1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * TDX guest user interface driver 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <linux/kernel.h> 11 #include <linux/miscdevice.h> 12 #include <linux/mm.h> 13 #include <linux/module.h> 14 #include <linux/mod_devicetable.h> 15 #include <linux/string.h> 16 #include <linux/uaccess.h> 17 #include <linux/set_memory.h> 18 #include <linux/io.h> 19 #include <linux/delay.h> 20 #include <linux/sockptr.h> 21 #include <linux/tsm.h> 22 #include <linux/tsm-mr.h> 23 24 #include <uapi/linux/tdx-guest.h> 25 26 #include <asm/cpu_device_id.h> 27 #include <asm/tdx.h> 28 29 /* TDREPORT buffer */ 30 static u8 *tdx_report_buf; 31 32 /* Lock to serialize TDG.MR.REPORT and TDG.MR.RTMR.EXTEND TDCALLs */ 33 static DEFINE_MUTEX(mr_lock); 34 35 /* TDREPORT fields */ 36 enum { 37 TDREPORT_reportdata = 128, 38 TDREPORT_tee_tcb_info = 256, 39 TDREPORT_tdinfo = TDREPORT_tee_tcb_info + 256, 40 TDREPORT_attributes = TDREPORT_tdinfo, 41 TDREPORT_xfam = TDREPORT_attributes + sizeof(u64), 42 TDREPORT_mrtd = TDREPORT_xfam + sizeof(u64), 43 TDREPORT_mrconfigid = TDREPORT_mrtd + SHA384_DIGEST_SIZE, 44 TDREPORT_mrowner = TDREPORT_mrconfigid + SHA384_DIGEST_SIZE, 45 TDREPORT_mrownerconfig = TDREPORT_mrowner + SHA384_DIGEST_SIZE, 46 TDREPORT_rtmr0 = TDREPORT_mrownerconfig + SHA384_DIGEST_SIZE, 47 TDREPORT_rtmr1 = TDREPORT_rtmr0 + SHA384_DIGEST_SIZE, 48 TDREPORT_rtmr2 = TDREPORT_rtmr1 + SHA384_DIGEST_SIZE, 49 TDREPORT_rtmr3 = TDREPORT_rtmr2 + SHA384_DIGEST_SIZE, 50 TDREPORT_servtd_hash = TDREPORT_rtmr3 + SHA384_DIGEST_SIZE, 51 }; 52 53 static int tdx_do_report(sockptr_t data, sockptr_t tdreport) 54 { 55 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) { 56 u8 *reportdata = tdx_report_buf + TDREPORT_reportdata; 57 int ret; 58 59 if (!sockptr_is_null(data) && 60 copy_from_sockptr(reportdata, data, TDX_REPORTDATA_LEN)) 61 return -EFAULT; 62 63 ret = tdx_mcall_get_report0(reportdata, tdx_report_buf); 64 if (WARN_ONCE(ret, "tdx_mcall_get_report0() failed: %d", ret)) 65 return ret; 66 67 if (!sockptr_is_null(tdreport) && 68 copy_to_sockptr(tdreport, tdx_report_buf, TDX_REPORT_LEN)) 69 return -EFAULT; 70 } 71 return 0; 72 } 73 74 static int tdx_do_extend(u8 mr_ind, const u8 *data) 75 { 76 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) { 77 /* 78 * TDX requires @extend_buf to be 64-byte aligned. 79 * It's safe to use REPORTDATA buffer for that purpose because 80 * tdx_mr_report/extend_lock() are mutually exclusive. 81 */ 82 u8 *extend_buf = tdx_report_buf + TDREPORT_reportdata; 83 int ret; 84 85 memcpy(extend_buf, data, SHA384_DIGEST_SIZE); 86 87 ret = tdx_mcall_extend_rtmr(mr_ind, extend_buf); 88 if (WARN_ONCE(ret, "tdx_mcall_extend_rtmr(%u) failed: %d", mr_ind, ret)) 89 return ret; 90 } 91 return 0; 92 } 93 94 #define TDX_MR_(r) .mr_value = (void *)TDREPORT_##r, TSM_MR_(r, SHA384) 95 static struct tsm_measurement_register tdx_mrs[] = { 96 { TDX_MR_(rtmr0) | TSM_MR_F_RTMR }, 97 { TDX_MR_(rtmr1) | TSM_MR_F_RTMR }, 98 { TDX_MR_(rtmr2) | TSM_MR_F_RTMR }, 99 { TDX_MR_(rtmr3) | TSM_MR_F_RTMR }, 100 { TDX_MR_(mrtd) }, 101 { TDX_MR_(mrconfigid) | TSM_MR_F_NOHASH }, 102 { TDX_MR_(mrowner) | TSM_MR_F_NOHASH }, 103 { TDX_MR_(mrownerconfig) | TSM_MR_F_NOHASH }, 104 }; 105 #undef TDX_MR_ 106 107 static int tdx_mr_refresh(const struct tsm_measurements *tm) 108 { 109 return tdx_do_report(KERNEL_SOCKPTR(NULL), KERNEL_SOCKPTR(NULL)); 110 } 111 112 static int tdx_mr_extend(const struct tsm_measurements *tm, 113 const struct tsm_measurement_register *mr, 114 const u8 *data) 115 { 116 return tdx_do_extend(mr - tm->mrs, data); 117 } 118 119 static struct tsm_measurements tdx_measurements = { 120 .mrs = tdx_mrs, 121 .nr_mrs = ARRAY_SIZE(tdx_mrs), 122 .refresh = tdx_mr_refresh, 123 .write = tdx_mr_extend, 124 }; 125 126 static const struct attribute_group *tdx_mr_init(void) 127 { 128 const struct attribute_group *g; 129 int rc; 130 131 u8 *buf __free(kfree) = kzalloc(TDX_REPORT_LEN, GFP_KERNEL); 132 if (!buf) 133 return ERR_PTR(-ENOMEM); 134 135 tdx_report_buf = buf; 136 rc = tdx_mr_refresh(&tdx_measurements); 137 if (rc) 138 return ERR_PTR(rc); 139 140 /* 141 * @mr_value was initialized with the offset only, while the base 142 * address is being added here. 143 */ 144 for (size_t i = 0; i < ARRAY_SIZE(tdx_mrs); ++i) 145 *(long *)&tdx_mrs[i].mr_value += (long)buf; 146 147 g = tsm_mr_create_attribute_group(&tdx_measurements); 148 if (!IS_ERR(g)) 149 tdx_report_buf = no_free_ptr(buf); 150 151 return g; 152 } 153 154 static void tdx_mr_deinit(const struct attribute_group *mr_grp) 155 { 156 tsm_mr_free_attribute_group(mr_grp); 157 kfree(tdx_report_buf); 158 } 159 160 /* 161 * Intel's SGX QE implementation generally uses Quote size less 162 * than 8K (2K Quote data + ~5K of certificate blob). 163 * DICE-based attestation uses layered evidence that requires 164 * larger Quote size (~100K). 165 */ 166 #define GET_QUOTE_BUF_SIZE SZ_128K 167 168 #define GET_QUOTE_CMD_VER 1 169 170 /* TDX GetQuote status codes */ 171 #define GET_QUOTE_SUCCESS 0 172 #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff 173 174 #define TDX_QUOTE_MAX_LEN (GET_QUOTE_BUF_SIZE - sizeof(struct tdx_quote_buf)) 175 176 /* struct tdx_quote_buf: Format of Quote request buffer. 177 * @version: Quote format version, filled by TD. 178 * @status: Status code of Quote request, filled by VMM. 179 * @in_len: Length of TDREPORT, filled by TD. 180 * @out_len: Length of Quote data, filled by VMM. 181 * @data: Quote data on output or TDREPORT on input. 182 * 183 * More details of Quote request buffer can be found in TDX 184 * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, 185 * section titled "TDG.VP.VMCALL<GetQuote>" 186 */ 187 struct tdx_quote_buf { 188 u64 version; 189 u64 status; 190 u32 in_len; 191 u32 out_len; 192 u8 data[]; 193 }; 194 195 /* Quote data buffer */ 196 static void *quote_data; 197 198 /* Lock to streamline quote requests */ 199 static DEFINE_MUTEX(quote_lock); 200 201 /* 202 * GetQuote request timeout in seconds. Expect that 30 seconds 203 * is enough time for QE to respond to any Quote requests. 