| // SPDX-License-Identifier: GPL-2.0-only |
| /* |
| * AMD Secure Encrypted Virtualization (SEV) guest driver interface |
| * |
| * Copyright (C) 2021-2024 Advanced Micro Devices, Inc. |
| * |
| * Author: Brijesh Singh <brijesh.singh@amd.com> |
| */ |
| |
| #include <linux/module.h> |
| #include <linux/kernel.h> |
| #include <linux/types.h> |
| #include <linux/mutex.h> |
| #include <linux/io.h> |
| #include <linux/platform_device.h> |
| #include <linux/miscdevice.h> |
| #include <linux/set_memory.h> |
| #include <linux/fs.h> |
| #include <linux/tsm.h> |
| #include <crypto/aead.h> |
| #include <linux/scatterlist.h> |
| #include <linux/psp-sev.h> |
| #include <linux/sockptr.h> |
| #include <linux/cleanup.h> |
| #include <linux/uuid.h> |
| #include <linux/configfs.h> |
| #include <uapi/linux/sev-guest.h> |
| #include <uapi/linux/psp-sev.h> |
| |
| #include <asm/svm.h> |
| #include <asm/sev.h> |
| |
| #define DEVICE_NAME "sev-guest" |
| #define AAD_LEN 48 |
| #define MSG_HDR_VER 1 |
| |
| #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) |
| #define SNP_REQ_RETRY_DELAY (2*HZ) |
| |
| #define SVSM_MAX_RETRIES 3 |
| |
| struct snp_guest_crypto { |
| struct crypto_aead *tfm; |
| u8 *iv, *authtag; |
| int iv_len, a_len; |
| }; |
| |
| struct snp_guest_dev { |
| struct device *dev; |
| struct miscdevice misc; |
| |
| void *certs_data; |
| struct snp_guest_crypto *crypto; |
| /* request and response are in unencrypted memory */ |
| struct snp_guest_msg *request, *response; |
| |
| /* |
| * Avoid information leakage by double-buffering shared messages |
| * in fields that are in regular encrypted memory. |
| */ |
| struct snp_guest_msg secret_request, secret_response; |
| |
| struct snp_secrets_page *secrets; |
| struct snp_req_data input; |
| union { |
| struct snp_report_req report; |
| struct snp_derived_key_req derived_key; |
| struct snp_ext_report_req ext_report; |
| } req; |
| u32 *os_area_msg_seqno; |
| u8 *vmpck; |
| }; |
| |
| /* |
| * The VMPCK ID represents the key used by the SNP guest to communicate with the |
| * SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key |
| * used will be the key associated with the VMPL at which the guest is running. |
| * Should the default key be wiped (see snp_disable_vmpck()), this parameter |
| * allows for using one of the remaining VMPCKs. |
| */ |
| static int vmpck_id = -1; |
| module_param(vmpck_id, int, 0444); |
| MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); |
| |
| /* Mutex to serialize the shared buffer access and command handling. */ |
| static DEFINE_MUTEX(snp_cmd_mutex); |
| |
| static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) |
| { |
| char zero_key[VMPCK_KEY_LEN] = {0}; |
| |
| if (snp_dev->vmpck) |
| return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); |
| |
| return true; |
| } |
| |
| /* |
| * If an error is received from the host or AMD Secure Processor (ASP) there |
| * are two options. Either retry the exact same encrypted request or discontinue |
| * using the VMPCK. |
| * |
| * This is because in the current encryption scheme GHCB v2 uses AES-GCM to |
| * encrypt the requests. The IV for this scheme is the sequence number. GCM |
| * cannot tolerate IV reuse. |
| * |
| * The ASP FW v1.51 only increments the sequence numbers on a successful |
| * guest<->ASP back and forth and only accepts messages at its exact sequence |
| * number. |
| * |
| * So if the sequence number were to be reused the encryption scheme is |
| * vulnerable. If the sequence number were incremented for a fresh IV the ASP |
| * will reject the request. |
| */ |
| static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) |
| { |
| dev_alert(snp_dev->dev, "Disabling VMPCK%d communication key to prevent IV reuse.\n", |
| vmpck_id); |
| memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); |
| snp_dev->vmpck = NULL; |
| } |
| |
| static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) |
| { |
| u64 count; |
| |
| lockdep_assert_held(&snp_cmd_mutex); |
| |
| /* Read the current message sequence counter from secrets pages */ |
| count = *snp_dev->os_area_msg_seqno; |
| |
| return count + 1; |
| } |
| |
| /* Return a non-zero on success */ |
| static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) |
| { |
| u64 count = __snp_get_msg_seqno(snp_dev); |
| |
| /* |
| * The message sequence counter for the SNP guest request is a 64-bit |
| * value but the version 2 of GHCB specification defines a 32-bit storage |
