From patchwork Mon Oct 30 03:23:32 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10031949
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D3AC0602D6 for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 30 Oct 2017 03:23:55 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C3DE8286F1
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 30 Oct 2017 03:23:55 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B8D3B28742; Mon, 30 Oct 2017 03:23:55 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 498DA286F1
	for <patchwork-kvm@patchwork.kernel.org>;
	Mon, 30 Oct 2017 03:23:55 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752181AbdJ3DXw (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Sun, 29 Oct 2017 23:23:52 -0400
Received: from mail-co1nam03on0046.outbound.protection.outlook.com
	([104.47.40.46]:31078
	"EHLO NAM03-CO1-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1751857AbdJ3DXt (ORCPT <rfc822;kvm@vger.kernel.org>);
	Sun, 29 Oct 2017 23:23:49 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=mtoGZyI+Lx0F0GTGiDiE2aXEws7FvQPVBkcOj/AS224=;
	b=2G5CPRfRPTxrsCtGZHTCrYa7wPxUmw2SYKHQP0RqsTRzwi0X3jrNX3xaJ91iAJwQmLNAO4/qpVv5xPT06MgtSux385TYOmGNB7chKv176+hspCI5r39D/xr9wcW+OIMqUyTV0+gQ4ND6n23aFPZggNpGNa5tCzI4fu3TM6YoUbc=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from ubuntu-010236106000.amd.com (165.204.78.1) by
	CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.178.6; Mon, 30 Oct 2017 03:23:45 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: bp@alien8.de
Cc: Brijesh Singh <brijesh.singh@amd.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Borislav Petkov <bp@suse.de>, Herbert Xu <herbert@gondor.apana.org.au>,
	Gary Hook <gary.hook@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org, kvm@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [Part2 PATCH v6.2 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl
	command
Date: Sun, 29 Oct 2017 22:23:32 -0500
Message-Id: <20171030032332.19510-1-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171023221009.46924-1-brijesh.singh@amd.com>
References: <20171023221009.46924-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR2001CA0024.namprd20.prod.outlook.com (10.172.112.162)
	To CY1PR12MB0150.namprd12.prod.outlook.com (10.161.173.20)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: eea60abe-1552-400d-1dca-08d51f45a174
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(22001)(4534020)(4602075)(48565401081)(2017052603199);
	SRVR:CY1PR12MB0150;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150;
	3:iPGUgkhoajQSnA0c88OvrfSenCQKOMWPGPfC7XWYSGfMUQLSQ2SOqZoCiii0hdkvRzDXW5nYElWxf8l1WGk38GWrinLfs0Shid22NPovVnqhAnwXGjHqn4uA0zwvRFaUVYCRhrCamRr8LpwiiSEGOpMPVzbpd0vtjDaYpMag/5vXzrMujimzKeRmiaaXpU3cGsC5/RZBSQC4wMp77WMDeQ18ikvnKHRdlLla67dP1SsBPg573FI6x4YIdcdRcICJ;
