From patchwork Mon Oct 23 22:19:49 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10023307
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	3F00E603D7 for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:20:24 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 31264287B8
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:20:24 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 25B2A28903; Mon, 23 Oct 2017 22:20:24 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A0ADD287B8
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 23 Oct 2017 22:20:23 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751546AbdJWWUI (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Mon, 23 Oct 2017 18:20:08 -0400
Received: from mail-bn3nam01on0078.outbound.protection.outlook.com
	([104.47.33.78]:60384
	"EHLO NAM01-BN3-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1751209AbdJWWUG (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 23 Oct 2017 18:20:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=VhuB5oKxi02dSy2PudklIH/KJ1KslCvRLb/q57VaG44=;
	b=NnN0xGuQipqK6rKlSe4Po8FanjA35N8rsm1ZdW3Yxv1RYB98grI3Hn6VJX7Zfil+QwTgHNt6oPyo5OXgs1JLeVDkYpM11Or0fCDtZTUVi3/3h7AMm1ng7RgmICV4uokd7SvBhTnUKxTVO53jR2KEPmHqDOkKtO7yEqYciElJ9Ms=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from ubuntu-010236106000.amd.com (165.204.78.1) by
	DM2PR12MB0154.namprd12.prod.outlook.com (2a01:111:e400:50ce::17) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7;
	Mon, 23 Oct 2017 22:20:02 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: Borislav Petkov <bp@alien8.de>
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Borislav Petkov <bp@suse.de>, Herbert Xu <herbert@gondor.apana.org.au>,
	Gary Hook <gary.hook@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [Part2 PATCH v6.1 20/38] crypto: ccp: Implement SEV_PDH_CERT_EXPORT
	ioctl command
Date: Mon, 23 Oct 2017 17:19:49 -0500
Message-Id: <20171023221949.47898-1-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171020023413.122280-21-brijesh.singh@amd.com>
References: <20171020023413.122280-21-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: CY4PR02CA0040.namprd02.prod.outlook.com
	(2603:10b6:903:117::26) To DM2PR12MB0154.namprd12.prod.outlook.com
	(2a01:111:e400:50ce::17)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7651ba89-172b-42fa-5400-08d51a643502
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603199);
	SRVR:DM2PR12MB0154;
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154;
	3:lKclbpfhJWDQc5D79H0F2jpojYkTZJvXBOEyHIdcvHFunkP6thCznK4hz3/gqSO4qU/feQKp4F1owTnl1kqCeajKFICT3YwC8V96WbZ6phtfv2O/3leJPVGHYYXakGWr4lb8wTwIsabtu9s2ROQKzvt3V5FUM5dou/zHhdDTfE9KGZjs/+Dppl9DkA/mRFto9jlKvogb15CP0FGYb5Vwf/av3/MQ0hva7Ou4lCkC2IX2xlAzHUknD8aEPDHxVCUg;