| * for it. If the counter exceeds the 32-bit value then return zero. |
| * The caller should check the return value, but if the caller happens to |
| * not check the value and use it, then the firmware treats zero as an |
| * invalid number and will fail the message request. |
| */ |
| if (count >= UINT_MAX) { |
| dev_err(snp_dev->dev, "request message sequence counter overflow\n"); |
| return 0; |
| } |
| |
| return count; |
| } |
| |
| static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) |
| { |
| /* |
| * The counter is also incremented by the PSP, so increment it by 2 |
| * and save in secrets page. |
| */ |
| *snp_dev->os_area_msg_seqno += 2; |
| } |
| |
| static inline struct snp_guest_dev *to_snp_dev(struct file *file) |
| { |
| struct miscdevice *dev = file->private_data; |
| |
| return container_of(dev, struct snp_guest_dev, misc); |
| } |
| |
| static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) |
| { |
| struct snp_guest_crypto *crypto; |
| |
| crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); |
| if (!crypto) |
| return NULL; |
| |
| crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); |
| if (IS_ERR(crypto->tfm)) |
| goto e_free; |
| |
| if (crypto_aead_setkey(crypto->tfm, key, keylen)) |
| goto e_free_crypto; |
| |
| crypto->iv_len = crypto_aead_ivsize(crypto->tfm); |
| crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); |
| if (!crypto->iv) |
| goto e_free_crypto; |
| |
| if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { |
| if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { |
| dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); |
| goto e_free_iv; |
| } |
| } |
| |
| crypto->a_len = crypto_aead_authsize(crypto->tfm); |
| crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); |
| if (!crypto->authtag) |
| goto e_free_iv; |
| |
| return crypto; |
| |
| e_free_iv: |
| kfree(crypto->iv); |
| e_free_crypto: |
| crypto_free_aead(crypto->tfm); |
| e_free: |
| kfree(crypto); |
| |
| return NULL; |
| } |
| |
| static void deinit_crypto(struct snp_guest_crypto *crypto) |
| { |
| crypto_free_aead(crypto->tfm); |
| kfree(crypto->iv); |
| kfree(crypto->authtag); |
| kfree(crypto); |
| } |
| |
| static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, |
| u8 *src_buf, u8 *dst_buf, size_t len, bool enc) |
| { |
| struct snp_guest_msg_hdr *hdr = &msg->hdr; |
| struct scatterlist src[3], dst[3]; |
| DECLARE_CRYPTO_WAIT(wait); |
| struct aead_request *req; |
| int ret; |
| |
| req = aead_request_alloc(crypto->tfm, GFP_KERNEL); |
| if (!req) |
| return -ENOMEM; |
| |
| /* |
| * AEAD memory operations: |
| * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ |
| * | msg header | plaintext | hdr->authtag | |
| * | bytes 30h - 5Fh | or | | |
| * | | cipher | | |
| * +------------------+------------------+----------------+ |
| */ |
| sg_init_table(src, 3); |
| sg_set_buf(&src[0], &hdr->algo, AAD_LEN); |
| sg_set_buf(&src[1], src_buf, hdr->msg_sz); |
| sg_set_buf(&src[2], hdr->authtag, crypto->a_len); |
| |
| sg_init_table(dst, 3); |
| sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); |
| sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); |
| sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); |
| |
| aead_request_set_ad(req, AAD_LEN); |
| aead_request_set_tfm(req, crypto->tfm); |
| aead_request_set_callback(req, 0, crypto_req_done, &wait); |
| |
| aead_request_set_crypt(req, src, dst, len, crypto->iv); |
| ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); |
| |
| aead_request_free(req); |
| return ret; |
| } |
| |
| static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, |
| void *plaintext, size_t len) |
| { |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_guest_msg_hdr *hdr = &msg->hdr; |
| |
| memset(crypto->iv, 0, crypto->iv_len); |
| memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); |
| |
| return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); |
| } |
| |
| static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, |
| void *plaintext, size_t len) |
| { |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_guest_msg_hdr *hdr = &msg->hdr; |
| |
| /* Build IV with response buffer sequence number */ |
| memset(crypto->iv, 0, crypto->iv_len); |
| memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); |
| |
| return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); |
| } |
| |
| static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) |
| { |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_guest_msg *resp_msg = &snp_dev->secret_response; |
