Re: [PATCH v11 42/45] virt: Add SEV-SNP guest driver

From: Dov Murik
Date: Wed Mar 02 2022 - 05:04:46 EST


Hi Brijesh,

On 24/02/2022 18:56, Brijesh Singh wrote:
> The SEV-SNP specification provides the guest a mechanism to communicate
> with the PSP without risk from a malicious hypervisor who wishes to
> read, alter, drop or replay the messages sent. The driver uses
> snp_issue_guest_request() to issue GHCB SNP_GUEST_REQUEST or
> SNP_EXT_GUEST_REQUEST NAE events to submit the request to PSP.
>
> The PSP requires that all communication should be encrypted using key
> specified through the platform_data.
>
> Userspace can use SNP_GET_REPORT ioctl() to query the guest attestation
> report.
>
> See SEV-SNP spec section Guest Messages for more details.
>
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---

[...]

> +
> +static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen)
> +{
> + struct snp_guest_crypto *crypto;
> +
> + crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT);
> + if (!crypto)
> + return NULL;
> +
> + crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0);
> + if (IS_ERR(crypto->tfm))
> + goto e_free;


When trying this series, the sevguest module didn't load (and printed no
error message). After adding some debug messages, I found that the
crypto_alloc_read() call returned an error. I found out that
CONFIG_CRYPTO_GCM was disabled in my config.

Consider modifying sevguest/Kconfig to force it in:



diff --git a/drivers/virt/coco/sevguest/Kconfig b/drivers/virt/coco/sevguest/Kconfig
index 2be45820e86c..74ca1fe09437 100644
--- a/drivers/virt/coco/sevguest/Kconfig
+++ b/drivers/virt/coco/sevguest/Kconfig
@@ -1,7 +1,9 @@
config SEV_GUEST
tristate "AMD SEV Guest driver"
default m
- depends on AMD_MEM_ENCRYPT && CRYPTO_AEAD2
+ depends on AMD_MEM_ENCRYPT
+ select CRYPTO_AEAD2
+ select CRYPTO_GCM
help
SEV-SNP firmware provides the guest a mechanism to communicate with
the PSP without risk from a malicious hypervisor who wishes to read,



Another thing to consider is to add messages to the various error paths
in snp_guest_probe(). Not sure what is the common practice in other modules.

-Dov


> +
> + if (crypto_aead_setkey(crypto->tfm, key, keylen))
> + goto e_free_crypto;
> +
> + crypto->iv_len = crypto_aead_ivsize(crypto->tfm);
> + crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT);
> + if (!crypto->iv)
> + goto e_free_crypto;
> +
> + if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) {
> + if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) {
> + dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN);
> + goto e_free_iv;
> + }
> + }
> +
> + crypto->a_len = crypto_aead_authsize(crypto->tfm);
> + crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT);
> + if (!crypto->authtag)
> + goto e_free_auth;
> +
> + return crypto;
> +
> +e_free_auth:
> + kfree(crypto->authtag);
> +e_free_iv:
> + kfree(crypto->iv);
> +e_free_crypto:
> + crypto_free_aead(crypto->tfm);
> +e_free:
> + kfree(crypto);
> +
> + return NULL;
> +}

[...]