From patchwork Wed Oct 4 13:14:07 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 9984605 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 70A6B60237 for ; Wed, 4 Oct 2017 13:16:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6096A28AF8 for ; Wed, 4 Oct 2017 13:16:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 54FD228AFA; Wed, 4 Oct 2017 13:16:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D7AD928AF8 for ; Wed, 4 Oct 2017 13:16:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752489AbdJDNPi (ORCPT ); Wed, 4 Oct 2017 09:15:38 -0400 Received: from mail-cys01nam02on0059.outbound.protection.outlook.com ([104.47.37.59]:3808 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752369AbdJDNPd (ORCPT ); Wed, 4 Oct 2017 09:15:33 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=d8anKfdp2UscfTVZQIW5FwF7wnpi2zIAyqSS7T61dq0=; b=CzyMscN3T+b/khNQjFSxUK82laCfYgClep2olI7nPnCL9FafrNe5XfahzUrLZI/mBJPNpKljZAr/7VnKjOMUcSSHDfLEdlvfCclzbVKE91HjjWDJ7RmfZ3H94yzB4Rm32GR+mMjZp0q5Q6PT2uZ/hQVN4q1NcNatUnMIZ1SHi1A= Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 4 Oct 2017 13:15:26 +0000 From: Brijesh Singh To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v5 26/31] KVM: SVM: Add support for SEV LAUNCH_SECRET command Date: Wed, 4 Oct 2017 08:14:07 -0500 Message-Id: <20171004131412.13038-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171004131412.13038-1-brijesh.singh@amd.com> References: <20171004131412.13038-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2201CA0056.namprd22.prod.outlook.com (10.172.59.30) To SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 52fe1ca6-77f0-4f38-db1a-08d50b29fb76 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 3:Z2mjfDZVWSqojADAD8sdAvIz9GxaSIlbjSReIRW61kesNvNJngNJDtObMriU/ERCg3t4tCnKYeG72z3lWST1/ij4MrU/ryPwr8x8S1Xraw/g+Jgw7fYSWUeQF8LCgWBsZkQxKsPsQwPxhKtaV8si1YSuGV3rwYuXs6yy18TF0439Sak0X+7VA6zja3x+hR6OjDkfPBdh4QV7Y8zEP9qCz9I+VkXqo7vfvSuza9zY5f+lrFqKAa5uiPlQdqM9C3u5; 25:n2O+1W0ooJ0+vrsuNWvCH5PtHN8uMUoMmNISoSTTsnUM4GWTZc6neECxLX1ylLkhnmQSBNZ01ea1DI5b3WiTxGXmIhw9sZgG0BzWKsDk5a8j3hSbdAAtMRKMH6tba6VpPlrWfam2NT5AJ7w/5LJUFh4d1onH9Q0PiVclVpSl67ghOSZWN0dI8xRhaFF2mngfEOmqNlt5qIrwFw1AEVlgkgopVpfrlpcBR6MEgf9/MYVtssCduCYfDYI104Sjs1QJkEFNp67ysoeq26qCsvRf3ctaCJ+0/zl0a7QLIZzIWLklBDOJ+Brc9edlesmt5WQO8DBMX7QAATDpXt58n/GEig==; 31:6/deO+QbOSytKsghC/hCKKlHU3azy7UPehf/ZBLU2Muyu5XkG/U+DEC94sq9fm0kAYQx+bbG44W7W72BEC93lJksg0gFQNCvHRo484kO00EalNalFQLosatES6HfRgtc1Y/WiHj1ubwG+OlkYN6TNo/8jVCBKMC9M8E+Hi5BRihgTJL/7UTmef+eLwCNEgs6J+fJvfCkju4YlaJJxp+WmtnaZXk/gTy/8Eu9Jrca0S4= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:BiHdG8u8z2tTqdDa/iWUFTuYCoOTQBxuS3p1OxKuccxBRUAYsXzXO15lZf0/9ijUs7yGtR0AYlDOV+adbKWjYMr+3sA5yIYMNyDcgPtHLdbVeRslpJaj6qFwzyVUGtrjmcD0ZP91R/deoK/7ELkOIYMkAiDUxkzR0G0AM9PXOKwA0F9q0EOOGkRqyvbrcqnWXMh7HmDbIqHsXT7SmgLYhGrPYrhXM1eT5GKsIVWbqreD34QBbOmxSeNTtK9leQBMH8RDr9yIiBtENFzOK8P9s7IYsYIGjX+Bp6/KuAXTfPLkAzQrkNlsbGVdEybXuve3iQeA57v/mQ0G957nN1DU1AKjOEkmDCJqg6X+wA1hqhNPVFLgDpCDfcAvaZuKGSLzp0k/0VYqCbOipJJGD+PTR/XUiDRJTkIcoP0yIOZbluVjgoR5zDt/rVmst76E8zHOG0xFet179NIEs7Jr/t7RM15Pwi8aaLqG5KBsoDp+ONTihll0Iv9Pd6X14C0GFoIq; 