| struct snp_guest_msg *req_msg = &snp_dev->secret_request; |
| struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; |
| struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; |
| |
| pr_debug("response [seqno %lld type %d version %d sz %d]\n", |
| resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, |
| resp_msg_hdr->msg_sz); |
| |
| /* Copy response from shared memory to encrypted memory. */ |
| memcpy(resp_msg, snp_dev->response, sizeof(*resp_msg)); |
| |
| /* Verify that the sequence counter is incremented by 1 */ |
| if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) |
| return -EBADMSG; |
| |
| /* Verify response message type and version number. */ |
| if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || |
| resp_msg_hdr->msg_version != req_msg_hdr->msg_version) |
| return -EBADMSG; |
| |
| /* |
| * If the message size is greater than our buffer length then return |
| * an error. |
| */ |
| if (unlikely((resp_msg_hdr->msg_sz + crypto->a_len) > sz)) |
| return -EBADMSG; |
| |
| /* Decrypt the payload */ |
| return dec_payload(snp_dev, resp_msg, payload, resp_msg_hdr->msg_sz + crypto->a_len); |
| } |
| |
| static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, |
| void *payload, size_t sz) |
| { |
| struct snp_guest_msg *msg = &snp_dev->secret_request; |
| struct snp_guest_msg_hdr *hdr = &msg->hdr; |
| |
| memset(msg, 0, sizeof(*msg)); |
| |
| hdr->algo = SNP_AEAD_AES_256_GCM; |
| hdr->hdr_version = MSG_HDR_VER; |
| hdr->hdr_sz = sizeof(*hdr); |
| hdr->msg_type = type; |
| hdr->msg_version = version; |
| hdr->msg_seqno = seqno; |
| hdr->msg_vmpck = vmpck_id; |
| hdr->msg_sz = sz; |
| |
| /* Verify the sequence number is non-zero */ |
| if (!hdr->msg_seqno) |
| return -ENOSR; |
| |
| pr_debug("request [seqno %lld type %d version %d sz %d]\n", |
| hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); |
| |
| return __enc_payload(snp_dev, msg, payload, sz); |
| } |
| |
| static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, |
| struct snp_guest_request_ioctl *rio) |
| { |
| unsigned long req_start = jiffies; |
| unsigned int override_npages = 0; |
| u64 override_err = 0; |
| int rc; |
| |
| retry_request: |
| /* |
| * Call firmware to process the request. In this function the encrypted |
| * message enters shared memory with the host. So after this call the |
| * sequence number must be incremented or the VMPCK must be deleted to |
| * prevent reuse of the IV. |
| */ |
| rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); |
| switch (rc) { |
| case -ENOSPC: |
| /* |
| * If the extended guest request fails due to having too |
| * small of a certificate data buffer, retry the same |
| * guest request without the extended data request in |
| * order to increment the sequence number and thus avoid |
| * IV reuse. |
| */ |
| override_npages = snp_dev->input.data_npages; |
| exit_code = SVM_VMGEXIT_GUEST_REQUEST; |
| |
| /* |
| * Override the error to inform callers the given extended |
| * request buffer size was too small and give the caller the |
| * required buffer size. |
| */ |
| override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); |
| |
| /* |
| * If this call to the firmware succeeds, the sequence number can |
| * be incremented allowing for continued use of the VMPCK. If |
| * there is an error reflected in the return value, this value |
| * is checked further down and the result will be the deletion |
| * of the VMPCK and the error code being propagated back to the |
| * user as an ioctl() return code. |
| */ |
| goto retry_request; |
| |
| /* |
| * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been |
| * throttled. Retry in the driver to avoid returning and reusing the |
| * message sequence number on a different message. |
| */ |
| case -EAGAIN: |
| if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { |
| rc = -ETIMEDOUT; |
| break; |
| } |
| schedule_timeout_killable(SNP_REQ_RETRY_DELAY); |
| goto retry_request; |
| } |
| |
| /* |
| * Increment the message sequence number. There is no harm in doing |
| * this now because decryption uses the value stored in the response |
| * structure and any failure will wipe the VMPCK, preventing further |
| * use anyway. |
| */ |
| snp_inc_msg_seqno(snp_dev); |
| |
| if (override_err) { |
| rio->exitinfo2 = override_err; |
| |
| /* |
| * If an extended guest request was issued and the supplied certificate |
| * buffer was not large enough, a standard guest request was issued to |
