1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * TDX guest user interface driver 4 * 5 * Copyright (C) 2022 Intel Corporation 6 */ 7 8 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 9 10 #include <linux/kernel.h> 11 #include <linux/miscdevice.h> 12 #include <linux/mm.h> 13 #include <linux/module.h> 14 #include <linux/mod_devicetable.h> 15 #include <linux/string.h> 16 #include <linux/uaccess.h> 17 #include <linux/set_memory.h> 18 #include <linux/io.h> 19 #include <linux/delay.h> 20 #include <linux/sockptr.h> 21 #include <linux/tsm.h> 22 #include <linux/tsm-mr.h> 23 24 #include <uapi/linux/tdx-guest.h> 25 26 #include <asm/cpu_device_id.h> 27 #include <asm/tdx.h> 28 29 /* TDREPORT buffer */ 30 static u8 *tdx_report_buf; 31 32 /* Lock to serialize TDG.MR.REPORT and TDG.MR.RTMR.EXTEND TDCALLs */ 33 static DEFINE_MUTEX(mr_lock); 34 35 /* TDREPORT fields */ 36 enum { 37 TDREPORT_reportdata = 128, 38 TDREPORT_tee_tcb_info = 256, 39 TDREPORT_tdinfo = TDREPORT_tee_tcb_info + 256, 40 TDREPORT_attributes = TDREPORT_tdinfo, 41 TDREPORT_xfam = TDREPORT_attributes + sizeof(u64), 42 TDREPORT_mrtd = TDREPORT_xfam + sizeof(u64), 43 TDREPORT_mrconfigid = TDREPORT_mrtd + SHA384_DIGEST_SIZE, 44 TDREPORT_mrowner = TDREPORT_mrconfigid + SHA384_DIGEST_SIZE, 45 TDREPORT_mrownerconfig = TDREPORT_mrowner + SHA384_DIGEST_SIZE, 46 TDREPORT_rtmr0 = TDREPORT_mrownerconfig + SHA384_DIGEST_SIZE, 47 TDREPORT_rtmr1 = TDREPORT_rtmr0 + SHA384_DIGEST_SIZE, 48 TDREPORT_rtmr2 = TDREPORT_rtmr1 + SHA384_DIGEST_SIZE, 49 TDREPORT_rtmr3 = TDREPORT_rtmr2 + SHA384_DIGEST_SIZE, 50 TDREPORT_servtd_hash = TDREPORT_rtmr3 + SHA384_DIGEST_SIZE, 51 }; 52 53 static int tdx_do_report(sockptr_t data, sockptr_t tdreport) 54 { 55 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) { 56 u8 *reportdata = tdx_report_buf + TDREPORT_reportdata; 57 int ret; 58 59 if (!sockptr_is_null(data) && 60 copy_from_sockptr(reportdata, data, TDX_REPORTDATA_LEN)) 61 return -EFAULT; 62 63 ret = tdx_mcall_get_report0(reportdata, tdx_report_buf); 64 if (WARN_ONCE(ret, "tdx_mcall_get_report0() failed: %d", ret)) 65 return ret; 66 67 if (!sockptr_is_null(tdreport) && 68 copy_to_sockptr(tdreport, tdx_report_buf, TDX_REPORT_LEN)) 69 return -EFAULT; 70 } 71 return 0; 72 } 73 74 static int tdx_do_extend(u8 mr_ind, const u8 *data) 75 { 76 scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) { 77 /* 78 * TDX requires @extend_buf to be 64-byte aligned. 79 * It's safe to use REPORTDATA buffer for that purpose because 80 * tdx_mr_report/extend_lock() are mutually exclusive. 81 */ 82 u8 *extend_buf = tdx_report_buf + TDREPORT_reportdata; 83 int ret; 84 85 memcpy(extend_buf, data, SHA384_DIGEST_SIZE); 86 87 ret = tdx_mcall_extend_rtmr(mr_ind, extend_buf); 88 if (WARN_ONCE(ret, "tdx_mcall_extend_rtmr(%u) failed: %d", mr_ind, ret)) 89 return ret; 90 } 91 return 0; 92 } 93 94 #define TDX_MR_(r) .mr_value = (void *)TDREPORT_##r, TSM_MR_(r, SHA384) 95 static struct tsm_measurement_register tdx_mrs[] = { 96 { TDX_MR_(rtmr0) | TSM_MR_F_RTMR }, 97 { TDX_MR_(rtmr1) | TSM_MR_F_RTMR }, 98 { TDX_MR_(rtmr2) | TSM_MR_F_RTMR }, 99 { TDX_MR_(rtmr3) | TSM_MR_F_RTMR }, 100 { TDX_MR_(mrtd) }, 101 { TDX_MR_(mrconfigid) | TSM_MR_F_NOHASH }, 102 { TDX_MR_(mrowner) | TSM_MR_F_NOHASH }, 103 { TDX_MR_(mrownerconfig) | TSM_MR_F_NOHASH }, 104 }; 105 #undef TDX_MR_ 106 107 static int tdx_mr_refresh(const struct tsm_measurements *tm) 108 { 109 return tdx_do_report(KERNEL_SOCKPTR(NULL), KERNEL_SOCKPTR(NULL)); 110 } 111 112 static int tdx_mr_extend(const struct tsm_measurements *tm, 113 const struct tsm_measurement_register *mr, 114 const u8 *data) 115 { 116 return tdx_do_extend(mr - tm->mrs, data); 117 } 118 119 static struct tsm_measurements tdx_measurements = { 120 .mrs = tdx_mrs, 121 .nr_mrs = ARRAY_SIZE(tdx_mrs), 122 .refresh = tdx_mr_refresh, 123 .write = tdx_mr_extend, 124 }; 125 126 static const struct attribute_group *tdx_mr_init(void) 127 { 128 const struct attribute_group *g; 129 int rc; 130 131 u8 *buf __free(kfree) = kzalloc(TDX_REPORT_LEN, GFP_KERNEL); 132 if (!buf) 133 return ERR_PTR(-ENOMEM); 134 135 tdx_report_buf = buf; 136 rc = tdx_mr_refresh(&tdx_measurements); 137 if (rc) 138 return ERR_PTR(rc); 139 140 /* 141 * @mr_value was initialized with the offset only, while the base 142 * address is being added here. 143 */ 144 for (size_t i = 0; i < ARRAY_SIZE(tdx_mrs); ++i) 145 *(long *)&tdx_mrs[i].mr_value += (long)buf; 146 147 g = tsm_mr_create_attribute_group(&tdx_measurements); 148 if (!IS_ERR(g)) 149 tdx_report_buf = no_free_ptr(buf); 150 151 return g; 152 } 153 154 static void tdx_mr_deinit(const struct attribute_group *mr_grp) 155 { 156 tsm_mr_free_attribute_group(mr_grp); 157 kfree(tdx_report_buf); 158 } 159 160 /* 161 * Intel's SGX QE implementation generally uses Quote size less 162 * than 8K (2K Quote data + ~5K of certificate blob). 163 */ 164 #define GET_QUOTE_BUF_SIZE SZ_8K 165 166 #define GET_QUOTE_CMD_VER 1 167 168 /* TDX GetQuote status codes */ 169 #define GET_QUOTE_SUCCESS 0 170 #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff 171 172 /* struct tdx_quote_buf: Format of Quote request buffer. 173 * @version: Quote format version, filled by TD. 174 * @status: Status code of Quote request, filled by VMM. 175 * @in_len: Length of TDREPORT, filled by TD. 176 * @out_len: Length of Quote data, filled by VMM. 177 * @data: Quote data on output or TDREPORT on input. 178 * 179 * More details of Quote request buffer can be found in TDX 180 * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0, 181 * section titled "TDG.VP.VMCALL<GetQuote>" 182 */ 183 struct tdx_quote_buf { 184 u64 version; 185 u64 status; 186 u32 in_len; 187 u32 out_len; 188 u8 data[]; 189 }; 190 191 /* Quote data buffer */ 192 static void *quote_data; 193 194 /* Lock to streamline quote requests */ 195 static DEFINE_MUTEX(quote_lock); 196 197 /* 198 * GetQuote request timeout in seconds. Expect that 30 seconds 199 * is enough time for QE to respond to any Quote requests. 