From patchwork Mon Nov 6 18:11:06 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044117 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 881B0604D3 for ; Mon, 6 Nov 2017 18:23:24 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8002329EBF for ; Mon, 6 Nov 2017 18:23:24 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 74B3429F0C; Mon, 6 Nov 2017 18:23:24 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id ED9AF29E00 for ; Mon, 6 Nov 2017 18:23:22 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932834AbdKFSWa (ORCPT ); Mon, 6 Nov 2017 13:22:30 -0500 Received: from mail-dm3nam03on0078.outbound.protection.outlook.com ([104.47.41.78]:9872 "EHLO NAM03-DM3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932667AbdKFSMZ (ORCPT ); Mon, 6 Nov 2017 13:12:25 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=QbWE/V0b/INqzhFSwjdpD3r7p30gncWFOS9ykbwKcJQ=; b=Gz/z0meHLNxXNJNLeVRLt3zpsayCkLZXajbILAfUzOL3iE6+tHp711zt7vHTF2RGd9khUh3zFZ0/55zUkdE7HmLZzrhmdC/wslmxskOzEs76IUCsKIlBlGaE5Zg9LULehLD6jHPuGK4teA6q8TR9vMFKwplCgzXoe08wNPrgDEE= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:12:12 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Borislav Petkov , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org Subject: [Part2 PATCH v8 14/38] crypto: ccp: Implement SEV_FACTORY_RESET ioctl command Date: Mon, 6 Nov 2017 12:11:06 -0600 Message-Id: <20171106181130.68491-15-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com> References: <20171106181130.68491-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145) To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0304732c-1ce9-4edd-8c20-08d52541e7bc X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:SN1PR12MB0159; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 3:wSky8T0K4+q7up5YHvocrvxVpmUoTwURrTYlFuKTPoTfUOev+nTTytRVe/vmUhV/tF5yWyMDd2AR7E7s+dRbfTnoA6r6DLRmTON6Ckt8TUe3ePsKAMJAy44G8au4H8VzefylumNqdIP7Zxg7/vu1ayoySsprD07IPTm8iEDz2A9H1eWVLiaC0gCBRJVU8e4ciuy10cs3xj3y26w7jKjGLqpEXHP178PilhwR96oXkTeQVXAee3BTNtkzV7fdpyms; 25:y//vRXB4yy8/rfM8jfpUyCjRvvxG87u+JuN/jGflnQZrM0cL4h2Gh3AL0GtL7Ght0ftnGp+1mmmuwhzt7lt4VDpQcUsbB3IWuKaQMl5UbWdo+6XEPbjq+d+sS2YB+NdwlG9K9hHJt5QHmRfTDbPPQoZOBBlNiuTmFesuy65k39HU6MVCBeMrc+FkXPS/WBQbeE8uQDpjI4r9v8Snq5h0l3JG3lEQIUhuwzy6cPDXm4lv5a8kvymKzFlnSZwiSv6EdU4vLicwndgFDCtxYLi2Oqwm8XmhzfFJP4wGs/BKYXSf6aQ6TXoh8ysgYtU7xRzp9q8H7Qfj5bJlGb2M2KbMKA==; 31:1pW6hc91sfN/GbnwdydhjEO8I8/yyad9f1j9XH5Hh49E8tK2HPncpKGlz8G9KQZW4a8tG+AqQNSLWOLiMno6JsSJYGJUKoxRWvm0tLZpJ/GqY+ufqH3fFZ55AcaTYK1WTND3X6z4FRPecx6R2wzWixJPkJr0d4lFPgtnm4ghaHMqAysxRRK41cE4vPl8J0wfr9yQoQDWk03k8/OQG4qrOaPK5fNxechwMLT88NUwZcE= X-MS-TrafficTypeDiagnostic: SN1PR12MB0159: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:0vvy84bLJt5cjZjv/aKmEpwsEs5ZRSvQ1RYPzAyWP6P96VC5wIpiHXp1iQEbn6DoGde/qK5YI+Y0UaQ47RD6A73bfna8q+KdM3xkG0fB3Ko6deh5DEnKtVlCpnrgH/NSHqf74CIk1gPTJ8dhuQCjTG2kXbrvJODGZthl+D6rkqmHGmvLBj7mc6AsS7jGOa9YJiW6Gj+li8plioQtxTFbRP/4FQup+tZlTi6z7d/R1uBlatoR+DyRhPJRGK5CNfVSs9d2XzyzApOanE31Zwz3IsA9qFfnsuXQdbMH9fE6TSD+2lQ0ourTMftGx4aXgRFE4cH+SFjvUgwBTgTdWaWXfUq/mCdokhLPSiBMltBfIsPR9+Ibe3VVKoNrrC0J5LFeokBqyfgE4HJcObyFPEX96xm2nsinctR1iZe3PIfwy2n5vyDIEI7upo3xTT3/mBrNdr04abu7f0TAh7KS57yplSXzKflHc39n1H/CePSqTgJH6ZYmzomT8Z1H2HrGb/lY; 