| * prevent IV reuse. If the standard request was successful, return -EIO |
| * back to the caller as would have originally been returned. |
| */ |
| if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) |
| rc = -EIO; |
| } |
| |
| if (override_npages) |
| snp_dev->input.data_npages = override_npages; |
| |
| return rc; |
| } |
| |
| static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, |
| struct snp_guest_request_ioctl *rio, u8 type, |
| void *req_buf, size_t req_sz, void *resp_buf, |
| u32 resp_sz) |
| { |
| u64 seqno; |
| int rc; |
| |
| /* Get message sequence and verify that its a non-zero */ |
| seqno = snp_get_msg_seqno(snp_dev); |
| if (!seqno) |
| return -EIO; |
| |
| /* Clear shared memory's response for the host to populate. */ |
| memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); |
| |
| /* Encrypt the userspace provided payload in snp_dev->secret_request. */ |
| rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); |
| if (rc) |
| return rc; |
| |
| /* |
| * Write the fully encrypted request to the shared unencrypted |
| * request page. |
| */ |
| memcpy(snp_dev->request, &snp_dev->secret_request, |
| sizeof(snp_dev->secret_request)); |
| |
| rc = __handle_guest_request(snp_dev, exit_code, rio); |
| if (rc) { |
| if (rc == -EIO && |
| rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) |
| return rc; |
| |
| dev_alert(snp_dev->dev, |
| "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", |
| rc, rio->exitinfo2); |
| |
| snp_disable_vmpck(snp_dev); |
| return rc; |
| } |
| |
| rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); |
| if (rc) { |
| dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); |
| snp_disable_vmpck(snp_dev); |
| return rc; |
| } |
| |
| return 0; |
| } |
| |
| struct snp_req_resp { |
| sockptr_t req_data; |
| sockptr_t resp_data; |
| }; |
| |
| static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) |
| { |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_report_req *report_req = &snp_dev->req.report; |
| struct snp_report_resp *report_resp; |
| int rc, resp_len; |
| |
| lockdep_assert_held(&snp_cmd_mutex); |
| |
| if (!arg->req_data || !arg->resp_data) |
| return -EINVAL; |
| |
| if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req))) |
| return -EFAULT; |
| |
| /* |
| * The intermediate response buffer is used while decrypting the |
| * response payload. Make sure that it has enough space to cover the |
| * authtag. |
| */ |
| resp_len = sizeof(report_resp->data) + crypto->a_len; |
| report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); |
| if (!report_resp) |
| return -ENOMEM; |
| |
| rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, |
| report_req, sizeof(*report_req), report_resp->data, resp_len); |
| if (rc) |
| goto e_free; |
| |
| if (copy_to_user((void __user *)arg->resp_data, report_resp, sizeof(*report_resp))) |
| rc = -EFAULT; |
| |
| e_free: |
| kfree(report_resp); |
| return rc; |
| } |
| |
| static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) |
| { |
| struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key; |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_derived_key_resp derived_key_resp = {0}; |
| int rc, resp_len; |
| /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ |
| u8 buf[64 + 16]; |
| |
| lockdep_assert_held(&snp_cmd_mutex); |
| |
| if (!arg->req_data || !arg->resp_data) |
| return -EINVAL; |
| |
| /* |
| * The intermediate response buffer is used while decrypting the |
| * response payload. Make sure that it has enough space to cover the |
| * authtag. |
| */ |
| resp_len = sizeof(derived_key_resp.data) + crypto->a_len; |
| if (sizeof(buf) < resp_len) |
| return -ENOMEM; |
| |
| if (copy_from_user(derived_key_req, (void __user *)arg->req_data, |
| sizeof(*derived_key_req))) |
| return -EFAULT; |
| |
| rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_KEY_REQ, |
| derived_key_req, sizeof(*derived_key_req), buf, resp_len); |
| if (rc) |
| return rc; |
| |
| memcpy(derived_key_resp.data, buf, sizeof(derived_key_resp.data)); |
| if (copy_to_user((void __user *)arg->resp_data, &derived_key_resp, |
| sizeof(derived_key_resp))) |
| rc = -EFAULT; |
| |
| /* The response buffer contains the sensitive data, explicitly clear it. */ |
| memzero_explicit(buf, sizeof(buf)); |
| memzero_explicit(&derived_key_resp, sizeof(derived_key_resp)); |
| return rc; |
| } |
| |
| static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg, |
| struct snp_req_resp *io) |
| |
| { |
| struct snp_ext_report_req *report_req = &snp_dev->req.ext_report; |