4:PNMm7V0C1Ht5ZuyA+b6exGDBK911mVzX+xJgTVibvAiKJlN4aAcHIprSGODUYuB3BzoS6PjpPJkJLSgCWCtQRVQA79o1UiTcAchjMPJuvBrL2LJaJeOg74k+pUhZmPwMZSfubGkLuQ9VyQ/AeocyRzsBHCn03nBB/X6jRreGdVs+7zpyIMLq6G6LzonF6tKGxRU/J8CXNJKqiZ5Yr40wl/VMpOz9itxoXKiIgCfRdUTrnCxBComyfmAyUKYBL8ZvDFaXyPRx5l9+pFUP3Gx/pypBOGMIPUuA0Hq1xza4BE9GUei/GLnkZfLPFVyZNxBqFKdO69tzPNQrDif1wLKvOw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0160; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0160; X-Forefront-PRVS: 0450A714CB X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(97736004)(86362001)(23676002)(76176999)(53936002)(50986999)(1076002)(6116002)(3846002)(478600001)(36756003)(47776003)(101416001)(33646002)(6486002)(66066001)(189998001)(68736007)(105586002)(53416004)(50466002)(4326008)(54906003)(8936002)(305945005)(6666003)(2870700001)(81166006)(5660300001)(81156014)(25786009)(2906002)(8676002)(7736002)(2950100002)(7416002)(50226002)(106356001)(316002)(16526018)(219293001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0160; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTYwOzIzOjN6UEZVYzlLV0pDTkZRL0NSWHYybUNlRWg1?= =?utf-8?B?S01oZG10cEMxQ3o2TlVFdko5b0p5T3pXK1ZDZVg0NWJDdWRsWTR0MURXZ0ZD?= =?utf-8?B?RW00d21PdTVBWkVkN3IrNzRta1piUGluZ2F4a3pKaFdSQTBPb2pLZDVzZmdE?= =?utf-8?B?aXpKRTk0T1lOeTNCQVJGM1VVdlN6cURaRCtBZjVQN3VqaStUTWQ2Q0NxVTNw?= =?utf-8?B?VFA3aXZKMDVLOHQ2WTluQlY5ay93TitMN3VTRGU1R1hIWjcxZE1wT0tRUmtO?= =?utf-8?B?aFJOSkNWRHdUZGRxblZhOHdlVG93dlNoRHE4MlhqeUVJTmF4L25RanhoNkdW?= =?utf-8?B?dkMrSHZxZ00yUVVmY0Z5cVJDVEZIMDFoTERjZGFkTGczeDlJSkNBMXVmV0p0?= =?utf-8?B?eWY2TllGa0NYUjNvajlyNW9XMXlGcXI1K0c4Ny9oY0U0ZS9MVXZaMUZpSUYw?= =?utf-8?B?aldXTlFiN0ZDV2JUblMwOVlSa2k2czRRYlVzT2lsY1pUaTFNRjNaVVloMkE5?= =?utf-8?B?ZXp5VnQ5UVVnSDNScy9xTVVoMzllTG1vb1dnc1V3U2tuV3VWNFF0TVVMOUZx?= =?utf-8?B?dFpXTW1KWlY5QS9ZMEdvNC9MUWdXbjA0N2gxVmpoc3dnZXBHWU5OWStCVTFX?= =?utf-8?B?dnhMdFNsL294cHdldm9pY1lzdFEzb3dBSWhSYWNnMmovQU9nTndPVFpFRFBq?= =?utf-8?B?bk96aFBCUHFERDRiYXQrVEFPaE1xdjFLZkwvazcreVVTWEw0RHZFTVZQbFJG?= =?utf-8?B?aVhMcmZEVUZ1TTZZUC9hQklIbjdsMEQ2K2s1QTZXYXBsRDVzN05GV1NPQmhH?= =?utf-8?B?c3poLzl1V2N6K2tKWU1MbC9hTGgvVmMyOS9MbU01UDFhaEd1Y1JQUWZFVWE0?= =?utf-8?B?UkVhKzUyd3ZBTlJiNU1xRzBoVGh3eXpZMStyWnVNNnNINmVkbnkrbjdRY3o4?= =?utf-8?B?OTI2UmVnY3J1bE5PY2RpZjdBVTBqWisvMWxFUUtlSmtEbWhnd3ZCZkFtSHM3?= =?utf-8?B?eXRoM25XM3RRaWdFQ244RS9kRjVJMEpqdUt2SzFZN0ZJb1JXSFQ1MFEwNE1l?= =?utf-8?B?c2FRS0g0bDhZL290ME1OWGhrdEE4Skw2Y055aEpTY0dXdVlJQ0VVdEk5VXRL?= =?utf-8?B?OXUwbTdNRHRURFhyRG9mSFg2cnpVZEp6bXpUSUwza3NyY0k0eHowd05pVUZH?= =?utf-8?B?Mzl1STNFUVBHbzlXbmRwOGRURFJQVjlnaTQzdkJhNHE1VWFuRzRBUjVnbGs1?= =?utf-8?B?QU5BTTZOSzQwSk14MEEwbWhPMHB4N1ByUUEyQjRjT3laNHVtdzMzWko3NUNn?= =?utf-8?B?Qm1HSlZnRHNxOCtDUVlJSXJaNkQxVE1rVGJTazZrUTJSc3N5aXg0SE03ZC9w?= =?utf-8?B?K0VTbE8xNDh2OFdIcGhxaFdZcHplVU5WbEYrY0JZNmIxZXJVZEVwU012MFRw?= =?utf-8?B?THVBdHBkMFViNmQ2bjZMM2hGTDJFdTFHSkRVUlN0MFNvV3dvUXRtMmtpUFU0?= =?utf-8?B?Ym53Zz09?