1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD Secure Encrypted Virtualization (SEV) guest driver interface 4 * 5 * Copyright (C) 2021-2024 Advanced Micro Devices, Inc. 6 * 7 * Author: Brijesh Singh <brijesh.singh@amd.com> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/mutex.h> 14 #include <linux/io.h> 15 #include <linux/platform_device.h> 16 #include <linux/miscdevice.h> 17 #include <linux/set_memory.h> 18 #include <linux/fs.h> 19 #include <linux/tsm.h> 20 #include <crypto/aead.h> 21 #include <linux/scatterlist.h> 22 #include <linux/psp-sev.h> 23 #include <linux/sockptr.h> 24 #include <linux/cleanup.h> 25 #include <linux/uuid.h> 26 #include <linux/configfs.h> 27 #include <uapi/linux/sev-guest.h> 28 #include <uapi/linux/psp-sev.h> 29 30 #include <asm/svm.h> 31 #include <asm/sev.h> 32 33 #define DEVICE_NAME "sev-guest" 34 #define AAD_LEN 48 35 #define MSG_HDR_VER 1 36 37 #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) 38 #define SNP_REQ_RETRY_DELAY (2*HZ) 39 40 #define SVSM_MAX_RETRIES 3 41 42 struct snp_guest_crypto { 43 struct crypto_aead *tfm; 44 u8 *iv, *authtag; 45 int iv_len, a_len; 46 }; 47 48 struct snp_guest_dev { 49 struct device *dev; 50 struct miscdevice misc; 51 52 void *certs_data; 53 struct snp_guest_crypto *crypto; 54 /* request and response are in unencrypted memory */ 55 struct snp_guest_msg *request, *response; 56 57 /* 58 * Avoid information leakage by double-buffering shared messages 59 * in fields that are in regular encrypted memory. 60 */ 61 struct snp_guest_msg secret_request, secret_response; 62 63 struct snp_secrets_page *secrets; 64 struct snp_req_data input; 65 union { 66 struct snp_report_req report; 67 struct snp_derived_key_req derived_key; 68 struct snp_ext_report_req ext_report; 69 } req; 70 u32 *os_area_msg_seqno; 71 u8 *vmpck; 72 }; 73 74 /* 75 * The VMPCK ID represents the key used by the SNP guest to communicate with the 76 * SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key 77 * used will be the key associated with the VMPL at which the guest is running. 78 * Should the default key be wiped (see snp_disable_vmpck()), this parameter 79 * allows for using one of the remaining VMPCKs. 80 */ 81 static int vmpck_id = -1; 82 module_param(vmpck_id, int, 0444); 83 MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); 84 85 /* Mutex to serialize the shared buffer access and command handling. */ 86 static DEFINE_MUTEX(snp_cmd_mutex); 87 88 static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) 89 { 90 char zero_key[VMPCK_KEY_LEN] = {0}; 91 92 if (snp_dev->vmpck) 93 return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); 94 95 return true; 96 } 97 98 /* 99 * If an error is received from the host or AMD Secure Processor (ASP) there 100 * are two options. Either retry the exact same encrypted request or discontinue 101 * using the VMPCK. 102 * 103 * This is because in the current encryption scheme GHCB v2 uses AES-GCM to 104 * encrypt the requests. The IV for this scheme is the sequence number. GCM 105 * cannot tolerate IV reuse. 106 * 107 * The ASP FW v1.51 only increments the sequence numbers on a successful 108 * guest<->ASP back and forth and only accepts messages at its exact sequence 109 * number. 110 * 111 * So if the sequence number were to be reused the encryption scheme is 112 * vulnerable. If the sequence number were incremented for a fresh IV the ASP 113 * will reject the request. 114 */ 115 static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) 116 { 117 dev_alert(snp_dev->dev, "Disabling VMPCK%d communication key to prevent IV reuse.\n", 118 vmpck_id); 119 memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); 120 snp_dev->vmpck = NULL; 121 } 122 123 static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 124 { 125 u64 count; 126 127 lockdep_assert_held(&snp_cmd_mutex); 128 129 /* Read the current message sequence counter from secrets pages */ 130 count = *snp_dev->os_area_msg_seqno; 131 132 return count + 1; 133 } 134 135 /* Return a non-zero on success */ 136 static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 137 { 138 u64 count = __snp_get_msg_seqno(snp_dev); 139 140 /* 141 * The message sequence counter for the SNP guest request is a 64-bit 142 * value but the version 2 of GHCB specification defines a 32-bit storage 143 * for it. If the counter exceeds the 32-bit value then return zero. 144 * The caller should check the return value, but if the caller happens to 145 * not check the value and use it, then the firmware treats zero as an 146 * invalid number and will fail the message request. 