mirror of
https://github.com/torvalds/linux.git
synced 2024-11-25 13:41:51 +00:00
virt: sev-guest: Rename local guest message variables
Rename local guest message variables for more clarity. No functional change. Signed-off-by: Nikunj A Dadhania <nikunj@amd.com> Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de> Link: https://lore.kernel.org/r/20240731150811.156771-3-nikunj@amd.com
This commit is contained in:
Nikunj A Dadhania
Borislav Petkov (AMD)
parent
dc6d20b900
commit
a1bbb2236b
@ -291,45 +291,45 @@ static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg,
|
||||
static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz)
|
||||
{
|
||||
struct snp_guest_crypto *crypto = snp_dev->crypto;
|
||||
struct snp_guest_msg *resp = &snp_dev->secret_response;
|
||||
struct snp_guest_msg *req = &snp_dev->secret_request;
|
||||
struct snp_guest_msg_hdr *req_hdr = &req->hdr;
|
||||
struct snp_guest_msg_hdr *resp_hdr = &resp->hdr;
|
||||
struct snp_guest_msg *resp_msg = &snp_dev->secret_response;
|
||||
struct snp_guest_msg *req_msg = &snp_dev->secret_request;
|
||||
struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr;
|
||||
struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr;
|
||||
|
||||
pr_debug("response [seqno %lld type %d version %d sz %d]\n",
|
||||
resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version,
|
||||
resp_hdr->msg_sz);
|
||||
resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version,
|
||||
resp_msg_hdr->msg_sz);
|
||||
|
||||
/* Copy response from shared memory to encrypted memory. */
|
||||
memcpy(resp, snp_dev->response, sizeof(*resp));
|
||||
memcpy(resp_msg, snp_dev->response, sizeof(*resp_msg));
|
||||
|
||||
/* Verify that the sequence counter is incremented by 1 */
|
||||
if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1)))
|
||||
if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1)))
|
||||
return -EBADMSG;
|
||||
|
||||
/* Verify response message type and version number. */
|
||||
if (resp_hdr->msg_type != (req_hdr->msg_type + 1) ||
|
||||
resp_hdr->msg_version != req_hdr->msg_version)
|
||||
if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) ||
|
||||
resp_msg_hdr->msg_version != req_msg_hdr->msg_version)
|
||||
return -EBADMSG;
|
||||
|
||||
/*
|
||||
* If the message size is greater than our buffer length then return
|
||||
* an error.
|
||||
*/
|
||||
if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz))
|
||||
if (unlikely((resp_msg_hdr->msg_sz + crypto->a_len) > sz))
|
||||
return -EBADMSG;
|
||||
|
||||
/* Decrypt the payload */
|
||||
return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len);
|
||||
return dec_payload(snp_dev, resp_msg, payload, resp_msg_hdr->msg_sz + crypto->a_len);
|
||||
}
|
||||
|
||||
static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
|
||||
void *payload, size_t sz)
|
||||
{
|
||||
struct snp_guest_msg *req = &snp_dev->secret_request;
|
||||
struct snp_guest_msg_hdr *hdr = &req->hdr;
|
||||
struct snp_guest_msg *msg = &snp_dev->secret_request;
|
||||
struct snp_guest_msg_hdr *hdr = &msg->hdr;
|
||||
|
||||
memset(req, 0, sizeof(*req));
|
||||
memset(msg, 0, sizeof(*msg));
|
||||
|
||||
hdr->algo = SNP_AEAD_AES_256_GCM;
|
||||
hdr->hdr_version = MSG_HDR_VER;
|
||||
@ -347,7 +347,7 @@ static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8
|
||||
pr_debug("request [seqno %lld type %d version %d sz %d]\n",
|
||||
hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
|
||||
|
||||
return __enc_payload(snp_dev, req, payload, sz);
|
||||
return __enc_payload(snp_dev, msg, payload, sz);
|
||||
}
|
||||
|
||||
static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
|
||||
@ -496,8 +496,8 @@ struct snp_req_resp {
|
||||
static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
|
||||
{
|
||||
struct snp_guest_crypto *crypto = snp_dev->crypto;
|
||||
struct snp_report_req *req = &snp_dev->req.report;
|
||||
struct snp_report_resp *resp;
|
||||
struct snp_report_req *report_req = &snp_dev->req.report;
|
||||
struct snp_report_resp *report_resp;
|
||||
int rc, resp_len;
|
||||
|
||||
lockdep_assert_held(&snp_cmd_mutex);
|
||||
@ -505,7 +505,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io
|
||||
if (!arg->req_data || !arg->resp_data)
|
||||
return -EINVAL;
|
||||
|
||||
if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req)))
|
||||
if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req)))
|
||||
return -EFAULT;
|
||||
|
||||
/*
|
||||
@ -513,30 +513,29 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io
|
||||
* response payload. Make sure that it has enough space to cover the
|
||||
* authtag.
