From patchwork Wed Nov 1 21:17:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10037193 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 48634603B5 for ; Wed, 1 Nov 2017 21:18:25 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4473428BDB for ; Wed, 1 Nov 2017 21:18:25 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3812328BDF; Wed, 1 Nov 2017 21:18:25 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B8BB428BDB for ; Wed, 1 Nov 2017 21:18:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933645AbdKAVRv (ORCPT ); Wed, 1 Nov 2017 17:17:51 -0400 Received: from mail-by2nam01on0041.outbound.protection.outlook.com ([104.47.34.41]:43936 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933625AbdKAVRr (ORCPT ); Wed, 1 Nov 2017 17:17:47 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=SUKtd4vrkQ6/a8+4K1oCjUXuIqb2o/QcMQJckxrkA8U=; b=PMF55gcs2ELR11e2F1krrlT61IffQPy1B717aVMfURKdvazDqiTBAjx7jsUia37AwnZPlDlcp3n9CP8cB2suLt7gzjmSsF/Clx+qFT81I9ba2seU/GvIxXCKVHHaOS5XP5E3tPfb4ZsDvn9CcokEa1vz+yxAP3X5xRn08AkCWfE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by BY2PR12MB0145.namprd12.prod.outlook.com (10.162.82.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.178.6; Wed, 1 Nov 2017 21:17:43 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v7 34/38] KVM: SVM: Add support for SEV LAUNCH_SECRET command Date: Wed, 1 Nov 2017 16:17:19 -0500 Message-Id: <20171101211723.71594-5-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211723.71594-1-brijesh.singh@amd.com> References: <20171101211723.71594-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR02CA0025.namprd02.prod.outlook.com (10.175.57.139) To BY2PR12MB0145.namprd12.prod.outlook.com (10.162.82.18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cf67fe00-a8ac-4a57-704f-08d5216dfe62 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199); SRVR:BY2PR12MB0145; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 3:DFz4BoM6wRptO7h+rqfAUjfkcOWLNbKFc217FgHXD22TV2FIy+49NnmczFb0sjw+1QklQZVdMX//pvV1D/If1DBo6TsKzNUkvfCEU2Qael+C2skXQo5aRwNCIAqDnhEdqdIATe0dtNYUBZnZME0Ud/uCkR7wCPQf2io2+8iuK7CwtAZ6p5TeS7lLprJ6Rmq6RJeTAS+gch8toUYQpebaCkPqncdhMcRHizG9IXeFJ3xgKNyDP6g7Fk5xHpGe8ImP; 25:LuVQwtJ/OZexM7fKDU0OgrtYjJbJGZUU5xlzedYOtA8AOcTRw2ivB6bsl/kk4p6dHJOhFTpJ6X9zY642xeqqdP/m2R7/UiWsT2R3dD9Y3QDCLBNBEG1Cj2ZKZ+3WBTFIzGYARJzUGWVSLnB6PcqBu/JT2XJjdKC0rer6cGVUWJJZckIPjbukyipp9EO2RzY/CUFDsoeeXAMRlX51eDEnx5UqZHsXmJaTSKvk0QEFduZbuBQKGBHBIAAg5ZhN9J+rgo8oN88SlF3ln3G5hkIO8XKwLy8Qrc83xp8eRO9yewe5X4d6vbYRFKoqi1Pximg1DyYuPguRIadpNkXD2CvU1A==; 31:73DunwexMBRqB21Vcv8kebOXMJLi3qLOwY77wsju8b5RcSFyc63vVRum7wSarmrqVZGX5SB2ecWqnvD1XY9TbvgpGlwA+Sn3jQDHHfSTVjkwi/Ov0JsEUCDyIjW1B51KW+F/aDIHvMBEKtg+K1D4ZTX+4nADxW5qYJum6FJBF0H5i/DbemoEayIgAj7r9DIYU88y57gv4O1u9NCiMDPgXXxIrVMiwTRomVlrzA+SQN4= X-MS-TrafficTypeDiagnostic: BY2PR12MB0145: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:paEq+SS6ZJA7BSwi59Ennwwd1q6PiYPHeTeXzAyzRbord6VuPX3TovQf7dmXdhSd6mnGQQUsCAyh9Gg9IQGUGfV/ZkAovMT5HdJMyCVWCRvwQ59blaYFVW4uZE4HWmvYFFVAzjzFiyIUeuAH54yyUdmUVi5IA6CRQOc3w37cJdL1jaxtesqtrbgWycduhhG+j6WWyJH4D5SL6aMxa2kiaVoFiKqZk9MT360gz82gr4rAdKT9D3VKJT/lacoY+v7GE1dvC68f5l3Rr2EwHh4yDZ3D+F/liSvfEOkO79//+YDdZ1G64pKpyuM0jyA193iJeTkcXcODTrEBR3RkGWS7tWAkG7/Os7RP/VQ+yeVpnFO3kyqSEwqcgCtUfImzhatGHjHGIsiN18t/VqpRlUV/c0VDnZ9Poax5sNwtnycWczqpg6qMkccjMOS+312MvdC76/g376VSCnjSoBuHNmtl1ptaulfk7DJSmZTsiVavwJWZdGXnIuL/3ipfhlGSnLUl; 