147 */ 148 if (count >= UINT_MAX) { 149 dev_err(snp_dev->dev, "request message sequence counter overflow\n"); 150 return 0; 151 } 152 153 return count; 154 } 155 156 static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) 157 { 158 /* 159 * The counter is also incremented by the PSP, so increment it by 2 160 * and save in secrets page. 161 */ 162 *snp_dev->os_area_msg_seqno += 2; 163 } 164 165 static inline struct snp_guest_dev *to_snp_dev(struct file *file) 166 { 167 struct miscdevice *dev = file->private_data; 168 169 return container_of(dev, struct snp_guest_dev, misc); 170 } 171 172 static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) 173 { 174 struct snp_guest_crypto *crypto; 175 176 crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); 177 if (!crypto) 178 return NULL; 179 180 crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 181 if (IS_ERR(crypto->tfm)) 182 goto e_free; 183 184 if (crypto_aead_setkey(crypto->tfm, key, keylen)) 185 goto e_free_crypto; 186 187 crypto->iv_len = crypto_aead_ivsize(crypto->tfm); 188 crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); 189 if (!crypto->iv) 190 goto e_free_crypto; 191 192 if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { 193 if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { 194 dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); 195 goto e_free_iv; 196 } 197 } 198 199 crypto->a_len = crypto_aead_authsize(crypto->tfm); 200 crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); 201 if (!crypto->authtag) 202 goto e_free_iv; 203 204 return crypto; 205 206 e_free_iv: 207 kfree(crypto->iv); 208 e_free_crypto: 209 crypto_free_aead(crypto->tfm); 210 e_free: 211 kfree(crypto); 212 213 return NULL; 214 } 215 216 static void deinit_crypto(struct snp_guest_crypto *crypto) 217 { 218 crypto_free_aead(crypto->tfm); 219 kfree(crypto->iv); 220 kfree(crypto->authtag); 221 kfree(crypto); 222 } 223 224 static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, 225 u8 *src_buf, u8 *dst_buf, size_t len, bool enc) 226 { 227 struct snp_guest_msg_hdr *hdr = &msg->hdr; 228 struct scatterlist src[3], dst[3]; 229 DECLARE_CRYPTO_WAIT(wait); 230 struct aead_request *req; 231 int ret; 232 233 req = aead_request_alloc(crypto->tfm, GFP_KERNEL); 234 if (!req) 235 return -ENOMEM; 236 237 /* 238 * AEAD memory operations: 239 * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ 240 * | msg header | plaintext | hdr->authtag | 241 * | bytes 30h - 5Fh | or | | 242 * | | cipher | | 243 * +------------------+------------------+----------------+ 244 */ 245 sg_init_table(src, 3); 246 sg_set_buf(&src[0], &hdr->algo, AAD_LEN); 247 sg_set_buf(&src[1], src_buf, hdr->msg_sz); 248 sg_set_buf(&src[2], hdr->authtag, crypto->a_len); 249 250 sg_init_table(dst, 3); 251 sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); 252 sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); 253 sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); 254 255 aead_request_set_ad(req, AAD_LEN); 256 aead_request_set_tfm(req, crypto->tfm); 257 aead_request_set_callback(req, 0, crypto_req_done, &wait); 258 259 aead_request_set_crypt(req, src, dst, len, crypto->iv); 260 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); 261 262 aead_request_free(req); 263 return ret; 264 } 265 266 static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 267 void *plaintext, size_t len) 268 { 269 struct snp_guest_crypto *crypto = snp_dev->crypto; 270 struct snp_guest_msg_hdr *hdr = &msg->hdr; 271 272 memset(crypto->iv, 0, crypto->iv_len); 273 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 274 275 return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); 276 } 277 278 static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 279 void *plaintext, size_t len) 280 { 281 struct snp_guest_crypto *crypto = snp_dev->crypto; 282 struct snp_guest_msg_hdr *hdr = &msg->hdr; 283 284 /* Build IV with response buffer sequence number */ 285 memset(crypto->iv, 0, crypto->iv_len); 286 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 287 288 return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); 289 } 290 291 static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) 292 { 293 struct snp_guest_crypto *crypto = snp_dev->crypto; 294 struct snp_guest_msg *resp_msg = &snp_dev->secret_response; 295 struct snp_guest_msg *req_msg = &snp_dev->secret_request; 296 struct snp_guest_msg_hdr *req_msg_hdr = &req_msg->hdr; 297 struct snp_guest_msg_hdr *resp_msg_hdr = &resp_msg->hdr; 