	25:DdlznK1xggiRORw9KZUxepWeXQpnliQbXpK5cyujsqyXr/JqukP66N+o5fVkmt9V+iN1kaEJoBVFxyEEdHIG4g9iu3tMlnH52wAxmAZpIdEoooXo7mUVkLr5WM+Xdd/G3qsTyDWt/FZbSCP5+6R/U5Zndhl/GAp4eggl0CYs6h3WdAo1Cw6fuOQTkDaiNtnfZ1vRxS5uVBTnTwi30XxR7YoVt5Z+O3SVv/Ao5xSzg9eGlU8AM19NJPerAdVK/s9ny9/smbhQuVBQkEHvLrUjegR+Ux+kEZF6i0p+xHHjxyVVDgkO54IIcb91mg1O92aiVjXhRBR0+1uTznnw1ObGHbO3nwfqP7yj1VuvEpNe+Tc=;
	31:G3zWEDI8u8MBN+X4vi2rGqfGuo4hGLzKGbTdJTQk3c1GCJArGzJz/bMzYEX9Fet3MDNHKTFvb9SGGo+wYeKTLBev63jjPr5z06XjNLARiHFv9yB7ppe8KIvgzT2HjkLUSNh0xH2/Yoa8u/qITRFe+9P1ldII0N9NCk90wuComW7Ah9K2xKUwxiBx8KUyIRV8M6YjYKgy4rs7psJzXEwwdjFiTh0QN+4CHfVf83p3U8g=
X-MS-TrafficTypeDiagnostic: CY1PR12MB0150:
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150;
	20:+Y6U/DCXdAINvIRZnARs2HL7r9MoInfTNVg3K2pEry+NJXl+6mrzMoqHik0x9k8xGzyriBvosDbdB+t+YNAQAA7i4t4ouhxfWHtvYaEV8fGXx6f9tLe35I7F70G5G9HenFpDuPE2BMFYZCP2xeq6x8mMPc96vkq7Y8W9+VfjWVOJRlKjOdMfnELqVyS10tPaMqZL2yeyN/hzIoPdASdcnDcUKFTj7JY9xir6SeEdiOF7XCguVxfQA67M9OgsOnCRPrFsx7rc7+3kL47FaD5TAcfC6UGMDiD+2xnnhi2el3LhAw/e3MIJGv97EvTECUU/GzuMOCYz71/+GDp7Y+/4v4kUrx1W77hmG2bvSctUMNOPk+lKlfrCK0sPQJgC+psqRTtkeojEXwoBzDvAPQcgX5hSiMICR0OB4FhbMNPG9P5OHTRo05/1mQpaQu0qrElUFSx4aYjglzOIJi+Lo418myC0QUzgeRKwCTMovBE7yod3ivQmR8QOF5Qe1sBIy22i;
	4:4vBCQeChhtOVnI7TCIdnXBqBSRaTtmqaqfPbOVOkObCi/K4349Zl8HpWnixnUqo0BhEhu5kd3itCUaTprjTvUxWmhd0hxJwPEIG6MNiJgGvaEE5eXM19GHhweLmMKXMv8Ow9L62vf8O4wTo4M1k0f+MyQ7BkS7QVQuJZSWexapBSeh6MvrMcDa3VnYna1d/Kav1YsjuX19/dbiNOt+vKgvBkySPsgp0YB/N1NeWuWWVwtrugiquOqCz9I9ItTXNS5STBbXnpkqb42Jk8mzJ+lYDadwU5PuIbDhliqnfTDhpCtsQLmnzY9Rg7m/Q/Z6ZArQ5laRbInT7PjN2R08eujg==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: 
 <CY1PR12MB0150EFF0F0613596D0DA84EEE5590@CY1PR12MB0150.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3002001)(10201501046)(100000703101)(100105400095)(93006095)(93001095)(3231020)(6055026)(6041248)(20161123560025)(20161123555025)(20161123558100)(20161123564025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:CY1PR12MB0150; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:CY1PR12MB0150;
X-Forefront-PRVS: 0476D4AB88
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(346002)(39860400002)(376002)(189002)(199003)(50986999)(6666003)(8936002)(6116002)(66066001)(4326008)(5660300001)(33646002)(86362001)(36756003)(1076002)(6916009)(2950100002)(3846002)(2906002)(50466002)(25786009)(2870700001)(101416001)(316002)(81166006)(81156014)(76176999)(8676002)(106356001)(189998001)(2351001)(2361001)(68736007)(105586002)(53416004)(16526018)(23676002)(50226002)(6486002)(305945005)(97736004)(478600001)(7736002)(54906003)(47776003)(53936002);
	DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0150;
	H:ubuntu-010236106000.amd.com; FPR:; SPF:None;
	PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtDWTFQUjEyTUIwMTUwOzIzOlRnQWVwL3Jsd3dzcTdPZ3R5cEw1alNIRnRV?=
