xref: /linux/drivers/s390/char/uvdevice.c (revision 4359a011e259a4608afc7fb3635370c9d4ba5943)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  Copyright IBM Corp. 2022
4  *  Author(s): Steffen Eiden <seiden@linux.ibm.com>
5  *
6  *  This file provides a Linux misc device to give userspace access to some
7  *  Ultravisor (UV) functions. The device only accepts IOCTLs and will only
8  *  be present if the Ultravisor facility (158) is present.
9  *
10  *  When userspace sends a valid IOCTL uvdevice will copy the input data to
11  *  kernel space, do some basic validity checks to avoid kernel/system
12  *  corruption. Any other check that the Ultravisor does will not be done by
13  *  the uvdevice to keep changes minimal when adding new functionalities
14  *  to existing UV-calls.
15  *  After the checks uvdevice builds a corresponding
16  *  Ultravisor Call Control Block, and sends the request to the Ultravisor.
17  *  Then, it copies the response, including the return codes, back to userspace.
18  *  It is the responsibility of the userspace to check for any error issued
19  *  by UV and to interpret the UV response. The uvdevice acts as a communication
20  *  channel for userspace to the Ultravisor.
21  */
22 
23 #include <linux/module.h>
24 #include <linux/kernel.h>
25 #include <linux/miscdevice.h>
26 #include <linux/types.h>
27 #include <linux/stddef.h>
28 #include <linux/vmalloc.h>
29 #include <linux/slab.h>
30 #include <linux/cpufeature.h>
31 
32 #include <asm/uvdevice.h>
33 #include <asm/uv.h>
34 
35 static int uvio_build_uvcb_attest(struct uv_cb_attest *uvcb_attest, u8 *arcb,
36 				  u8 *meas, u8 *add_data, struct uvio_attest *uvio_attest)
37 {
38 	void __user *user_buf_arcb = (void __user *)uvio_attest->arcb_addr;
39 
40 	if (copy_from_user(arcb, user_buf_arcb, uvio_attest->arcb_len))
41 		return -EFAULT;
42 
43 	uvcb_attest->header.len = sizeof(*uvcb_attest);
44 	uvcb_attest->header.cmd = UVC_CMD_RETR_ATTEST;
45 	uvcb_attest->arcb_addr = (u64)arcb;
46 	uvcb_attest->cont_token = 0;
47 	uvcb_attest->user_data_len = uvio_attest->user_data_len;
48 	memcpy(uvcb_attest->user_data, uvio_attest->user_data, sizeof(uvcb_attest->user_data));
49 	uvcb_attest->meas_len = uvio_attest->meas_len;
50 	uvcb_attest->meas_addr = (u64)meas;
51 	uvcb_attest->add_data_len = uvio_attest->add_data_len;
52 	uvcb_attest->add_data_addr = (u64)add_data;
53 
54 	return 0;
55 }
56 
57 static int uvio_copy_attest_result_to_user(struct uv_cb_attest *uvcb_attest,
58 					   struct uvio_ioctl_cb *uv_ioctl,
59 					   u8 *measurement, u8 *add_data,
60 					   struct uvio_attest *uvio_attest)
61 {
62 	struct uvio_attest __user *user_uvio_attest = (void __user *)uv_ioctl->argument_addr;
63 	void __user *user_buf_add = (void __user *)uvio_attest->add_data_addr;
64 	void __user *user_buf_meas = (void __user *)uvio_attest->meas_addr;
65 	void __user *user_buf_uid = &user_uvio_attest->config_uid;
66 
67 	if (copy_to_user(user_buf_meas, measurement, uvio_attest->meas_len))
68 		return -EFAULT;
69 	if (add_data && copy_to_user(user_buf_add, add_data, uvio_attest->add_data_len))
70 		return -EFAULT;
71 	if (copy_to_user(user_buf_uid, uvcb_attest->config_uid, sizeof(uvcb_attest->config_uid)))
72 		return -EFAULT;
73 	return 0;
74 }
75 
76 static int get_uvio_attest(struct uvio_ioctl_cb *uv_ioctl, struct uvio_attest *uvio_attest)
77 {
78 	u8 __user *user_arg_buf = (u8 __user *)uv_ioctl->argument_addr;
79 
80 	if (copy_from_user(uvio_attest, user_arg_buf, sizeof(*uvio_attest)))
81 		return -EFAULT;
82 
83 	if (uvio_attest->arcb_len > UVIO_ATT_ARCB_MAX_LEN)
84 		return -EINVAL;
85 	if (uvio_attest->arcb_len == 0)
86 		return -EINVAL;
87 	if (uvio_attest->meas_len > UVIO_ATT_MEASUREMENT_MAX_LEN)
88 		return -EINVAL;
89 	if (uvio_attest->meas_len == 0)
90 		return -EINVAL;
91 	if (uvio_attest->add_data_len > UVIO_ATT_ADDITIONAL_MAX_LEN)
92 		return -EINVAL;
93 	if (uvio_attest->reserved136)
94 		return -EINVAL;
95 	return 0;
96 }
97 
98 /**
99  * uvio_attestation() - Perform a Retrieve Attestation Measurement UVC.
100  *
101  * @uv_ioctl: ioctl control block
102  *
103  * uvio_attestation() does a Retrieve Attestation Measurement Ultravisor Call.
104  * It verifies that the given userspace addresses are valid and request sizes
105  * are sane. Every other check is made by the Ultravisor (UV) and won't result
106  * in a negative return value. It copies the input to kernelspace, builds the
107  * request, sends the UV-call, and copies the result to userspace.
108  *
109  * The Attestation Request has two input and two outputs.
