kernel/linux.git/drivers/crypto/ccp, branch v4.19.16 Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v4.19.16 2018-09-13T05:27:43+00:00 crypto: ccp - add timeout support in the SEV command 2018-09-13T05:27:43+00:00 Brijesh Singh brijesh.singh@amd.com 2018-08-15T21:11:25+00:00 urn:sha1:3702a0585e64d70d5bf73bf3e943b8d6005b72c1 Currently, the CCP driver assumes that the SEV command issued to the PSP will always return (i.e. it will never hang). But recently, firmware bugs have shown that a command can hang. Since of the SEV commands are used in probe routines, this can cause boot hangs and/or loss of virtualization capabilities. To protect against firmware bugs, add a timeout in the SEV command execution flow. If a command does not complete within the specified timeout then return -ETIMEOUT and stop the driver from executing any further commands since the state of the SEV firmware is unknown. Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gary Hook <Gary.Hook@amd.com> Cc: Herbert Xu <herbert@gondor.apana.org.au> Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Check for NULL PSP pointer at module unload 2018-08-03T10:06:05+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-26T14:37:59+00:00 urn:sha1:afb31cd2d1a1bc3ca055fb2519ec4e9ab969ffe0 Should the PSP initialization fail, the PSP data structure will be freed and the value contained in the sp_device struct set to NULL. At module unload, psp_dev_destroy() does not check if the pointer value is NULL and will end up dereferencing a NULL pointer. Add a pointer check of the psp_data field in the sp_device struct in psp_dev_destroy() and return immediately if it is NULL. Cc: <stable@vger.kernel.org> # 4.16.x- Fixes: 2a6170dfe755 ("crypto: ccp: Add Platform Security Processor (PSP) device support") Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Add support for new CCP/PSP device ID 2018-07-13T10:26:48+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-03T17:12:14+00:00 urn:sha1:dcbc0c6e4aa1ef269179351ac615fd08ddefc849 Add a new CCP/PSP PCI device ID and new PSP register offsets. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Support register differences between PSP devices 2018-07-13T10:26:48+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-03T17:12:03+00:00 urn:sha1:ad01a984f512c42c9f4fe79d36b9cddbc6156a3f In preparation for adding a new PSP device ID that uses different register offsets, add support to the PSP version data for register offset values. And then update the code to use these new register offset values. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Remove unused #defines 2018-07-13T10:26:48+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-03T17:11:52+00:00 urn:sha1:03af91242c36f225c6fa79e143fad5f4c3624a46 Remove some unused #defines for register offsets that are not used. This will lessen the changes required when register offsets change between versions of the device. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Add psp enabled message when initialization succeeds 2018-07-13T10:26:48+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-03T17:11:42+00:00 urn:sha1:015c8c85b721e93bcd6a3f4b5be63112ecb331c4 Add a dev_notice() message to the PSP initialization to report when the PSP initialization has succeeded and the PSP is enabled. Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Fix command completion detection race 2018-07-13T10:26:48+00:00 Tom Lendacky thomas.lendacky@amd.com 2018-07-03T17:11:33+00:00 urn:sha1:f426d2b20f1cd63818873593031593e15c3db20b The wait_event() function is used to detect command completion. The interrupt handler will set the wait condition variable when the interrupt is triggered. However, the variable used for wait_event() is initialized after the command has been submitted, which can create a race condition with the interrupt handler and result in the wait_event() never returning. Move the initialization of the wait condition variable to just before command submission. Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support") Cc: <stable@vger.kernel.org> # 4.16.x- Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ahash - remove useless setting of cra_type 2018-07-08T16:30:26+00:00 Eric Biggers ebiggers@google.com 2018-06-30T22:16:13+00:00 urn:sha1:c87a405e3bacaae324bb05ee9a48aa9844688469 Some ahash algorithms set .cra_type = &crypto_ahash_type. But this is redundant with the C structure type ('struct ahash_alg'), and crypto_register_ahash() already sets the .cra_type automatically. Apparently the useless assignment has just been copy+pasted around. So, remove the useless assignment from all the ahash algorithms. This patch shouldn't change any actual behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ahash - remove useless setting of type flags 2018-07-08T16:30:25+00:00 Eric Biggers ebiggers@google.com 2018-06-30T22:16:12+00:00 urn:sha1:6a38f62245c9d5217b696ec5aca6a5cf6351f615 Many ahash algorithms set .cra_flags = CRYPTO_ALG_TYPE_AHASH. But this is redundant with the C structure type ('struct ahash_alg'), and crypto_register_ahash() already sets the type flag automatically, clearing any type flag that was already there. Apparently the useless assignment has just been copy+pasted around. So, remove the useless assignment from all the ahash algorithms. This patch shouldn't change any actual behavior. Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Gilad Ben-Yossef <gilad@benyossef.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> crypto: ccp - Add GET_ID SEV command 2018-05-30T16:13:56+00:00 Janakarajan Natarajan Janakarajan.Natarajan@amd.com 2018-05-25T20:23:30+00:00 urn:sha1:0b3a830bb407dce79468a26f382260131b50b3c5 The GET_ID command, added as of SEV API v0.16, allows the SEV firmware to be queried about a unique CPU ID. This unique ID can then be used to obtain the public certificate containing the Chip Endorsement Key (CEK) public key signed by the AMD SEV Signing Key (ASK). For more information please refer to "Section 5.12 GET_ID" of https://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Signed-off-by: Janakarajan Natarajan <Janakarajan.Natarajan@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>