From patchwork Wed Nov 1 21:15:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10037629 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1710E603B5 for ; Wed, 1 Nov 2017 22:08:18 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 065BC283FF for ; Wed, 1 Nov 2017 22:08:18 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EF04C28C18; Wed, 1 Nov 2017 22:08:17 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 817F3283FF for ; Wed, 1 Nov 2017 22:08:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933598AbdKAWIN (ORCPT ); Wed, 1 Nov 2017 18:08:13 -0400 Received: from mail-bn3nam01on0059.outbound.protection.outlook.com ([104.47.33.59]:44352 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933411AbdKAVQ6 (ORCPT ); Wed, 1 Nov 2017 17:16:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=YkB6XmPIsXlKYTMEpmmMfMMFzJ2AiEARxP0KX64sN2s=; b=fofRFiR4NWEeFD0/SGsaPK0UkjbbalXStexqRUBBHpWQOMKcEfOwDBlgRwa34YuPD3JR+868Jw1A1BbulRFkg7GpF1MIFNeUF8O1S6oNxDUUiyhfkkYDBlxkvx/3qrJcOcc+QcDJrKi4ozdDnYcW/Ew3+Vz1y77+/1rHMrPa6kQ= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 1 Nov 2017 21:16:44 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v7 13/38] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support Date: Wed, 1 Nov 2017 16:15:58 -0500 Message-Id: <20171101211623.71496-14-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 59da38a9-91a1-4985-90a3-08d5216ddac2 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 3:JPeb62t3nUPmmrgxfsy2dknSiOq82OCFDlLXflm+hy2gs+/sjVSM39/PogoHLLzidm8Qb/187qQUm1Wk9g1Zmu0fbjXMB+7b1Dq8pu97z5XuzSuoNoGzYkQmo86jxeSvXRJoUqwDvTTloAxjxlWfTA/pLr8PAF9drQws2J+oYckX1+J6Uimqd6S1tnEMizVVBfb1IOiZF41W4lLMVrPy2gWxYwCsG4qxEXfFV+yftsvsIjQfJRRCf9PXQuC6l0bP; 25:X8nD99cE3eSL5X6O11i7jH8QYGLzWFl1DXjAwd6EVyHr3jInNBDigJqVEQTwCfFFgf3fgT1jaOE+rL4QgcazsnK0OO0zGrpW2EOJWVYMeSb347wURbCcUAyOHlt6pH8k9bh1lyyMJn833oVm/ixJGWL3OwfQKD63J2I97W7Kb9erBWe+CMQQjRmH7L+Ji0af6bb7NvmEh6atqLeWg4NaPjF4EHirU0clSUuFQnpcAOxfMY7Z0sVYpW2Qg1FJNa4UXPGafKWNHnoxG+PjljSQ/23Pvzu/mlsEdTIiqNFyDp+5ex8ykdPOJ3zF3K4rRZ54fjIMyw6Bm0edp/y/tivb9w==; 31:bPA/OjR7s3nNFAQjZ8BZ3bHtVEGTpJqLdxgPh9wMDlok19SXOepdFNygG/738XmfqHpeZT5ek/1SxRqltlNOpqnxJjJZQMfXU0yRXjAuPvk5QOwHHR7ZIoHJ2/v70Pcf31ouRIARqLn2sVuxhi2RDuET3zLCoXhljn527ndJ1tZP3CtrO+5tJsvWYyaNK3E/j+hTga0NRADRKcYmLnQPhOyTIKBwha2FUHcxRy516Fw= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:KzeMIEcJAorKui01dGgi1zjpX3gcnAWclY43PFYUtBJbPLruzuK5iG4KOh3pKqY1djw8ipRyRvBRmrvxN/gbrBLzeZyjy8x1VuvK/An/lrtWlKpU7nO3FvVBh4aJ3aO12hb+1qDxxvKmf8smT60KTarE6/wRciUdx5BBScqqwJUeacATrKBfJ++VxgY7WhG+B2uSvdq2OW49q6ZCQAmFBgsUivmEVyPonEut8Xgsb9RhnC0mn2VCe/yDMHias01l11bt2yDeNzsuahZFU/Hz278TNN5GGvtUPZ3c8IwZAC/cD+H8DOHjNlyYfvZvojwPYPlgE5FfID3W5ELKn7InbxxWlpb9EYdyz35jY5rgGPEnlIqiU+L8q7rCk+hvX82sjOgHkI2RNVwPtprTY2jWSqFPDxwonggbT+P/XD5mdOv+pRr8iIZDw3a3rmp0zzy6JjMu/Wl8uL2l5EjOu5WwfDJu5Aa5XmR4r50DBWibittTjUQJVm6baANBK8gnIJLW; 4:VV6Qlcz9IVjJxMjr71/tP36+7uZjmoOIPK78y+o/iypwjaVnhT4iikUq2jUvxGsQU1TinKEsyNsVOBvzhNSffPL9DMA4sbN0fuzN0s/HMeHiRBUlPeaFq3ytuLvksOwT7WeqMUFLpf7CQUCuw/jnDGtP/mhB8P7/NVLkRW9A6NxwGbclmArfo8EI8PjRFe0YrGwFbmqtoj25LeOAtEc17Y4aUZJ1HxrnFJoiLQ5Q3GIgioSE6khfMiFeulvkwKs1Spzz2aeIpvPfBnZh/NHITWrv0Da7X8Y9OP6Oe4v+3kyNI/wBKOqYTgJ4gAEB+5pwGaKQAQlpUEhJ1VYwsvamuA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:DM2PR12MB0155; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(6306002)(4326008)(54906003)(966005)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(81156014)(81166006)(105586002)(53416004)(575784001)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003)(134885004); DIR:OUT; SFP:1101; SCL:1; SRVR:DM2PR12MB0155; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOlhzaUsrZkFuMnZhaHkzbmZPblNkRzQrTGs0?