4:C7JMjLQ+qKPCJEY7IssC7r4yYn3trXehh6Wu4SNZrPWUnRUA+c2RQlkbQaUc7DKwANi/ChgWWjHksq6m/JgB8NyET+XfYMzuvPNaqcurikIw2sj+gwc0lAKRYh5H6hs0yW3tONqwZDXGLSPTLcrBSfHjFd647XIdsgx0CZpFaaK8E85YlD48Z7S4HAmkDr7RvkZkwuSbgQXvA2yy6Owt817ClB1iyr4Lw++abDPvDE1HOgHlGpcjts6s3S+RpX38QqXDYJSsVAOse31Q48k9cgDouDTnjc47fDWkhxJxxX6Rhpk0Ck65Mub3T94bj57Fqi+88eNSV0wDIhtc/++uHQ== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0159; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0159; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(76176999)(478600001)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOjBjSDBFc1A5N2sybkg0dm9DcGdvQXJlbjNT?= =?utf-8?B?bzAwSXQxTTlBWlcrUWRGaUtCK0FzQ29NaEUyU1Y5aUpHdFR4bWl4bkYxNDY3?= =?utf-8?B?ZEtSZUswY3FmM3J5WmVVTXY5bllhMzJrKzIwZmk0RXg1aVR1bm5OYy8yK0V5?= =?utf-8?B?UVJacEhOa3lneERyTkxWVnhrUG9uT0hrOEozU0NhTzh0dGg1MEhDdWlnVW10?= =?utf-8?B?dlhBUW05ZG9iL2tONk1qTmh2WGQwVXo0QzYvM0FjQVNDVVNaWis3N0ZOd01u?= =?utf-8?B?a0tOU0NOSlVhbkcvYnMrWVdrQThuSFNPalVTOGxlVEJrclVzZmFGNXdCeFM4?= =?utf-8?B?Z1A0endRMlZpUC9USDVCMkVtYzFWcEFveTRhbkFBUWlsZHpkSlY1L3ZFalhP?= =?utf-8?B?VU5vLzN2YmRoQksvWEsvN0hsenVIZDlFNDd4dnp3bmk2eFhNNTBkMnFHdzlC?= =?utf-8?B?aGVCV291M0lCQXp6VnFjblUxSTFkWVJteGxFeWE2ZG5FbTU1Z21HRlpyR0dm?= =?utf-8?B?UFlGcW9hdEorakpxUEhVbXVpblp1TzJJb2g2aEZhc1B3bmtxQW0vK0ZoMjVa?= =?utf-8?B?SjZXeDg5WC8zaEVMNGhwT0hJM1JuYlNkM3U0TjdQNndyZks5NEFiZWNHdGQ3?= =?utf-8?B?Sm9EQWtBeGZodzlHNlhoVGkxdjJBVWVYOE5YS0VNZmVmNk9TdHJ5cklYRWN4?= =?utf-8?B?TVE2NXE1TVVEaDlrRWtBcGh1YWlGRmFMMTEwSFg1d0FuTVB3dk1tZU5PVW5x?= =?utf-8?B?Z1M1ZUxtSGFjSms4Y3JTTXoyelFUeWM4YVJhZDZkWGNaZml5MlZQQ05Vb0xI?= =?utf-8?B?cmt6NExPd25WeDJPejhSUzNPcSt2RFR1dm9NajEyVTlEd0ZQTDdPdy9CNnJV?= =?utf-8?B?b0NQV3JCMUJYd1V0cTlTMDNveUlMZEZ4dXBoczVTeCtnM1Q3enYrUzFhWlhz?= =?utf-8?B?cTBObm04c1BWelBMc3JLdXRGd3JJajVWNFk5SWI1cXk5bm0wNWEyNUFrY2Ro?= =?utf-8?B?bUlRWXJoTi91RUNRckpLcHp1TU82MzQxSlIwWEFqNWovbWZLcEJlT21EVVBO?= =?utf-8?B?WU0vRVJmQlZmQUZlT01OUnN3SzhXc2ZZVS84bWhIY0FvNzcrNjlEL0VVT3ZH?= =?utf-8?B?WmhwK1hvLzlvVFJRbFM2cUVZYjA5aExkUkVYcE1udkozek8ydHRMVy9nSEFN?= =?utf-8?B?dDVITWpTa1ZLT3hpM0NzNHliYkVSQU12Q056U3FINlI4dmRmTHN5REpXNElD?= =?utf-8?B?bWxYSWlIa3N4WVJJcytKNEJ1dlZ2Z1ZqMitaYU9HdDVNMWJnRTRTSG1uT3N6?= =?utf-8?B?NzZMdkVFU0xtdXBUb1MydEM2U0RsUDlaN1BTdjZacElmNGxsK3JwbXFUelBT?= =?utf-8?B?MWR3ZmhYMkpWdVdmRkNzTFk2cnpkU2J0aU8wYWdidlNYbkJKZlYwR3pack8r?= =?utf-8?Q?RUGJcJi40K79DO2SQ+SZSBZGwVH?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 6:dAD+Lr+HvbV4tvPpgu2eZ9rYmWInwpVPWFBY/TDibi+EW+FcI9+RvWqNDuqo12D2vrfGKiQN8zXX/6G3oSc/XkUB6Tbi8rUrkaIfA2fN6MjMN/7dUTwXmnrAlB5BBQsPznLfs1W71WzlBh16Ks3u50a+JoZrk9lQ12PHSo/z8B87qvpBk0MpdhRybQ68OE49RLJP3Epd6VA/QyNLEprbyJjUlWavL5uBfrTnNyOmzbrdDxFpI8xaK5FrTZohKxoibu7nUXagWjSv992seQUEkobaoNmtN8TUqG/dz+ox/sYsUhC+buhREWiIG04qHQ5cCEpKj4oTqP+84ic0ddDM2gtqGZeNltp1v+teLtqQc1U=; 5:LJgMnRpLZwcw+p28XCAlNQ0xaVv+RDMNf/X45b9rnvFBNbDRxP4IEwEAvNF9J/UbEMS/4ScvzP8IbbRsGNSh4w9W57fHkwJKcgIacUicO7EJdF52KXYDeGYPRxz+bFWAbzqNlRdi+ayL2KpzW9e/RNNXbl/bDhzfU4nbAmdnDUo=; 