204 */ 205 static u32 getquote_timeout = 30; 206 207 static long tdx_get_report0(struct tdx_report_req __user *req) 208 { 209 return tdx_do_report(USER_SOCKPTR(req->reportdata), 210 USER_SOCKPTR(req->tdreport)); 211 } 212 213 static void free_quote_buf(void *buf) 214 { 215 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 216 unsigned int count = len >> PAGE_SHIFT; 217 218 if (set_memory_encrypted((unsigned long)buf, count)) { 219 pr_err("Failed to restore encryption mask for Quote buffer, leak it\n"); 220 return; 221 } 222 223 free_pages_exact(buf, len); 224 } 225 226 static void *alloc_quote_buf(void) 227 { 228 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 229 unsigned int count = len >> PAGE_SHIFT; 230 void *addr; 231 232 addr = alloc_pages_exact(len, GFP_KERNEL | __GFP_ZERO); 233 if (!addr) 234 return NULL; 235 236 if (set_memory_decrypted((unsigned long)addr, count)) 237 return NULL; 238 239 return addr; 240 } 241 242 /* 243 * wait_for_quote_completion() - Wait for Quote request completion 244 * @quote_buf: Address of Quote buffer. 245 * @timeout: Timeout in seconds to wait for the Quote generation. 246 * 247 * As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>", 248 * the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT 249 * while VMM processes the GetQuote request, and will change it to success 250 * or error code after processing is complete. So wait till the status 251 * changes from GET_QUOTE_IN_FLIGHT or the request being timed out. 252 */ 253 static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout) 254 { 255 int i = 0; 256 257 /* 258 * Quote requests usually take a few seconds to complete, so waking up 259 * once per second to recheck the status is fine for this use case. 260 */ 261 while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) { 262 if (msleep_interruptible(MSEC_PER_SEC)) 263 return -EINTR; 264 } 265 266 return (i == timeout) ? -ETIMEDOUT : 0; 267 } 268 269 static int tdx_report_new_locked(struct tsm_report *report, void *data) 270 { 271 u8 *buf; 272 struct tdx_quote_buf *quote_buf = quote_data; 273 struct tsm_report_desc *desc = &report->desc; 274 u32 out_len; 275 int ret; 276 u64 err; 277 278 /* 279 * If the previous request is timedout or interrupted, and the 280 * Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by 281 * VMM), don't permit any new request. 282 */ 283 if (quote_buf->status == GET_QUOTE_IN_FLIGHT) 284 return -EBUSY; 285 286 if (desc->inblob_len != TDX_REPORTDATA_LEN) 287 return -EINVAL; 288 289 memset(quote_data, 0, GET_QUOTE_BUF_SIZE); 290 291 /* Update Quote buffer header */ 292 quote_buf->version = GET_QUOTE_CMD_VER; 293 quote_buf->in_len = TDX_REPORT_LEN; 294 295 ret = tdx_do_report(KERNEL_SOCKPTR(desc->inblob), 296 KERNEL_SOCKPTR(quote_buf->data)); 297 if (ret) 298 return ret; 299 300 err = tdx_hcall_get_quote(quote_data, GET_QUOTE_BUF_SIZE); 301 if (err) { 302 pr_err("GetQuote hypercall failed, status:%llx\n", err); 303 return -EIO; 304 } 305 306 ret = wait_for_quote_completion(quote_buf, getquote_timeout); 307 if (ret) { 308 pr_err("GetQuote request timedout\n"); 309 return ret; 310 } 311 312 if (quote_buf->status != GET_QUOTE_SUCCESS) { 313 pr_debug("GetQuote request failed, status:%llx\n", quote_buf->status); 314 return -EIO; 315 } 316 317 out_len = READ_ONCE(quote_buf->out_len); 318 319 if (out_len > TDX_QUOTE_MAX_LEN) 320 return -EFBIG; 321 322 