	=?utf-8?B?UUlPb1VscStoSzlsZDk3MjZzRXUzT1VnVkgvZi9UVjNZZG1icFo2ZW04T01a?=
	=?utf-8?B?aSs3amV4blhibjBrOENvanRJRTRYWE5zemdkYzB4ODJoa2Exd0R3Q3B4NHVD?=
	=?utf-8?B?SDNKenpiZWx5aGNvMjE0Q3hucUpoRlNIcE85eUxRR1NFSk5pN1FZeFpWbmJS?=
	=?utf-8?B?UVVBazJoSnVxTGZtYkZVWHNCbnFQUmJRbmtNSlpLVGJHT0NidDBCMlBtVXJq?=
	=?utf-8?B?ZE4xZ09NMk9ybjZwVnYrWG14S0Jhd2ZnL2lYelZFRXNKWXVhajFLSFoxQ1Jk?=
	=?utf-8?B?SEtuNVhkeW9DVSszQXZNUHdYZVZjT0MvOEhydmhLZjNjZHJaWUQ2UXJDVnhh?=
	=?utf-8?B?OTFTV0daQU5Ed2VrRXJsOVNCekJ0SlhNSERBQ3ZBRzQ4amZobzA1cEdDaEN3?=
	=?utf-8?B?UURBbkUrYnp6bXpiazRSWUNQUnZxY1BnUDRjUER5bzlQT1NWQU5kTDZUV0V2?=
	=?utf-8?B?elQzWDllMTJ5Yk1ITDZFR01LUHpvTTVtbUVuSzlUQy9Qa1hYWlBuYXJxWEpR?=
	=?utf-8?B?R2RneVY4ZGYza0hGajdhdDZuRThxR2NUTFpBQUEwbDE5MmdRTVRpSVVscnZp?=
	=?utf-8?B?TzJrazBvYTlzc3UxbUpTZlV4ODBOa091RFBycEZZVzlPT2hVUVAzY2hmSXJ6?=
	=?utf-8?B?Zm5SYTc0Z290L0pGVGdiaE5ENmp2ZzZJcEhHRERmQUZMQ2dhOWFjZ3Q3ekVZ?=
	=?utf-8?B?T21iVS9RMWhLdlVYYkxnaU9sNHFxMVhhRVBFMkRtMFFyUUJSZ0JYREIva0lT?=
	=?utf-8?B?N2VZandtRkFvK0w4eEJ6THF5SmdjY3RNWnhUVXQ5VVhxM3B4aUR6RXBqRjAr?=
	=?utf-8?B?Z2JTdzNQN3g5c3pGVlg4WTQyMnIxUzVydjRnRVlKRVFSc3NkUTVrR2gvZjNk?=
	=?utf-8?B?RGdOdXR4ZXJiTEVzckgvQlQxcUFxMW1wd1d4M0xtSG1NSVVVc28yUnJrUHVh?=
	=?utf-8?B?aytHK1RFdVZGbDJjeVhEc0l5Z2RtRkZQWDNXb2pYSjhqdk1qSUN5M1pob1Zq?=
	=?utf-8?B?TmZKZjMwdWNFVlh6UGwvRjFBbzNsUWs2aDVHY0p5ZGN2WFI4MmRidktud2tZ?=
	=?utf-8?B?aWpTWFVUTENJc2RpZU9IUlZ4V0RyTTArSXY4NkpJZ2cwYUZ2WDFSSFJuZC9R?=
	=?utf-8?B?MTdENVlUd1k3TUR3bENTUVAxbXFuQkg0RnFDU28xZUI1MjBhNituT0tNczNO?=
	=?utf-8?B?NkYyZWh3NzBMQkN6NkxKWlFxMnIwdVdVUklmZWVURFl4Y1NDd2tCZmR1c0xV?=
	=?utf-8?B?UnQrN1RwTlhUNTdxZUFLSjFEK294VnphYjdpd3dhT3d2Mm53dTgvc1RqQmU0?=
	=?utf-8?B?SXp4aVpsbFdCVitpU1h2KzBsZVkxUXd2QnRRZlJ3cy9vbzhZd0RiVGl0VU5J?=
	=?utf-8?B?OHVOWTRTL2p0VXJpRDRwTU9URTI1SjloOFhNb2RmUWVST2FYcWhGVnh3VFI1?=
	=?utf-8?Q?h0o8laCbppqHzQ/BvrN8TzLds=3D?=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150;
	6:fu8ZdDNthqv+OJu2QU7IdmlD8TOmHNboO2AhpoRi5a7rMWFS+MKjA4dzRc4L/imXGsYFETU8HCS68zHOD+dXrXKOPiXtdMG8Z1Kp3wlf6VNVNUiGbfXBLZO3r/zTPxrw/lN/B3FtrGHcrdiKA0rsGHX3ZAH5zzaFBkx1f9g7to6B5uG/Fgt5ynFkwy1ybycSgEVYZP/+poOHFn288tumwvVHyJK+zn/qYsuF9IT4rjQ5ueBDdPwr4cloRwWAN9EYVuNCGAUcC4WfmTeNeo4fgmTbXd8n6unNHddtvBAzuhhWnJCakp5KH4uRW4pik1U7107Oxfsp3SGGySRp7gH3Us6aS/KgOnxpMXO7T8RTDgE=;
	5:heW8MoJJX9GtAru+g5X7NCc6DXYJSRt2YuwKLFTf0rUWQy4EMmXmpcFyCVgQs+NeKYlUpudMkQXcFp2tUG7sBwdXlj0S6CZSZNYNq9GUeRhTsRaZhOTPvf71k37nAOVd5pbxwfrwKRPb2HBWHyoIsIPUGg5ccwChIcrj3k0+rhY=;
	24:IKNbg5F4LvwqiH/7wu3DRpwNAvbiDzrj7mHYKUtNdbBbVPhmikVs+4Pl92gmhh86jJm1RvTUcI+ucj4BIsGgkzcK16dK+lt9i1evmLdHtZk=;
	7:RYmprW3JFZ/oL8YkKnSTY9zHHgd/mcY1THL8y4oo4pAHbsEzXjHZ2My/H6EQtJt1c9iMsIzPIkjDdt0IMop9l658NUtbPGkN6TsputBaILLfW5OGL8cgsvLlcuytQg7mS31ZHsDUfzSX0udYJ8qPkTebJPAd9yAEHOXOrjk6N4vyTgIDoL2FDpyyAYeU085J+SK/9IGLscH9ZAFLKJzVcoPIJTf6S7rUfUhZ42QVQ6t025nXr1G6BnQb0azGHgUL
