1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD Secure Encrypted Virtualization (SEV) guest driver interface 4 * 5 * Copyright (C) 2021-2024 Advanced Micro Devices, Inc. 6 * 7 * Author: Brijesh Singh <brijesh.singh@amd.com> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/mutex.h> 14 #include <linux/io.h> 15 #include <linux/platform_device.h> 16 #include <linux/miscdevice.h> 17 #include <linux/set_memory.h> 18 #include <linux/fs.h> 19 #include <linux/tsm.h> 20 #include <crypto/aead.h> 21 #include <linux/scatterlist.h> 22 #include <linux/psp-sev.h> 23 #include <linux/sockptr.h> 24 #include <linux/cleanup.h> 25 #include <linux/uuid.h> 26 #include <linux/configfs.h> 27 #include <uapi/linux/sev-guest.h> 28 #include <uapi/linux/psp-sev.h> 29 30 #include <asm/svm.h> 31 #include <asm/sev.h> 32 33 #include "sev-guest.h" 34 35 #define DEVICE_NAME "sev-guest" 36 #define AAD_LEN 48 37 #define MSG_HDR_VER 1 38 39 #define SNP_REQ_MAX_RETRY_DURATION (60*HZ) 40 #define SNP_REQ_RETRY_DELAY (2*HZ) 41 42 #define SVSM_MAX_RETRIES 3 43 44 struct snp_guest_crypto { 45 struct crypto_aead *tfm; 46 u8 *iv, *authtag; 47 int iv_len, a_len; 48 }; 49 50 struct snp_guest_dev { 51 struct device *dev; 52 struct miscdevice misc; 53 54 void *certs_data; 55 struct snp_guest_crypto *crypto; 56 /* request and response are in unencrypted memory */ 57 struct snp_guest_msg *request, *response; 58 59 /* 60 * Avoid information leakage by double-buffering shared messages 61 * in fields that are in regular encrypted memory. 62 */ 63 struct snp_guest_msg secret_request, secret_response; 64 65 struct snp_secrets_page *secrets; 66 struct snp_req_data input; 67 union { 68 struct snp_report_req report; 69 struct snp_derived_key_req derived_key; 70 struct snp_ext_report_req ext_report; 71 } req; 72 u32 *os_area_msg_seqno; 73 u8 *vmpck; 74 }; 75 76 /* 77 * The VMPCK ID represents the key used by the SNP guest to communicate with the 78 * SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key 79 * used will be the key associated with the VMPL at which the guest is running. 80 * Should the default key be wiped (see snp_disable_vmpck()), this parameter 81 * allows for using one of the remaining VMPCKs. 82 */ 83 static int vmpck_id = -1; 84 module_param(vmpck_id, int, 0444); 85 MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); 86 87 /* Mutex to serialize the shared buffer access and command handling. */ 88 static DEFINE_MUTEX(snp_cmd_mutex); 89 90 static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) 91 { 92 char zero_key[VMPCK_KEY_LEN] = {0}; 93 94 if (snp_dev->vmpck) 95 return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); 96 97 return true; 98 } 99 100 /* 101 * If an error is received from the host or AMD Secure Processor (ASP) there 102 * are two options. Either retry the exact same encrypted request or discontinue 103 * using the VMPCK. 104 * 105 * This is because in the current encryption scheme GHCB v2 uses AES-GCM to 106 * encrypt the requests. The IV for this scheme is the sequence number. GCM 107 * cannot tolerate IV reuse. 108 * 109 * The ASP FW v1.51 only increments the sequence numbers on a successful 110 * guest<->ASP back and forth and only accepts messages at its exact sequence 111 * number. 112 * 113 * So if the sequence number were to be reused the encryption scheme is 114 * vulnerable. If the sequence number were incremented for a fresh IV the ASP 115 * will reject the request. 116 */ 117 static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) 118 { 119 dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n", 120 vmpck_id); 121 memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); 122 snp_dev->vmpck = NULL; 123 } 124 125 static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 126 { 127 u64 count; 128 129 lockdep_assert_held(&snp_cmd_mutex); 130 131 /* Read the current message sequence counter from secrets pages */ 132 count = *snp_dev->os_area_msg_seqno; 133 134 return count + 1; 135 } 136 137 /* Return a non-zero on success */ 138 static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 139 { 140 u64 count = __snp_get_msg_seqno(snp_dev); 141 142 /* 143 * The message sequence counter for the SNP guest request is a 64-bit 144 * value but the version 2 of GHCB specification defines a 32-bit storage 145 * for it. If the counter exceeds the 32-bit value then return zero. 146 * The caller should check the return value, but if the caller happens to 147 * not check the value and use it, then the firmware treats zero as an 148 * invalid number and will fail the message request. 