From patchwork Fri Oct 20 02:34:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10018643 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2984360234 for ; Fri, 20 Oct 2017 02:37:52 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0528728E6A for ; Fri, 20 Oct 2017 02:37:52 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EDE5628E89; Fri, 20 Oct 2017 02:37:51 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 68F5428E6A for ; Fri, 20 Oct 2017 02:37:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752542AbdJTChk (ORCPT ); Thu, 19 Oct 2017 22:37:40 -0400 Received: from mail-bl2nam02on0071.outbound.protection.outlook.com ([104.47.38.71]:59884 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752303AbdJTCfy (ORCPT ); Thu, 19 Oct 2017 22:35:54 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=mIYzS9wBdcXY4uS77yb7ZXpDlFeXEAzRvcQaGmAAzFg=; b=C50o6BnznEdgCljOFqfp4CzhtO7B7Vyya2VkTdwue+9oZvTIeENn/EZv8U02j9FRDy0L/XzQ+l8CQ+gOEUEzycdkSqrIxVohUeto1/Eww1EwuCxuQk//EBQnjVNDhGUAQpCfBo5H48arc7VDXcEoxSLcMjCcMJCMTqXEjjILJRA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Fri, 20 Oct 2017 02:35:41 +0000 From: Brijesh Singh To: kvm@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6 34/38] KVM: SVM: Add support for SEV LAUNCH_SECRET command Date: Thu, 19 Oct 2017 21:34:09 -0500 Message-Id: <20171020023413.122280-35-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR1701CA0020.namprd17.prod.outlook.com (10.172.58.30) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 2f575602-d6ff-4d6f-c9ad-08d5176342bb X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:PkJw0VL1va/lia4ZkckzSMNNiZZm8EiVQo+TB1oFQINHVmxxY0v0TZ32T8LzI5rI7R6l9PliIt14N4IyX/s4bU0IyCQJuptwpRBBbehM6W+lZAhrAdW3Tho+Aq9MZi7wqkVznDcbMA9+A9NYgWFlmJwmJsWFJjwPeTg+yd4IDCZPS12Nj0DTm+T9Xp/A+dkDTZCUKyV8rQFFFP07U1T590/v9HXbtm6YzGYzUJ3/72ZAsz5KeOLOjq0VRijPqAgZ; 25:w0921wLuESM4VLIauSJiJ8wscBYTtnGoBnzh++AmafU3HrE/9Ot957CLLAjAyIOVwkDIS/KbrrcYjYh+etGBeR6ZJG714YfzVSbsN5aAyS4ZjVWehIWdj0jAYMtld0Idnx2vQDL6dDgnHLfQ7/Ii+tM0afq3dVgMLQGfuZ9pGAFPstzfpy7hRSu3pEUcCosGTDyFmFKMTSvv3NQa1+oK4ouAm7+3WCfQlkoF74I3w3SQ6dpt9Ms/xZh1aL8JjmE3cVCu9O8yDSc3vy9szsti84271J9X5tbmYvdZNvIc8pvRKx580FIyEg7PxtDNF7c863CwHCCGL13ey5YwwNngvQ==; 31:8eb1AZCTzu6a0I9S3R2WZqOGgdCZBEuj9xoXhWApxJba6t9v26V1hS+VfO8I6/UEKq6P9WHnZ7jKc2DKnQu55XM+paNZ1SkjXG030vY2uTx0njpykpMeTou6grULb68e9Mg/6vUln0AfX2FWodhWcGzMltLU7kaGn1DZn9lxK8ajwM4C43WkZvZ6ulzAc3wH2YPjh7y1zlgoBi9ulqLiR++zGDynceRb2U23R+F8dRY= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:InSaHRwW00awDemvDP3ZoFEiCVE4Vm2yClk2jQ5q7Rv5pyfqyBlZPEB7v6pCkVFdOHqWfFhO8m8L96+JSpV1dWe4mydBgcvAtda3Vj/m9WNQUthTPMwEM7AU8+pqnIbJZ6xN0pg+wnQhQe4S02iv6LCiXmdGKYK8Lp9hYu0PfmGYy7xJKMnPetHHE0tH7FKXgx23LBMXmClRQFFMtRbvtFnQv6EjHSip0OmkAQ6WM3P7CiP2VsI0BfXvS7pndxXmhh7/jTu6VLy321h1vYKBYM3ng7IXUjtigIMkeuPQC8uTDjn45KORIAcENNx6LFq+PpWdzs4d6YSZK/hEj7IwnGdW7BAqQYeNKf5TB4aTpGWHsdLjtuDb5dnndlyzBLARoAdsayTiUwcm8rIXrHihI2XAYtcO3IwnAWWHs+Jj5sm5XRC73wPFgsKvfyAYBzJGP8whw0BwHv80tg+kxGXQscwlv0Zee/iPXOw2U0Y7pQX57zwjvzNTuYU7O0R3dyPl; 