	25:slwbwnjoY7tnYJlSKVTvcjvUr+eXoXKtrIdo8CgMkxgadbza+pYPy7zAHg3PKdKX3MHvtdgiXtz26PB7BVlaVLuWDx9uua8OT0+4eW89Fo1VfeHH7fUrwu7Dah+IfhqYzG0qgMKZeccOO6Egv2El51Opm5i89AmWRWhTjYpwZKuwmYsyybHgQlnw9hd4iGXBsG02w3nC+Jz5nDE4go6fsRGJvTK18x+f5xJnu0YrOAArX3hh/trg329P9D0ve2s3HBYMd06wy1sH/0+fhE+vOPJoRMKdj7tkob/A51J5IRyvvmm8EfoFOIJKFTMtZy481hbUAueOZ90w0jMQjr3JUIGH0prRg2MtWGC8Naj4kjY=;
	31:k7sCeQINW8SBMTwtL47EnRDmm/PT+cmMLEObHpYn8zoZxAuqIoCsxM1PC85JuEliY+VDREFRTdWlrrFiDEBceiGKIlOOg0IGiDjZNRI/81KpfzLT2JWxsuhqqqu8N/GoBpZMfY69f6xpjmjSpfWXfTruGrDyQDaWN/d3/4Hxjepf0CdE3ywjKLtY4f8RYSle7VZvEN4GUUu9NKDUBOrY9txiuhYNCGQaoVSwMHtJhqs=
X-MS-TrafficTypeDiagnostic: DM2PR12MB0154:
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154;
	20:UAW2EaUGTqooZ7OdYS4dK5sOr6o7+6I31eja/In8j3/QeImX9FUJ2z+GbMLvxERYA0ijl4DxJp4X675O0Yhvg7/Bc3rJYPRAG2+ycl4dfU4MPNe+pYc7hws6HfTfKJQtbI9kkrHkL9k+TqoW8Rmf9NFNRthq9ZMZ8/CiK//xWWbeEWlaZ4sxoxfVz7A68X61EiYQRn1faCzms43Kn1870qb6MTfKcG+ALIukrtBNzmc6ur1S0NzJqYliI7+ZQchyLUZxXP5qkLxdSv1IeIm07qlnqgyyjQsHiRpK+4vUHdm3zJyrZIkohBPVlLjRVg34XUWIz9oOxW143vIihFn7gauzhh/CrJ9TPaIuiO+rdHp6S5IrKJjWRUL+aNNwFPxVA4Zg2nsCreYTC2JwhxxyHq/I9w9rWavujoHxyZ6HmD5pjK23EQg2klYDgL1etZ3cRrHmA5BQM03ND5v/tbOnaFEWNeE3dlWOOvoGQASci3q3Wak60rcAu/FxyDm/QweA;
	4:dc0UqfDzoLeF30clq13ZEOsnHHniQnK83nriTbyBxtGo0DZnebWRfQqAt/rn8b91rVRWLQCSES06/ZGuIC7XynPiKSQBqYALwsvTd0Df4zQnDRw1LcJaEh9f1IGDdZopq5m3Xr5xAdWMAhSabihqR9ImAg9/RKJE43o3/7SdxdtUxco2WJgZ69kE+LQwHppNWPm3xHdkzkXoDipNzHs7KK7IG3yYw9GuLjLkeXSLpsFAYXZEYnVsUz8k9V7pSEdK9QHwmeRS4Dkj7RFjyiypz5lOfxF1kZcclhFKiuXZb3oUbW7CYHIisPQx4S/5b4BI8Rv+hq+SPhYyzMBHhf4tXA==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: 
 <DM2PR12MB01542FB8929016A1DDBCFC4EE5460@DM2PR12MB0154.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(100000703101)(100105400095)(3231020)(3002001)(6055026)(6041248)(20161123562025)(20161123560025)(20161123558100)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:DM2PR12MB0154; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:DM2PR12MB0154;
X-Forefront-PRVS: 046985391D
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(33646002)(4326008)(106356001)(47776003)(97736004)(53416004)(2906002)(6116002)(2870700001)(3846002)(316002)(105586002)(23676002)(50466002)(1076002)(76176999)(50986999)(101416001)(36756003)(6916009)(2950100002)(66066001)(53936002)(81156014)(8676002)(6486002)(305945005)(5660300001)(7736002)(6666003)(50226002)(189998001)(25786009)(16526018)(478600001)(68736007)(8936002)(54906003)(86362001)(81166006);
	DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0154;
	H:ubuntu-010236106000.amd.com; FPR:; SPF:None;
	PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtETTJQUjEyTUIwMTU0OzIzOm81N1F0MkJDUW1GLzE2dUlLbmRIcjh0UVJU?=
	=?utf-8?B?NWpnNlhGUnJyeFNBTVhaNDVSNkhmOUVhTFRwME9WUkRBOVNjakZkaERmZHpC?=
	=?utf-8?B?azV5RVhzMUdQUlFqTHExS0JoWUtLbXZVTmFRQlU0bnRhQ0lpd2RXa095MjJQ?=
	=?utf-8?B?NDNsTFo4TVNrOS85OUxvNG9OSWxQRktKVzBDZlpnSm1sYUp3cCtCS2NwQWMr?=
	=?utf-8?B?cm5GOHpJR2J6ZHFWZmp3VmEvRzhqWWRhU3l4bWVsTnFIMjJsczhibThKWmlP?=
	=?utf-8?B?M3p4MEJUNGxyYm0xZWJNQXp5Q3hYSXNxNHNpYVcyUWlWclhIdzJzZWNPK0Ur?=
	=?utf-8?B?RWtjNEg0eDRtTUFPaDkwcEFYeDNpSVllcjNEZ1liMlBHT2pqaGloS242SnNP?=
