Re: [Part2 PATCH v6 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support

From: Brijesh Singh
Date: Thu Oct 26 2017 - 15:26:31 EST




On 10/26/2017 12:44 PM, Borislav Petkov wrote:
On Thu, Oct 26, 2017 at 11:56:57AM -0500, Brijesh Singh wrote:
The variable is used as ref counter.

... and it can't be converted to a boolean because...?


SHUTDOWN command unconditionally transitions a platform to uninitialized state. The command does not care how many processes are actively using the PSP. We don't want to shutdown the firmware while other process is still using it.

e.g consider three processes (A, B, C)

Process A:
----------
sev_platform_init()
sev_do_cmd(..)
...
...
sev_do_cmd(..)
...
sev_platform_shutdown()

Process B:
-----------
sev_platform_init()
sev_do_cmd(...)
sev_platform_shutdown()

Process C:
----------
sev_platform_init()
sev_do_cmd(...)
sev_do_cmd(...)
sev_do_cmd(...)
sev_platform_shutdown()

As per the SEV spec section 5.1.2 (platform state machine), several commands require that platform should be initialized before issuing the actual command. As you can see Process B may finish quickly and SHUTDOWN from process B will simply uninitialize the firmware and cause unexpected result to process A and C.


In your previous reply you comments on global semaphore (fw_init_mutex) and
in response I tried to highlight why we need the global semaphore. Did I
misunderstood your comment ?

Yes, what happens if you get preempted while holding the mutex? Will the other
process be able to do anything?


If other process tries to issue the sev_platform_init/shutdown() then they have to wait.

The sev_platform_init() and sev_platform_shutdown() uses the same global mutex. See the original code below.

+static int __sev_platform_init(struct sev_data_init *data, int *error)
+{
+ int rc = 0;
+
+ mutex_lock(&fw_init_mutex);
+
+ if (!fw_init_count) {
+ rc = sev_do_cmd(SEV_CMD_INIT, data, error);
+ if (rc)
+ goto unlock;
+ }
+
+ fw_init_count++;
+
+unlock:
+ mutex_unlock(&fw_init_mutex);
+ return rc;
+
+}
+
+int sev_platform_shutdown(int *error)
+{
+ int rc = 0;
+
+ mutex_lock(&fw_init_mutex);
+
+ if (!fw_init_count)
+ goto unlock;
+
+ if (fw_init_count == 1) {
+ rc = sev_do_cmd(SEV_CMD_SHUTDOWN, 0, error);
+ if (rc)
+ goto unlock;
+ }
+
+ fw_init_count--;
+
+unlock:
+ mutex_unlock(&fw_init_mutex);
+ return rc;
+}