1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * TDX guest user interface driver
4 *
5 * Copyright (C) 2022 Intel Corporation
6 */
7
8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10 #include <linux/kernel.h>
11 #include <linux/miscdevice.h>
12 #include <linux/mm.h>
13 #include <linux/module.h>
14 #include <linux/mod_devicetable.h>
15 #include <linux/string.h>
16 #include <linux/uaccess.h>
17 #include <linux/set_memory.h>
18 #include <linux/io.h>
19 #include <linux/delay.h>
20 #include <linux/sockptr.h>
21 #include <linux/tsm.h>
22 #include <linux/tsm-mr.h>
23
24 #include <uapi/linux/tdx-guest.h>
25
26 #include <asm/cpu_device_id.h>
27 #include <asm/tdx.h>
28
29 /* TDREPORT buffer */
30 static u8 *tdx_report_buf;
31
32 /* Lock to serialize TDG.MR.REPORT and TDG.MR.RTMR.EXTEND TDCALLs */
33 static DEFINE_MUTEX(mr_lock);
34
35 /* TDREPORT fields */
36 enum {
37 TDREPORT_reportdata = 128,
38 TDREPORT_tee_tcb_info = 256,
39 TDREPORT_tdinfo = TDREPORT_tee_tcb_info + 256,
40 TDREPORT_attributes = TDREPORT_tdinfo,
41 TDREPORT_xfam = TDREPORT_attributes + sizeof(u64),
42 TDREPORT_mrtd = TDREPORT_xfam + sizeof(u64),
43 TDREPORT_mrconfigid = TDREPORT_mrtd + SHA384_DIGEST_SIZE,
44 TDREPORT_mrowner = TDREPORT_mrconfigid + SHA384_DIGEST_SIZE,
45 TDREPORT_mrownerconfig = TDREPORT_mrowner + SHA384_DIGEST_SIZE,
46 TDREPORT_rtmr0 = TDREPORT_mrownerconfig + SHA384_DIGEST_SIZE,
47 TDREPORT_rtmr1 = TDREPORT_rtmr0 + SHA384_DIGEST_SIZE,
48 TDREPORT_rtmr2 = TDREPORT_rtmr1 + SHA384_DIGEST_SIZE,
49 TDREPORT_rtmr3 = TDREPORT_rtmr2 + SHA384_DIGEST_SIZE,
50 TDREPORT_servtd_hash = TDREPORT_rtmr3 + SHA384_DIGEST_SIZE,
51 };
52
tdx_do_report(sockptr_t data,sockptr_t tdreport)53 static int tdx_do_report(sockptr_t data, sockptr_t tdreport)
54 {
55 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
56 u8 *reportdata = tdx_report_buf + TDREPORT_reportdata;
57 int ret;
58
59 if (!sockptr_is_null(data) &&
60 copy_from_sockptr(reportdata, data, TDX_REPORTDATA_LEN))
61 return -EFAULT;
62
63 ret = tdx_mcall_get_report0(reportdata, tdx_report_buf);
64 if (WARN_ONCE(ret, "tdx_mcall_get_report0() failed: %d", ret))
65 return ret;
66
67 if (!sockptr_is_null(tdreport) &&
68 copy_to_sockptr(tdreport, tdx_report_buf, TDX_REPORT_LEN))
69 return -EFAULT;
70 }
71 return 0;
72 }
73
tdx_do_extend(u8 mr_ind,const u8 * data)74 static int tdx_do_extend(u8 mr_ind, const u8 *data)
75 {
76 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
77 /*
78 * TDX requires @extend_buf to be 64-byte aligned.
79 * It's safe to use REPORTDATA buffer for that purpose because
80 * tdx_mr_report/extend_lock() are mutually exclusive.