= =?utf-8?B?WUpSU0VHUUdmdXR6bzJBcVVDOFFSK0xZclhHZTRyY29tdjJPb0N6Nm5oK2N0?= =?utf-8?B?bHo5a2FWcVhubXVaSW1QS2h1aksraU91Z1kxYTl1SDhESVY3YWFhWHB5WFQ5?= =?utf-8?B?SkJGazVTWGc2dTg3VTkzRDh0OWZrRWRjd3NQWjRWRUNkR1llWGp6VXNGY09O?= =?utf-8?B?QW1QRlFvSGg1UFE0MitHYzFUN0lqTVFiUXFSSGFKZXcyTEVuWHFMS3k2UnNu?= =?utf-8?B?ZWtWd0RONTB0UysxNVd6dTByUjZNLy80aGI2L045ZXBpMXl0aWVxYnAwdHpL?= =?utf-8?B?Q3RqTFpEZ21FMUlaSGFQdXkrQkkrdjJBd3FCMnVaSlFRWm1HQWp2b0tlNEM5?= =?utf-8?B?RXJVbldza2VLeVkxcVBMZ2FUaG02RjV4ZWEwSTBLWktDeFdTN3NEQnMvbU5V?= =?utf-8?B?VEg2ZWxoMzhDS2l4dis4azQxUUVueHJMUU5ZVTJsVnhsb2hnS3krblFPUUxO?= =?utf-8?B?R2ZZUEZqS1o5NElROS9yRENUMWYrM2ZSSEhpQ0o1QnljUFdjb0FTYWFRS2s5?= =?utf-8?B?VDJjek5hcmhUTkl4aHg4Y2htbjFjS1luRytwZUxZZnZLMzdIaERhdXFPZFlv?= =?utf-8?B?VS82WnRmbXU5UWpDSXRSNnM0SnpxT2RXMmEzWFQ5cnBBOFNabTZJRktCMjd4?= =?utf-8?B?YThBalFBdkVNbnZueEZYVnd5MFFKM2tNc2ZkdnBaZE15VllTSm9pQkZrNWx3?= =?utf-8?B?cmt3YmFKZmU5MFdjMHZHMklLSW1qOEthemIvazVBRjRjNDY5MDM1bjNSVFpE?= =?utf-8?B?RlBuMFIrNDl5eVc1c0RLMWhMSnR6NlNWOWlucHM0aFpzNjNxRlhFSVkvVHpK?= =?utf-8?B?cldvcHNrODZMaGVDUVRGcjJ3di9TR1N6dEJmZitOK2hOTHZ1QlFnRkZDbDlR?= =?utf-8?B?YitIOGJ0aWQ5bmRnNjUrRkcrZTBYOEFWby96NjhTTFdwcGdvbXJZQ3Q2NC96?= =?utf-8?B?YW9oL2UwcE5Jc1RiRUVFZmhjZm0yeEJrNFBKWDZITkRCUzFlamFLNlRzdjMx?= =?utf-8?B?K3JraDNRdEIrUkw1K1Znc0FoNlk5ZDA0am9WRWxXMHRtRlpoN3RTTmg2VVNU?= =?utf-8?B?OSswM2I5enN5azNYdXdDNENOSXJ1dGtFamVuS1dsR3RaNTFuVzN5QnBkSG9V?= =?utf-8?B?K01mZmJWVHpONGZsRE1Xcis1dzdrTmxHMDVkb3hYRUxFR2NhQ1JKUXhzZU1W?= =?utf-8?B?N2ZpMnZ5Q2pzWlluZWxQS0tkc2ZVb1lnSWc1WUNLWndiOTY5NFNEZnAyZDl4?= =?utf-8?B?dmk5L1grdVg0amxvdG9McUdpaStBN0pNb1FqbHBqL2tJb3grNUpRNXB5NTBT?= =?utf-8?B?TGRiWTQ4MnFJTUgxZWw0U21UNjVLRisvaGRWdEU4aWRZWlp5dzJiU3ZxYXdn?= =?utf-8?B?LzdNYTdZbDhQbHJFOXlKZDlGemc5NzZGQmozLzFMUEpnTDdicjVIVzl5Z0d2?= =?utf-8?Q?kRv6eW0u/jmRXKq1uQg03duWqN8pODfPvvm4MgINOJiP80?= X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 6:rSewS50HBzhBeNqJdeCdQN1X+dOhROTvX0XrKFwIxXbJ5v535mAJ4XMo+L/c3r4X3S6K0o2hHkWw6j/59u9nbjj89ymC/g7wlUCFyhUbNvzLQtccPG9VCr5Xy/XGiOc0+XSF+m16HZI3m8BJA1CR0kT6C6ckGn3AJBV+ozI4bOymvL5W0DZb+cj/8+s386efc3aCDctLvYiKZvcJWzf/1CvFg9n/IfxZII6TDVCu7S3A9A1vfJiaF2sd1OAKzZIQI+nc5Dse7Rye2OpJZRA5CcTKa3jHJvL92AK3wzI1wnxUp9PVDswUp6NRKVtOcOrMIeKYWCPP8KRKW2qKJGSjbALfYRhM2BQFNqsntQkouJI=; 5:nsQ4KTWGNVw5I35LKEtFgpX+L5UFZmf+emAaT4ED092hcTswlOlaolc8k1fTZw9oq47styzqyWSffdjkrrVl70dBoHO02pOLw4OPXMIjuFeRi0L5gesX2qOrdJ10g3k/kX8cP1+huD6+ZemLEbipOEpWaIPnImvplpLoP9Z7NHI=; 24:dXQCgE632kVPDBM+rKkeegnNnYkBe0jkf+b/ggOxDS+wUs2FaVzITA+0yhpfnkoceWTW54vM97Ce/0QmiGB7XStBKAjc2uYDA/FhOx/zavw=; 7:CcyfHzAuA2dZvXPL+6XH+nwLapwZUTOqRZkzOGjk9SvAgDqDBRS4SpNf3z3RlOmTQjlqMAWJcjSCVYQY0kU2aKyicfoo6zRt+5Zyt5V95azRQSQtbPQ1+zEF36SuQJpCLCVtQhphizJpouae72uRuFEne0/V/Bpo8LsKhqIQeWgMES7ZUcBxtbYBXAddwZiaQB6VBmPZsz3OAAXv/8DXsODAc1X3U0savcEJWVt0BVD7QA/fWP34yHr+AY7xPDlb SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; DM2PR12MB0155; 