24:RFT0tBNVf6PZysuWB4iiLBtjJOnKoz5jpIg3oaCLg34vQhfMhp3ToTAzQZtQBwYI5nMrCkjmz78SAfyeZ1dCiV0vg+vI/+l1ZPyRpIeuDZs=; 7:aVEtC+jhvm94uC52mVSGkt5sHO1oywYbDeaENERSKFvCd0klN7LZa/t4dBc362vUN7dS1TPq5Qq7Zqui62lfGEtuuKjvIFglSejCEozXwVTp3+lror1q/OhH5nzkflPustIrKVdRuAx0VOT+oSfM17uFexd4MJhQb1tA1Wlfp0qK+wv1qpPLGNTxyegeQvw1n20vMUnKAbMD+D2GC9iT3AW/yfG/pY+rdUM11kLEVbKpruJg6NdnVOh1riphK5ld SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:JywUGe10PpJCivfMJSVrx0Sj4Mu4OVNqmO0YAKUH+hkICBDUbF/YRhDsbMFReDyJ70OWdf9YHlkLD40pkp5x/f5Rz4BJt6Tc1iGsDO/qbWXi7sieOckB8FUI25EYU841Ok2OvaGMyFNrNH2HPpLbAL+fGxBwwB1LPvYO9PYHQkomjn5mhK7ljrggVIGw4TN8uMlxp/2F3nXrcYdpwTK+kg9npmjDzRH4kAbFhCq8ptNWgntfIEorpliHQ2ias6xS X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:12.5038 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0304732c-1ce9-4edd-8c20-08d52541e7bc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The SEV_FACTORY_RESET command can be used by the platform owner to reset the non-volatile SEV related data. The command is defined in SEV spec section 5.4 Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh Acked-by: Gary R Hook --- drivers/crypto/ccp/psp-dev.c | 77 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 76 insertions(+), 1 deletion(-) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 9915a6c604a3..b49583a45a55 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -232,9 +232,84 @@ static int sev_platform_shutdown(int *error) return rc; } +static int sev_get_platform_state(int *state, int *error) +{ + int rc; + + rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, + &psp_master->status_cmd_buf, error); + if (rc) + return rc; + + *state = psp_master->status_cmd_buf.state; + return rc; +} + +static int sev_ioctl_do_reset(struct sev_issue_cmd *argp) +{ + int state, rc; + + /* + * The SEV spec requires that FACTORY_RESET must be issued in + * UNINIT state. Before we go further lets check if any guest is + * active. + * + * If FW is in WORKING state then deny the request otherwise issue + * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET. + * + */ + rc = sev_get_platform_state(&state, &argp->error); + if (rc) + return rc; + + if (state == SEV_STATE_WORKING) + return -EBUSY; + + if (state == SEV_STATE_INIT) { + rc = __sev_platform_shutdown_locked(&argp->error); + if (rc) + return rc; + } + + return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, 0, &argp->error); +} + static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) { - return -ENOTTY; + void __user *argp = (void __user *)arg; + struct sev_issue_cmd input; + int ret = -EFAULT; + + if (!psp_master) + return -ENODEV; + + if (ioctl != SEV_ISSUE_CMD) + return -EINVAL; + + if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd))) + return -EFAULT; + + if (input.cmd > SEV_MAX) + return -EINVAL; + + mutex_lock(&sev_cmd_mutex); + + switch (input.cmd) { + + case SEV_FACTORY_RESET: + ret = sev_ioctl_do_reset(&input); + break; + default: + ret = -EINVAL; + goto out; + } + + if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd))) + ret = -EFAULT; +out: + mutex_unlock(&sev_cmd_mutex); + + return ret; } static const struct file_operations sev_fops = {