200 */ 201 static u32 getquote_timeout = 30; 202 203 static long tdx_get_report0(struct tdx_report_req __user *req) 204 { 205 return tdx_do_report(USER_SOCKPTR(req->reportdata), 206 USER_SOCKPTR(req->tdreport)); 207 } 208 209 static void free_quote_buf(void *buf) 210 { 211 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 212 unsigned int count = len >> PAGE_SHIFT; 213 214 if (set_memory_encrypted((unsigned long)buf, count)) { 215 pr_err("Failed to restore encryption mask for Quote buffer, leak it\n"); 216 return; 217 } 218 219 free_pages_exact(buf, len); 220 } 221 222 static void *alloc_quote_buf(void) 223 { 224 size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE); 225 unsigned int count = len >> PAGE_SHIFT; 226 void *addr; 227 228 addr = alloc_pages_exact(len, GFP_KERNEL | __GFP_ZERO); 229 if (!addr) 230 return NULL; 231 232 if (set_memory_decrypted((unsigned long)addr, count)) 233 return NULL; 234 235 return addr; 236 } 237 238 /* 239 * wait_for_quote_completion() - Wait for Quote request completion 240 * @quote_buf: Address of Quote buffer. 241 * @timeout: Timeout in seconds to wait for the Quote generation. 242 * 243 * As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>", 244 * the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT 245 * while VMM processes the GetQuote request, and will change it to success 246 * or error code after processing is complete. So wait till the status 247 * changes from GET_QUOTE_IN_FLIGHT or the request being timed out. 248 */ 249 static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout) 250 { 251 int i = 0; 252 253 /* 254 * Quote requests usually take a few seconds to complete, so waking up 255 * once per second to recheck the status is fine for this use case. 256 */ 257 while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) { 258 if (msleep_interruptible(MSEC_PER_SEC)) 259 return -EINTR; 260 } 261 262 return (i == timeout) ? -ETIMEDOUT : 0; 263 } 264 265 static int tdx_report_new_locked(struct tsm_report *report, void *data) 266 { 267 u8 *buf; 268 struct tdx_quote_buf *quote_buf = quote_data; 269 struct tsm_report_desc *desc = &report->desc; 270 int ret; 271 u64 err; 272 273 /* 274 * If the previous request is timedout or interrupted, and the 275 * Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by 276 * VMM), don't permit any new request. 277 */ 278 if (quote_buf->status == GET_QUOTE_IN_FLIGHT) 279 return -EBUSY; 280 281 if (desc->inblob_len != TDX_REPORTDATA_LEN) 282 return -EINVAL; 283 284 memset(quote_data, 0, GET_QUOTE_BUF_SIZE); 285 286 /* Update Quote buffer header */ 287 quote_buf->version = GET_QUOTE_CMD_VER; 288 quote_buf->in_len = TDX_REPORT_LEN; 289 290 ret = tdx_do_report(KERNEL_SOCKPTR(desc->inblob), 291 KERNEL_SOCKPTR(quote_buf->data)); 292 if (ret) 293 return ret; 294 295 err = tdx_hcall_get_quote(quote_data, GET_QUOTE_BUF_SIZE); 296 if (err) { 297 pr_err("GetQuote hypercall failed, status:%llx\n", err); 298 return -EIO; 299 } 300 301 ret = wait_for_quote_completion(quote_buf, getquote_timeout); 302 if (ret) { 303 pr_err("GetQuote request timedout\n"); 304 return ret; 305 } 306 307 buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL); 308 if (!buf) 309 return -ENOMEM; 310 311 