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 6:fTLylfRUsBoEsymClINt6r/5P4kPWpLGwjhTcM1XoDLyByOLOCMOzjtbiJlWLZfY141HcJFdsp1B4YiAaeFxyWD0rlHXmtf4R14wWvVTQ2K3LDqnBkUP3GyJXhrMocubjnpZUgdM2xrMnbY5ZGg8FAv0gXsYBsgAX7Q5h63H0q88ldVBJ4OpCBUNu/pOSzZPygTz9/7OJrzLB3nF/g5D/tS+OTZd35dC0nYsCM0Ei40mSyNB7sXuTYLuu9zw7S612Fk+MtN3UmGScI8Q1Vn+LZb3I4dcwTFOm7hmtCCGD2chdhgrmXOnjjETOqXWyuiBSM+LWjT45Sg8/cSORtvkZQ==; 5:bY9+/GRGmGikU/V2EkKXVGDvpgHxMIDApmZdFCZKJ3G/rk/dG8HdLmyAuLkAN0Q8/AyzvnIXBUuD9aEsgzXGYGqG/zb9QFoIitfeVn3KvrQfhoz/j/SfdVa9u7KtyUwfZJNK+XV0p02JrFogCocn2A==; 24:h4Gcb/ayfYUk0N4kcEXiSH3uQnbapgsE67fTOd2gcFBxJuoL+pYOZ7ZuMJKGFrHuU8ewzheBDfAvmZPTFFFcfCAbQg69zjlaxkPaQrZ59+I=; 7:mYJfcli3zDj9KrZgZa3d9HcZhzB76O74zQqXb1RSdfibfmZ909Jqwk+Q6+i5FanLfdi5vB0sQbz7TSCW10OuYVO1D9aB7luYRGvR5J3zAOHjB4dzaBAsYeG2SkMKtKJ4HB+Ii4KmJoOuabVudVZp2XeRI5vg9u20sLXqCQo9JCqi87D4m8t7vKT6zLpGypD9yqSw5sRfDv3PjVs+t2ZZgQbJX8FGVL7abvIBoQHLRmM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0160; 20:H0HA4qvgF1WO/M8P+wBzNMBnnEBSLp6U0EZPIMggQ21CcXvMJel5hz4JYfSSAS/pV/7kYVetJ9KMJdD+ZO66Hy0pw6LE3T6xli753a99SA+Kd/yb2sU8gdGExLWvwcxMFRrS2LKDC9AJ279EzzpOgPyiAC/FhbRI5wZfugq8Hjn8SkzIZ6xx/iohwcOlCLPOj5+Pp128HWutX9vjpjrwodcFXkPqfimJxUSAc6SWChd+EqwEkvy/I2uMmD/ITsmN X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2017 13:15:26.7447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for injecting a secret into the guest memory region. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 2aa50b220163..5ab81cc66333 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6396,6 +6396,75 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return sev_dbg_crypt(kvm, argp, false); } +static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_secret *data; + struct kvm_sev_launch_secret params; + struct page **pages; + void *blob, *hdr; + unsigned long n; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_launch_secret))) + return -EFAULT; + + /* pin the guest memory region */ + pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1); + if (!pages) + return -ENOMEM; + + /* + * The secret must be copied into contiguous memory region, lets verify + * that pinned memory pages are contiguous. + */ + if (get_num_contig_pages(0, pages, n) != n) { + ret = -EINVAL; + goto e_unpin_memory; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_unpin_memory; + + /* copy the secret from userspace into a kernel buffer */ + blob = copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(blob)) { + ret = PTR_ERR(blob); + goto e_free; + } + + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + /* copy the packet header from userspace into a kernel buffer */ + hdr = copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free_blob; + } + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error); + + kfree(hdr); + +e_free_blob: + kfree(blob); +e_free: + kfree(data); +e_unpin_memory: + sev_unpin_memory(kvm, pages, n); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6442,6 +6511,10 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_SECRET: { + r = sev_launch_secret(kvm, &sev_cmd); + break; + } default: break; }