298 299 pr_debug("response [seqno %lld type %d version %d sz %d]\n", 300 resp_msg_hdr->msg_seqno, resp_msg_hdr->msg_type, resp_msg_hdr->msg_version, 301 resp_msg_hdr->msg_sz); 302 303 /* Copy response from shared memory to encrypted memory. */ 304 memcpy(resp_msg, snp_dev->response, sizeof(*resp_msg)); 305 306 /* Verify that the sequence counter is incremented by 1 */ 307 if (unlikely(resp_msg_hdr->msg_seqno != (req_msg_hdr->msg_seqno + 1))) 308 return -EBADMSG; 309 310 /* Verify response message type and version number. */ 311 if (resp_msg_hdr->msg_type != (req_msg_hdr->msg_type + 1) || 312 resp_msg_hdr->msg_version != req_msg_hdr->msg_version) 313 return -EBADMSG; 314 315 /* 316 * If the message size is greater than our buffer length then return 317 * an error. 318 */ 319 if (unlikely((resp_msg_hdr->msg_sz + crypto->a_len) > sz)) 320 return -EBADMSG; 321 322 /* Decrypt the payload */ 323 return dec_payload(snp_dev, resp_msg, payload, resp_msg_hdr->msg_sz + crypto->a_len); 324 } 325 326 static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, 327 void *payload, size_t sz) 328 { 329 struct snp_guest_msg *msg = &snp_dev->secret_request; 330 struct snp_guest_msg_hdr *hdr = &msg->hdr; 331 332 memset(msg, 0, sizeof(*msg)); 333 334 hdr->algo = SNP_AEAD_AES_256_GCM; 335 hdr->hdr_version = MSG_HDR_VER; 336 hdr->hdr_sz = sizeof(*hdr); 337 hdr->msg_type = type; 338 hdr->msg_version = version; 339 hdr->msg_seqno = seqno; 340 hdr->msg_vmpck = vmpck_id; 341 hdr->msg_sz = sz; 342 343 /* Verify the sequence number is non-zero */ 344 if (!hdr->msg_seqno) 345 return -ENOSR; 346 347 pr_debug("request [seqno %lld type %d version %d sz %d]\n", 348 hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); 349 350 return __enc_payload(snp_dev, msg, payload, sz); 351 } 352 353 static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, 354 struct snp_guest_request_ioctl *rio) 355 { 356 unsigned long req_start = jiffies; 357 unsigned int override_npages = 0; 358 u64 override_err = 0; 359 int rc; 360 361 retry_request: 362 /* 363 * Call firmware to process the request. In this function the encrypted 364 * message enters shared memory with the host. So after this call the 365 * sequence number must be incremented or the VMPCK must be deleted to 366 * prevent reuse of the IV. 367 */ 368 rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); 369 switch (rc) { 370 case -ENOSPC: 371 /* 372 * If the extended guest request fails due to having too 373 * small of a certificate data buffer, retry the same 374 * guest request without the extended data request in 375 * order to increment the sequence number and thus avoid 376 * IV reuse. 377 */ 378 override_npages = snp_dev->input.data_npages; 379 exit_code = SVM_VMGEXIT_GUEST_REQUEST; 380 381 /* 382 * Override the error to inform callers the given extended 383 * request buffer size was too small and give the caller the 384 * required buffer size. 385 */ 386 override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); 387 388 /* 389 * If this call to the firmware succeeds, the sequence number can 390 * be incremented allowing for continued use of the VMPCK. If 391 * there is an error reflected in the return value, this value 392 * is checked further down and the result will be the deletion 393 * of the VMPCK and the error code being propagated back to the 394 * user as an ioctl() return code. 395 */ 396 goto retry_request; 397 398 /* 399 * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been 400 * throttled. Retry in the driver to avoid returning and reusing the 401 * message sequence number on a different message. 402 */ 403 case -EAGAIN: 404 if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { 405 rc = -ETIMEDOUT; 406 break; 407 } 408 schedule_timeout_killable(SNP_REQ_RETRY_DELAY); 409 goto retry_request; 410 } 411 412 /* 413 * Increment the message sequence number. There is no harm in doing 414 * this now because decryption uses the value stored in the response 415 * structure and any failure will wipe the VMPCK, preventing further 416 * use anyway. 417 */ 418 snp_inc_msg_seqno(snp_dev); 419 420 if (override_err) { 421 rio->exitinfo2 = override_err; 422 423 /* 424 * If an extended guest request was issued and the supplied certificate 425 * buffer was not large enough, a standard guest request was issued to 426 * prevent IV reuse. If the standard request was successful, return -EIO 427 * back to the caller as would have originally been returned. 