	=?utf-8?B?UGFwL29jTkEwTzRQWjdUbEZCWjl5TXYzci9DbHhrZmZ4Zmp5WFpwOWRLY2ND?=
	=?utf-8?B?WUVxcFY5UE1WeXVOeEdHZ2d3dE95d0xscnltZWtvNHlHT0dVYjlqeldpSmhG?=
	=?utf-8?B?TVA3MklVN1JaaG1sTE44ank3eE5wZmtVd0svRXpzMHN2SlVETlErckdSYkxz?=
	=?utf-8?B?ZURsc1NXU29lTUpNZWNBaTF4MjJMcDZTbjBLbi8zZS9MQzE2WjRURUVwTVlW?=
	=?utf-8?B?NVhNNThoSm55bDE3ZDlPMkpMb01TRUVDOGFBL1BzbnlIdGtrVExQd09QNjZj?=
	=?utf-8?B?Y3YyVTR3YjVXSUZQd0ZocmVUQUtHMHBOTHB6cS9PaDVrTjIrL0RUWVJsT3h6?=
	=?utf-8?B?REJLeDZjMFhrdTU2dERscVhyNkRJMGJEcEg0QmN3am9Pc2l2N2k4N01MdVBz?=
	=?utf-8?B?aHNzblREZjRnRDNCYWI2b2pLcHplNmI2c0pGdlV0SHh0SzZEWEdpTXlxeEtB?=
	=?utf-8?B?eGdwaTBheXVCM1E5T0U4RVFOUTI1WjZTR3RhcVowUlhnS21SSHF6bEpwSGNj?=
	=?utf-8?B?MEFwaUlXcVMxM2p4SFJlY21aUHVibVJZZXRFYkFqYnkzalVmWEtRdFZiM0c4?=
	=?utf-8?B?UzU4bjhJcFhGYVhVYjV5T0hBQUFSYnJFbmJuMlVoL2ordjBnKy9NK1lCWVpk?=
	=?utf-8?B?WTNVUmRwYm5EbjkzRnNkczhqME0wSTlJb25SeEEydEU2cWJhSTVFU0xMU2dn?=
	=?utf-8?B?TEVvSXdjYWJjTXlIMzRBNDVwVHhqdm0vRjJXcWsxUGlqaE9sTlpDUGhrc2U1?=
	=?utf-8?B?SXVlVnlTQ1F2QWo0TDgwVSt1ZHRjSG1vQlZPZ2krZTJDTnNldHY4dGpSMnJk?=
	=?utf-8?B?WkFMeGhNZVVaTXdFMkRlZGc3MEN3NDl4Q3hMYTBreDR4SmVqbkFQYkVmcGp2?=
	=?utf-8?B?bkVmWkFibHlCN1dwTVpyejJsWU5TOENsNHNUbFZvdWMxR1VYUDdaVUgvZ2tq?=
	=?utf-8?B?bXpuT2RlWHN3REZQY2NOVHVLSHFkVDZTRmUxbUFNOTlXcGdHUnRXMTZuU3R5?=
	=?utf-8?Q?ArG/jzSi8geSzQcAQN5fI9D7LnZ?=
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154;
	6:wAElLucQYoVtLhJNXpO3TPJJ4/TpTufWk9rBDVy41g8Tagg7vPpH+6EXQ06h28VBDRph5PxHVnwCygljEX1zcG+76JPhh+B0hz33ofNP3nieN1ntAuMi6P23jQ7LedtzWImG0URqv33lRjKWuCBt6VdafZXLSY6xrvGmIpff6z6Pv9ptxVY6PVjaIqYIJyD0JY7eyLZyLhBBwWIHfZtWs2ALkQjGrA0i3KNN+nTd9iNlIoREjtJYN+cgx7dKTES9CIIT72W0+6ipKKA33QgLjYfdA7YBM80zdOU01TrkWjVS1ct3MPmPJifZgkfy+HyG0nDlig/I3KKWoZXqtpWBpg==;
	5:50pI8ZmMm3AZdEBQ4TGoc61xvOLlCs5yETxvX6mRT94Eoc5xPHPzjhKZ9vPyLTE0iq1um7cH8ijVDpfGLHhwsQ+oAwhB535qWLBwtE+xo4DKmHcnaztEzHxLoYNsHDVdHJkMY01IUHq5PZclkMMK1g==;
	24:JVBexL/65k8g5zhsNlCuRSuAdls0l2FOzqHM+Hx6N+JAqfwuUxDDRyrSez8f3umNZKlvWCWQurtAWWd5iU5k8qXaY0xl866pg1bBQUkYDiI=;
	7:oJDYlzpIFvaxhdzvDnTba6vGLvqW3Z+S/BxmrJJ6Rc3t8pRpEDupXt3ts4FX0LaXl/jRbviZqdPNNABr6ZqbzN0/EQSN2msOWPpw5trJNFiZvHkAIggU3GxHrm/CAil7eE9gVA/2GlCo0yrwr9qMnu5Q3kflURwlRj57aNafResPQZ9GFglOrtHUAR65eSyDU8jPhZMYyBUNlcsyB0OdQHHt665P4Cpt6NSLC8yMxzc=
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0154;
	20:C55pt19qyfsaHHjWWfZXwkKLho5x4GS/zgIbElaWKWTWB24QBivlkOfJC6MA+D5hlmbucBknSOiEzdrnO5I5sQHHCTttLiuN/ETjXXXxZSFT8BKIxUbZDxRuze7vs7kankMBea8ggCykXriwLewiESHgBqVsozJDa1QQyxl2W5OOUzuksW7WuDc7EVzQku84ZEgUMLrGYmtzvT0NYA1y7ZLrSzMi6C2GNoq6t0l9s0pENAGQl9opGA2TBw7imnuA
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2017 22:20:02.4158
	(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0154
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
---

Changes since v6:
 * when sev_do_cmd() and sev_platform_shutdown() fails then propogate
   the error status code from sev_do_cmd() because it can give us
   much better reason for the failure.