149 */ 150 if (count >= UINT_MAX) { 151 dev_err(snp_dev->dev, "request message sequence counter overflow\n"); 152 return 0; 153 } 154 155 return count; 156 } 157 158 static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) 159 { 160 /* 161 * The counter is also incremented by the PSP, so increment it by 2 162 * and save in secrets page. 163 */ 164 *snp_dev->os_area_msg_seqno += 2; 165 } 166 167 static inline struct snp_guest_dev *to_snp_dev(struct file *file) 168 { 169 struct miscdevice *dev = file->private_data; 170 171 return container_of(dev, struct snp_guest_dev, misc); 172 } 173 174 static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) 175 { 176 struct snp_guest_crypto *crypto; 177 178 crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); 179 if (!crypto) 180 return NULL; 181 182 crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 183 if (IS_ERR(crypto->tfm)) 184 goto e_free; 185 186 if (crypto_aead_setkey(crypto->tfm, key, keylen)) 187 goto e_free_crypto; 188 189 crypto->iv_len = crypto_aead_ivsize(crypto->tfm); 190 crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); 191 if (!crypto->iv) 192 goto e_free_crypto; 193 194 if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { 195 if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { 196 dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); 197 goto e_free_iv; 198 } 199 } 200 201 crypto->a_len = crypto_aead_authsize(crypto->tfm); 202 crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); 203 if (!crypto->authtag) 204 goto e_free_iv; 205 206 return crypto; 207 208 e_free_iv: 209 kfree(crypto->iv); 210 e_free_crypto: 211 crypto_free_aead(crypto->tfm); 212 e_free: 213 kfree(crypto); 214 215 return NULL; 216 } 217 218 static void deinit_crypto(struct snp_guest_crypto *crypto) 219 { 220 crypto_free_aead(crypto->tfm); 221 kfree(crypto->iv); 222 kfree(crypto->authtag); 223 kfree(crypto); 224 } 225 226 static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, 227 u8 *src_buf, u8 *dst_buf, size_t len, bool enc) 228 { 229 struct snp_guest_msg_hdr *hdr = &msg->hdr; 230 struct scatterlist src[3], dst[3]; 231 DECLARE_CRYPTO_WAIT(wait); 232 struct aead_request *req; 233 int ret; 234 235 req = aead_request_alloc(crypto->tfm, GFP_KERNEL); 236 if (!req) 237 return -ENOMEM; 238 239 /* 240 * AEAD memory operations: 241 * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ 242 * | msg header | plaintext | hdr->authtag | 243 * | bytes 30h - 5Fh | or | | 244 * | | cipher | | 245 * +------------------+------------------+----------------+ 246 */ 247 sg_init_table(src, 3); 248 sg_set_buf(&src[0], &hdr->algo, AAD_LEN); 249 sg_set_buf(&src[1], src_buf, hdr->msg_sz); 250 sg_set_buf(&src[2], hdr->authtag, crypto->a_len); 251 252 sg_init_table(dst, 3); 253 sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); 254 sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); 255 sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); 256 257 aead_request_set_ad(req, AAD_LEN); 258 aead_request_set_tfm(req, crypto->tfm); 259 aead_request_set_callback(req, 0, crypto_req_done, &wait); 260 261 aead_request_set_crypt(req, src, dst, len, crypto->iv); 262 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); 263 264 aead_request_free(req); 265 return ret; 266 } 267 268 static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 269 void *plaintext, size_t len) 270 { 271 struct snp_guest_crypto *crypto = snp_dev->crypto; 272 struct snp_guest_msg_hdr *hdr = &msg->hdr; 273 274 memset(crypto->iv, 0, crypto->iv_len); 275 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 276 277 return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); 278 } 279 280 static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 281 void *plaintext, size_t len) 282 { 283 struct snp_guest_crypto *crypto = snp_dev->crypto; 284 struct snp_guest_msg_hdr *hdr = &msg->hdr; 285 286 /* Build IV with response buffer sequence number */ 287 memset(crypto->iv, 0, crypto->iv_len); 288 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 289 290 return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); 291 } 292 293 static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) 294 { 295 struct snp_guest_crypto *crypto = snp_dev->crypto; 296 struct snp_guest_msg *resp = &snp_dev->secret_response; 297 struct snp_guest_msg *req = &snp_dev->secret_request; 298 struct snp_guest_msg_hdr *req_hdr = &req->hdr; 299 struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; 300 301 dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", 302 resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); 303 304 /* Copy response from shared memory to encrypted memory. */ 305 memcpy(resp, snp_dev->response, sizeof(*resp)); 306 307 /* Verify that the sequence counter is incremented by 1 */ 308 if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) 309 return -EBADMSG; 310 311 /* Verify response message type and version number. */ 312 if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || 313 resp_hdr->msg_version != req_hdr->msg_version) 314 return -EBADMSG; 315 316 /* 317 * If the message size is greater than our buffer length then return 318 * an error. 319 */ 320 if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz)) 321 return -EBADMSG; 322 323 /* Decrypt the payload */ 324 return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len); 325 } 326 327 static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, 328 void *payload, size_t sz) 329 { 330 struct snp_guest_msg *req = &snp_dev->secret_request; 331 struct snp_guest_msg_hdr *hdr = &req->hdr; 332 333 memset(req, 0, sizeof(*req)); 334 335 hdr->algo = SNP_AEAD_AES_256_GCM; 336 hdr->hdr_version = MSG_HDR_VER; 337 hdr->hdr_sz = sizeof(*hdr); 338 hdr->msg_type = type; 339 hdr->msg_version = version; 340 hdr->msg_seqno = seqno; 341 hdr->msg_vmpck = vmpck_id; 342 hdr->msg_sz = sz; 343 344 /* Verify the sequence number is non-zero */ 345 if (!hdr->msg_seqno) 346 return -ENOSR; 347 348 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", 349 hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); 350 351 return __enc_payload(snp_dev, req, payload, sz); 352 } 353 354 static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, 355 struct snp_guest_request_ioctl *rio) 356 { 357 unsigned long req_start = jiffies; 358 unsigned int override_npages = 0; 359 u64 override_err = 0; 360 int rc; 361 362 retry_request: 363 /* 364 * Call firmware to process the request. In this function the encrypted 365 * message enters shared memory with the host. So after this call the 366 * sequence number must be incremented or the VMPCK must be deleted to 367 * prevent reuse of the IV. 368 */ 369 rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); 370 switch (rc) { 371 case -ENOSPC: 372 /* 373 * If the extended guest request fails due to having too 374 * small of a certificate data buffer, retry the same 375 * guest request without the extended data request in 376 * order to increment the sequence number and thus avoid 377 * IV reuse. 378 */ 379 override_npages = snp_dev->input.data_npages; 380 exit_code = SVM_VMGEXIT_GUEST_REQUEST; 381 382 /* 383 * Override the error to inform callers the given extended 384 * request buffer size was too small and give the caller the 385 * required buffer size. 386 */ 387 override_err = SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN); 388 389 /* 390 * If this call to the firmware succeeds, the sequence number can 391 * be incremented allowing for continued use of the VMPCK. If 392 * there is an error reflected in the return value, this value 393 * is checked further down and the result will be the deletion 394 * of the VMPCK and the error code being propagated back to the 395 * user as an ioctl() return code. 396 */ 397 goto retry_request; 398 399 /* 400 * The host may return SNP_GUEST_VMM_ERR_BUSY if the request has been 401 * throttled. Retry in the driver to avoid returning and reusing the 402 * message sequence number on a different message. 403 */ 404 case -EAGAIN: 405 if (jiffies - req_start > SNP_REQ_MAX_RETRY_DURATION) { 406 rc = -ETIMEDOUT; 407 break; 408 } 409 schedule_timeout_killable(SNP_REQ_RETRY_DELAY); 410 goto retry_request; 411 } 412 413 /* 414 * Increment the message sequence number. There is no harm in doing 415 * this now because decryption uses the value stored in the response 416 * structure and any failure will wipe the VMPCK, preventing further 417 * use anyway. 418 */ 419 snp_inc_msg_seqno(snp_dev); 420 421 if (override_err) { 422 rio->exitinfo2 = override_err; 423 424 /* 425 * If an extended guest request was issued and the supplied certificate 426 * buffer was not large enough, a standard guest request was issued to 427 * prevent IV reuse. If the standard request was successful, return -EIO 428 * back to the caller as would have originally been returned. 