1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * TDX guest user interface driver 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #include <linux/kernel.h> 9 #include <linux/miscdevice.h> 10 #include <linux/mm.h> 11 #include <linux/module.h> 12 #include <linux/mod_devicetable.h> 13 #include <linux/string.h> 14 #include <linux/uaccess.h> 15 #include <linux/set_memory.h> 16 #include <linux/io.h> 17 #include <linux/delay.h> 18 #include <linux/tsm.h> 19 #include <linux/sizes.h> 20 21 #include <uapi/linux/tdx-guest.h> 22 23 #include <asm/cpu_device_id.h> 24 #include <asm/tdx.h> 25 26 /* 27 * Intel's SGX QE implementation generally uses Quote size less 28 * than 8K (2K Quote data + ~5K of certificate blob). 29 */ 30 #define GET_QUOTE_BUF_SIZE SZ_8K 31 32 #define GET_QUOTE_CMD_VER 1 33 34 /* TDX GetQuote status codes */ 35 #define GET_QUOTE_SUCCESS 0 36 #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff 37 38 /* struct tdx_quote_buf: Format of Quote request buffer. 39 * @version: Quote format version, filled by TD. 40 * @status: Status code of Quote request, filled by VMM. 41 * @in_len: Length of TDREPORT, filled by TD. 42 * @out_len: Length of Quote data, filled by VMM. 43 * @data: Quote data on output or TDREPORT on input. 44 * 45 * More details of Quote request buffer can be found in TDX 46 * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, 47 * section titled "TDG.VP.VMCALL<GetQuote>" 48 */ 49 struct tdx_quote_buf { 50 u64 version; 51 u64 status; 52 u32 in_len; 53 u32 out_len; 54 u8 data[]; 55 }; 56 57 /* Quote data buffer */ 58 static void *quote_data; 59 60 /* Lock to streamline quote requests */ 61 static DEFINE_MUTEX(quote_lock); 62 63 /* 64 * GetQuote request timeout in seconds. Expect that 30 seconds 65 * is enough time for QE to respond to any Quote requests. 66 */ 67 static u32 getquote_timeout = 30; 68 69 static long tdx_get_report0(struct tdx_report_req __user *req) 70 { 71 u8 *reportdata, *tdreport; 72 long ret; 73 74 reportdata = kmalloc(TDX_REPORTDATA_LEN, GFP_KERNEL); 75 if (!reportdata) 76 return -ENOMEM; 77 78 tdreport = kzalloc(TDX_REPORT_LEN, GFP_KERNEL); 79 if (!tdreport) { 80 ret = -ENOMEM; 81 goto out; 82 } 83 84 if (copy_from_user(reportdata, req->reportdata, TDX_REPORTDATA_LEN)) { 85 ret = -EFAULT; 86 goto out; 87 } 88 89 /* Generate TDREPORT0 using "TDG.MR.REPORT" TDCALL */ 90 ret = tdx_mcall_get_report0(reportdata, tdreport); 91 if (ret) 92 goto out; 93 94 if (copy_to_user(req->tdreport, tdreport, TDX_REPORT_LEN)) 95 ret = -EFAULT; 96 97 out: 98 kfree(reportdata); 99 kfree(tdreport); 100 101 return ret; 102 } 103 104 static void free_quote_buf(void *buf) 105 { 106 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 107 unsigned int count = len >> PAGE_SHIFT; 108 109 if (set_memory_encrypted((unsigned long)buf, count)) { 110 pr_err("Failed to restore encryption mask for Quote buffer, leak it\n"); 111 return; 112 } 113 114 free_pages_exact(buf, len); 115 } 116 117 static void *alloc_quote_buf(void) 118 { 119 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 120 unsigned int count = len >> PAGE_SHIFT; 121 void *addr; 122 123 addr = alloc_pages_exact(len, GFP_KERNEL | __GFP_ZERO); 124 if (!addr) 125 return NULL; 126 127 if (set_memory_decrypted((unsigned long)addr, count)) { 128 free_pages_exact(addr, len); 129 return NULL; 130 } 131 132 return addr; 133 } 134 135 /* 136 * wait_for_quote_completion() - Wait for Quote request completion 137 * @quote_buf: Address of Quote buffer. 138 * @timeout: Timeout in seconds to wait for the Quote generation. 139 * 140 * As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>", 141 * the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT 142 * while VMM processes the GetQuote request, and will change it to success 143 * or error code after processing is complete. So wait till the status 144 * changes from GET_QUOTE_IN_FLIGHT or the request being timed out. 145 */ 146 static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout) 147 { 148 int i = 0; 149 150 /* 151 * Quote requests usually take a few seconds to complete, so waking up 152 * once per second to recheck the status is fine for this use case. 153 */ 154 while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) { 155 if (msleep_interruptible(MSEC_PER_SEC)) 156 return -EINTR; 157 } 158 159 return (i == timeout) ? -ETIMEDOUT : 0; 160 } 161 162 static int tdx_report_new(struct tsm_report *report, void *data) 163 { 164 u8 *buf, *reportdata = NULL, *tdreport = NULL; 165 struct tdx_quote_buf *quote_buf = quote_data; 166 struct tsm_desc *desc = &report->desc; 167 int ret; 168 u64 err; 169 170 /* TODO: switch to guard(mutex_intr) */ 171 if (mutex_lock_interruptible("e_lock)) 172 return -EINTR; 173 174 /* 175 * If the previous request is timedout or interrupted, and the 176 * Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by 177 * VMM), don't permit any new request. 