428 */ 429 if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) 430 rc = -EIO; 431 } 432 433 if (override_npages) 434 snp_dev->input.data_npages = override_npages; 435 436 return rc; 437 } 438 439 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, 440 struct snp_guest_request_ioctl *rio, u8 type, 441 void *req_buf, size_t req_sz, void *resp_buf, 442 u32 resp_sz) 443 { 444 u64 seqno; 445 int rc; 446 447 /* Get message sequence and verify that its a non-zero */ 448 seqno = snp_get_msg_seqno(snp_dev); 449 if (!seqno) 450 return -EIO; 451 452 /* Clear shared memory's response for the host to populate. */ 453 memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); 454 455 /* Encrypt the userspace provided payload in snp_dev->secret_request. */ 456 rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); 457 if (rc) 458 return rc; 459 460 /* 461 * Write the fully encrypted request to the shared unencrypted 462 * request page. 463 */ 464 memcpy(snp_dev->request, &snp_dev->secret_request, 465 sizeof(snp_dev->secret_request)); 466 467 rc = __handle_guest_request(snp_dev, exit_code, rio); 468 if (rc) { 469 if (rc == -EIO && 470 rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) 471 return rc; 472 473 dev_alert(snp_dev->dev, 474 "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", 475 rc, rio->exitinfo2); 476 477 snp_disable_vmpck(snp_dev); 478 return rc; 479 } 480 481 rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); 482 if (rc) { 483 dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); 484 snp_disable_vmpck(snp_dev); 485 return rc; 486 } 487 488 return 0; 489 } 490 491 struct snp_req_resp { 492 sockptr_t req_data; 493 sockptr_t resp_data; 494 }; 495 496 static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 497 { 498 struct snp_guest_crypto *crypto = snp_dev->crypto; 499 struct snp_report_req *report_req = &snp_dev->req.report; 500 struct snp_report_resp *report_resp; 501 int rc, resp_len; 502 503 lockdep_assert_held(&snp_cmd_mutex); 504 505 if (!arg->req_data || !arg->resp_data) 506 return -EINVAL; 507 508 if (copy_from_user(report_req, (void __user *)arg->req_data, sizeof(*report_req))) 509 return -EFAULT; 510 511 /* 512 * The intermediate response buffer is used while decrypting the 513 * response payload. Make sure that it has enough space to cover the 514 * authtag. 515 */ 516 resp_len = sizeof(report_resp->data) + crypto->a_len; 517 report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 518 if (!report_resp) 519 return -ENOMEM; 520 521 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, 522 report_req, sizeof(*report_req), report_resp->data, resp_len); 523 if (rc) 524 goto e_free; 525 526 if (copy_to_user((void __user *)arg->resp_data, report_resp, sizeof(*report_resp))) 527 rc = -EFAULT; 528 529 e_free: 530 kfree(report_resp); 531 return rc; 532 } 533 534 static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 535 { 536 struct snp_derived_key_req *derived_key_req = &snp_dev->req.derived_key; 537 struct snp_guest_crypto *crypto = snp_dev->crypto; 538 struct snp_derived_key_resp derived_key_resp = {0}; 539 int rc, resp_len; 540 /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ 541 u8 buf[64 + 16]; 542 543 lockdep_assert_held(&snp_cmd_mutex); 544 545 if (!arg->req_data || !arg->resp_data) 546 return -EINVAL; 547 548 /* 549 * The intermediate response buffer is used while decrypting the 550 * response payload. Make sure that it has enough space to cover the 551 * authtag. 552 */ 553 resp_len = sizeof(derived_key_resp.data) + crypto->a_len; 554 if (sizeof(buf) < resp_len) 555 return -ENOMEM; 556 557 if (copy_from_user(derived_key_req, (void __user *)arg->req_data, 558 sizeof(*derived_key_req))) 559 return -EFAULT; 560 561 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, SNP_MSG_KEY_REQ, 562 derived_key_req, sizeof(*derived_key_req), buf, resp_len); 563 if (rc) 564 return rc; 565 566 memcpy(derived_key_resp.data, buf, sizeof(derived_key_resp.data)); 567 if (copy_to_user((void __user *)arg->resp_data, &derived_key_resp, 568 sizeof(derived_key_resp))) 569 rc = -EFAULT; 570 571 /* The response buffer contains the sensitive data, explicitly clear it. */ 572 memzero_explicit(buf, sizeof(buf)); 573 memzero_explicit(&derived_key_resp, sizeof(derived_key_resp)); 574 return rc; 575 } 576 577 static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg, 578 struct snp_req_resp *io) 579 580 { 581 struct snp_ext_report_req *report_req = &snp_dev->req.ext_report; 582 struct snp_guest_crypto *crypto = snp_dev->crypto; 583 struct snp_report_resp *report_resp; 584 int ret, npages = 0, resp_len; 