81 */
82 u8 *extend_buf = tdx_report_buf + TDREPORT_reportdata;
83 int ret;
84
85 memcpy(extend_buf, data, SHA384_DIGEST_SIZE);
86
87 ret = tdx_mcall_extend_rtmr(mr_ind, extend_buf);
88 if (WARN_ONCE(ret, "tdx_mcall_extend_rtmr(%u) failed: %d", mr_ind, ret))
89 return ret;
90 }
91 return 0;
92 }
93
94 #define TDX_MR_(r) .mr_value = (void *)TDREPORT_##r, TSM_MR_(r, SHA384)
95 static struct tsm_measurement_register tdx_mrs[] = {
96 { TDX_MR_(rtmr0) | TSM_MR_F_RTMR },
97 { TDX_MR_(rtmr1) | TSM_MR_F_RTMR },
98 { TDX_MR_(rtmr2) | TSM_MR_F_RTMR },
99 { TDX_MR_(rtmr3) | TSM_MR_F_RTMR },
100 { TDX_MR_(mrtd) },
101 { TDX_MR_(mrconfigid) | TSM_MR_F_NOHASH },
102 { TDX_MR_(mrowner) | TSM_MR_F_NOHASH },
103 { TDX_MR_(mrownerconfig) | TSM_MR_F_NOHASH },
104 };
105 #undef TDX_MR_
106
tdx_mr_refresh(const struct tsm_measurements * tm)107 static int tdx_mr_refresh(const struct tsm_measurements *tm)
108 {
109 return tdx_do_report(KERNEL_SOCKPTR(NULL), KERNEL_SOCKPTR(NULL));
110 }
111
tdx_mr_extend(const struct tsm_measurements * tm,const struct tsm_measurement_register * mr,const u8 * data)112 static int tdx_mr_extend(const struct tsm_measurements *tm,
113 const struct tsm_measurement_register *mr,
114 const u8 *data)
115 {
116 return tdx_do_extend(mr - tm->mrs, data);
117 }
118
119 static struct tsm_measurements tdx_measurements = {
120 .mrs = tdx_mrs,
121 .nr_mrs = ARRAY_SIZE(tdx_mrs),
122 .refresh = tdx_mr_refresh,
123 .write = tdx_mr_extend,
124 };
125
tdx_mr_init(void)126 static const struct attribute_group *tdx_mr_init(void)
127 {
128 const struct attribute_group *g;
129 int rc;
130
131 u8 *buf __free(kfree) = kzalloc(TDX_REPORT_LEN, GFP_KERNEL);
132 if (!buf)
133 return ERR_PTR(-ENOMEM);
134
135 tdx_report_buf = buf;
136 rc = tdx_mr_refresh(&tdx_measurements);
137 if (rc)
138 return ERR_PTR(rc);
139
140 /*
141 * @mr_value was initialized with the offset only, while the base
142 * address is being added here.
143 */
144 for (size_t i = 0; i < ARRAY_SIZE(tdx_mrs); ++i)
145 *(long *)&tdx_mrs[i].mr_value += (long)buf;
146
147 g = tsm_mr_create_attribute_group(&tdx_measurements);
148 if (!IS_ERR(g))
149 tdx_report_buf = no_free_ptr(buf);
150
151 return g;
152 }
153
tdx_mr_deinit(const struct attribute_group * mr_grp)154 static void tdx_mr_deinit(const struct attribute_group *mr_grp)
155 {
156 tsm_mr_free_attribute_group(mr_grp);
157 kfree(tdx_report_buf);
158 }
159
160 /*
161 * Intel's SGX QE implementation generally uses Quote size less
162 * than 8K (2K Quote data + ~5K of certificate blob).
163 */
164 #define GET_QUOTE_BUF_SIZE SZ_8K
165
166 #define GET_QUOTE_CMD_VER 1
167
168 /* TDX GetQuote status codes */
169 #define GET_QUOTE_SUCCESS 0
170 #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff
171
172 /* struct tdx_quote_buf: Format of Quote request buffer.
173 * @version: Quote format version, filled by TD.
174 * @status: Status code of Quote request, filled by VMM.
175 * @in_len: Length of TDREPORT, filled by TD.
176 * @out_len: Length of Quote data, filled by VMM.
177 * @data: Quote data on output or TDREPORT on input.
