From patchwork Mon Oct 23 22:07:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10023277 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C210C60245 for ; Mon, 23 Oct 2017 22:08:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B4E382880B for ; Mon, 23 Oct 2017 22:08:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A95FC28859; Mon, 23 Oct 2017 22:08:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3C4872880B for ; Mon, 23 Oct 2017 22:08:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751624AbdJWWIA (ORCPT ); Mon, 23 Oct 2017 18:08:00 -0400 Received: from mail-bn3nam01on0063.outbound.protection.outlook.com ([104.47.33.63]:64905 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751113AbdJWWH6 (ORCPT ); Mon, 23 Oct 2017 18:07:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=xBBbXTNFBnBzRpt6vfh05lkPSsi9AmRZbLjcnOuZfz4=; b=12EOazaLwpcHceGMa9Q0uCPOEBirVOGDfGC9vUN+WHQF7ChvqYfigwhEu0j+N25OY0aSIUeYnFjuLvmWpk2DGowI9Q6NYNhpUQFkvnwdvfobWPjqJVuilUi6IJjQAMyAnITi+kbIQ/EHRN8zzu1DrWWIlH9sGbeuxHZRTj/tf1w= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.156.4; Mon, 23 Oct 2017 22:07:54 +0000 From: Brijesh Singh To: Borislav Petkov Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command Date: Mon, 23 Oct 2017 17:07:42 -0500 Message-Id: <20171023220742.46877-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171020023413.122280-1-brijesh.singh@amd.com> References: <20171020023413.122280-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR13CA0081.namprd13.prod.outlook.com (10.171.162.19) To SN1PR12MB0158.namprd12.prod.outlook.com (10.162.3.145) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 4a67dbf8-494a-4f2a-756e-08d51a628322 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199); SRVR:SN1PR12MB0158; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 3:+4t1ttd+sj6G9pHlIDVl+JZwUmCBuECd0woP5669uXqAURDIXWWWvCFNL6cJidkr3Lox3/S6PKmBcxiJuh+MBfkEgR46xnbMm/1vj+8zrjexzNHNZGVUrHOcUqOgTxjrqa8c05SFJJLq3mTBwczZths9bCTH+rmqZhWxSo7FM1ufjHvNtSEgYcw8e5n4TtIPAROR5zPLgVE3ZBr7dOg/gE0l0dWNPy5OqaSnAhiklnVFN3T1TJ0tyS1jzxRsA13M; 25:xfYLid/78ljGaDC51ShADgIoexyIpJH4TFNytaTO7ccTTsLyb95v3XNsiw1MJr7MrpE/c08XG6A04aauJWNiZDukA+H1GGq8IdjwMaZc170Uysn4tc7kP8lc6hS5b0/C2KdTcGP2Qhl837ppMhqk5rVQcuPiEeWtWjt2Jdo6HjzJOkw1/HY7GvMBoGeC4TpzgntcBWA8gQIGAyI9udrOBw+bT9tq4SXtb+fqKnky+YJDTMwhe35rLCeG761TsQNfkavI2iWVyxsDZnONogFqpB+7jgpY3hZb1Zqnivv+PBue8RY3umP08XNfhRxXrejfzcN3rjLxp1ECnio/7JTQPb1WHpauC841Q0Nn09miNl8=; 31:kRo+bvGGik61n+LxIFJSiKsMsaPo+3w/MIyVeWxR2abhYfA/gI3eKHe85740wreRcVxjiUzQcLaWt+s6MG75UjjMGJg6v4hECrAj8E4Ft3eeIs+qjR9ggOXUK6BXnrSwWbYzf8ZEVrDKfcWI22NA7IHr7kx9shystcB0kJDZG6iC9ag3ZOPcz0GYcCyCShqzsj1nnXQaRqFz5yoVp2GuI3+DoKZviQ87JMuDcgIzdb0= X-MS-TrafficTypeDiagnostic: SN1PR12MB0158: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:E4BohMPW85I6fxNVRKnCeaE9H0yXlnX7RoKRHlq7BUxVJxfPPH2pM/g0eZWmx7NrFEAjCIXNsSdSw9gqw5YcFNMpwbN505dpZJmTgkol6E7syhuaV/B5IoM9NSLz6n2a48cgiIW0v3ZPrGm46aYa6m3hGYPyCQoQRxpZQCOzZsVXjQPdqIcs+GFm8nsVuKN3a1PwZpIyk+5s9/7ilNWXkzMdbTA7u/75WYrRhd8iUxo/ngoZsU2O5AatBc5amEA91Pk+NjpKaBcV+X7mfQl+m5fncNxtjsWK/UjriZnHy2h4nDXyhgLNAPv3spcl8/OV8FcZ9ZlYEbqix2lxJsqGA8tF+E0/99ZADC1RmJJ1p6i1ltBreSlWHmNtbCJ5ZdB2SOxXi/a5Aw7K3ZNS3i8mTiWpMQblObTeKi+PqorEs34lqf+dcf/rKFLVW4SIR0rdDMKhC94PeLJeKJbZ9yPKTQ3KPq6u8xO1jZBsWEDRLrqTICw+sRVzxlEZbtD5VWVN; 