| struct snp_guest_crypto *crypto = snp_dev->crypto; |
| struct snp_report_resp *report_resp; |
| int ret, npages = 0, resp_len; |
| sockptr_t certs_address; |
| |
| lockdep_assert_held(&snp_cmd_mutex); |
| |
| if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) |
| return -EINVAL; |
| |
| if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req))) |
| return -EFAULT; |
| |
| /* caller does not want certificate data */ |
| if (!report_req->certs_len || !report_req->certs_address) |
| goto cmd; |
| |
| if (report_req->certs_len > SEV_FW_BLOB_MAX_SIZE || |
| !IS_ALIGNED(report_req->certs_len, PAGE_SIZE)) |
| return -EINVAL; |
| |
| if (sockptr_is_kernel(io->resp_data)) { |
| certs_address = KERNEL_SOCKPTR((void *)report_req->certs_address); |
| } else { |
| certs_address = USER_SOCKPTR((void __user *)report_req->certs_address); |
| if (!access_ok(certs_address.user, report_req->certs_len)) |
| return -EFAULT; |
| } |
| |
| /* |
| * Initialize the intermediate buffer with all zeros. This buffer |
| * is used in the guest request message to get the certs blob from |
| * the host. If host does not supply any certs in it, then copy |
| * zeros to indicate that certificate data was not provided. |
| */ |
| memset(snp_dev->certs_data, 0, report_req->certs_len); |
| npages = report_req->certs_len >> PAGE_SHIFT; |
| cmd: |
| /* |
| * The intermediate response buffer is used while decrypting the |
| * response payload. Make sure that it has enough space to cover the |
| * authtag. |
| */ |
| resp_len = sizeof(report_resp->data) + crypto->a_len; |
| report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); |
| if (!report_resp) |
| return -ENOMEM; |
| |
| snp_dev->input.data_npages = npages; |
| ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, |
| &report_req->data, sizeof(report_req->data), |
| report_resp->data, resp_len); |
| |
| /* If certs length is invalid then copy the returned length */ |
| if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { |
| report_req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT; |
| |
| if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) |
| ret = -EFAULT; |
| } |
| |
| if (ret) |
| goto e_free; |
| |
| if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, report_req->certs_len)) { |
| ret = -EFAULT; |
| goto e_free; |
| } |
| |
| if (copy_to_sockptr(io->resp_data, report_resp, sizeof(*report_resp))) |
| ret = -EFAULT; |
| |
| e_free: |
| kfree(report_resp); |
| return ret; |
| } |
| |
| static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) |
| { |
| struct snp_guest_dev *snp_dev = to_snp_dev(file); |
| void __user *argp = (void __user *)arg; |
| struct snp_guest_request_ioctl input; |
| struct snp_req_resp io; |
| int ret = -ENOTTY; |
| |
| if (copy_from_user(&input, argp, sizeof(input))) |
| return -EFAULT; |
| |
| input.exitinfo2 = 0xff; |
| |
| /* Message version must be non-zero */ |
| if (!input.msg_version) |
| return -EINVAL; |
| |
| mutex_lock(&snp_cmd_mutex); |
| |
| /* Check if the VMPCK is not empty */ |
| if (is_vmpck_empty(snp_dev)) { |
| dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); |
| mutex_unlock(&snp_cmd_mutex); |
| return -ENOTTY; |
| } |
| |
| switch (ioctl) { |
| case SNP_GET_REPORT: |
| ret = get_report(snp_dev, &input); |
| break; |
| case SNP_GET_DERIVED_KEY: |
| ret = get_derived_key(snp_dev, &input); |
| break; |
| case SNP_GET_EXT_REPORT: |
| /* |
| * As get_ext_report() may be called from the ioctl() path and a |
| * kernel internal path (configfs-tsm), decorate the passed |
| * buffers as user pointers. |
| */ |
| io.req_data = USER_SOCKPTR((void __user *)input.req_data); |
| io.resp_data = USER_SOCKPTR((void __user *)input.resp_data); |
| ret = get_ext_report(snp_dev, &input, &io); |
| break; |
| default: |
| break; |
| } |
| |
| mutex_unlock(&snp_cmd_mutex); |
| |
| if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) |
| return -EFAULT; |
| |
| return ret; |
| } |
| |
| static void free_shared_pages(void *buf, size_t sz) |
| { |
| unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; |
| int ret; |
| |
| if (!buf) |
| return; |
| |
| ret = set_memory_encrypted((unsigned long)buf, npages); |
| if (ret) { |
| WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); |
| return; |
| } |
| |
| __free_pages(virt_to_page(buf), get_order(sz)); |
| } |
| |
| static void *alloc_shared_pages(struct device *dev, size_t sz) |
| { |
| unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; |
