Message ID | 20210820155918.7518-19-brijesh.singh@amd.com (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | Add AMD Secure Nested Paging (SEV-SNP) Hypervisor Support | expand |
On Fri, Aug 20, 2021 at 9:00 AM Brijesh Singh <brijesh.singh@amd.com> wrote: > > Version 2 of the GHCB specification defines VMGEXIT that is used to get > the extended attestation report. The extended attestation report includes > the certificate blobs provided through the SNP_SET_EXT_CONFIG. > > The snp_guest_ext_guest_request() will be used by the hypervisor to get > the extended attestation report. See the GHCB specification for more > details. > > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > --- > drivers/crypto/ccp/sev-dev.c | 43 ++++++++++++++++++++++++++++++++++++ > include/linux/psp-sev.h | 24 ++++++++++++++++++++ > 2 files changed, 67 insertions(+) > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > index 9ba194acbe85..e2650c3d0d0a 100644 > --- a/drivers/crypto/ccp/sev-dev.c > +++ b/drivers/crypto/ccp/sev-dev.c > @@ -22,6 +22,7 @@ > #include <linux/firmware.h> > #include <linux/gfp.h> > #include <linux/cpufeature.h> > +#include <linux/sev-guest.h> > > #include <asm/smp.h> > > @@ -1677,6 +1678,48 @@ int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) > } > EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt); > > +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > + unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) > +{ > + unsigned long expected_npages; > + struct sev_device *sev; > + int rc; > + > + if (!psp_master || !psp_master->sev_data) > + return -ENODEV; > + > + sev = psp_master->sev_data; > + > + if (!sev->snp_inited) > + return -EINVAL; > + > + /* > + * Check if there is enough space to copy the certificate chain. Otherwise > + * return ERROR code defined in the GHCB specification. > + */ > + expected_npages = sev->snp_certs_len >> PAGE_SHIFT; Is this calculation for `expected_npages` correct? Assume that `sev->snp_certs_len` is less than a page (e.g., 2000). Then, this calculation will return `0` for `expected_npages`, rather than round up to 1. > + if (*npages < expected_npages) { > + *npages = expected_npages; > + *fw_err = SNP_GUEST_REQ_INVALID_LEN; > + return -EINVAL; > + } > + > + rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)&fw_err); > + if (rc) > + return rc; > + > + /* Copy the certificate blob */ > + if (sev->snp_certs_data) { > + *npages = expected_npages; > + memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT); > + } else { > + *npages = 0; > + } > + > + return rc; > +} > +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request); > + > static void sev_exit(struct kref *ref) > { > misc_deregister(&misc_dev->misc); > diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h > index 00bd684dc094..ea94ce4d834a 100644 > --- a/include/linux/psp-sev.h > +++ b/include/linux/psp-sev.h > @@ -924,6 +924,23 @@ void *psp_copy_user_blob(u64 uaddr, u32 len); > void *snp_alloc_firmware_page(gfp_t mask); > void snp_free_firmware_page(void *addr); > > +/** > + * snp_guest_ext_guest_request - perform the SNP extended guest request command > + * defined in the GHCB specification. > + * > + * @data: the input guest request structure > + * @vaddr: address where the certificate blob need to be copied. > + * @npages: number of pages for the certificate blob. > + * If the specified page count is less than the certificate blob size, then the > + * required page count is returned with error code defined in the GHCB spec. > + * If the specified page count is more than the certificate blob size, then > + * page count is updated to reflect the amount of valid data copied in the > + * vaddr. > + */ > +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > + unsigned long vaddr, unsigned long *npages, > + unsigned long *error); > + > #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ > > static inline int > @@ -971,6 +988,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask) > > static inline void snp_free_firmware_page(void *addr) { } > > +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, > + unsigned long vaddr, unsigned long *n, > + unsigned long *error) > +{ > + return -ENODEV; > +} > + > #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ > > #endif /* __PSP_SEV_H__ */ > -- > 2.17.1 >