|
||||
*/
|
||||
resp_len = sizeof(resp->data) + crypto->a_len;
|
||||
resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
|
||||
if (!resp)
|
||||
resp_len = sizeof(report_resp->data) + crypto->a_len;
|
||||
report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
|
||||
if (!report_resp)
|
||||
return -ENOMEM;
|
||||
|
||||
rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg,
|
||||
SNP_MSG_REPORT_REQ, req, sizeof(*req), resp->data,
|
||||
resp_len);
|
||||
rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ,
|
||||
report_req, sizeof(*report_req), report_resp->data, resp_len);
|
||||
if (rc)
|
||||
goto e_free;
|
||||
|
||||
if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp)))
|
||||
if (copy_to_user((void __user *)arg->resp_data, report_resp, sizeof(*report_resp)))
|
||||
rc = -EFAULT;
|
||||
|
||||
e_free:
|
||||
kfree(resp);
|
||||
kfree(report_resp);
|
||||
return rc;
|
||||
}
|
||||
|
||||
static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
|
||||
{
|
||||
struct snp_derived_key_req *req = &snp_dev->req.derived_key;
|
||||
struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key;
|
||||
struct snp_guest_crypto *crypto = snp_dev->crypto;
|
||||
struct snp_derived_key_resp resp = {0};
|
||||
struct snp_derived_key_resp derived_key_resp = {0};
|
||||
int rc, resp_len;
|
||||
/* Response data is 64 bytes and max authsize for GCM is 16 bytes. */
|
||||
u8 buf[64 + 16];
|
||||
@ -551,25 +550,27 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque
|
||||
* response payload. Make sure that it has enough space to cover the
|
||||
* authtag.
|
||||
*/
|
||||
resp_len = sizeof(resp.data) + crypto->a_len;
|
||||
resp_len = sizeof(derived_key_resp.data) + crypto->a_len;
|
||||
if (sizeof(buf) < resp_len)
|
||||
return -ENOMEM;
|
||||
|
||||
if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req)))
|
||||
if (copy_from_user(derived_key_req, (void __user *)arg->req_data,
|
||||
sizeof(*derived_key_req)))
|
||||
return -EFAULT;
|
||||
|
||||
rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg,
|
||||
SNP_MSG_KEY_REQ, req, sizeof(*req), buf, resp_len);
|
||||
rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_KEY_REQ,
|
||||
derived_key_req, sizeof(*derived_key_req), buf, resp_len);
|
||||
if (rc)
|
||||
return rc;
|
||||
|
||||
memcpy(resp.data, buf, sizeof(resp.data));
|
||||
if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp)))
|
||||
memcpy(derived_key_resp.data, buf, sizeof(derived_key_resp.data));
|
||||
if (copy_to_user((void __user *)arg->resp_data, &derived_key_resp,
|
||||
sizeof(derived_key_resp)))
|
||||
rc = -EFAULT;
|
||||
|
||||
/* The response buffer contains the sensitive data, explicitly clear it. */
|
||||
memzero_explicit(buf, sizeof(buf));
|
||||
memzero_explicit(&resp, sizeof(resp));
|
||||
memzero_explicit(&derived_key_resp, sizeof(derived_key_resp));
|
||||
return rc;
|
||||
}
|
||||
|
||||
@ -577,9 +578,9 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
|
||||
struct snp_req_resp *io)
|
||||
|
||||
{
|
||||
struct snp_ext_report_req *req = &snp_dev->req.ext_report;
|
||||
struct snp_ext_report_req *report_req = &snp_dev->req.ext_report;
|
||||
struct snp_guest_crypto *crypto = snp_dev->crypto;
|
||||
struct snp_report_resp *resp;
|
||||
struct snp_report_resp *report_resp;
|
||||
int ret, npages = 0, resp_len;
|
||||
sockptr_t certs_address;
|
||||
|
||||
@ -588,22 +589,22 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
|
||||
if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data))