| struct page *page; |
| int ret; |
| |
| page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); |
| if (!page) |
| return NULL; |
| |
| ret = set_memory_decrypted((unsigned long)page_address(page), npages); |
| if (ret) { |
| dev_err(dev, "failed to mark page shared, ret=%d\n", ret); |
| __free_pages(page, get_order(sz)); |
| return NULL; |
| } |
| |
| return page_address(page); |
| } |
| |
| static const struct file_operations snp_guest_fops = { |
| .owner = THIS_MODULE, |
| .unlocked_ioctl = snp_guest_ioctl, |
| }; |
| |
| static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) |
| { |
| u8 *key = NULL; |
| |
| switch (id) { |
| case 0: |
| *seqno = &secrets->os_area.msg_seqno_0; |
| key = secrets->vmpck0; |
| break; |
| case 1: |
| *seqno = &secrets->os_area.msg_seqno_1; |
| key = secrets->vmpck1; |
| break; |
| case 2: |
| *seqno = &secrets->os_area.msg_seqno_2; |
| key = secrets->vmpck2; |
| break; |
| case 3: |
| *seqno = &secrets->os_area.msg_seqno_3; |
| key = secrets->vmpck3; |
| break; |
| default: |
| break; |
| } |
| |
| return key; |
| } |
| |
| struct snp_msg_report_resp_hdr { |
| u32 status; |
| u32 report_size; |
| u8 rsvd[24]; |
| }; |
| |
| struct snp_msg_cert_entry { |
| guid_t guid; |
| u32 offset; |
| u32 length; |
| }; |
| |
| static int sev_svsm_report_new(struct tsm_report *report, void *data) |
| { |
| unsigned int rep_len, man_len, certs_len; |
| struct tsm_desc *desc = &report->desc; |
| struct svsm_attest_call ac = {}; |
| unsigned int retry_count; |
| void *rep, *man, *certs; |
| struct svsm_call call; |
| unsigned int size; |
| bool try_again; |
| void *buffer; |
| u64 call_id; |
| int ret; |
| |
| /* |
| * Allocate pages for the request: |
| * - Report blob (4K) |
| * - Manifest blob (4K) |
| * - Certificate blob (16K) |
| * |
| * Above addresses must be 4K aligned |
| */ |
| rep_len = SZ_4K; |
| man_len = SZ_4K; |
| certs_len = SEV_FW_BLOB_MAX_SIZE; |
| |
| guard(mutex)(&snp_cmd_mutex); |
| |
| if (guid_is_null(&desc->service_guid)) { |
| call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SERVICES); |
| } else { |
| export_guid(ac.service_guid, &desc->service_guid); |
| ac.service_manifest_ver = desc->service_manifest_version; |
| |
| call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SINGLE_SERVICE); |
| } |
| |
| retry_count = 0; |
| |
| retry: |
| memset(&call, 0, sizeof(call)); |
| |
| size = rep_len + man_len + certs_len; |
| buffer = alloc_pages_exact(size, __GFP_ZERO); |
| if (!buffer) |
| return -ENOMEM; |
| |
| rep = buffer; |
| ac.report_buf.pa = __pa(rep); |
| ac.report_buf.len = rep_len; |
| |
| man = rep + rep_len; |
| ac.manifest_buf.pa = __pa(man); |
| ac.manifest_buf.len = man_len; |
| |
| certs = man + man_len; |
| ac.certificates_buf.pa = __pa(certs); |
| ac.certificates_buf.len = certs_len; |
| |
| ac.nonce.pa = __pa(desc->inblob); |
| ac.nonce.len = desc->inblob_len; |
| |
| ret = snp_issue_svsm_attest_req(call_id, &call, &ac); |
| if (ret) { |
| free_pages_exact(buffer, size); |
| |
| switch (call.rax_out) { |
| case SVSM_ERR_INVALID_PARAMETER: |
| try_again = false; |
| |
| if (ac.report_buf.len > rep_len) { |
| rep_len = PAGE_ALIGN(ac.report_buf.len); |
| try_again = true; |
| } |
| |
| if (ac.manifest_buf.len > man_len) { |
| man_len = PAGE_ALIGN(ac.manifest_buf.len); |
| try_again = true; |
| } |
| |
| if (ac.certificates_buf.len > certs_len) { |
| certs_len = PAGE_ALIGN(ac.certificates_buf.len); |
| try_again = true; |
| } |
| |
| /* If one of the buffers wasn't large enough, retry the request */ |
| if (try_again && retry_count < SVSM_MAX_RETRIES) { |
| retry_count++; |
| goto retry; |
| } |
| |
| return -EINVAL; |
| default: |
| pr_err_ratelimited("SVSM attestation request failed (%d / 0x%llx)\n", |
| ret, call.rax_out); |
| return -EINVAL; |
| } |
| } |
| |
| /* |
| * Allocate all the blob memory buffers at once so that the cleanup is |
| * done for errors that occur after the first allocation (i.e. before |
| * using no_free_ptr()). |
| */ |
| rep_len = ac.report_buf.len; |
| void *rbuf __free(kvfree) = kvzalloc(rep_len, GFP_KERNEL); |
| |
| man_len = ac.manifest_buf.len; |
| void *mbuf __free(kvfree) = kvzalloc(man_len, GFP_KERNEL); |
| |
| certs_len = ac.certificates_buf.len; |
| void *cbuf __free(kvfree) = certs_len ? kvzalloc(certs_len, GFP_KERNEL) : NULL; |
| |
| if (!rbuf || !mbuf || (certs_len && !cbuf)) { |
| free_pages_exact(buffer, size); |
| return -ENOMEM; |
| } |
| |
| memcpy(rbuf, rep, rep_len); |
| report->outblob = no_free_ptr(rbuf); |