178 */ 179 if (quote_buf->status == GET_QUOTE_IN_FLIGHT) { 180 ret = -EBUSY; 181 goto done; 182 } 183 184 if (desc->inblob_len != TDX_REPORTDATA_LEN) { 185 ret = -EINVAL; 186 goto done; 187 } 188 189 reportdata = kmalloc(TDX_REPORTDATA_LEN, GFP_KERNEL); 190 if (!reportdata) { 191 ret = -ENOMEM; 192 goto done; 193 } 194 195 tdreport = kzalloc(TDX_REPORT_LEN, GFP_KERNEL); 196 if (!tdreport) { 197 ret = -ENOMEM; 198 goto done; 199 } 200 201 memcpy(reportdata, desc->inblob, desc->inblob_len); 202 203 /* Generate TDREPORT0 using "TDG.MR.REPORT" TDCALL */ 204 ret = tdx_mcall_get_report0(reportdata, tdreport); 205 if (ret) { 206 pr_err("GetReport call failed\n"); 207 goto done; 208 } 209 210 memset(quote_data, 0, GET_QUOTE_BUF_SIZE); 211 212 /* Update Quote buffer header */ 213 quote_buf->version = GET_QUOTE_CMD_VER; 214 quote_buf->in_len = TDX_REPORT_LEN; 215 216 memcpy(quote_buf->data, tdreport, TDX_REPORT_LEN); 217 218 err = tdx_hcall_get_quote(quote_data, GET_QUOTE_BUF_SIZE); 219 if (err) { 220 pr_err("GetQuote hypercall failed, status:%llx\n", err); 221 ret = -EIO; 222 goto done; 223 } 224 225 ret = wait_for_quote_completion(quote_buf, getquote_timeout); 226 if (ret) { 227 pr_err("GetQuote request timedout\n"); 228 goto done; 229 } 230 231 buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL); 232 if (!buf) { 233 ret = -ENOMEM; 234 goto done; 235 } 236 237 report->outblob = buf; 238 report->outblob_len = quote_buf->out_len; 239 240 /* 241 * TODO: parse the PEM-formatted cert chain out of the quote buffer when 242 * provided 243 */ 244 done: 245 mutex_unlock("e_lock); 246 kfree(reportdata); 247 kfree(tdreport); 248 249 return ret; 250 } 251 252 static bool tdx_report_attr_visible(int n) 253 { 254 switch (n) { 255 case TSM_REPORT_GENERATION: 256 case TSM_REPORT_PROVIDER: 257 return true; 258 } 259 260 return false; 261 } 262 263 static bool tdx_report_bin_attr_visible(int n) 264 { 265 switch (n) { 266 case TSM_REPORT_INBLOB: 267 case TSM_REPORT_OUTBLOB: 268 return true; 269 } 270 271 return false; 272 } 273 274 static long tdx_guest_ioctl(struct file *file, unsigned int cmd, 275 unsigned long arg) 276 { 277 switch (cmd) { 278 case TDX_CMD_GET_REPORT0: 279 return tdx_get_report0((struct tdx_report_req __user *)arg); 280 default: 281 return -ENOTTY; 282 } 283 } 284 285 static const struct file_operations tdx_guest_fops = { 286 .owner = THIS_MODULE, 287 .unlocked_ioctl = tdx_guest_ioctl, 288 .llseek = no_llseek, 289 }; 290 291 static struct miscdevice tdx_misc_dev = { 292 .name = KBUILD_MODNAME, 293 .minor = MISC_DYNAMIC_MINOR, 294 .fops = &tdx_guest_fops, 295 }; 296 297 static const struct x86_cpu_id tdx_guest_ids[] = { 298 X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL), 299 {} 300 }; 301 MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); 302 303 static const struct tsm_ops tdx_tsm_ops = { 304 .name = KBUILD_MODNAME, 305 .report_new = tdx_report_new, 306 .report_attr_visible = tdx_report_attr_visible, 307 .report_bin_attr_visible = tdx_report_bin_attr_visible, 308 }; 309 310 static int __init tdx_guest_init(void) 311 { 312 int ret; 313 314 if (!x86_match_cpu(tdx_guest_ids)) 315 return -ENODEV; 316 317 ret = misc_register(&tdx_misc_dev); 318 if (ret) 319 return ret; 320 321 quote_data = alloc_quote_buf(); 322 if (!quote_data) { 323 pr_err("Failed to allocate Quote buffer\n"); 324 ret = -ENOMEM; 325 goto free_misc; 326 } 327 328 ret = tsm_register(&tdx_tsm_ops, NULL); 329 if (ret) 330 goto free_quote; 331 332 return 0; 333 334 free_quote: 335 free_quote_buf(quote_data); 336 free_misc: 337 misc_deregister(&tdx_misc_dev); 338 339 return ret; 340 } 341 module_init(tdx_guest_init); 342 343 static void __exit tdx_guest_exit(void) 344 { 345 tsm_unregister(&tdx_tsm_ops); 346 free_quote_buf(quote_data); 347 misc_deregister(&tdx_misc_dev); 348 } 349 module_exit(tdx_guest_exit); 350 351 MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>"); 352 MODULE_DESCRIPTION("TDX Guest Driver"); 353 MODULE_LICENSE("GPL"); 354