4:GOzwlel1FUC1QcXsr1iks0wrBzIUqE9NzXnDHWayFLpcPuYgXCW5iK4OmNEMM+C6d6p+RJ6vR1fT3/p9GTpLnjc869AcxPiXBMb7PYzThnNVEp5lkaBrRdBdA+xyG+3x7RzCgdTP+31XdoWHE6DtKmJNwqrpvr8fBXSd3MEWzq5M2Fo7ZrLF6IC+1g4h+49r4RXgAvEfek9uXX+1FAvGlbb9h1KLuIcNjsRSgoey4xNc5STn6L50NmlVlsWxx+ZAwc6OqUAErqwnp6fhTbKPZFbyI/ENsFvhy6paSZtU1HVByFzaQ5nfVnRM+trZro7ht68cjzhWng39qZnp9FDwkA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3002001)(100000703101)(100105400095)(3231020)(6055026)(6041248)(20161123555025)(20161123560025)(20161123562025)(20161123564025)(20161123558100)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY2PR12MB0145; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2PR12MB0145; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(23676003)(25786009)(2950100002)(4326008)(36756003)(8936002)(81156014)(81166006)(8676002)(33646002)(2906002)(68736007)(2870700001)(6116002)(86362001)(3846002)(54906003)(97736004)(1076002)(53936002)(50226002)(316002)(47776003)(50986999)(53416004)(66066001)(76176999)(50466002)(478600001)(101416001)(6486002)(105586002)(5660300001)(6666003)(189998001)(106356001)(7416002)(7736002)(305945005)(16526018)(219293001); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0145; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ1OzIzOlNHMW1xQzFsNkUvLzZYSTNidmpaQU0wekVu?= =?utf-8?B?SlhtdC9KMjBpcEFmTFpSTXhCa210Nkdac1VXOHJhYjVkdlpuaE5KYjliZGlO?= =?utf-8?B?cm1hVU5oc1ZpRUE5VE9QQjQ3QTNpTXF4SWtySFhFU2VURnJxMS9MVjY1Slc0?= =?utf-8?B?TXJobkIxK1JheXBDank2L0lsYVZ4OUhjcUNFbktLWGVVVFRybXBBdi8wTFg5?= =?utf-8?B?V0xaTk90aW1rV3A5eVRoajdnc3hEM2p2K1RmenVoMlBwNi9oeC9xOG1JbXFY?= =?utf-8?B?ajRlYVg2MXNNb0dDU29WRmpHS29sTjFBcUtoSWJ3SjcvVFAzaFBKQkhSN3ZR?= =?utf-8?B?eCtPcE1zTFZoZUVhWWM1eU9RY29RZUhhN05ReWdmNzNSc1BWVitMODdIRm0y?= =?utf-8?B?TG45bzk0RkJnNjFTTE50Ukc3d3JQcXhiWCs5Mk5nNkNKUkdtMklOK0pLeTdO?= =?utf-8?B?bXkzQ09TWTZXNHFORUJoSi9mcGxwTHVuVzNUSUpKMUdBeXpVTXJWNThZb2NW?= =?utf-8?B?U3E4SnNpM0VocEttNDBwdit1MU1DSEFwbU9OWW9IckI5ZHFCQUV3SmJlQ2Zy?= =?utf-8?B?aTFWNENJZzR0ZVZaaVhFQ0p3NEpGMHRXRjJpL3ZZdFRyT2ZZY0dpa0FyRnpE?= =?utf-8?B?Z2kzVjJZV1ZHZncyREhIM3dDK0tTeWZDZFBNaCtySUV6SGZNVDBRcDkxdjRP?= =?utf-8?B?VzVjUHJlTEszdHVwQWcwMENiZFRPMVYrc0FNNERZb3o0VEQwS3RXY1Q2VCtN?= =?utf-8?B?dnB3a21MQUVETmF2UTJTeUJ0RGtCbC8yYVROeENQVlY5d2xkS3F4eXZrOVF1?= =?utf-8?B?elBuOFpSNVdhYk00SVNzZGZzSld2TVdGbUdCZzBSdVdWZ1ZxbWxhYmlvZ1ZL?= =?utf-8?B?d0phZCttV1VSZnU4QnV3aTI4cGVhVU45Ynk4YWF2Slp4Z1NGSGpjeXJndXV4?= =?utf-8?B?VU9kQ1dBUmhjb3hXWGo3RDNBWkNneVpkN3ZTb1R2RmdVc210b1VRTnJSaDZw?= =?utf-8?B?cVo2RG5ZZk0rTFlNMEJnTVNEcGMvTFZDWnBCTHUwcWQ4REhuTEZ0dDEySExX?= =?utf-8?B?YzhUWk52bzF0b1Z2cDQ5STVpQkRUR2hmcWhKNmtJbWVqUzBuVnZJQWVkVXZw?= =?utf-8?B?Smdsdmd3Q0I4ZHdEckN5SE5MMjVGMFpmTGVBT2JWVFFmK2hpdkFzM3FSazVV?= =?utf-8?B?RGtBc2x4LzROaDdsQWlwRkc1NGxLSkZrR3lSWmVRdC9WaTlTZ2EzRnRmWWNG?= =?utf-8?B?cExEMFpXWFdhbEJicmgyR2tPcVdvL0ZvMDI1ZW5uemg5WXk3QkdnSVlFRkR0?= =?utf-8?B?cW5seFo1ZVFBMllsKzNYS1dOVEdpcVFXQjVYc29VYU5uR3Y1SThtZVlnLys2?= =?utf-8?B?YXhJTFUyV1hWcUZHR092a0JhcW5VdHNtMUd1UFhtSENQOGxzUndmVnZSb09P?