585 sockptr_t certs_address; 586 587 lockdep_assert_held(&snp_cmd_mutex); 588 589 if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) 590 return -EINVAL; 591 592 if (copy_from_sockptr(report_req, io->req_data, sizeof(*report_req))) 593 return -EFAULT; 594 595 /* caller does not want certificate data */ 596 if (!report_req->certs_len || !report_req->certs_address) 597 goto cmd; 598 599 if (report_req->certs_len > SEV_FW_BLOB_MAX_SIZE || 600 !IS_ALIGNED(report_req->certs_len, PAGE_SIZE)) 601 return -EINVAL; 602 603 if (sockptr_is_kernel(io->resp_data)) { 604 certs_address = KERNEL_SOCKPTR((void *)report_req->certs_address); 605 } else { 606 certs_address = USER_SOCKPTR((void __user *)report_req->certs_address); 607 if (!access_ok(certs_address.user, report_req->certs_len)) 608 return -EFAULT; 609 } 610 611 /* 612 * Initialize the intermediate buffer with all zeros. This buffer 613 * is used in the guest request message to get the certs blob from 614 * the host. If host does not supply any certs in it, then copy 615 * zeros to indicate that certificate data was not provided. 616 */ 617 memset(snp_dev->certs_data, 0, report_req->certs_len); 618 npages = report_req->certs_len >> PAGE_SHIFT; 619 cmd: 620 /* 621 * The intermediate response buffer is used while decrypting the 622 * response payload. Make sure that it has enough space to cover the 623 * authtag. 624 */ 625 resp_len = sizeof(report_resp->data) + crypto->a_len; 626 report_resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 627 if (!report_resp) 628 return -ENOMEM; 629 630 snp_dev->input.data_npages = npages; 631 ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, SNP_MSG_REPORT_REQ, 632 &report_req->data, sizeof(report_req->data), 633 report_resp->data, resp_len); 634 635 /* If certs length is invalid then copy the returned length */ 636 if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { 637 report_req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT; 638 639 if (copy_to_sockptr(io->req_data, report_req, sizeof(*report_req))) 640 ret = -EFAULT; 641 } 642 643 if (ret) 644 goto e_free; 645 646 if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, report_req->certs_len)) { 647 ret = -EFAULT; 648 goto e_free; 649 } 650 651 if (copy_to_sockptr(io->resp_data, report_resp, sizeof(*report_resp))) 652 ret = -EFAULT; 653 654 e_free: 655 kfree(report_resp); 656 return ret; 657 } 658 659 static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) 660 { 661 struct snp_guest_dev *snp_dev = to_snp_dev(file); 662 void __user *argp = (void __user *)arg; 663 struct snp_guest_request_ioctl input; 664 struct snp_req_resp io; 665 int ret = -ENOTTY; 666 667 if (copy_from_user(&input, argp, sizeof(input))) 668 return -EFAULT; 669 670 input.exitinfo2 = 0xff; 671 672 /* Message version must be non-zero */ 673 if (!input.msg_version) 674 return -EINVAL; 675 676 mutex_lock(&snp_cmd_mutex); 677 678 /* Check if the VMPCK is not empty */ 679 if (is_vmpck_empty(snp_dev)) { 680 dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); 681 mutex_unlock(&snp_cmd_mutex); 682 return -ENOTTY; 683 } 684 685 switch (ioctl) { 686 case SNP_GET_REPORT: 687 ret = get_report(snp_dev, &input); 688 break; 689 case SNP_GET_DERIVED_KEY: 690 ret = get_derived_key(snp_dev, &input); 691 break; 692 case SNP_GET_EXT_REPORT: 693 /* 694 * As get_ext_report() may be called from the ioctl() path and a 695 * kernel internal path (configfs-tsm), decorate the passed 696 * buffers as user pointers. 697 */ 698 io.req_data = USER_SOCKPTR((void __user *)input.req_data); 699 io.resp_data = USER_SOCKPTR((void __user *)input.resp_data); 700 ret = get_ext_report(snp_dev, &input, &io); 701 break; 702 default: 703 break; 704 } 705 706 mutex_unlock(&snp_cmd_mutex); 707 708 if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) 709 return -EFAULT; 710 711 return ret; 712 } 713 714 static void free_shared_pages(void *buf, size_t sz) 715 { 716 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 717 int ret; 718 719 if (!buf) 720 return; 721 722 ret = set_memory_encrypted((unsigned long)buf, npages); 723 if (ret) { 724 WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); 725 return; 726 } 727 728 __free_pages(virt_to_page(buf), get_order(sz)); 729 } 730 731 static void *alloc_shared_pages(struct device *dev, size_t sz) 732 { 733 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 734 struct page *page; 735 int ret; 736 737 page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); 738 if (!page) 739 return NULL; 740 741 ret = set_memory_decrypted((unsigned long)page_address(page), npages); 742 if (ret) { 743 dev_err(dev, "failed to mark page shared, ret=%d\n", ret); 744 __free_pages(page, get_order(sz)); 745 return NULL; 746 } 747 748 return page_address(page); 749 } 750 751 static const struct file_operations snp_guest_fops = { 752 .owner = THIS_MODULE, 753 .unlocked_ioctl = snp_guest_ioctl, 754 }; 755 756 static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) 757 { 758 u8 *key = NULL; 759 760 switch (id) { 761 case 0: 762 *seqno = &secrets->os_area.msg_seqno_0; 763 key = secrets->vmpck0; 764 break; 765 case 1: 766 *seqno = &secrets->os_area.msg_seqno_1; 767 key = secrets->vmpck1; 768 break; 769 case 2: 770 *seqno = &secrets->os_area.msg_seqno_2; 771 key = secrets->vmpck2; 772 break; 773 case 3: 774 *seqno = &secrets->os_area.msg_seqno_3; 775 key = secrets->vmpck3; 776 break; 777 default: 778 break; 779 } 780 781 return key; 782 } 783 784 struct snp_msg_report_resp_hdr { 785 u32 status; 786 u32 report_size; 787 u8 rsvd[24]; 788 }; 789 790 struct snp_msg_cert_entry { 791 guid_t guid; 792 u32 offset; 793 u32 length; 794 }; 795 796 static int sev_svsm_report_new(struct tsm_report *report, void *data) 797 { 798 unsigned int rep_len, man_len, certs_len; 799 struct tsm_desc *desc = &report->desc; 800 struct svsm_attest_call ac = {}; 801 unsigned int retry_count; 802 void *rep, *man, *certs; 803 struct svsm_call call; 804 unsigned int size; 805 bool try_again; 806 void *buffer; 807 u64 call_id; 808 int ret; 809 810 /* 811 * Allocate pages for the request: 812 * - Report blob (4K) 813 * - Manifest blob (4K) 814 * - Certificate blob (16K) 815 * 816 * Above addresses must be 4K aligned 817 */ 818 rep_len = SZ_4K; 819 man_len = SZ_4K; 820 certs_len = SEV_FW_BLOB_MAX_SIZE; 821 822 guard(mutex)(&snp_cmd_mutex); 823 824 if (guid_is_null(&desc->service_guid)) { 825 call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SERVICES); 826 } else { 827 export_guid(ac.service_guid, &desc->service_guid); 828 ac.service_manifest_ver = desc->service_manifest_version; 829 830 call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SINGLE_SERVICE); 831 } 832 833 retry_count = 0; 834 835 retry: 836 memset(&call, 0, sizeof(call)); 837 838 size = rep_len + man_len + certs_len; 839 buffer = alloc_pages_exact(size, __GFP_ZERO); 840 if (!buffer) 841 return -ENOMEM; 842 843 rep = buffer; 844 ac.report_buf.pa = __pa(rep); 845 ac.report_buf.len = rep_len; 846 847 man = rep + rep_len; 848 ac.manifest_buf.pa = __pa(man); 849 ac.manifest_buf.len = man_len; 850 851 certs = man + man_len; 852 ac.certificates_buf.pa = __pa(certs); 853 ac.certificates_buf.len = certs_len; 854 855 ac.nonce.pa = __pa(desc->inblob); 856 ac.nonce.len = desc->inblob_len; 857 858 ret = snp_issue_svsm_attest_req(call_id, &call, &ac); 859 if (ret) { 860 free_pages_exact(buffer, size); 861 862 switch (call.rax_out) { 863 case SVSM_ERR_INVALID_PARAMETER: 864 try_again = false; 865 866 if (ac.report_buf.len > rep_len) { 867 rep_len = PAGE_ALIGN(ac.report_buf.len); 868 try_again = true; 869 } 870 871 if (ac.manifest_buf.len > man_len) { 872 man_len = PAGE_ALIGN(ac.manifest_buf.len); 873 try_again = true; 874 } 875 876 if (ac.certificates_buf.len > certs_len) { 877 certs_len = PAGE_ALIGN(ac.certificates_buf.len); 878 try_again = true; 879 } 880 881 /* If one of the buffers wasn't large enough, retry the request */ 882 if (try_again && retry_count < SVSM_MAX_RETRIES) { 883 retry_count++; 884 goto retry; 885 } 886 887 return -EINVAL; 888 default: 889 pr_err_ratelimited("SVSM attestation request failed (%d / 0x%llx)\n", 890 ret, call.rax_out); 891 return -EINVAL; 892 } 893 } 894 895 /* 896 * Allocate all the blob memory buffers at once so that the cleanup is 897 * done for errors that occur after the first allocation (i.e. before 898 * using no_free_ptr()). 899 */ 900 rep_len = ac.report_buf.len; 901 void *rbuf __free(kvfree) = kvzalloc(rep_len, GFP_KERNEL); 902 903 man_len = ac.manifest_buf.len; 904 void *mbuf __free(kvfree) = kvzalloc(man_len, GFP_KERNEL); 905 906 certs_len = ac.certificates_buf.len; 907 void *cbuf __free(kvfree) = certs_len ? kvzalloc(certs_len, GFP_KERNEL) : NULL; 908 909 if (!rbuf || !mbuf || (certs_len && !cbuf)) { 910 free_pages_exact(buffer, size); 911 return -ENOMEM; 912 } 913 914 memcpy(rbuf, rep, rep_len); 915 report->outblob = no_free_ptr(rbuf); 916 report->outblob_len = rep_len; 917 918 memcpy(mbuf, man, man_len); 919 report->manifestblob = no_free_ptr(mbuf); 920 report->manifestblob_len = man_len; 921 922 