report->outblob = buf; 312 report->outblob_len = quote_buf->out_len; 313 314 /* 315 * TODO: parse the PEM-formatted cert chain out of the quote buffer when 316 * provided 317 */ 318 319 return ret; 320 } 321 322 static int tdx_report_new(struct tsm_report *report, void *data) 323 { 324 scoped_cond_guard(mutex_intr, return -EINTR, "e_lock) 325 return tdx_report_new_locked(report, data); 326 } 327 328 static bool tdx_report_attr_visible(int n) 329 { 330 switch (n) { 331 case TSM_REPORT_GENERATION: 332 case TSM_REPORT_PROVIDER: 333 return true; 334 } 335 336 return false; 337 } 338 339 static bool tdx_report_bin_attr_visible(int n) 340 { 341 switch (n) { 342 case TSM_REPORT_INBLOB: 343 case TSM_REPORT_OUTBLOB: 344 return true; 345 } 346 347 return false; 348 } 349 350 static long tdx_guest_ioctl(struct file *file, unsigned int cmd, 351 unsigned long arg) 352 { 353 switch (cmd) { 354 case TDX_CMD_GET_REPORT0: 355 return tdx_get_report0((struct tdx_report_req __user *)arg); 356 default: 357 return -ENOTTY; 358 } 359 } 360 361 static const struct file_operations tdx_guest_fops = { 362 .owner = THIS_MODULE, 363 .unlocked_ioctl = tdx_guest_ioctl, 364 }; 365 366 static const struct attribute_group *tdx_attr_groups[] = { 367 NULL, /* measurements */ 368 NULL 369 }; 370 371 static struct miscdevice tdx_misc_dev = { 372 .name = KBUILD_MODNAME, 373 .minor = MISC_DYNAMIC_MINOR, 374 .fops = &tdx_guest_fops, 375 .groups = tdx_attr_groups, 376 }; 377 378 static const struct x86_cpu_id tdx_guest_ids[] = { 379 X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL), 380 {} 381 }; 382 MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); 383 384 static const struct tsm_report_ops tdx_tsm_ops = { 385 .name = KBUILD_MODNAME, 386 .report_new = tdx_report_new, 387 .report_attr_visible = tdx_report_attr_visible, 388 .report_bin_attr_visible = tdx_report_bin_attr_visible, 389 }; 390 391 static int __init tdx_guest_init(void) 392 { 393 int ret; 394 395 if (!x86_match_cpu(tdx_guest_ids)) 396 return -ENODEV; 397 398 tdx_attr_groups[0] = tdx_mr_init(); 399 if (IS_ERR(tdx_attr_groups[0])) 400 return PTR_ERR(tdx_attr_groups[0]); 401 402 ret = misc_register(&tdx_misc_dev); 403 if (ret) 404 goto deinit_mr; 405 406 quote_data = alloc_quote_buf(); 407 if (!quote_data) { 408 pr_err("Failed to allocate Quote buffer\n"); 409 ret = -ENOMEM; 410 goto free_misc; 411 } 412 413 ret = tsm_report_register(&tdx_tsm_ops, NULL); 414 if (ret) 415 goto free_quote; 416 417 return 0; 418 419 free_quote: 420 free_quote_buf(quote_data); 421 free_misc: 422 misc_deregister(&tdx_misc_dev); 423 deinit_mr: 424 tdx_mr_deinit(tdx_attr_groups[0]); 425 426 return ret; 427 } 428 module_init(tdx_guest_init); 429 430 static void __exit tdx_guest_exit(void) 431 { 432 tsm_report_unregister(&tdx_tsm_ops); 433 free_quote_buf(quote_data); 434 misc_deregister(&tdx_misc_dev); 435 tdx_mr_deinit(tdx_attr_groups[0]); 436 } 437 module_exit(tdx_guest_exit); 438 439 MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>"); 440 MODULE_DESCRIPTION("TDX Guest Driver"); 441 MODULE_LICENSE("GPL"); 442