= =?utf-8?B?ZWRMZ1VtRmo0Sm9UZi85dmx1QTFKb0dvWnBFd0xQMHBsOURPUWcyMU5hY3NO?= =?utf-8?B?eTFoZz09?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 6:Dl6Hm31C9Hu078XKypWoeJ+OnHwnRdCDO97e4Qpe2lEnv4oUMJ/X7sfoXc9SgGRqKok4lgWE9ey43qWcawf3Do9dtW+C7etNUmk0ptqRwQ/XIU+iG2SHRg5N3c9Xjyz/BN87kupSGdcQ7TLGrppuhuIvbQ19enxN6wUwkSSRFP/mIZUTJI6byQ3HLEQiQWkzXNRNLYQ9fVTAM2d42tbwWSerpTpfZpF9ZcNLNtU4Nh0BTsJGc9zbX8rKGfJ4NEQXBqyBvlikSjhm89C+Q/ey9ywRUIGXriuH7AQcNO3PpL3TtflqoJpsNq7kubfKACrSM7yWiADUSNSACPkfhQ1FQuHgHnsWRDq46vtUrY/xyU4=; 5:+Ejk8rqrZIJVys0JS7gZtxd7ODfWghcZ6q1APZ/iycdLdy5LOrRUF0Na59FQTtUYfjexLpEsm2MMYnokSUFHK7E1Hc2WxWHDH3cCj6q/sgk3VjLKLoARkKVkthqINrvIJKT3dipyq7O9aEthn08JNOO/3bgRMwGKqFBOueyV3Jg=; 24:aGmqMYpQ+9/vRuElyacD8QmBuN75Z4EdBR4sCKqAETuCgnW33M05qe4WHR05xcL+vimx6I8l3s6qEE/JdA/XcxFTz/cSNrrzlQHbOREhU1w=; 7:XA0aInaSylYnPHWsS97Ns9lWYyTd1OJgUmzNx8ciYa8wa2E/EBx2XoeuT//mKJpIII+vbEwp0kAi/CWxGI09VAztlVdwmZvdHoskO+JSMOTttt52QcYSIFcsZ/wSTmpAU6xvV1Qn3mUq4Pnyp/vaX+F+QHlZJde9xsXp3BEyjsOvWG7izk3C8thpUzBex0xqc55a0LVdl+iq4BlvStEK2+9lRTSbddOFKxS/etox5ctImI+1KRMfCdv/pNl0kOCr SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0145; 20:R0Zt6isouzgaxo16ZaY4ljJsa7UlCIGgU3ydWBD30jaTBV1ABMv7DHooagAzxQ06wFZ2VZi/eYkdnX9mdNSIWY6kyD4Tu8IVPC4Rz8fvJjNyGxxbt8OAD+VOCzlJ+bR+Fl8I4EQ0gwl1+waxi8acQFAPTp4aKGop5rxQytdzNfEPX4cUpx3/hFMzCIStk+YQLi3SfUlr7+GxEyxOHCDD4r2PAEMI17FJ8ttRlP0RHF9arjI+LxwNwfDfTd8Ngorz X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:17:43.4090 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: cf67fe00-a8ac-4a57-704f-08d5216dfe62 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0145 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for injecting a secret into the guest memory region. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 35840979627f..749d2f9898d1 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6276,6 +6276,71 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return sev_dbg_crypt(kvm, argp, false); } +static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_secret *data; + struct kvm_sev_launch_secret params; + struct page **pages; + void *blob, *hdr; + unsigned long n; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1); + if (!pages) + return -ENOMEM; + + /* + * The secret must be copied into contiguous memory region, lets verify + * that userspace memory pages are contiguous before we issue command. + */ + if (get_num_contig_pages(0, pages, n) != n) { + ret = -EINVAL; + goto e_unpin_memory; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_unpin_memory; + + blob = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(blob)) { + ret = PTR_ERR(blob); + goto e_free; + } + + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free_blob; + } + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error); + + kfree(hdr); + +e_free_blob: + kfree(blob); +e_free: + kfree(data); +e_unpin_memory: + sev_unpin_memory(kvm, pages, n); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6314,6 +6379,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_DBG_ENCRYPT: r = sev_dbg_encrypt(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_SECRET: + r = sev_launch_secret(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out;