if (certs_len) { 923 memcpy(cbuf, certs, certs_len); 924 report->auxblob = no_free_ptr(cbuf); 925 report->auxblob_len = certs_len; 926 } 927 928 free_pages_exact(buffer, size); 929 930 return 0; 931 } 932 933 static int sev_report_new(struct tsm_report *report, void *data) 934 { 935 struct snp_msg_cert_entry *cert_table; 936 struct tsm_desc *desc = &report->desc; 937 struct snp_guest_dev *snp_dev = data; 938 struct snp_msg_report_resp_hdr hdr; 939 const u32 report_size = SZ_4K; 940 const u32 ext_size = SEV_FW_BLOB_MAX_SIZE; 941 u32 certs_size, i, size = report_size + ext_size; 942 int ret; 943 944 if (desc->inblob_len != SNP_REPORT_USER_DATA_SIZE) 945 return -EINVAL; 946 947 if (desc->service_provider) { 948 if (strcmp(desc->service_provider, "svsm")) 949 return -EINVAL; 950 951 return sev_svsm_report_new(report, data); 952 } 953 954 void *buf __free(kvfree) = kvzalloc(size, GFP_KERNEL); 955 if (!buf) 956 return -ENOMEM; 957 958 guard(mutex)(&snp_cmd_mutex); 959 960 /* Check if the VMPCK is not empty */ 961 if (is_vmpck_empty(snp_dev)) { 962 dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); 963 return -ENOTTY; 964 } 965 966 cert_table = buf + report_size; 967 struct snp_ext_report_req ext_req = { 968 .data = { .vmpl = desc->privlevel }, 969 .certs_address = (__u64)cert_table, 970 .certs_len = ext_size, 971 }; 972 memcpy(&ext_req.data.user_data, desc->inblob, desc->inblob_len); 973 974 struct snp_guest_request_ioctl input = { 975 .msg_version = 1, 976 .req_data = (__u64)&ext_req, 977 .resp_data = (__u64)buf, 978 .exitinfo2 = 0xff, 979 }; 980 struct snp_req_resp io = { 981 .req_data = KERNEL_SOCKPTR(&ext_req), 982 .resp_data = KERNEL_SOCKPTR(buf), 983 }; 984 985 ret = get_ext_report(snp_dev, &input, &io); 986 if (ret) 987 return ret; 988 989 memcpy(&hdr, buf, sizeof(hdr)); 990 if (hdr.status == SEV_RET_INVALID_PARAM) 991 return -EINVAL; 992 if (hdr.status == SEV_RET_INVALID_KEY) 993 return -EINVAL; 994 if (hdr.status) 995 return -ENXIO; 996 if ((hdr.report_size + sizeof(hdr)) > report_size) 997 return -ENOMEM; 998 999 void *rbuf __free(kvfree) = kvzalloc(hdr.report_size, GFP_KERNEL); 1000 if (!rbuf) 1001 return -ENOMEM; 1002 1003 memcpy(rbuf, buf + sizeof(hdr), hdr.report_size); 1004 report->outblob = no_free_ptr(rbuf); 1005 report->outblob_len = hdr.report_size; 1006 1007 certs_size = 0; 1008 for (i = 0; i < ext_size / sizeof(struct snp_msg_cert_entry); i++) { 1009 struct snp_msg_cert_entry *ent = &cert_table[i]; 1010 1011 if (guid_is_null(&ent->guid) && !ent->offset && !ent->length) 1012 break; 1013 certs_size = max(certs_size, ent->offset + ent->length); 1014 } 1015 1016 /* Suspicious that the response populated entries without populating size */ 1017 if (!certs_size && i) 1018 dev_warn_ratelimited(snp_dev->dev, "certificate slots conveyed without size\n"); 1019 1020 /* No certs to report */ 1021 if (!certs_size) 1022 return 0; 1023 1024 /* Suspicious that the certificate blob size contract was violated 1025 */ 1026 if (certs_size > ext_size) { 1027 dev_warn_ratelimited(snp_dev->dev, "certificate data truncated\n"); 1028 certs_size = ext_size; 1029 } 1030 1031 void *cbuf __free(kvfree) = kvzalloc(certs_size, GFP_KERNEL); 1032 if (!cbuf) 1033 return -ENOMEM; 1034 1035 memcpy(cbuf, cert_table, certs_size); 1036 report->auxblob = no_free_ptr(cbuf); 1037 report->auxblob_len = certs_size; 1038 1039 return 0; 1040 } 1041 1042 static bool sev_report_attr_visible(int n) 1043 { 1044 switch (n) { 1045 case TSM_REPORT_GENERATION: 1046 case TSM_REPORT_PROVIDER: 1047 case TSM_REPORT_PRIVLEVEL: 1048 case TSM_REPORT_PRIVLEVEL_FLOOR: 1049 return true; 1050 case TSM_REPORT_SERVICE_PROVIDER: 1051 case TSM_REPORT_SERVICE_GUID: 1052 case TSM_REPORT_SERVICE_MANIFEST_VER: 1053 return snp_vmpl; 1054 } 1055 1056 return false; 1057 } 1058 1059 static bool sev_report_bin_attr_visible(int n) 1060 { 1061 switch (n) { 1062 case TSM_REPORT_INBLOB: 1063 case TSM_REPORT_OUTBLOB: 1064 case TSM_REPORT_AUXBLOB: 1065 return true; 1066 case TSM_REPORT_MANIFESTBLOB: 1067 return snp_vmpl; 1068 } 1069 1070 return false; 1071 } 1072 1073 static struct tsm_ops sev_tsm_ops = { 1074 .name = KBUILD_MODNAME, 1075 .report_new = sev_report_new, 1076 .report_attr_visible = sev_report_attr_visible, 1077 .report_bin_attr_visible = sev_report_bin_attr_visible, 1078 }; 1079 1080 static void unregister_sev_tsm(void *data) 1081 { 1082 tsm_unregister(&sev_tsm_ops); 1083 } 1084 1085 static int __init sev_guest_probe(struct platform_device *pdev) 1086 { 1087 struct sev_guest_platform_data *data; 1088 