| report->outblob_len = rep_len; |
| |
| memcpy(mbuf, man, man_len); |
| report->manifestblob = no_free_ptr(mbuf); |
| report->manifestblob_len = man_len; |
| |
| if (certs_len) { |
| memcpy(cbuf, certs, certs_len); |
| report->auxblob = no_free_ptr(cbuf); |
| report->auxblob_len = certs_len; |
| } |
| |
| free_pages_exact(buffer, size); |
| |
| return 0; |
| } |
| |
| static int sev_report_new(struct tsm_report *report, void *data) |
| { |
| struct snp_msg_cert_entry *cert_table; |
| struct tsm_desc *desc = &report->desc; |
| struct snp_guest_dev *snp_dev = data; |
| struct snp_msg_report_resp_hdr hdr; |
| const u32 report_size = SZ_4K; |
| const u32 ext_size = SEV_FW_BLOB_MAX_SIZE; |
| u32 certs_size, i, size = report_size + ext_size; |
| int ret; |
| |
| if (desc->inblob_len != SNP_REPORT_USER_DATA_SIZE) |
| return -EINVAL; |
| |
| if (desc->service_provider) { |
| if (strcmp(desc->service_provider, "svsm")) |
| return -EINVAL; |
| |
| return sev_svsm_report_new(report, data); |
| } |
| |
| void *buf __free(kvfree) = kvzalloc(size, GFP_KERNEL); |
| if (!buf) |
| return -ENOMEM; |
| |
| guard(mutex)(&snp_cmd_mutex); |
| |
| /* Check if the VMPCK is not empty */ |
| if (is_vmpck_empty(snp_dev)) { |
| dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); |
| return -ENOTTY; |
| } |
| |
| cert_table = buf + report_size; |
| struct snp_ext_report_req ext_req = { |
| .data = { .vmpl = desc->privlevel }, |
| .certs_address = (__u64)cert_table, |
| .certs_len = ext_size, |
| }; |
| memcpy(&ext_req.data.user_data, desc->inblob, desc->inblob_len); |
| |
| struct snp_guest_request_ioctl input = { |
| .msg_version = 1, |
| .req_data = (__u64)&ext_req, |
| .resp_data = (__u64)buf, |
| .exitinfo2 = 0xff, |
| }; |
| struct snp_req_resp io = { |
| .req_data = KERNEL_SOCKPTR(&ext_req), |
| .resp_data = KERNEL_SOCKPTR(buf), |
| }; |
| |
| ret = get_ext_report(snp_dev, &input, &io); |
| if (ret) |
| return ret; |
| |
| memcpy(&hdr, buf, sizeof(hdr)); |
| if (hdr.status == SEV_RET_INVALID_PARAM) |
| return -EINVAL; |
| if (hdr.status == SEV_RET_INVALID_KEY) |
| return -EINVAL; |
| if (hdr.status) |
| return -ENXIO; |
| if ((hdr.report_size + sizeof(hdr)) > report_size) |
| return -ENOMEM; |
| |
| void *rbuf __free(kvfree) = kvzalloc(hdr.report_size, GFP_KERNEL); |
| if (!rbuf) |
| return -ENOMEM; |
| |
| memcpy(rbuf, buf + sizeof(hdr), hdr.report_size); |
| report->outblob = no_free_ptr(rbuf); |
| report->outblob_len = hdr.report_size; |
| |
| certs_size = 0; |
| for (i = 0; i < ext_size / sizeof(struct snp_msg_cert_entry); i++) { |
| struct snp_msg_cert_entry *ent = &cert_table[i]; |
| |
| if (guid_is_null(&ent->guid) && !ent->offset && !ent->length) |
| break; |
| certs_size = max(certs_size, ent->offset + ent->length); |
| } |
| |
| /* Suspicious that the response populated entries without populating size */ |
| if (!certs_size && i) |
| dev_warn_ratelimited(snp_dev->dev, "certificate slots conveyed without size\n"); |
| |
| /* No certs to report */ |
| if (!certs_size) |
| return 0; |
| |
| /* Suspicious that the certificate blob size contract was violated |
| */ |
| if (certs_size > ext_size) { |
| dev_warn_ratelimited(snp_dev->dev, "certificate data truncated\n"); |
| certs_size = ext_size; |
| } |
| |
| void *cbuf __free(kvfree) = kvzalloc(certs_size, GFP_KERNEL); |
| if (!cbuf) |
| return -ENOMEM; |
| |
| memcpy(cbuf, cert_table, certs_size); |
| report->auxblob = no_free_ptr(cbuf); |
| report->auxblob_len = certs_size; |
| |
| return 0; |
| } |
| |
| static bool sev_report_attr_visible(int n) |
| { |
| switch (n) { |
| case TSM_REPORT_GENERATION: |
| case TSM_REPORT_PROVIDER: |
| case TSM_REPORT_PRIVLEVEL: |
| case TSM_REPORT_PRIVLEVEL_FLOOR: |
| return true; |
| case TSM_REPORT_SERVICE_PROVIDER: |
| case TSM_REPORT_SERVICE_GUID: |
| case TSM_REPORT_SERVICE_MANIFEST_VER: |
| return snp_vmpl; |
| } |
| |
| return false; |
| } |
| |
| static bool sev_report_bin_attr_visible(int n) |
| { |
| switch (n) { |
| case TSM_REPORT_INBLOB: |
| case TSM_REPORT_OUTBLOB: |
| case TSM_REPORT_AUXBLOB: |
| return true; |
| case TSM_REPORT_MANIFESTBLOB: |
| return snp_vmpl; |
| } |
| |
| return false; |
| } |
| |
| static struct tsm_ops sev_tsm_ops = { |
| .name = KBUILD_MODNAME, |
| .report_new = sev_report_new, |
| .report_attr_visible = sev_report_attr_visible, |
| .report_bin_attr_visible = sev_report_bin_attr_visible, |
| }; |
| |
| static void unregister_sev_tsm(void *data) |
| { |
| tsm_unregister(&sev_tsm_ops); |
| } |
| |