4:d/pQq2DMnRzHe3QJdeMd0PxzRQ90CnwDgWamiUCioOSMCTNt3waMu1TFHFGnWPBqOfttTTEFCQtBrpmHq/2qlaDd7Ho6+IDwvDJV16YrSBtJKwdtKHIQpl6seMrIVfHIXp4IbjfySxD1NF5UjZX3pOcswWbbJsRKZDVtC7TrgEMlEjZZFIOsrmhJAyQUz/jyp5vquwupjvkfY8XAa7zsk4jQnAmH6rGxTY8PDY0zHhzoOFLNi0tveg87guXqAwCbvokkfwdD+OH4JL8gBs8hodAJrGNb5FLrii9ZxHhu0eD53AxWVNPgUGT7a9bJhPHqZXsTHWI/ab9dupysCyq6zQ== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231020)(100000703101)(100105400095)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123555025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123560025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 0466CA5A45 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(199003)(189002)(36756003)(7736002)(68736007)(50466002)(1076002)(478600001)(4326008)(16526018)(316002)(53936002)(6486002)(86362001)(305945005)(53416004)(54906003)(50226002)(2351001)(106356001)(101416001)(81166006)(105586002)(8676002)(2361001)(76176999)(2870700001)(2906002)(50986999)(6916009)(23676002)(66066001)(47776003)(6666003)(97736004)(6116002)(2950100002)(189998001)(8936002)(3846002)(33646002)(81156014)(7416002)(5660300001)(25786009)(219293001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOlF1UGJXczNMZ2ZMY2dDbnZ4V1pQYjVDODcz?= =?utf-8?B?c3RuVDF6L2FLMTRhT0hOT3ZHYU8vaTAzbGd2UHpicEJ0d2d5NC9OLzRxOG5J?= =?utf-8?B?eFJhY3dkVXhCUjByTVlBMFQ2cGRPVWNxVm5OTmlpUmk3T3Fycll0RnJsNHVQ?= =?utf-8?B?ai9mRC9lbjE3WXNnc1M5ZXlPSlpLdWFFYnJZdC93Uk9GOVk2OUV4c3JoQkdB?= =?utf-8?B?ODR4Qys4TkU5WU5waHVMYUpBZUFDVXFLQTBmdEx4WVV5NlVVVyt6L0Zvb1Js?= =?utf-8?B?eU0yV2M4aWRhaFBsbTYyVHNDdnpzVGVxTU1UZ3pEbXBFSENzQnUvNzM4dXh6?= =?utf-8?B?TXlpNTNUbzFZWlBpNHJabXNNcEZsaEZybHJUVmJwdTN0MXR4MmZZZ3RHMGlU?= =?utf-8?B?aStmNDR0M2hqMkxlNERNNXFWR1JVWS80dmxhdFM2VE5rbWxHRlMrS1dKVUsx?= =?utf-8?B?cExQUGpibmdVUXJBN043TmUrUVhtbVR4dG1ISFdLM0czZ3BnMld1cVg3MG83?= =?utf-8?B?SEk1YnorMjJFRjFyMDNCbncxUTIzUmtaUnUxbUYxb3NiMEh2dG0wYkpDNk5Q?= =?utf-8?B?YXFWR1YwclZHSVdscGltWDBJYTRpMml4QmZ6SFZhamRZblNWOWdXZSs4RUc4?= =?utf-8?B?NFZsUnVyckJEdXpJbHZJSjZNeFpLcVBISWhNU3NSVWI4U0NEdWZpUUFqaUlq?= =?utf-8?B?UzVBSnI5dys1cXNWSDMwR0hpNkV6WWNkSjJPR2d2Z3ZEdHE2blgvMlNmWFNj?= =?utf-8?B?czlvenJ3aXY0R0wwNlVOUXpxN3NNeHJpaGR6V1JtTUZVOHlIQ2JlSFJCdnBj?= =?utf-8?B?OEVvc2FTSUtNUXU1eFV5TkNGM0dYYXhhM1Q2ZE5uUGxzdlpLdW50TEtXUzRv?= =?utf-8?B?WkdYQm5YMXFOYzZMQjN5ZkIxNzRYMFExQklMUXB6eFV1Y0RBVWZEVFRvdm1G?= =?utf-8?B?Skg4b3pxNGNmREl4eDlZNXV6UjdZa3BTR0hENnkwRnpLRjdycHNPSUNvK2xI?= =?utf-8?B?eWNKUEhBSXdPY2FRMkQxamtWYk1wcjhqM20vOG11dW93dGFLWjRMcjcwSnRF?= =?utf-8?B?ay9DcElIaDBnUXpJVzBidm10c1U2aXp2UFNRa2xaMy9oeTBFVm8vUTJYaGNJ?= =?utf-8?B?UGVER3NHdXN6d2lKM2NRNnJQT2NxQTMvRWM4dDByZ2xHUjJXSDhZYStuaVA0?= =?utf-8?B?M1JEeWRpRmVsOXBZSFVSQUs0cis0UmdDU0JPUXVBdDRyTjFhY3RpSVdiVmZi?= =?utf-8?B?QWZkWk5rcENrc0NTLzlyNlM3WW82bVJ4bHM5b2tPWENJelJRdGxXL0xHc3p4?= =?utf-8?B?MTdyUlgzU2l1VlgwYWp5N04vT2dZNlhKNjhWSkZjU0I5aGpSaXZxTkVWOHpx?= =?utf-8?B?QzRzWW9PbHlRdW95OFpJa1BXUEVvdFZ4RXAxeklTSlFWYnB3MktZMzZXeXJN?= =?utf-8?B?N2VPY3FFSUpqSWYvbnlOS21SWlNFNFhQZjFocWVIbE9DRXY2MSttUlpwTzdm?= =?utf-8?B?Nzcxa2xabW1QMitZZzFJclViNHVZMWVraXVGUWZ6Vm5oeTZTL3dvSnkxNkVr?= =?utf-8?B?VFJJbzVHZ1BtSHYyL3U5d0krT1VhNUE9PQ==?