110  * ARCB and User Data are inputs for the UV generated by userspace.
111  * Measurement and Additional Data are outputs for userspace generated by UV.
112  *
113  * The Attestation Request Control Block (ARCB) is a cryptographically verified
114  * and secured request to UV and User Data is some plaintext data which is
115  * going to be included in the Attestation Measurement calculation.
116  *
117  * Measurement is a cryptographic measurement of the callers properties,
118  * optional data configured by the ARCB and the user data. If specified by the
119  * ARCB, UV will add some Additional Data to the measurement calculation.
120  * This Additional Data is then returned as well.
121  *
122  * If the Retrieve Attestation Measurement UV facility is not present,
123  * UV will return invalid command rc. This won't be fenced in the driver
124  * and does not result in a negative return value.
125  *
126  * Context: might sleep
127  *
128  * Return: 0 on success or a negative error code on error.
129  */
130 static int uvio_attestation(struct uvio_ioctl_cb *uv_ioctl)
131 {
132 	struct uv_cb_attest *uvcb_attest = NULL;
133 	struct uvio_attest *uvio_attest = NULL;
134 	u8 *measurement = NULL;
135 	u8 *add_data = NULL;
136 	u8 *arcb = NULL;
137 	int ret;
138 
139 	ret = -EINVAL;
140 	if (uv_ioctl->argument_len != sizeof(*uvio_attest))
141 		goto out;
142 
143 	ret = -ENOMEM;
144 	uvio_attest = kzalloc(sizeof(*uvio_attest), GFP_KERNEL);
145 	if (!uvio_attest)
146 		goto out;
147 
148 	ret = get_uvio_attest(uv_ioctl, uvio_attest);
149 	if (ret)
150 		goto out;
151 
152 	ret = -ENOMEM;
153 	arcb = kvzalloc(uvio_attest->arcb_len, GFP_KERNEL);
154 	measurement = kvzalloc(uvio_attest->meas_len, GFP_KERNEL);
155 	if (!arcb || !measurement)
156 		goto out;
157 
158 	if (uvio_attest->add_data_len) {
159 		add_data = kvzalloc(uvio_attest->add_data_len, GFP_KERNEL);
160 		if (!add_data)
161 			goto out;
162 	}
163 
164 	uvcb_attest = kzalloc(sizeof(*uvcb_attest), GFP_KERNEL);
165 	if (!uvcb_attest)
166 		goto out;
167 
168 	ret = uvio_build_uvcb_attest(uvcb_attest, arcb,  measurement, add_data, uvio_attest);
169 	if (ret)
170 		goto out;
171 
172 	uv_call_sched(0, (u64)uvcb_attest);
173 
174 	uv_ioctl->uv_rc = uvcb_attest->header.rc;
175 	uv_ioctl->uv_rrc = uvcb_attest->header.rrc;
176 
177 	ret = uvio_copy_attest_result_to_user(uvcb_attest, uv_ioctl, measurement, add_data,
178 					      uvio_attest);
179 out:
180 	kvfree(arcb);
181 	kvfree(measurement);
182 	kvfree(add_data);
183 	kfree(uvio_attest);
184 	kfree(uvcb_attest);
185 	return ret;
186 }
187 
188 static int uvio_copy_and_check_ioctl(struct uvio_ioctl_cb *ioctl, void __user *argp)
189 {
190 	if (copy_from_user(ioctl, argp, sizeof(*ioctl)))
191 		return -EFAULT;
192 	if (ioctl->flags != 0)
193 		return -EINVAL;
194 	if (memchr_inv(ioctl->reserved14, 0, sizeof(ioctl->reserved14)))
195 		return -EINVAL;
196 
197 	return 0;
198 }
199 
200 /*
201  * IOCTL entry point for the Ultravisor device.
202  */
203 static long uvio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
204 {
205 	void __user *argp = (void __user *)arg;
206 	struct uvio_ioctl_cb uv_ioctl = { };
207 	long ret;
208 
209 	switch (cmd) {
210 	case UVIO_IOCTL_ATT:
211 		ret = uvio_copy_and_check_ioctl(&uv_ioctl, argp);
212 		if (ret)
213 			return ret;
214 		ret = uvio_attestation(&uv_ioctl);
215 		break;
216 	default:
217 		ret = -ENOIOCTLCMD;
218 		break;
219 	}
220 	if (ret)
221 		return ret;
222 
223 	if (copy_to_user(argp, &uv_ioctl, sizeof(uv_ioctl)))
224 		ret = -EFAULT;
225 
226 	return ret;
227 }
228 
229 static const struct file_operations uvio_dev_fops = {
230 	.owner = THIS_MODULE,
231 	.unlocked_ioctl = uvio_ioctl,
232 	.llseek = no_llseek,
233 };
234 
235 static struct miscdevice uvio_dev_miscdev = {
236 	.minor = MISC_DYNAMIC_MINOR,
237 	.name = UVIO_DEVICE_NAME,
238 	.fops = &uvio_dev_fops,
239 };
240 
241 static void __exit uvio_dev_exit(void)
242 {
243 	misc_deregister(&uvio_dev_miscdev);
244 }
245 
246 static int __init uvio_dev_init(void)
247 {
248 	return misc_register(&uvio_dev_miscdev);
249 }
250 
251 module_cpu_feature_match(S390_CPU_FEATURE_UV, uvio_dev_init);
252 module_exit(uvio_dev_exit);
253 
254 MODULE_AUTHOR("IBM Corporation");
255 MODULE_LICENSE("GPL");
256 MODULE_DESCRIPTION("Ultravisor UAPI driver");
257