429 */ 430 if (!rc && override_err == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) 431 rc = -EIO; 432 } 433 434 if (override_npages) 435 snp_dev->input.data_npages = override_npages; 436 437 return rc; 438 } 439 440 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, 441 struct snp_guest_request_ioctl *rio, u8 type, 442 void *req_buf, size_t req_sz, void *resp_buf, 443 u32 resp_sz) 444 { 445 u64 seqno; 446 int rc; 447 448 /* Get message sequence and verify that its a non-zero */ 449 seqno = snp_get_msg_seqno(snp_dev); 450 if (!seqno) 451 return -EIO; 452 453 /* Clear shared memory's response for the host to populate. */ 454 memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); 455 456 /* Encrypt the userspace provided payload in snp_dev->secret_request. */ 457 rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz); 458 if (rc) 459 return rc; 460 461 /* 462 * Write the fully encrypted request to the shared unencrypted 463 * request page. 464 */ 465 memcpy(snp_dev->request, &snp_dev->secret_request, 466 sizeof(snp_dev->secret_request)); 467 468 rc = __handle_guest_request(snp_dev, exit_code, rio); 469 if (rc) { 470 if (rc == -EIO && 471 rio->exitinfo2 == SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_INVALID_LEN)) 472 return rc; 473 474 dev_alert(snp_dev->dev, 475 "Detected error from ASP request. rc: %d, exitinfo2: 0x%llx\n", 476 rc, rio->exitinfo2); 477 478 snp_disable_vmpck(snp_dev); 479 return rc; 480 } 481 482 rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); 483 if (rc) { 484 dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc); 485 snp_disable_vmpck(snp_dev); 486 return rc; 487 } 488 489 return 0; 490 } 491 492 struct snp_req_resp { 493 sockptr_t req_data; 494 sockptr_t resp_data; 495 }; 496 497 static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 498 { 499 struct snp_guest_crypto *crypto = snp_dev->crypto; 500 struct snp_report_req *req = &snp_dev->req.report; 501 struct snp_report_resp *resp; 502 int rc, resp_len; 503 504 lockdep_assert_held(&snp_cmd_mutex); 505 506 if (!arg->req_data || !arg->resp_data) 507 return -EINVAL; 508 509 if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req))) 510 return -EFAULT; 511 512 /* 513 * The intermediate response buffer is used while decrypting the 514 * response payload. Make sure that it has enough space to cover the 515 * authtag. 516 */ 517 resp_len = sizeof(resp->data) + crypto->a_len; 518 resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 519 if (!resp) 520 return -ENOMEM; 521 522 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, 523 SNP_MSG_REPORT_REQ, req, sizeof(*req), resp->data, 524 resp_len); 525 if (rc) 526 goto e_free; 527 528 if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) 529 rc = -EFAULT; 530 531 e_free: 532 kfree(resp); 533 return rc; 534 } 535 536 static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 537 { 538 struct snp_derived_key_req *req = &snp_dev->req.derived_key; 539 struct snp_guest_crypto *crypto = snp_dev->crypto; 540 struct snp_derived_key_resp resp = {0}; 541 int rc, resp_len; 542 /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ 543 u8 buf[64 + 16]; 544 545 lockdep_assert_held(&snp_cmd_mutex); 546 547 if (!arg->req_data || !arg->resp_data) 548 return -EINVAL; 549 550 /* 551 * The intermediate response buffer is used while decrypting the 552 * response payload. Make sure that it has enough space to cover the 553 * authtag. 554 */ 555 resp_len = sizeof(resp.data) + crypto->a_len; 556 if (sizeof(buf) < resp_len) 557 return -ENOMEM; 558 559 if (copy_from_user(req, (void __user *)arg->req_data, sizeof(*req))) 560 return -EFAULT; 561 562 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg, 563 SNP_MSG_KEY_REQ, req, sizeof(*req), buf, resp_len); 564 if (rc) 565 return rc; 566 567 memcpy(resp.data, buf, sizeof(resp.data)); 568 if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp))) 569 rc = -EFAULT; 570 571 /* The response buffer contains the sensitive data, explicitly clear it. */ 572 memzero_explicit(buf, sizeof(buf)); 573 memzero_explicit(&resp, sizeof(resp)); 574 return rc; 575 } 576 577 static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg, 578 struct snp_req_resp *io) 579 580 { 581 struct snp_ext_report_req *req = &snp_dev->req.ext_report; 582 struct snp_guest_crypto *crypto = snp_dev->crypto; 583 struct snp_report_resp *resp; 584 int ret, npages = 0, resp_len; 