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:ksfUSxM/Aw0Firk+g+2r7xeG5Trrn0NmUQEpN7nCWRKcvpr6wyG4C//hIKLyQYsdtE1a4tPy9scWo6XlVPN1xEgKf1JAYsw8wnszOTzNyw6i/TEBmb/0ubTGhTh+F38aGQRLoNsknwAdAuv0U8KQatqyUmY9cBkE8wpMm+qSiYePyr2Ugv4A5fdNwN4uJFvsLvQ3inucaznpvum6PQXRNqLRQgIFEM1l5coSvlCC49sL4UGTmnLMDV1IeH6ncC0zbXL+5HYUF7wXckUZBKz68O81W1o04iU8WShqh/dXv+eHF/AEZDC1JUf4GHU2jqBO8EAvtOTF/A7gCLx7GOkOcQ==; 5:gsclNIsIZEF9cRQeBCKgO1TrtCUoQ2r3tX84cuBWPC/37VrcJW5orvWw+IxlnMdmYZnh7sy7/sugdeD4JUNpi/dVcG4oslp0O3ofjxFFCzSzn2nLKZPg5r1F2MTj1o+KnCHeJRv7ylFqwrn/zFt1sA==; 24:q5+/SiGK1yeDbhz3lnsL8X6D7e1Sys6OfJfPm+tnJG/7GKEScbJF81EftwarAOrf23O9jj1wHsZkZKRFjTjqhdFceIJ24AcTDjxZf2fbdxc=; 7:itXc+cPc0YYSDpHSEfPXAjtwLMbQnKIcQTP+4zDFcaA8BMuHLNLhT5FTQofcRp1oqKB+N3Onb42oBR+mdEoSLUJgi/SBbDVeS5EjMd73xyU7Kr9bztIqefCldqbus0OJKyPswOuqNpNWnC4CKewNnKS/idgCt80Y+a03TbVmVFw8INExrdq26A6wioCyVpTKyFlzz6aN52+ept655h6G4VUC6UUFWHdNBztzJ8Srcjs= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:/WzddpvPxV3ZOT5E0trhXwMK3hSNPDQBgtKjjydTQMQVeOHKmM0Xfy6QKYxRX8Yn+8Izij6F71R/L5YMYyxdO7KlR4c4JyFidkApniXtyp0P9ZLw7osyEfSJouvE4okYS9/xyJ65X+k86sBYPlwj48kd2gfcqQA7hmRb5DrW+mb+Zd8VadBGGBONZ5RhpI6AEU/7bagSEcHhxi9Z95NLDMfOeMgpoxyTjve8tbLDApDTNl/9F8TgS4aQJoKqe30b X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2017 02:35:41.4409 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 2f575602-d6ff-4d6f-c9ad-08d5176342bb X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for injecting a secret into the guest memory region. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index a91eae7b9c80..c72ec87868bb 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6305,6 +6305,74 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return sev_dbg_crypt(kvm, argp, false); } +static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_secret *data; + struct kvm_sev_launch_secret params; + struct page **pages; + void *blob, *hdr; + unsigned long n; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + /* pin the guest memory region */ + pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1); + if (!pages) + return -ENOMEM; + + /* + * The secret must be copied into contiguous memory region, lets verify + * that pinned memory pages are contiguous. + */ + if (get_num_contig_pages(0, pages, n) != n) { + ret = -EINVAL; + goto e_unpin_memory; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_unpin_memory; + + /* copy the secret from userspace into a kernel buffer */ + blob = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(blob)) { + ret = PTR_ERR(blob); + goto e_free; + } + + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + /* copy the packet header from userspace into a kernel buffer */ + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free_blob; + } + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error); + + kfree(hdr); + +e_free_blob: + kfree(blob); +e_free: + kfree(data); +e_unpin_memory: + sev_unpin_memory(kvm, pages, n); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6343,6 +6411,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_DBG_ENCRYPT: r = sev_dbg_encrypt(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_SECRET: + r = sev_launch_secret(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out;