On 10/09/2021 6:30, Marc Orr wrote: > On Fri, Aug 20, 2021 at 9:00 AM Brijesh Singh <brijesh.singh@amd.com> wrote: >> >> Version 2 of the GHCB specification defines VMGEXIT that is used to get >> the extended attestation report. The extended attestation report includes >> the certificate blobs provided through the SNP_SET_EXT_CONFIG. >> >> The snp_guest_ext_guest_request() will be used by the hypervisor to get >> the extended attestation report. See the GHCB specification for more >> details. >> >> Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> >> --- >> drivers/crypto/ccp/sev-dev.c | 43 ++++++++++++++++++++++++++++++++++++ >> include/linux/psp-sev.h | 24 ++++++++++++++++++++ >> 2 files changed, 67 insertions(+) >> >> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c >> index 9ba194acbe85..e2650c3d0d0a 100644 >> --- a/drivers/crypto/ccp/sev-dev.c >> +++ b/drivers/crypto/ccp/sev-dev.c >> @@ -22,6 +22,7 @@ >> #include <linux/firmware.h> >> #include <linux/gfp.h> >> #include <linux/cpufeature.h> >> +#include <linux/sev-guest.h> >> >> #include <asm/smp.h> >> >> @@ -1677,6 +1678,48 @@ int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) >> } >> EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt); >> >> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, >> + unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) >> +{ >> + unsigned long expected_npages; >> + struct sev_device *sev; >> + int rc; >> + >> + if (!psp_master || !psp_master->sev_data) >> + return -ENODEV; >> + >> + sev = psp_master->sev_data; >> + >> + if (!sev->snp_inited) >> + return -EINVAL; >> + >> + /* >> + * Check if there is enough space to copy the certificate chain. Otherwise >> + * return ERROR code defined in the GHCB specification. >> + */ >> + expected_npages = sev->snp_certs_len >> PAGE_SHIFT; > > Is this calculation for `expected_npages` correct? Assume that > `sev->snp_certs_len` is less than a page (e.g., 2000). Then, this > calculation will return `0` for `expected_npages`, rather than round > up to 1. > In patch 17 in sev_ioctl_snp_set_config there's a check that certs_len is aligned to PAGE_SIZE (and this value is later in that function assigned to sev->snp_certs_len): + /* Copy the certs from userspace */ + if (input.certs_address) { + if (!input.certs_len || !IS_ALIGNED(input.certs_len, PAGE_SIZE)) + return -EINVAL; but I agree that rounding up (DIV_ROUND_UP) or asserting that sev->snp_certs_len is aligned to PAGE_SIZE (and non-zero) makes sense here. -Dov >> + if (*npages < expected_npages) { >> + *npages = expected_npages; >> + *fw_err = SNP_GUEST_REQ_INVALID_LEN; >> + return -EINVAL; >> + } >> + >> + rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)&fw_err); >> + if (rc) >> + return rc; >> + >> + /* Copy the certificate blob */ >> + if (sev->snp_certs_data) { >> + *npages = expected_npages; >> + memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT); >> + } else { >> + *npages = 0; >> + } >> + >> + return rc; >> +} >> +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request); >> + >> static void sev_exit(struct kref *ref) >> { >> misc_deregister(&misc_dev->misc); >> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h >> index 00bd684dc094..ea94ce4d834a 100644 >> --- a/include/linux/psp-sev.h >> +++ b/include/linux/psp-sev.h >> @@ -924,6 +924,23 @@ void *psp_copy_user_blob(u64 uaddr, u32 len); >> void *snp_alloc_firmware_page(gfp_t mask); >> void snp_free_firmware_page(void *addr); >> >> +/** >> + * snp_guest_ext_guest_request - perform the SNP extended guest request command >> + * defined in the GHCB specification. >> + * >> + * @data: the input guest request structure >> + * @vaddr: address where the certificate blob need to be copied. >> + * @npages: number of pages for the certificate blob. >> + * If the specified page count is less than the certificate blob size, then the >> + * required page count is returned with error code defined in the GHCB spec. >> + * If the specified page count is more than the certificate