buf = kvmemdup(quote_buf->data, out_len, GFP_KERNEL); 323 if (!buf) 324 return -ENOMEM; 325 326 report->outblob = buf; 327 report->outblob_len = out_len; 328 329 /* 330 * TODO: parse the PEM-formatted cert chain out of the quote buffer when 331 * provided 332 */ 333 334 return ret; 335 } 336 337 static int tdx_report_new(struct tsm_report *report, void *data) 338 { 339 scoped_cond_guard(mutex_intr, return -EINTR, "e_lock) 340 return tdx_report_new_locked(report, data); 341 } 342 343 static bool tdx_report_attr_visible(int n) 344 { 345 switch (n) { 346 case TSM_REPORT_GENERATION: 347 case TSM_REPORT_PROVIDER: 348 return true; 349 } 350 351 return false; 352 } 353 354 static bool tdx_report_bin_attr_visible(int n) 355 { 356 switch (n) { 357 case TSM_REPORT_INBLOB: 358 case TSM_REPORT_OUTBLOB: 359 return true; 360 } 361 362 return false; 363 } 364 365 static long tdx_guest_ioctl(struct file *file, unsigned int cmd, 366 unsigned long arg) 367 { 368 switch (cmd) { 369 case TDX_CMD_GET_REPORT0: 370 return tdx_get_report0((struct tdx_report_req __user *)arg); 371 default: 372 return -ENOTTY; 373 } 374 } 375 376 static const struct file_operations tdx_guest_fops = { 377 .owner = THIS_MODULE, 378 .unlocked_ioctl = tdx_guest_ioctl, 379 }; 380 381 static const struct attribute_group *tdx_attr_groups[] = { 382 NULL, /* measurements */ 383 NULL 384 }; 385 386 static struct miscdevice tdx_misc_dev = { 387 .name = KBUILD_MODNAME, 388 .minor = MISC_DYNAMIC_MINOR, 389 .fops = &tdx_guest_fops, 390 .groups = tdx_attr_groups, 391 }; 392 393 static const struct x86_cpu_id tdx_guest_ids[] = { 394 X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL), 395 {} 396 }; 397 MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); 398 399 static const struct tsm_report_ops tdx_tsm_ops = { 400 .name = KBUILD_MODNAME, 401 .report_new = tdx_report_new, 402 .report_attr_visible = tdx_report_attr_visible, 403 .report_bin_attr_visible = tdx_report_bin_attr_visible, 404 }; 405 406 static int __init tdx_guest_init(void) 407 { 408 int ret; 409 410 if (!x86_match_cpu(tdx_guest_ids)) 411 return -ENODEV; 412 413 tdx_attr_groups[0] = tdx_mr_init(); 414 if (IS_ERR(tdx_attr_groups[0])) 415 return PTR_ERR(tdx_attr_groups[0]); 416 417 ret = misc_register(&tdx_misc_dev); 418 if (ret) 419 goto deinit_mr; 420 421 quote_data = alloc_quote_buf(); 422 if (!quote_data) { 423 pr_err("Failed to allocate Quote buffer\n"); 424 ret = -ENOMEM; 425 goto free_misc; 426 } 427 428 ret = tsm_report_register(&tdx_tsm_ops, NULL); 429 if (ret) 430 goto free_quote; 431 432 return 0; 433 434 free_quote: 435 free_quote_buf(quote_data); 436 free_misc: 437 misc_deregister(&tdx_misc_dev); 438 deinit_mr: 439 tdx_mr_deinit(tdx_attr_groups[0]); 440 441 return ret; 442 } 443 module_init(tdx_guest_init); 444 445 static void __exit tdx_guest_exit(void) 446 { 447 tsm_report_unregister(&tdx_tsm_ops); 448 free_quote_buf(quote_data); 449 misc_deregister(&tdx_misc_dev); 450 tdx_mr_deinit(tdx_attr_groups[0]); 451 } 452 module_exit(tdx_guest_exit); 453 454 MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>"); 455 MODULE_DESCRIPTION("TDX Guest Driver"); 456 MODULE_LICENSE("GPL"); 457