| static int __init sev_guest_probe(struct platform_device *pdev) |
| { |
| struct sev_guest_platform_data *data; |
| struct snp_secrets_page *secrets; |
| struct device *dev = &pdev->dev; |
| struct snp_guest_dev *snp_dev; |
| struct miscdevice *misc; |
| void __iomem *mapping; |
| int ret; |
| |
| BUILD_BUG_ON(sizeof(struct snp_guest_msg) > PAGE_SIZE); |
| |
| if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) |
| return -ENODEV; |
| |
| if (!dev->platform_data) |
| return -ENODEV; |
| |
| data = (struct sev_guest_platform_data *)dev->platform_data; |
| mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); |
| if (!mapping) |
| return -ENODEV; |
| |
| secrets = (__force void *)mapping; |
| |
| ret = -ENOMEM; |
| snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); |
| if (!snp_dev) |
| goto e_unmap; |
| |
| /* Adjust the default VMPCK key based on the executing VMPL level */ |
| if (vmpck_id == -1) |
| vmpck_id = snp_vmpl; |
| |
| ret = -EINVAL; |
| snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); |
| if (!snp_dev->vmpck) { |
| dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); |
| goto e_unmap; |
| } |
| |
| /* Verify that VMPCK is not zero. */ |
| if (is_vmpck_empty(snp_dev)) { |
| dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); |
| goto e_unmap; |
| } |
| |
| platform_set_drvdata(pdev, snp_dev); |
| snp_dev->dev = dev; |
| snp_dev->secrets = secrets; |
| |
| /* Allocate the shared page used for the request and response message. */ |
| snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); |
| if (!snp_dev->request) |
| goto e_unmap; |
| |
| snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); |
| if (!snp_dev->response) |
| goto e_free_request; |
| |
| snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); |
| if (!snp_dev->certs_data) |
| goto e_free_response; |
| |
| ret = -EIO; |
| snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); |
| if (!snp_dev->crypto) |
| goto e_free_cert_data; |
| |
| misc = &snp_dev->misc; |
| misc->minor = MISC_DYNAMIC_MINOR; |
| misc->name = DEVICE_NAME; |
| misc->fops = &snp_guest_fops; |
| |
| /* initial the input address for guest request */ |
| snp_dev->input.req_gpa = __pa(snp_dev->request); |
| snp_dev->input.resp_gpa = __pa(snp_dev->response); |
| snp_dev->input.data_gpa = __pa(snp_dev->certs_data); |
| |
| /* Set the privlevel_floor attribute based on the vmpck_id */ |
| sev_tsm_ops.privlevel_floor = vmpck_id; |
| |
| ret = tsm_register(&sev_tsm_ops, snp_dev); |
| if (ret) |
| goto e_free_cert_data; |
| |
| ret = devm_add_action_or_reset(&pdev->dev, unregister_sev_tsm, NULL); |
| if (ret) |
| goto e_free_cert_data; |
| |
| ret = misc_register(misc); |
| if (ret) |
| goto e_free_cert_data; |
| |
| dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", vmpck_id); |
| return 0; |
| |
| e_free_cert_data: |
| free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); |
| e_free_response: |
| free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); |
| e_free_request: |
| free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); |
| e_unmap: |
| iounmap(mapping); |
| return ret; |
| } |
| |
| static void __exit sev_guest_remove(struct platform_device *pdev) |
| { |
| struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); |
| |
| free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); |
| free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); |
| free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); |
| deinit_crypto(snp_dev->crypto); |
| misc_deregister(&snp_dev->misc); |
| } |
| |
| /* |
| * This driver is meant to be a common SEV guest interface driver and to |
| * support any SEV guest API. As such, even though it has been introduced |
| * with the SEV-SNP support, it is named "sev-guest". |
| * |
| * sev_guest_remove() lives in .exit.text. For drivers registered via |
| * module_platform_driver_probe() this is ok because they cannot get unbound |
| * at runtime. So mark the driver struct with __refdata to prevent modpost |
| * triggering a section mismatch warning. |
| */ |
| static struct platform_driver sev_guest_driver __refdata = { |
| .remove_new = __exit_p(sev_guest_remove), |
| .driver = { |
| .name = "sev-guest", |
| }, |
| }; |
| |
| module_platform_driver_probe(sev_guest_driver, sev_guest_probe); |
| |
| MODULE_AUTHOR("Brijesh Singh <brijesh.singh@amd.com>"); |
| MODULE_LICENSE("GPL"); |
| MODULE_VERSION("1.0.0"); |
| MODULE_DESCRIPTION("AMD SEV Guest Driver"); |
| MODULE_ALIAS("platform:sev-guest"); |