blob size, then >> + * page count is updated to reflect the amount of valid data copied in the >> + * vaddr. >> + */ >> +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, >> + unsigned long vaddr, unsigned long *npages, >> + unsigned long *error); >> + >> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ >> >> static inline int >> @@ -971,6 +988,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask) >> >> static inline void snp_free_firmware_page(void *addr) { } >> >> +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, >> + unsigned long vaddr, unsigned long *n, >> + unsigned long *error) >> +{ >> + return -ENODEV; >> +} >> + >> #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ >> >> #endif /* __PSP_SEV_H__ */ >> -- >> 2.17.1 >>
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 9ba194acbe85..e2650c3d0d0a 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -22,6 +22,7 @@ #include <linux/firmware.h> #include <linux/gfp.h> #include <linux/cpufeature.h> +#include <linux/sev-guest.h> #include <asm/smp.h> @@ -1677,6 +1678,48 @@ int snp_guest_dbg_decrypt(struct sev_data_snp_dbg *data, int *error) } EXPORT_SYMBOL_GPL(snp_guest_dbg_decrypt); +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *npages, unsigned long *fw_err) +{ + unsigned long expected_npages; + struct sev_device *sev; + int rc; + + if (!psp_master || !psp_master->sev_data) + return -ENODEV; + + sev = psp_master->sev_data; + + if (!sev->snp_inited) + return -EINVAL; + + /* + * Check if there is enough space to copy the certificate chain. Otherwise + * return ERROR code defined in the GHCB specification. + */ + expected_npages = sev->snp_certs_len >> PAGE_SHIFT; + if (*npages < expected_npages) { + *npages = expected_npages; + *fw_err = SNP_GUEST_REQ_INVALID_LEN; + return -EINVAL; + } + + rc = sev_do_cmd(SEV_CMD_SNP_GUEST_REQUEST, data, (int *)&fw_err); + if (rc) + return rc; + + /* Copy the certificate blob */ + if (sev->snp_certs_data) { + *npages = expected_npages; + memcpy((void *)vaddr, sev->snp_certs_data, *npages << PAGE_SHIFT); + } else { + *npages = 0; + } + + return rc; +} +EXPORT_SYMBOL_GPL(snp_guest_ext_guest_request); + static void sev_exit(struct kref *ref) { misc_deregister(&misc_dev->misc); diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 00bd684dc094..ea94ce4d834a 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -924,6 +924,23 @@ void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); +/** + * snp_guest_ext_guest_request - perform the SNP extended guest request command + * defined in the GHCB specification. + * + * @data: the input guest request structure + * @vaddr: address where the certificate blob need to be copied. + * @npages: number of pages for the certificate blob. + * If the specified page count is less than the certificate blob size, then the + * required page count is returned with error code defined in the GHCB spec. + * If the specified page count is more than the certificate blob size, then + * page count is updated to reflect the amount of valid data copied in the + * vaddr. + */ +int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *npages, + unsigned long *error); + #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ static inline int @@ -971,6 +988,13 @@ static inline void *snp_alloc_firmware_page(gfp_t mask) static inline void snp_free_firmware_page(void *addr) { } +static inline int snp_guest_ext_guest_request(struct sev_data_snp_guest_request *data, + unsigned long vaddr, unsigned long *n, + unsigned long *error) +{ + return -ENODEV; +} + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */
Version 2 of the GHCB specification defines VMGEXIT that is used to get the extended attestation report. The extended attestation report includes the certificate blobs provided through the SNP_SET_EXT_CONFIG. The snp_guest_ext_guest_request() will be used by the hypervisor to get the extended attestation report. See the GHCB specification for more details. Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> --- drivers/crypto/ccp/sev-dev.c | 43 ++++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 24 ++++++++++++++++++++ 2 files changed, 67 insertions(+)