20:wsDyI+e8HSr0GLpRmgG7SQ08ADJDobNQqAYAPLsc0Dzna78m4dFe/k2CEH+wUsuTumC3Fvmsr/qY41vIZsvv3CLwQqOFPWa+f28Sx2kswbsPcwYo/ZyBtBAWKgtJzI6jntuhhOWaH49zGd5cCSEyxoo/36FpfhqVQu6RHEqepO5Fp5dGx6A2oI7LipcxcocF2I+/uvzTSU3IcQOOSnLkVPAviwMJ+NERcIo+2gKh/LfPzpJP/ms81z2IyeL3j6B1 X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:44.4847 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 59da38a9-91a1-4985-90a3-08d5216ddac2 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP AMD's new Secure Encrypted Virtualization (SEV) feature allows the memory contents of virtual machines to be transparently encrypted with a key unique to the VM. The programming and management of the encryption keys are handled by the AMD Secure Processor (AMD-SP) which exposes the commands for these tasks. The complete spec is available at: http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Extend the AMD-SP driver to provide the following support: - an in-kernel API to communicate with the SEV firmware. The API can be used by the hypervisor to create encryption context for a SEV guest. - a userspace IOCTL to manage the platform certificates. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh --- drivers/crypto/ccp/psp-dev.c | 350 +++++++++++++++++++++++++++++++++++++++++++ drivers/crypto/ccp/psp-dev.h | 24 +++ drivers/crypto/ccp/sp-dev.c | 9 ++ drivers/crypto/ccp/sp-dev.h | 4 + include/linux/psp-sev.h | 143 ++++++++++++++++++ 5 files changed, 530 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index b5789f878560..c61ca16096ca 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -26,6 +26,12 @@ #include "sp-dev.h" #include "psp-dev.h" +#define DEVICE_NAME "sev" + +static DEFINE_MUTEX(sev_cmd_mutex); +static struct sev_misc_dev *misc_dev; +static struct psp_device *psp_master; + static struct psp_device *psp_alloc_struct(struct sp_device *sp) { struct device *dev = sp->dev; @@ -45,9 +51,296 @@ static struct psp_device *psp_alloc_struct(struct sp_device *sp) static irqreturn_t psp_irq_handler(int irq, void *data) { + struct psp_device *psp = data; + unsigned int status; + int reg; + + /* Read the interrupt status: */ + status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS); + + /* Check if it is command completion: */ + if (!(status & BIT(PSP_CMD_COMPLETE_REG))) + goto done; + + /* Check if it is SEV command completion: */ + reg = ioread32(psp->io_regs + PSP_CMDRESP); + if (reg & PSP_CMDRESP_RESP) { + psp->sev_int_rcvd = 1; + wake_up(&psp->sev_int_queue); + } + +done: + /* Clear the interrupt status by writing the same value we read. */ + iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS); + return IRQ_HANDLED; } +static void sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg) +{ + psp->sev_int_rcvd = 0; + + wait_event(psp->sev_int_queue, psp->sev_int_rcvd); + *reg = ioread32(psp->io_regs + PSP_CMDRESP); +} + +static int sev_cmd_buffer_len(int cmd) +{ + switch (cmd) { + case SEV_CMD_INIT: return sizeof(struct