585 sockptr_t certs_address; 586 587 lockdep_assert_held(&snp_cmd_mutex); 588 589 if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) 590 return -EINVAL; 591 592 if (copy_from_sockptr(req, io->req_data, sizeof(*req))) 593 return -EFAULT; 594 595 /* caller does not want certificate data */ 596 if (!req->certs_len || !req->certs_address) 597 goto cmd; 598 599 if (req->certs_len > SEV_FW_BLOB_MAX_SIZE || 600 !IS_ALIGNED(req->certs_len, PAGE_SIZE)) 601 return -EINVAL; 602 603 if (sockptr_is_kernel(io->resp_data)) { 604 certs_address = KERNEL_SOCKPTR((void *)req->certs_address); 605 } else { 606 certs_address = USER_SOCKPTR((void __user *)req->certs_address); 607 if (!access_ok(certs_address.user, req->certs_len)) 608 return -EFAULT; 609 } 610 611 /* 612 * Initialize the intermediate buffer with all zeros. This buffer 613 * is used in the guest request message to get the certs blob from 614 * the host. If host does not supply any certs in it, then copy 615 * zeros to indicate that certificate data was not provided. 616 */ 617 memset(snp_dev->certs_data, 0, req->certs_len); 618 npages = req->certs_len >> PAGE_SHIFT; 619 cmd: 620 /* 621 * The intermediate response buffer is used while decrypting the 622 * response payload. Make sure that it has enough space to cover the 623 * authtag. 624 */ 625 resp_len = sizeof(resp->data) + crypto->a_len; 626 resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 627 if (!resp) 628 return -ENOMEM; 629 630 snp_dev->input.data_npages = npages; 631 ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg, 632 SNP_MSG_REPORT_REQ, &req->data, 633 sizeof(req->data), resp->data, resp_len); 634 635 /* If certs length is invalid then copy the returned length */ 636 if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { 637 req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT; 638 639 if (copy_to_sockptr(io->req_data, req, sizeof(*req))) 640 ret = -EFAULT; 641 } 642 643 if (ret) 644 goto e_free; 645 646 if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, req->certs_len)) { 647 ret = -EFAULT; 648 goto e_free; 649 } 650 651 if (copy_to_sockptr(io->resp_data, resp, sizeof(*resp))) 652 ret = -EFAULT; 653 654 e_free: 655 kfree(resp); 656 return ret; 657 } 658 659 static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) 660 { 661 struct snp_guest_dev *snp_dev = to_snp_dev(file); 662 void __user *argp = (void __user *)arg; 663 struct snp_guest_request_ioctl input; 664 struct snp_req_resp io; 665 int ret = -ENOTTY; 666 667 if (copy_from_user(&input, argp, sizeof(input))) 668 return -EFAULT; 669 670 input.exitinfo2 = 0xff; 671 672 /* Message version must be non-zero */ 673 if (!input.msg_version) 674 return -EINVAL; 675 676 mutex_lock(&snp_cmd_mutex); 677 678 /* Check if the VMPCK is not empty */ 679 if (is_vmpck_empty(snp_dev)) { 680 dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); 681 mutex_unlock(&snp_cmd_mutex); 682 return -ENOTTY; 683 } 684 685 switch (ioctl) { 686 case SNP_GET_REPORT: 687 ret = get_report(snp_dev, &input); 688 break; 689 case SNP_GET_DERIVED_KEY: 690 ret = get_derived_key(snp_dev, &input); 691 break; 692 case SNP_GET_EXT_REPORT: 693 /* 694 * As get_ext_report() may be called from the ioctl() path and a 695 * kernel internal path (configfs-tsm), decorate the passed 696 * buffers as user pointers. 697 */ 698 io.req_data = USER_SOCKPTR((void __user *)input.req_data); 699 io.resp_data = USER_SOCKPTR((void __user *)input.resp_data); 700 ret = get_ext_report(snp_dev, &input, &io); 701 break; 702 default: 703 break; 704 } 705 706 mutex_unlock(&snp_cmd_mutex); 707 708 if (input.exitinfo2 && copy_to_user(argp, &input, sizeof(input))) 709 return -EFAULT; 710 711 return ret; 712 } 713 714 static void free_shared_pages(void *buf, size_t sz) 715 { 716 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 717 int ret; 718 719 if (!buf) 720 return; 721 722 ret = set_memory_encrypted((unsigned long)buf, npages); 723 if (ret) { 724 WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); 725 return; 726 } 727 728 __free_pages(virt_to_page(buf), get_order(sz)); 729 } 730 731 static void *alloc_shared_pages(struct device *dev, size_t sz) 732 { 733 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 734 struct page *page; 735 int ret; 736 737 page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); 738 if (!page) 739 return NULL; 740 741 ret = set_memory_decrypted((unsigned long)page_address(page), npages); 742 if (ret) { 