4:I9hB3xthLX8pi4+DNDWzGceQFhKBj8cd7LRfQ4uJSfhdRndojHUHUz2QXJYfLdrggHAsgK4CfiCwmI86zOpCeVklAJUEro82QOvHkdyOxd+FPsmiRO7tShd/cqALv4VC4GJ6b3wWCE8WYS/XPPa8ZFr8LyOORiSaglezrMYzczLqka0jZ1wIwu/oq9Qj3bP9nP6AyM47UiyyIyF7Jwbjt2pSshR5rDTSA/6IJSiT51eviPCPuWAEYz7au+7AGETemudtdVOZli8bI1l97SNbiHOWFJRJgrhcCgopOqSr9y0eZHq1u6jbwM4HWy5yXipIQmMw8Z4swPoHydQXr/M1fg== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(3231020)(3002001)(6055026)(6041248)(20161123558100)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0158; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0158; X-Forefront-PRVS: 046985391D X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(8676002)(305945005)(5660300001)(47776003)(50466002)(81166006)(76176999)(50986999)(6486002)(81156014)(50226002)(105586002)(8936002)(189998001)(68736007)(2950100002)(7736002)(6916009)(2906002)(66066001)(101416001)(33646002)(6666003)(316002)(2870700001)(54906003)(16526018)(1076002)(86362001)(36756003)(3846002)(478600001)(53416004)(97736004)(25786009)(53936002)(23676002)(106356001)(6116002)(4326008); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0158; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU4OzIzOkRMQisrOGZHejdaZStqV3RsaDBjUm5WNHhp?= =?utf-8?B?OUYybWJaMC8xcm5LU2U4NjFSa2NQb1pRYXlEVUlmcTNuRnRwMEdYSDE1WE5y?= =?utf-8?B?UWFXVklWd2pKS25QWTh1NHhmTklvSUIrT2czL0tOWE9JT0ZHSEtuU09lM0Z0?= =?utf-8?B?MHk3ZllLL0F6bDZTZ2N1VDh1WHQvTmtCWW9tbm5WNFZmZktOTDNPRkY3TmN2?= =?utf-8?B?Q3JubnhPOXFJeGkwRlZEZ2VPcWpZOXA1VjhqOVNpKzJlNytORUkxTnQ4TnFt?= =?utf-8?B?c0hWdUJpUUY4YVBSUG1RWmUzMXlxc1BQTmlHV3JrRVc0b21pMEhsM3UyYmFJ?= =?utf-8?B?WStycVpRWitSVFR2OTFjYUtMRmQrbHdvdzN2a3R4cmJwSURCUkpoZGQvN29L?= =?utf-8?B?NmN2ZDQxYjRxdGEzZlJSMjRML1k5ZnE3QURSSUhXamVLNmZ1SzhscXpnaUJs?= =?utf-8?B?ay9FU2tuN3RRYW54NHdZNHN2Y004a25FdmlYR3BoU2tnMThZbjIxRmtQN29n?= =?utf-8?B?ZGZneEgyaVArS05BdXV0anlPejVUdGo2ZmpEUitRejNoeEFvMnVqcXNraDFj?= =?utf-8?B?cGZxVHlFRU1tZDRXQjZueE1ZSUs5RmozeDBoeUFMS1ByNWdROW9ETFRTOHNS?= =?utf-8?B?MnY1bGxXZzZISmNoVllIbnpTRlBidXhPQkJiak5hbjZIRTM4MTZOQm1WdEEz?= =?utf-8?B?L01SaEpyU2VnSlJCUVQ0cm9vbmZQUUIyNEZWNC9aOUg5RlV5Z3ZoSEM2Rklx?= =?utf-8?B?QlhIMzZmc2hjYm4zcjJYV2VKZ2I5aGZxbDJQQStleVhJb2FxczY1SjJYSXUx?= =?utf-8?B?N09Bc2ZRSmxRSVJES0FqeUdCY1kvWXpXQUNWQmFOQ3V0bVlWS0FxdmdVN0lN?= =?utf-8?B?R0prcUVmZGNRaUpRQURoWU1CQ0ZyVkowVzVrSUV2UGRYWVR0MGNvUDhYbDdt?= =?utf-8?B?VGdCUkpsN0NSTC81Z2xaSHpkN1g2QUU3MU9WNHlMb2Z0SGswbTNpSCt2UUho?= =?utf-8?B?L1lkbkFsaUdONGpVY0VYSTh0Rm9xRGgvUVRTRzdnaFEyaDNSb1F3dzk3NktU?= =?utf-8?B?SzhzR0lhTlo5R1gxeHpyVHBxWDcyRHArRm5TellqUTJJQ2doMk01WHdUUnF5?= =?utf-8?B?SkoyeVJEQzdTU1gvYWFlT2lRa3NhcEVYNnUzVWNNTDhNeFphK2xLQ1hnU2VP?= =?utf-8?B?WlJlQ09TQytZV1ZsOHc3c2kyeTRtM1BZcWRUeWVBTXBLVGcwUzJwRWJJdHFZ?= =?utf-8?B?VDJFQUlhNkUxTEhRR25PRldTbzExRnJNTE13bmMyaHIySW5BR2RKREk5QXAz?= =?utf-8?B?emFPb0pPM254SzgwU3hwSWlackZtRmVqZ0RyOWp1WnBGVlVCamxzczFEaUNi?= =?utf-8?B?bERZNnBTSlBLNzNXQXBhNEI1bGpPQW9tSGhnMWNtYkxJUzhyRklWS25Pckhw?= =?utf-8?Q?vUU/fyYeyYzbzHXDSxHP8ElyfzG?