sev_data_init); + case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status); + case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr); + case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import); + case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export); + case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start); + case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data); + case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa); + case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish); + case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure); + case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate); + case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate); + case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission); + case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status); + case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg); + case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg); + case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start); + case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data); + case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa); + case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish); + case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start); + case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish); + case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data); + case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa); + case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret); + default: return 0; + } + + return 0; +} + +static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) +{ + struct psp_device *psp = psp_master; + unsigned int phys_lsb, phys_msb; + unsigned int reg, ret = 0; + + if (!psp) + return -ENODEV; + + /* Get the physical address of the command buffer */ + phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0; + phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0; + + dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x\n", + cmd, phys_msb, phys_lsb); + + print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data, + sev_cmd_buffer_len(cmd), false); + + iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO); + iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI); + + reg = cmd; + reg <<= PSP_CMDRESP_CMD_SHIFT; + reg |= PSP_CMDRESP_IOC; + iowrite32(reg, psp->io_regs + PSP_CMDRESP); + + /* wait for command completion */ + sev_wait_cmd_ioc(psp, ®); + + if (psp_ret) + *psp_ret = reg & PSP_CMDRESP_ERR_MASK; + + if (reg & PSP_CMDRESP_ERR_MASK) { + dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n", + cmd, reg & PSP_CMDRESP_ERR_MASK); + ret = -EIO; + } + + print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, + sev_cmd_buffer_len(cmd), false); + + return ret; +} + +static int sev_do_cmd(int cmd, void *data, int *psp_ret) +{ + int rc; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_do_cmd_locked(cmd, data, psp_ret); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} + +static int __sev_platform_init_locked(struct sev_data_init *data, int *error) +{ + struct psp_device *psp = psp_master; + int rc = 0; + + if (!psp) + return -ENODEV; + + if (psp->sev_state == SEV_STATE_INIT) + return 0; + + if (!data) + data = psp->sev_init; + + rc = __sev_do_cmd_locked(SEV_CMD_INIT, data, error); + if (rc) + return rc; + + psp->sev_state = SEV_STATE_INIT; + dev_dbg(psp->dev, "SEV firmware initialized\n"); + + return rc; +} + +int sev_platform_init(struct sev_data_init *data, int *error) +{ + int rc; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_platform_init_locked(data, error); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} +EXPORT_SYMBOL_GPL(sev_platform_init); + +static int __sev_platform_shutdown_locked(int *error) +{ + int ret; + + ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, 0, error); + if (ret) + return ret; + + psp_master->sev_state = SEV_STATE_UNINIT; + dev_dbg(psp_master->dev, "SEV firmware shutdown\n"); + + return ret; +} + +static int sev_platform_shutdown(int *error) +{ + int rc; + + mutex_lock(&sev_cmd_mutex); + rc = __sev_platform_shutdown_locked(NULL); + mutex_unlock(&sev_cmd_mutex); + + return rc; +} + +static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) +{ + return -ENOTTY; +} + +static const struct file_operations sev_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = sev_ioctl, +}; + +int sev_platform_status(struct sev_user_data_status *data, int *error) +{ + return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error); +} +EXPORT_SYMBOL_GPL(sev_platform_status); + +int sev_guest_deactivate(struct sev_data_deactivate *data, int *error) +{ + return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_deactivate); + +int sev_guest_activate(struct sev_data_activate *data, int *error) +{ + return sev_do_cmd(SEV_CMD_ACTIVATE, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_activate); + +int sev_guest_decommission(struct sev_data_decommission *data, int *error) +{ + return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_decommission); + +int sev_guest_df_flush(int *error) +{ + return sev_do_cmd(SEV_CMD_DF_FLUSH, 0, error); +} +EXPORT_SYMBOL_GPL(sev_guest_df_flush); + +static void sev_exit(struct kref *ref) +{ + struct sev_misc_dev *misc_dev = container_of(ref, struct sev_misc_dev, refcount); + + misc_deregister(&misc_dev->misc); +} + +static int sev_ops_init(struct psp_device *psp) +{ + struct device *dev = psp->dev; + int ret; + + /* + * SEV feature support can be detected on multiple devices but the SEV + * FW commands must be issued on the master. During probe, we do not + * know the master hence we create /dev/sev on the first device probe. + * sev_do_cmd() finds the right master device to which to issue the + * command to the firmware. + */ + if (!misc_dev) { + struct miscdevice *misc; + + misc_dev = devm_kzalloc(dev, sizeof(*misc_dev), GFP_KERNEL); + if (!misc_dev) + return -ENOMEM; + + misc = &misc_dev->misc; + misc->minor = MISC_DYNAMIC_MINOR; + misc->name = DEVICE_NAME; + misc->fops = &sev_fops; + + ret = misc_register(misc); + if (ret) + return ret; + + kref_init(&misc_dev->refcount); + } else { + kref_get(&misc_dev->refcount); + } + + psp->sev_status = devm_kzalloc(dev, sizeof(*psp->sev_status), GFP_KERNEL); + if (!psp->sev_status) + return -ENOMEM; + + psp->sev_init = devm_kzalloc(dev, sizeof(*psp->sev_init), GFP_KERNEL); + if (!psp->sev_init) + return -ENOMEM; + + init_waitqueue_head(&psp->sev_int_queue); + psp->sev_misc = misc_dev; + dev_dbg(dev, "registered SEV device\n"); + + return 0; +} + +static int sev_init(struct psp_device *psp) +{ + /* Check if device supports SEV feature */ + if (!(ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)) { + dev_dbg(psp->dev, "device does not support SEV\n"); + return 1; + } + + return sev_ops_init(psp); +} + int psp_dev_init(struct sp_device *sp) { struct device *dev = sp->dev; @@ -81,6 +374,10 @@ int psp_dev_init(struct sp_device *sp) goto e_err; } + ret = sev_init(psp); + if (ret) + goto e_irq; + if (sp->set_psp_master_device) sp->set_psp_master_device(sp); @@ -89,6 +386,8 @@ int psp_dev_init(struct sp_device *sp) return 0; +e_irq: + sp_free_psp_irq(psp->sp, psp); e_err: sp->psp_data = NULL; @@ -101,5 +400,56 @@ void psp_dev_destroy(struct sp_device *sp) { struct psp_device *psp = sp->psp_data; + if (psp->sev_misc) + kref_put(&misc_dev->refcount, sev_exit); + sp_free_psp_irq(sp, psp); } + +int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, + void *data, int *error) +{ + if (!filep || filep->f_op != &sev_fops) + return -EBADF; + + return sev_do_cmd(cmd, data, error); +} +EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); + +void psp_pci_init(void) +{ + struct sp_device *sp; + int error, rc; + + sp = sp_get_psp_master_device(); + if (!sp) + return; + + psp_master = sp->psp_data; + + /* Initialize the platform */ + rc = sev_platform_init(NULL, &error); + if (rc) { + dev_err(sp->dev, "SEV: failed to INIT error %#x\n", error); + return; + } + + /* Display SEV firmware version */ + rc = sev_platform_status(psp_master->sev_status, &error); + if (rc) { + dev_err(sp->dev, "SEV: failed to get status error %#x\n", error); + return; + } + + dev_info(sp->dev, "SEV API:%d.%d build:%d\n", + psp_master->sev_status->api_major, psp_master->sev_status->api_minor, + psp_master->sev_status->build); +} + +void psp_pci_exit(void) +{ + if (!psp_master) + return; + + sev_platform_shutdown(NULL); +} diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h index 55b7808367c3..2236d6749d2e 100644 --- a/drivers/crypto/ccp/psp-dev.h +++ b/drivers/crypto/ccp/psp-dev.h @@ -25,9 +25,21 @@ #include #include #include +#include +#include #include "sp-dev.h" +#define PSP_C2PMSG(_num) ((_num) << 2) +#define PSP_CMDRESP PSP_C2PMSG(32) +#define PSP_CMDBUFF_ADDR_LO PSP_C2PMSG(56) +#define PSP_CMDBUFF_ADDR_HI PSP_C2PMSG(57) +#define PSP_FEATURE_REG PSP_C2PMSG(63) + +#define PSP_P2CMSG(_num) ((_num) << 2) +#define PSP_CMD_COMPLETE_REG 1 +#define PSP_CMD_COMPLETE PSP_P2CMSG(PSP_CMD_COMPLETE_REG) + #define PSP_P2CMSG_INTEN 0x0110 #define PSP_P2CMSG_INTSTS 0x0114 @@ -44,6 +56,11 @@ #define MAX_PSP_NAME_LEN 16 +struct sev_misc_dev { + struct kref refcount; + struct miscdevice misc; +}; + struct psp_device { struct list_head entry; @@ -54,6 +71,13 @@ struct psp_device { struct sp_device *sp; void __iomem *io_regs; + + int sev_state; + unsigned int sev_int_rcvd; + wait_queue_head_t sev_int_queue; + struct sev_misc_dev *sev_misc; + struct sev_user_data_status *sev_status; + struct sev_data_init *sev_init; }; #endif /* __PSP_DEV_H */ diff --git a/drivers/crypto/ccp/sp-dev.c b/drivers/crypto/ccp/sp-dev.c index cf101c039c8f..eb0da6572720 100644 --- a/drivers/crypto/ccp/sp-dev.c +++ b/drivers/crypto/ccp/sp-dev.c @@ -272,6 +272,10 @@ static int __init sp_mod_init(void) if (ret) return ret; +#ifdef CONFIG_CRYPTO_DEV_SP_PSP + psp_pci_init(); +#endif + return 0; #endif @@ -291,6 +295,11 @@ static int __init sp_mod_init(void) static void __exit sp_mod_exit(void) { #ifdef CONFIG_X86 + +#ifdef CONFIG_CRYPTO_DEV_SP_PSP + psp_pci_exit(); +#endif + sp_pci_exit(); #endif diff --git a/drivers/crypto/ccp/sp-dev.h b/drivers/crypto/ccp/sp-dev.h index 909cf3e436b4..acb197b66ced 100644 --- a/drivers/crypto/ccp/sp-dev.h +++ b/drivers/crypto/ccp/sp-dev.h @@ -143,12 +143,16 @@ static inline int ccp_dev_resume(struct sp_device *sp) #ifdef CONFIG_CRYPTO_DEV_SP_PSP int psp_dev_init(struct