struct snp_secrets_page *secrets; 1089 struct device *dev = &pdev->dev; 1090 struct snp_guest_dev *snp_dev; 1091 struct miscdevice *misc; 1092 void __iomem *mapping; 1093 int ret; 1094 1095 BUILD_BUG_ON(sizeof(struct snp_guest_msg) > PAGE_SIZE); 1096 1097 if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) 1098 return -ENODEV; 1099 1100 if (!dev->platform_data) 1101 return -ENODEV; 1102 1103 data = (struct sev_guest_platform_data *)dev->platform_data; 1104 mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); 1105 if (!mapping) 1106 return -ENODEV; 1107 1108 secrets = (__force void *)mapping; 1109 1110 ret = -ENOMEM; 1111 snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); 1112 if (!snp_dev) 1113 goto e_unmap; 1114 1115 /* Adjust the default VMPCK key based on the executing VMPL level */ 1116 if (vmpck_id == -1) 1117 vmpck_id = snp_vmpl; 1118 1119 ret = -EINVAL; 1120 snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); 1121 if (!snp_dev->vmpck) { 1122 dev_err(dev, "Invalid VMPCK%d communication key\n", vmpck_id); 1123 goto e_unmap; 1124 } 1125 1126 /* Verify that VMPCK is not zero. */ 1127 if (is_vmpck_empty(snp_dev)) { 1128 dev_err(dev, "Empty VMPCK%d communication key\n", vmpck_id); 1129 goto e_unmap; 1130 } 1131 1132 platform_set_drvdata(pdev, snp_dev); 1133 snp_dev->dev = dev; 1134 snp_dev->secrets = secrets; 1135 1136 /* Allocate the shared page used for the request and response message. */ 1137 snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 1138 if (!snp_dev->request) 1139 goto e_unmap; 1140 1141 snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 1142 if (!snp_dev->response) 1143 goto e_free_request; 1144 1145 snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); 1146 if (!snp_dev->certs_data) 1147 goto e_free_response; 1148 1149 ret = -EIO; 1150 snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); 1151 if (!snp_dev->crypto) 1152 goto e_free_cert_data; 1153 1154 misc = &snp_dev->misc; 1155 misc->minor = MISC_DYNAMIC_MINOR; 1156 misc->name = DEVICE_NAME; 1157 misc->fops = &snp_guest_fops; 1158 1159 /* initial the input address for guest request */ 1160 snp_dev->input.req_gpa = __pa(snp_dev->request); 1161 snp_dev->input.resp_gpa = __pa(snp_dev->response); 1162 snp_dev->input.data_gpa = __pa(snp_dev->certs_data); 1163 1164 /* Set the privlevel_floor attribute based on the vmpck_id */ 1165 sev_tsm_ops.privlevel_floor = vmpck_id; 1166 1167 ret = tsm_register(&sev_tsm_ops, snp_dev); 1168 if (ret) 1169 goto e_free_cert_data; 1170 1171 ret = devm_add_action_or_reset(&pdev->dev, unregister_sev_tsm, NULL); 1172 if (ret) 1173 goto e_free_cert_data; 1174 1175 ret = misc_register(misc); 1176 if (ret) 1177 goto e_free_cert_data; 1178 1179 dev_info(dev, "Initialized SEV guest driver (using VMPCK%d communication key)\n", vmpck_id); 1180 return 0; 1181 1182 e_free_cert_data: 1183 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 1184 e_free_response: 1185 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 1186 e_free_request: 1187 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 1188 e_unmap: 1189 iounmap(mapping); 1190 return ret; 1191 } 1192 1193 static void __exit sev_guest_remove(struct platform_device *pdev) 1194 { 1195 struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); 1196 1197 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 1198 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 1199 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 1200 deinit_crypto(snp_dev->crypto); 1201 misc_deregister(&snp_dev->misc); 1202 } 1203 1204 /* 1205 * This driver is meant to be a common SEV guest interface driver and to 1206 * support any SEV guest API. As such, even though it has been introduced 1207 * with the SEV-SNP support, it is named "sev-guest". 1208 * 1209 * sev_guest_remove() lives in .exit.text. For drivers registered via 1210 * module_platform_driver_probe() this is ok because they cannot get unbound 1211 * at runtime. So mark the driver struct with __refdata to prevent modpost 1212 * triggering a section mismatch warning. 1213 */ 1214 static struct platform_driver sev_guest_driver __refdata = { 1215 .remove_new = __exit_p(sev_guest_remove), 1216 .driver = { 1217 .name = "sev-guest", 1218 }, 1219 }; 1220 1221 module_platform_driver_probe(sev_guest_driver, sev_guest_probe); 1222 1223 MODULE_AUTHOR("Brijesh Singh <brijesh.singh@amd.com>"); 1224 MODULE_LICENSE("GPL"); 1225 MODULE_VERSION("1.0.0"); 1226 MODULE_DESCRIPTION("AMD SEV Guest Driver"); 1227 MODULE_ALIAS("platform:sev-guest"); 1228