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0150;
	20:zhMqn2OW39ufvzUwC9ujaxnKnoXGvsv5eONSBWYwHAVXMNcjknhY1ry1xhuzlZ7Oice6Fuq3HjljH2ljJYt1EkRH4DNAcGrk5wzBMTXdoVlrgQCazw2ZOcicXq8I7WwzlKF7UDmJB1Dk21wTvNTQJmogpyBYFcefZi16T636df1VorTcleDsCUVUpVS/b7ivFKrX72Y+JyTpxwGd3PbIkibX4+9bG1c55fIUUEdZ+6Yk+6sUzUF8QdJw9Cg9yU7Y
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Oct 2017 03:23:45.2708
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 eea60abe-1552-400d-1dca-08d51f45a174
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0150
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Improvements-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
---

Changes since v6.1:
 * use psp->sev_state to check the state before transition to INIT

 drivers/crypto/ccp/psp-dev.c | 68 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index 0d4d95bc35ab..e69ac6f6173c 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -253,6 +253,71 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
 	return sev_do_cmd_locked(cmd, 0, &argp->error);
 }
 
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+	struct sev_user_data_pek_csr input;
+	struct sev_data_pek_csr *data;
+	void *blob = NULL;
+	int ret;
+
+	if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+		return -EFAULT;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	/* userspace wants to query CSR length */
+	if (!input.address || !input.length)
+		goto cmd;
+
+	/* allocate a physically contiguous buffer to store the CSR blob */
+	if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+	    input.length > SEV_FW_BLOB_MAX_SIZE) {
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	blob = kmalloc(input.length, GFP_KERNEL);
+	if (!blob) {
+		ret = -ENOMEM;
+		goto e_free;
+	}
+
+	data->address = __psp_pa(blob);
+	data->len = input.length;
+
+cmd:
+	if (psp_master->sev_state == SEV_STATE_UNINIT) {
+		ret = sev_platform_init_locked(NULL, &argp->error);
+		if (ret)
+			goto e_free_blob;
+	}
+
+	ret = sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
+
+	/*
+	 * If we query the CSR length, FW responded with expected data
+	 */
+	input.length = data->len;
+
+	if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
+		ret = -EFAULT;
+		goto e_free_blob;
+	}
+
+	if (blob) {
+		if (copy_to_user((void __user *)input.address, blob, input.length))
+			ret = -EFAULT;
+	}
+
+e_free_blob:
+	kfree(blob);
+e_free:
+	kfree(data);
+	return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	void __user *argp = (void __user *)arg;
@@ -287,6 +352,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	case SEV_PDH_GEN:
 		ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
 		break;
+	case SEV_PEK_CSR:
+		ret = sev_ioctl_do_pek_csr(&input);
+		break;
 	default:
 		ret = -EINVAL;
 		goto out;