sp_device *sp); +void psp_pci_init(void); void psp_dev_destroy(struct sp_device *sp); +void psp_pci_exit(void); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ static inline int psp_dev_init(struct sp_device *sp) { return 0; } +static inline void psp_pci_init(void) { } static inline void psp_dev_destroy(struct sp_device *sp) { } +static inline void psp_pci_exit(void) { } #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 15bda519538e..fb563248d9a9 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -491,4 +491,147 @@ struct sev_data_dbg { u32 len; /* In */ } __packed; +#ifdef CONFIG_CRYPTO_DEV_SP_PSP + +/** + * sev_platform_init - perform SEV INIT command + * + * @init: sev_data_init structure to be processed + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_platform_init(struct sev_data_init *init, int *error); + +/** + * sev_platform_status - perform SEV PLATFORM_STATUS command + * + * @status: sev_user_data_status structure to be processed + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_platform_status(struct sev_user_data_status *status, int *error); + +/** + * sev_issue_cmd_external_user - issue SEV command by other driver with a file + * handle. + * + * This function can be used by other drivers to issue a SEV command on + * behalf of userspace. The caller must pass a valid SEV file descriptor + * so that we know that it has access to SEV device. + * + * @filep - SEV device file pointer + * @cmd - command to issue + * @data - command buffer + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + * -%EINVAL if the SEV file descriptor is not valid + */ +int sev_issue_cmd_external_user(struct file *filep, unsigned int id, + void *data, int *error); + +/** + * sev_guest_deactivate - perform SEV DEACTIVATE command + * + * @deactivate: sev_data_deactivate structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_deactivate(struct sev_data_deactivate *data, int *error); + +/** + * sev_guest_activate - perform SEV ACTIVATE command + * + * @activate: sev_data_activate structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_activate(struct sev_data_activate *data, int *error); + +/** + * sev_guest_df_flush - perform SEV DF_FLUSH command + * + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_df_flush(int *error); + +/** + * sev_guest_decommission - perform SEV DECOMMISSION command + * + * @decommission: sev_data_decommission structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_decommission(struct sev_data_decommission *data, int *error); + +#else /* !CONFIG_CRYPTO_DEV_SP_PSP */ + +static inline int +sev_platform_status(struct sev_user_data_status *status, int *error) { return -ENODEV; } + +static inline int +sev_platform_init(struct sev_data_init *init, int *error) { return -ENODEV; } + +static inline int +sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; } + +static inline int +sev_guest_decommission(struct sev_data_decommission *data, int *error) { return -ENODEV; } + +static inline int +sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; } + +static inline int sev_guest_df_flush(int *error) { return -ENODEV; } + +static inline int +sev_issue_cmd_external_user(struct file *filep, + unsigned int id, void *data, int *error) +{ + return -ENODEV; +} + +#endif /* CONFIG_CRYPTO_DEV_SP_PSP */ + #endif /* __PSP_SEV_H__ */