178 *
179 * More details of Quote request buffer can be found in TDX
180 * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0,
181 * section titled "TDG.VP.VMCALL<GetQuote>"
182 */
183 struct tdx_quote_buf {
184 u64 version;
185 u64 status;
186 u32 in_len;
187 u32 out_len;
188 u8 data[];
189 };
190
191 /* Quote data buffer */
192 static void *quote_data;
193
194 /* Lock to streamline quote requests */
195 static DEFINE_MUTEX(quote_lock);
196
197 /*
198 * GetQuote request timeout in seconds. Expect that 30 seconds
199 * is enough time for QE to respond to any Quote requests.
200 */
201 static u32 getquote_timeout = 30;
202
tdx_get_report0(struct tdx_report_req __user * req)203 static long tdx_get_report0(struct tdx_report_req __user *req)
204 {
205 return tdx_do_report(USER_SOCKPTR(req->reportdata),
206 USER_SOCKPTR(req->tdreport));
207 }
208
free_quote_buf(void * buf)209 static void free_quote_buf(void *buf)
210 {
211 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
212 unsigned int count = len >> PAGE_SHIFT;
213
214 if (set_memory_encrypted((unsigned long)buf, count)) {
215 pr_err("Failed to restore encryption mask for Quote buffer, leak it\n");
216 return;
217 }
218
219 free_pages_exact(buf, len);
220 }
221
alloc_quote_buf(void)222 static void *alloc_quote_buf(void)
223 {
224 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
225 unsigned int count = len >> PAGE_SHIFT;
226 void *addr;
227
228 addr = alloc_pages_exact(len, GFP_KERNEL | __GFP_ZERO);
229 if (!addr)
230 return NULL;
231
232 if (set_memory_decrypted((unsigned long)addr, count))
233 return NULL;
234
235 return addr;
236 }
237
238 /*
239 * wait_for_quote_completion() - Wait for Quote request completion
240 * @quote_buf: Address of Quote buffer.
241 * @timeout: Timeout in seconds to wait for the Quote generation.
242 *
243 * As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>",
244 * the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT
245 * while VMM processes the GetQuote request, and will change it to success
246 * or error code after processing is complete. So wait till the status
247 * changes from GET_QUOTE_IN_FLIGHT or the request being timed out.
248 */
wait_for_quote_completion(struct tdx_quote_buf * quote_buf,u32 timeout)249 static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout)
250 {
251 int i = 0;
252
253 /*
254 * Quote requests usually take a few seconds to complete, so waking up
255 * once per second to recheck the status is fine for this use case.
256 */
257 while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) {
258 if (msleep_interruptible(MSEC_PER_SEC))
259 return -EINTR;
260 }
261
262 return (i == timeout) ? -ETIMEDOUT : 0;
263 }
264
tdx_report_new_locked(struct tsm_report * report,void * data)265 static int tdx_report_new_locked(struct tsm_report *report, void *data)
266 {
267 u8 *buf;
268 struct tdx_quote_buf *quote_buf = quote_data;
269 struct tsm_report_desc *desc = &report->desc;
270 int ret;
271 u64 err;
272
273 /*
274 * If the previous request is timedout or interrupted, and the
275 * Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by
276 * VMM), don't permit any new request.