743 dev_err(dev, "failed to mark page shared, ret=%d\n", ret); 744 __free_pages(page, get_order(sz)); 745 return NULL; 746 } 747 748 return page_address(page); 749 } 750 751 static const struct file_operations snp_guest_fops = { 752 .owner = THIS_MODULE, 753 .unlocked_ioctl = snp_guest_ioctl, 754 }; 755 756 static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) 757 { 758 u8 *key = NULL; 759 760 switch (id) { 761 case 0: 762 *seqno = &secrets->os_area.msg_seqno_0; 763 key = secrets->vmpck0; 764 break; 765 case 1: 766 *seqno = &secrets->os_area.msg_seqno_1; 767 key = secrets->vmpck1; 768 break; 769 case 2: 770 *seqno = &secrets->os_area.msg_seqno_2; 771 key = secrets->vmpck2; 772 break; 773 case 3: 774 *seqno = &secrets->os_area.msg_seqno_3; 775 key = secrets->vmpck3; 776 break; 777 default: 778 break; 779 } 780 781 return key; 782 } 783 784 struct snp_msg_report_resp_hdr { 785 u32 status; 786 u32 report_size; 787 u8 rsvd[24]; 788 }; 789 790 struct snp_msg_cert_entry { 791 guid_t guid; 792 u32 offset; 793 u32 length; 794 }; 795 796 static int sev_svsm_report_new(struct tsm_report *report, void *data) 797 { 798 unsigned int rep_len, man_len, certs_len; 799 struct tsm_desc *desc = &report->desc; 800 struct svsm_attest_call ac = {}; 801 unsigned int retry_count; 802 void *rep, *man, *certs; 803 struct svsm_call call; 804 unsigned int size; 805 bool try_again; 806 void *buffer; 807 u64 call_id; 808 int ret; 809 810 /* 811 * Allocate pages for the request: 812 * - Report blob (4K) 813 * - Manifest blob (4K) 814 * - Certificate blob (16K) 815 * 816 * Above addresses must be 4K aligned 817 */ 818 rep_len = SZ_4K; 819 man_len = SZ_4K; 820 certs_len = SEV_FW_BLOB_MAX_SIZE; 821 822 guard(mutex)(&snp_cmd_mutex); 823 824 if (guid_is_null(&desc->service_guid)) { 825 call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SERVICES); 826 } else { 827 export_guid(ac.service_guid, &desc->service_guid); 828 ac.service_manifest_ver = desc->service_manifest_version; 829 830 call_id = SVSM_ATTEST_CALL(SVSM_ATTEST_SINGLE_SERVICE); 831 } 832 833 retry_count = 0; 834 835 retry: 836 memset(&call, 0, sizeof(call)); 837 838 size = rep_len + man_len + certs_len; 839 buffer = alloc_pages_exact(size, __GFP_ZERO); 840 if (!buffer) 841 return -ENOMEM; 842 843 rep = buffer; 844 ac.report_buf.pa = __pa(rep); 845 ac.report_buf.len = rep_len; 846 847 man = rep + rep_len; 848 ac.manifest_buf.pa = __pa(man); 849 ac.manifest_buf.len = man_len; 850 851 certs = man + man_len; 852 ac.certificates_buf.pa = __pa(certs); 853 ac.certificates_buf.len = certs_len; 854 855 ac.nonce.pa = __pa(desc->inblob); 856 ac.nonce.len = desc->inblob_len; 857 858 ret = snp_issue_svsm_attest_req(call_id, &call, &ac); 859 if (ret) { 860 free_pages_exact(buffer, size); 861 862 switch (call.rax_out) { 863 case SVSM_ERR_INVALID_PARAMETER: 864 try_again = false; 865 866 if (ac.report_buf.len > rep_len) { 867 rep_len = PAGE_ALIGN(ac.report_buf.len); 868 try_again = true; 869 } 870 871 if (ac.manifest_buf.len > man_len) { 872 man_len = PAGE_ALIGN(ac.manifest_buf.len); 873 try_again = true; 874 } 875 876 if (ac.certificates_buf.len > certs_len) { 877 certs_len = PAGE_ALIGN(ac.certificates_buf.len); 878 try_again = true; 879 } 880 881 /* If one of the buffers wasn't large enough, retry the request */ 882 if (try_again && retry_count < SVSM_MAX_RETRIES) { 883 retry_count++; 884 goto retry; 885 } 886 887 return -EINVAL; 888 default: 889 pr_err_ratelimited("SVSM attestation request failed (%d / 0x%llx)\n", 890 ret, call.rax_out); 891 return -EINVAL; 892 } 893 } 894 895 /* 896 * Allocate all the blob memory buffers at once so that the cleanup is 897 * done for errors that occur after the first allocation (i.e. before 898 * using no_free_ptr()). 899 */ 900 rep_len = ac.report_buf.len; 901 void *rbuf __free(kvfree) = kvzalloc(rep_len, GFP_KERNEL); 902 903 man_len = ac.manifest_buf.len; 904 void *mbuf __free(kvfree) = kvzalloc(man_len, GFP_KERNEL); 905 906 certs_len = ac.certificates_buf.len; 907 void *cbuf __free(kvfree) = certs_len ? kvzalloc(certs_len, GFP_KERNEL) : NULL; 908 909 if (!rbuf || !mbuf || (certs_len && !cbuf)) { 910 free_pages_exact(buffer, size); 911 return -ENOMEM; 912 } 913 914 memcpy(rbuf, rep, rep_len); 915 report->outblob = no_free_ptr(rbuf); 916 report->outblob_len = rep_len; 917 918 memcpy(mbuf, man, man_len); 919 report->manifestblob = no_free_ptr(mbuf); 920 report->manifestblob_len = man_len; 921 922 if (certs_len) { 923 