量地址,然后调用者根据需要分配buf;
我的意思是这里return -EINVAL; 了, 修改 size还有意义吗?
调用者了解到返回值是-EINVAL,可以知道是参数存在哪些问题。如果调用者的参数场景是buf==NULL, &size!=NULL,size = 0,那么就是调用者期望得到合理的size值;如果调用者的参数场景不是这样的,那么调用者看到-EINVAL直接认为本次调用是失败的,无法得到期望的feature信息,直接返回失败。
There was a problem hiding this comment.
预期是函数的调用者如果期望获取 存放扩展flag的大小,则传入buf == NULL , 以及有效的size变量地址,然后调用者根据需要分配buf;
我的意思是这里return -EINVAL; 了, 修改 size还有意义吗?
调用者了解到返回值是-EINVAL,可以知道是参数存在哪些问题。如果调用者的参数场景是buf==NULL, &size!=NULL,size = 0,那么就是调用者期望得到合理的size值;如果调用者的参数场景不是这样的,那么调用者看到-EINVAL直接认为本次调用是失败的,无法得到期望的feature信息,直接返回失败。
ok
No description provided.