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 6:Lfnkwg+BccClXBfSc+V6PT4aYEbrJ//nobk+z+tQi8I3GrAv0opXHJRCSBZX/iQmw80UU/PErVzRgLoAQC0daVWxPIiwB3r81X0zvP+2RRU2SFz7dLyjpjjMkmo4J/8B8U0Uo8IkZFz+MtbGp5LLuOYY/hSrxQGMYfusLRQYMsmjkhp3vg2TgMfbm80OOG/gLVqwL3h7cuzKlKvChWkpp07DednhDAJTf09XAp2qS5BpDFaShAPwX71+Dldk3QFtOA6ykQX4dx9YwKjxgE43oapQye/GVtSwy319PkOaDrOluUqRN69xG7bBtJz229wVJ1OVVE4sBJsFIC4iKgKyXw==; 5:yQJOrj1/02ymTzXKRZPcpSRfIl3KxZdqtHWQwKdTLB56wRIKGlj8VRFp5pNAUGn4k/m1XfpFaBuckSJLdkHWxJqYM5oHkq3Eq9UNp1y2Pb7oTT4PBrpshdB9elwIvbd24x0y61xGIzaNBy0f7xc3hg==; 24:frcV/OvISmPHw7zxfsUwzKEuhNIMf82QsVj9WCyMkc+7xk28ZPqp9kaLp9uzsQ+lIUtjcCMsM0rzsXKzr7GOt9D6zhqwg/oSC05AUsLezI4=; 7:dZTmfpRCYfdlJP6QrrchETsX6x/lEdS6KGe01OBqByBCzXQiO0xSagkuS5p9qo8Jxag4Tc1Rzdu4t4FQTPk07CZob6Ic4ty7u3MA8Y9lFJjFxkMaUiQWIt9yOaHPSlrRsY4s4G7DnNASUeq9qtP3JbY2e0iYGOVqR8Kb8mdFxNsZPirRPWD+4oWcLHStuuCWhKYBMrqJcNj+L0cow5ZQB1yMRVovW+ibILDeMqa0SeM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0158; 20:aTTneLG+/7Xnzr1waCOjhKU0Qofh14i4KJjv2mhH9IPSBs94JK+AIAGNMfjv9ci8f5H9AyLTDvFkczfwMutk49ouE7c2dCJbat/+fKf31L4ULAdOefXGwZqhzrBjGfK/S9fpt//1e5W2vQL/PONuE2+G4sdgizckyMtZhRqA8lEcw+LTBVySMIwVPxRzVYW5hCbtLPwZN5RXxwQUclcyLvh8jTh8MxhOmE+fRv8U/FDG3c2L/4QWoKl0Y8NEmq3c X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 22:07:54.3859 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 4a67dbf8-494a-4f2a-756e-08d51a628322 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0158 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_PEK_CSR command can be used to generate a PEK certificate signing request. The command is defined in SEV spec section 5.7. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- Changes since v6: * when sev_do_cmd() and sev_platform_shutdown() fails then propogate the error status code from sev_do_cmd() because it can give us much better reason for the failure. drivers/crypto/ccp/psp-dev.c | 81 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 3672435150cf..aaf1c5cf821d 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) return ret; } +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) +{ + struct sev_user_data_pek_csr input; + struct sev_data_pek_csr *data; + void *blob = NULL; + int ret, err; + + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* userspace wants to query CSR length */ + if (!input.address || !input.length) + goto cmd; + + /* allocate a physically contiguous buffer to store the CSR blob */ + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } + + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; + } + + data->address = __psp_pa(blob); + data->len = input.length; + +cmd: + ret = sev_platform_init(NULL, &argp->error); + if (ret) + goto e_free_blob; + + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + + /* + * If we query the CSR length, FW responded with expected data + */ + input.length = data->len; + + if (sev_platform_shutdown(&err)) { + /* + * If both sev_do_cmd() and sev_platform_shutdown() commands + * failed then propogate the error code from the sev_do_cmd() + * because it contains a useful status code for the command + * failure. + */ + if (ret) + goto e_free_blob; + + ret = -EIO; + argp->error = err; + goto e_free_blob; + } + + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { + ret = -EFAULT; + goto e_free_blob; + } + + if (blob) { + if (copy_to_user((void __user *)input.address, blob, input.length)) + ret = -EFAULT; + } + +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { void __user *argp = (void __user *)arg; @@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) case SEV_PDH_GEN: ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input); break; + case SEV_PEK_CSR: + ret = sev_ioctl_do_pek_csr(&input); + break; default: ret = -EINVAL; goto out;