277 */
278 if (quote_buf->status == GET_QUOTE_IN_FLIGHT)
279 return -EBUSY;
280
281 if (desc->inblob_len != TDX_REPORTDATA_LEN)
282 return -EINVAL;
283
284 memset(quote_data, 0, GET_QUOTE_BUF_SIZE);
285
286 /* Update Quote buffer header */
287 quote_buf->version = GET_QUOTE_CMD_VER;
288 quote_buf->in_len = TDX_REPORT_LEN;
289
290 ret = tdx_do_report(KERNEL_SOCKPTR(desc->inblob),
291 KERNEL_SOCKPTR(quote_buf->data));
292 if (ret)
293 return ret;
294
295 err = tdx_hcall_get_quote(quote_data, GET_QUOTE_BUF_SIZE);
296 if (err) {
297 pr_err("GetQuote hypercall failed, status:%llx\n", err);
298 return -EIO;
299 }
300
301 ret = wait_for_quote_completion(quote_buf, getquote_timeout);
302 if (ret) {
303 pr_err("GetQuote request timedout\n");
304 return ret;
305 }
306
307 buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL);
308 if (!buf)
309 return -ENOMEM;
310
311 report->outblob = buf;
312 report->outblob_len = quote_buf->out_len;
313
314 /*
315 * TODO: parse the PEM-formatted cert chain out of the quote buffer when
316 * provided
317 */
318
319 return ret;
320 }
321
tdx_report_new(struct tsm_report * report,void * data)322 static int tdx_report_new(struct tsm_report *report, void *data)
323 {
324 scoped_cond_guard(mutex_intr, return -EINTR, "e_lock)
325 return tdx_report_new_locked(report, data);
326 }
327
tdx_report_attr_visible(int n)328 static bool tdx_report_attr_visible(int n)
329 {
330 switch (n) {
331 case TSM_REPORT_GENERATION:
332 case TSM_REPORT_PROVIDER:
333 return true;
334 }
335
336 return false;
337 }
338
tdx_report_bin_attr_visible(int n)339 static bool tdx_report_bin_attr_visible(int n)
340 {
341 switch (n) {
342 case TSM_REPORT_INBLOB:
343 case TSM_REPORT_OUTBLOB:
344 return true;
345 }
346
347 return false;
348 }
349
tdx_guest_ioctl(struct file * file,unsigned int cmd,unsigned long arg)350 static long tdx_guest_ioctl(struct file *file, unsigned int cmd,
351 unsigned long arg)
352 {
353 switch (cmd) {
354 case TDX_CMD_GET_REPORT0:
355 return tdx_get_report0((struct tdx_report_req __user *)arg);
356 default:
357 return -ENOTTY;
358 }
359 }
360
361 static const struct file_operations tdx_guest_fops = {
362 .owner = THIS_MODULE,
363 .unlocked_ioctl = tdx_guest_ioctl,
364 };
365
366 static const struct attribute_group *tdx_attr_groups[] = {
367 NULL, /* measurements */
368 NULL
369 };
370
371 static struct miscdevice tdx_misc_dev = {
372 .name = KBUILD_MODNAME,
373 .minor = MISC_DYNAMIC_MINOR,
374 .fops = &tdx_guest_fops,
375 .groups = tdx_attr_groups,
376 };
377
378 static const struct x86_cpu_id tdx_guest_ids[] = {
379 X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL),
380 {}
381 };
382 MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids);
383
384 static const struct tsm_report_ops tdx_tsm_ops = {
385 .name = KBUILD_MODNAME,
386 .report_new = tdx_report_new,
387 .report_attr_visible = tdx_report_attr_visible,
388 .report_bin_attr_visible = tdx_report_bin_attr_visible,
389 };
390
tdx_guest_init(void)391 static int __init tdx_guest_init(void)
392 {
393 int ret;
394
395 if (!x86_match_cpu(tdx_guest_ids))
396 return -ENODEV;
397
398 tdx_attr_groups[0] = tdx_mr_init();
399 if (IS_ERR(tdx_attr_groups[0]))
400 return PTR_ERR(tdx_attr_groups[0]);
401
402 ret = misc_register(&tdx_misc_dev);
403 if (ret)
404 goto deinit_mr;
405
406 quote_data = alloc_quote_buf();
407 if (!quote_data) {
408 pr_err("Failed to allocate Quote buffer\n");
409 ret = -ENOMEM;
410 goto free_misc;
411 }
412
413 ret = tsm_report_register(&tdx_tsm_ops, NULL);
414 if (ret)
415 goto free_quote;
416
417 return 0;
418
419 free_quote:
420 free_quote_buf(quote_data);
421 free_misc:
422 misc_deregister(&tdx_misc_dev);
423 deinit_mr:
424 tdx_mr_deinit(tdx_attr_groups[0]);
425
426 return ret;
427 }
428 module_init(tdx_guest_init);
429
tdx_guest_exit(void)430 static void __exit tdx_guest_exit(void)
431 {
432 tsm_report_unregister(&tdx_tsm_ops);
433 free_quote_buf(quote_data);
434 misc_deregister(&tdx_misc_dev);
435 tdx_mr_deinit(tdx_attr_groups[0]);
436 }
437 module_exit(tdx_guest_exit);
438
439 MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>");
440 MODULE_DESCRIPTION("TDX Guest Driver");
441 MODULE_LICENSE("GPL");
442