|
||||
return -EINVAL;
|
||||
|
||||
if (copy_from_sockptr(req, io->req_data, sizeof(*req)))
|
||||
if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req)))
|
||||
return -EFAULT;
|
||||
|
||||
/* caller does not want certificate data */
|
||||
if (!req->certs_len || !req->certs_address)
|
||||
if (!report_req->certs_len || !report_req->certs_address)
|
||||
goto cmd;
|
||||
|
||||
if (req->certs_len > SEV_FW_BLOB_MAX_SIZE ||
|
||||
!IS_ALIGNED(req->certs_len, PAGE_SIZE))
|
||||
if (report_req->certs_len > SEV_FW_BLOB_MAX_SIZE ||
|
||||
!IS_ALIGNED(report_req->certs_len, PAGE_SIZE))
|
||||
return -EINVAL;
|
||||
|
||||
if (sockptr_is_kernel(io->resp_data)) {
|
||||
certs_address = KERNEL_SOCKPTR((void *)req->certs_address);
|
||||
certs_address = KERNEL_SOCKPTR((void *)report_req->certs_address);
|
||||
} else {
|
||||
certs_address = USER_SOCKPTR((void __user *)req->certs_address);
|
||||
if (!access_ok(certs_address.user, req->certs_len))
|
||||
certs_address = USER_SOCKPTR((void __user *)report_req->certs_address);
|
||||
if (!access_ok(certs_address.user, report_req->certs_len))
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
@ -613,45 +614,45 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques
|
||||
* the host. If host does not supply any certs in it, then copy
|
||||
* zeros to indicate that certificate data was not provided.
|
||||
*/
|
||||
memset(snp_dev->certs_data, 0, req->certs_len);
|
||||
npages = req->certs_len >> PAGE_SHIFT;
|
||||
memset(snp_dev->certs_data, 0, report_req->certs_len);
|
||||
npages = report_req->certs_len >> PAGE_SHIFT;
|
||||
cmd:
|
||||
/*
|
||||
* The intermediate response buffer is used while decrypting the
|
||||
* response payload. Make sure that it has enough space to cover the
|
||||
* authtag.
|
||||
*/
|
||||
resp_len = sizeof(resp->data) + crypto->a_len;
|
||||
resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
|
||||
if (!resp)
|
||||
resp_len = sizeof(report_resp->data) + crypto->a_len;
|
||||
report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
|
||||
if (!report_resp)
|
||||
return -ENOMEM;
|
||||
|
||||
snp_dev->input.data_npages = npages;
|
||||
ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg,
|
||||
SNP_MSG_REPORT_REQ, &req->data,
|
||||
sizeof(req->data), resp->data, resp_len);
|
||||
ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ,
|
||||
&report_req->data, sizeof(report_req->data),
|
||||
report_resp->data, resp_len);
|
||||
|
||||
/* If certs length is invalid then copy the returned length */
|
||||
if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) {
|
||||
req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT;
|
||||
report_req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT;
|
||||
|
||||
if (copy_to_sockptr(io->req_data, req, sizeof(*req)))
|
||||
if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req)))
|
||||
ret = -EFAULT;
|
||||
}
|
||||
|
||||
if (ret)
|
||||
goto e_free;
|
||||
|
||||
if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, req->certs_len)) {
|
||||
if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, report_req->certs_len)) {
|
||||
ret = -EFAULT;
|
||||
goto e_free;
|
||||
}
|
||||
|
||||
if (copy_to_sockptr(io->resp_data, resp, sizeof(*resp)))
|
||||
if (copy_to_sockptr(io->resp_data, report_resp, sizeof(*report_resp)))
|
||||
ret = -EFAULT;
|
||||
|
||||
e_free:
|
||||
kfree(resp);
|
||||
kfree(report_resp);
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user