tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

crypto: ccp - Fail the PSP initialization when writing psp data file failed

Currently the OS continues the PSP initialization when there is a write
failure to the init_ex_file. Therefore, the userspace would be told that
SEV is properly INIT'd even though the psp data file is not updated.
This is problematic because later when asked for the SEV data, the OS
won't be able to provide it.

Fixes: 3d725965f836 ("crypto: ccp - Add SEV_INIT_EX support")
Reported-by: Peter Gonda <pgonda@google.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Jacky Li <jackyli@google.com>
Acked-by: David Rientjes <rientjes@google.com>
Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Jacky Li and committed by
Herbert Xu efb4b01c d8da2da2

+15 -11
+15 -11
drivers/crypto/ccp/sev-dev.c
··· 237 237 return 0; 238 238 } 239 239 240 - static void sev_write_init_ex_file(void) 240 + static int sev_write_init_ex_file(void) 241 241 { 242 242 struct sev_device *sev = psp_master->sev_data; 243 243 struct file *fp; ··· 247 247 lockdep_assert_held(&sev_cmd_mutex); 248 248 249 249 if (!sev_init_ex_buffer) 250 - return; 250 + return 0; 251 251 252 252 fp = open_file_as_root(init_ex_path, O_CREAT | O_WRONLY, 0600); 253 253 if (IS_ERR(fp)) { 254 + int ret = PTR_ERR(fp); 255 + 254 256 dev_err(sev->dev, 255 - "SEV: could not open file for write, error %ld\n", 256 - PTR_ERR(fp)); 257 - return; 257 + "SEV: could not open file for write, error %d\n", 258 + ret); 259 + return ret; 258 260 } 259 261 260 262 nwrite = kernel_write(fp, sev_init_ex_buffer, NV_LENGTH, &offset); ··· 267 265 dev_err(sev->dev, 268 266 "SEV: failed to write %u bytes to non volatile memory area, ret %ld\n", 269 267 NV_LENGTH, nwrite); 270 - return; 268 + return -EIO; 271 269 } 272 270 273 271 dev_dbg(sev->dev, "SEV: write successful to NV file\n"); 272 + 273 + return 0; 274 274 } 275 275 276 - static void sev_write_init_ex_file_if_required(int cmd_id) 276 + static int sev_write_init_ex_file_if_required(int cmd_id) 277 277 { 278 278 lockdep_assert_held(&sev_cmd_mutex); 279 279 280 280 if (!sev_init_ex_buffer) 281 - return; 281 + return 0; 282 282 283 283 /* 284 284 * Only a few platform commands modify the SPI/NV area, but none of the ··· 295 291 case SEV_CMD_PEK_GEN: 296 292 break; 297 293 default: 298 - return; 294 + return 0; 299 295 } 300 296 301 - sev_write_init_ex_file(); 297 + return sev_write_init_ex_file(); 302 298 } 303 299 304 300 static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) ··· 371 367 cmd, reg & PSP_CMDRESP_ERR_MASK); 372 368 ret = -EIO; 373 369 } else { 374 - sev_write_init_ex_file_if_required(cmd); 370 + ret = sev_write_init_ex_file_if_required(cmd); 375 371 } 376 372 377 373 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,