 drivers/crypto/ccp/psp-dev.c | 110 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 108fc06bcdb3..b9f594cb10c1 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -390,6 +390,113 @@ static int sev_ioctl_do_pek_cert_import(struct sev_issue_cmd *argp)
 	return ret;
 }
 
+static int sev_ioctl_do_pdh_cert_export(struct sev_issue_cmd *argp)
+{
+	struct sev_user_data_pdh_cert_export input;
+	void *pdh_blob = NULL, *cert_blob = NULL;
+	struct sev_data_pdh_cert_export *data;
+	int ret, err;
+
+	if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+		return -EFAULT;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	/* Userspace wants to query the certificate length */
+	if (!input.pdh_cert_address || !input.pdh_cert_len ||
+	    !input.cert_chain_address || !input.cert_chain_address)
+		goto cmd;
+
+	/* allocate a physically contiguous buffer to store the PDH blob */
+	if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len) ||
+	    (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) {
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
+	if (!pdh_blob) {
+		ret = -ENOMEM;
+		goto e_free;
+	}
+
+	data->pdh_cert_address = __psp_pa(pdh_blob);
+	data->pdh_cert_len = input.pdh_cert_len;
+
+	/* allocate a physically contiguous buffer to store the cert chain blob */
+	if (!access_ok(VERIFY_WRITE, input.cert_chain_address, input.cert_chain_len) ||
+	    (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)) {
+		ret = -EFAULT;
+		goto e_free_pdh;
+	}
+
+	cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
+	if (!cert_blob) {
+		ret = -ENOMEM;
+		goto e_free_pdh;
+	}
+
+	data->cert_chain_address = __psp_pa(cert_blob);
+	data->cert_chain_len = input.cert_chain_len;
+
+cmd:
+	ret = sev_platform_init(NULL, &argp->error);
+	if (ret)
+		goto e_free_cert;
+
+	ret = sev_do_cmd(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
+
+	/*
+	 * If we query the length, FW responded with expected data
+	 */
+	input.cert_chain_len = data->cert_chain_len;
+	input.pdh_cert_len = data->pdh_cert_len;
+
+	if (sev_platform_shutdown(&err)) {
+		/*
+		 * If both sev_do_cmd() and sev_platform_shutdown() commands
+		 * failed then propogate the error code from the sev_do_cmd()
+		 * because it contains a useful status code for the command
+		 * failure.
+		 */
+		if (ret)
+			goto e_free_cert;
+
+		ret = -EIO;
+		argp->error = err;
+		goto e_free_cert;
+	}
+
+	if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
+		ret = -EFAULT;
+		goto e_free_cert;
+	}
+
+	if (pdh_blob) {
+		if (copy_to_user((void __user *)input.pdh_cert_address,
+				 pdh_blob, input.pdh_cert_len)) {
+			ret = -EFAULT;
+			goto e_free_cert;
+		}
+	}
+
+	if (cert_blob) {
+		if (copy_to_user((void __user *)input.cert_chain_address,
+				 cert_blob, input.cert_chain_len))
+			ret = -EFAULT;
+	}
+
+e_free_cert:
+	kfree(cert_blob);
+e_free_pdh:
+	kfree(pdh_blob);
+e_free:
+	kfree(data);
+	return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	void __user *argp = (void __user *)arg;
@@ -425,6 +532,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	case SEV_PEK_CERT_IMPORT:
 		ret = sev_ioctl_do_pek_cert_import(&input);
 		break;
+	case SEV_PDH_CERT_EXPORT:
+		ret = sev_ioctl_do_pdh_cert_export(&input);
+		break;
 	default:
 		ret = -EINVAL;
 		goto out;