memcpy(cbuf, certs, certs_len); 924 report->auxblob = no_free_ptr(cbuf); 925 report->auxblob_len = certs_len; 926 } 927 928 free_pages_exact(buffer, size); 929 930 return 0; 931 } 932 933 static int sev_report_new(struct tsm_report *report, void *data) 934 { 935 struct snp_msg_cert_entry *cert_table; 936 struct tsm_desc *desc = &report->desc; 937 struct snp_guest_dev *snp_dev = data; 938 struct snp_msg_report_resp_hdr hdr; 939 const u32 report_size = SZ_4K; 940 const u32 ext_size = SEV_FW_BLOB_MAX_SIZE; 941 u32 certs_size, i, size = report_size + ext_size; 942 int ret; 943 944 if (desc->inblob_len != SNP_REPORT_USER_DATA_SIZE) 945 return -EINVAL; 946 947 if (desc->service_provider) { 948 if (strcmp(desc->service_provider, "svsm")) 949 return -EINVAL; 950 951 return sev_svsm_report_new(report, data); 952 } 953 954 void *buf __free(kvfree) = kvzalloc(size, GFP_KERNEL); 955 if (!buf) 956 return -ENOMEM; 957 958 guard(mutex)(&snp_cmd_mutex); 959 960 /* Check if the VMPCK is not empty */ 961 if (is_vmpck_empty(snp_dev)) { 962 dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); 963 return -ENOTTY; 964 } 965 966 cert_table = buf + report_size; 967 struct snp_ext_report_req ext_req = { 968 .data = { .vmpl = desc->privlevel }, 969 .certs_address = (__u64)cert_table, 970 .certs_len = ext_size, 971 }; 972 memcpy(&ext_req.data.user_data, desc->inblob, desc->inblob_len); 973 974 struct snp_guest_request_ioctl input = { 975 .msg_version = 1, 976 .req_data = (__u64)&ext_req, 977 .resp_data = (__u64)buf, 978 .exitinfo2 = 0xff, 979 }; 980 struct snp_req_resp io = { 981 .req_data = KERNEL_SOCKPTR(&ext_req), 982 .resp_data = KERNEL_SOCKPTR(buf), 983 }; 984 985 ret = get_ext_report(snp_dev, &input, &io); 986 if (ret) 987 return ret; 988 989 memcpy(&hdr, buf, sizeof(hdr)); 990 if (hdr.status == SEV_RET_INVALID_PARAM) 991 return -EINVAL; 992 if (hdr.status == SEV_RET_INVALID_KEY) 993 return -EINVAL; 994 if (hdr.status) 995 return -ENXIO; 996 if ((hdr.report_size + sizeof(hdr)) > report_size) 997 return -ENOMEM; 998 999 void *rbuf __free(kvfree) = kvzalloc(hdr.report_size, GFP_KERNEL); 1000 if (!rbuf) 1001 return -ENOMEM; 1002 1003 memcpy(rbuf, buf + sizeof(hdr), hdr.report_size); 1004 report->outblob = no_free_ptr(rbuf); 1005 report->outblob_len = hdr.report_size; 1006 1007 certs_size = 0; 1008 for (i = 0; i < ext_size / sizeof(struct snp_msg_cert_entry); i++) { 1009 struct snp_msg_cert_entry *ent = &cert_table[i]; 1010 1011 if (guid_is_null(&ent->guid) && !ent->offset && !ent->length) 1012 break; 1013 certs_size = max(certs_size, ent->offset + ent->length); 1014 } 1015 1016 /* Suspicious that the response populated entries without populating size */ 1017 if (!certs_size && i) 1018 dev_warn_ratelimited(snp_dev->dev, "certificate slots conveyed without size\n"); 1019 1020 /* No certs to report */ 1021 if (!certs_size) 1022 return 0; 1023 1024 /* Suspicious that the certificate blob size contract was violated 1025 */ 1026 if (certs_size > ext_size) { 1027 dev_warn_ratelimited(snp_dev->dev, "certificate data truncated\n"); 1028 certs_size = ext_size; 1029 } 1030 1031 void *cbuf __free(kvfree) = kvzalloc(certs_size, GFP_KERNEL); 1032 if (!cbuf) 1033 return -ENOMEM; 1034 1035 memcpy(cbuf, cert_table, certs_size); 1036 report->auxblob = no_free_ptr(cbuf); 1037 report->auxblob_len = certs_size; 1038 1039 return 0; 1040 } 1041 1042 static bool sev_report_attr_visible(int n) 1043 { 1044 switch (n) { 1045 case TSM_REPORT_GENERATION: 1046 case TSM_REPORT_PROVIDER: 1047 case TSM_REPORT_PRIVLEVEL: 1048 case TSM_REPORT_PRIVLEVEL_FLOOR: 1049 return true; 1050 case TSM_REPORT_SERVICE_PROVIDER: 1051 case TSM_REPORT_SERVICE_GUID: 1052 case TSM_REPORT_SERVICE_MANIFEST_VER: 1053 return snp_vmpl; 1054 } 1055 1056 return false; 1057 } 1058 1059 static bool sev_report_bin_attr_visible(int n) 1060 { 1061 switch (n) { 1062 case TSM_REPORT_INBLOB: 1063 case TSM_REPORT_OUTBLOB: 1064 case TSM_REPORT_AUXBLOB: 1065 return true; 1066 case TSM_REPORT_MANIFESTBLOB: 1067 return snp_vmpl; 1068 } 1069 1070 return false; 1071 } 1072 1073 static struct tsm_ops sev_tsm_ops = { 1074 .name = KBUILD_MODNAME, 1075 .report_new = sev_report_new, 1076 .report_attr_visible = sev_report_attr_visible, 1077 .report_bin_attr_visible = sev_report_bin_attr_visible, 1078 }; 1079 1080 static void unregister_sev_tsm(void *data) 1081 { 1082 tsm_unregister(&sev_tsm_ops); 1083 } 1084 1085 static int __init sev_guest_probe(struct platform_device *pdev) 1086 { 1087 struct sev_guest_platform_data *data; 1088 struct snp_secrets_page *secrets; 1089 struct device *dev = &pdev->dev; 1090 struct snp_guest_dev *snp_dev; 1091 struct miscdevice *misc; 1092 void __iomem *mapping; 1093 int ret; 1094 1095 if (!cc_platform_has(CC_ATTR_GUEST_SEV_SNP)) 1096 return -ENODEV; 1097 1098 if (!dev->platform_data) 1099 return -ENODEV; 1100 1101 data = (struct sev_guest_platform_data *)dev->platform_data; 1102 mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); 1103 if (!mapping) 1104 return -ENODEV; 1105 1106 secrets = (__force void *)mapping; 1107 1108 ret = -ENOMEM; 1109 snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); 1110 if (!snp_dev) 1111 goto e_unmap; 1112 1113 /* Adjust the default VMPCK key based on the executing VMPL level */ 1114 if (vmpck_id == -1) 1115 vmpck_id = snp_vmpl; 1116 1117 ret = -EINVAL; 1118 snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); 1119 if (!snp_dev->vmpck) { 1120 dev_err(dev, "invalid vmpck id %d\n", vmpck_id); 1121 goto e_unmap; 1122 } 1123 1124 /* Verify that VMPCK is not zero. */ 1125 if (is_vmpck_empty(snp_dev)) { 1126 dev_err(dev, "vmpck id %d is null\n", vmpck_id); 1127 goto e_unmap; 1128 } 1129 1130 platform_set_drvdata(pdev, snp_dev); 1131 snp_dev->dev = dev; 1132 snp_dev->secrets = secrets; 1133 1134 /* Allocate the shared page used for the request and response message. */ 1135 snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 1136 if (!snp_dev->request) 1137 goto e_unmap; 1138 1139 snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 1140 if (!snp_dev->response) 1141 goto e_free_request; 1142 1143 snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); 1144 if (!snp_dev->certs_data) 1145 goto e_free_response; 1146 1147 ret = -EIO; 1148 snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); 1149 if (!snp_dev->crypto) 1150 goto e_free_cert_data; 1151 1152 misc = &snp_dev->misc; 1153 misc->minor = MISC_DYNAMIC_MINOR; 1154 misc->name = DEVICE_NAME; 1155 misc->fops = &snp_guest_fops; 1156 1157 /* initial the input address for guest request */ 1158 snp_dev->input.req_gpa = __pa(snp_dev->request); 1159 snp_dev->input.resp_gpa = __pa(snp_dev->response); 1160 snp_dev->input.data_gpa = __pa(snp_dev->certs_data); 1161 1162 /* Set the privlevel_floor attribute based on the vmpck_id */ 1163 sev_tsm_ops.privlevel_floor = vmpck_id; 1164 1165 ret = tsm_register(&sev_tsm_ops, snp_dev); 1166 if (ret) 1167 goto e_free_cert_data; 1168 1169 ret = devm_add_action_or_reset(&pdev->dev, unregister_sev_tsm, NULL); 1170 if (ret) 1171 goto e_free_cert_data; 1172 1173 ret = misc_register(misc); 1174 if (ret) 1175 goto e_free_cert_data; 1176 1177 dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); 1178 return 0; 1179 1180 e_free_cert_data: 1181 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 1182 e_free_response: 1183 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 1184 e_free_request: 1185 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 1186 e_unmap: 1187 iounmap(mapping); 1188 return ret; 1189 } 1190 1191 static void __exit sev_guest_remove(struct platform_device *pdev) 1192 { 1193 struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); 1194 1195 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 1196 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 1197 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 1198 deinit_crypto(snp_dev->crypto); 1199 misc_deregister(&snp_dev->misc); 1200 } 1201 1202 /* 1203 * This driver is meant to be a common SEV guest interface driver and to 1204 * support any SEV guest API. As such, even though it has been introduced 1205 * with the SEV-SNP support, it is named "sev-guest". 1206 * 1207 * sev_guest_remove() lives in .exit.text. For drivers registered via 1208 * module_platform_driver_probe() this is ok because they cannot get unbound 1209 * at runtime. So mark the driver struct with __refdata to prevent modpost 1210 * triggering a section mismatch warning. 1211 */ 1212 static struct platform_driver sev_guest_driver __refdata = { 1213 .remove_new = __exit_p(sev_guest_remove), 1214 .driver = { 1215 .name = "sev-guest", 1216 }, 1217 }; 1218 1219 module_platform_driver_probe(sev_guest_driver, sev_guest_probe); 1220 1221 MODULE_AUTHOR("Brijesh Singh <brijesh.singh@amd.com>"); 1222 MODULE_LICENSE("GPL"); 1223 MODULE_VERSION("1.0.0"); 1224 MODULE_DESCRIPTION("AMD SEV Guest Driver"); 1225 MODULE_ALIAS("platform:sev-guest"); 1226