From patchwork Mon Nov 6 18:11:21 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044003 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CE599603FF for ; Mon, 6 Nov 2017 18:13:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C5D2F29BEC for ; Mon, 6 Nov 2017 18:13:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id BA89429F54; Mon, 6 Nov 2017 18:13:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 3FB9B29BEC for ; Mon, 6 Nov 2017 18:13:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932826AbdKFSN0 (ORCPT ); Mon, 6 Nov 2017 13:13:26 -0500 Received: from mail-by2nam03on0078.outbound.protection.outlook.com ([104.47.42.78]:49424 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932776AbdKFSMu (ORCPT ); Mon, 6 Nov 2017 13:12:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=Md6ht7QMOhrVF6e1JV5rqqnqXjVLFHfJGuap6wISG5Y=; b=1Kwjr5yZ9EC2KNf/6LhRabX2L3+yVs0dARJ3cinH7rjZD90V+5u9yhsWppJOl49x7ekJuEpa2OS4YuYrQmGgElJxjsVIPAIeFFRfamYe+pTemtUfWn0sB934tg8JM8d1QgYWKs4t7IpGUI4gs7f7UcMkJKvSVeAWEWZYrOeFNFM= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:12:32 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v8 29/38] KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE command Date: Mon, 6 Nov 2017 12:11:21 -0600 Message-Id: <20171106181130.68491-30-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com> References: <20171106181130.68491-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145) To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 844a803d-f713-4ed0-8af2-08d52541f390 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199); SRVR:SN1PR12MB0159; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 3:Liau/VInlxdg4+7b09IznxEUPI0BbB5BkGq33BIy7qRSlzhnsEjH5yNnQAXZJfN4wjAFbMOII6chWn+6YmY3yxveC4QEyp0BlZ8uEu1N1Z84mVs1Gue/zyQcqvz45Dasj3HihVFnjpsCXO2GAuMGCRw1XQ6mHL/pWXjobD/tlfKSn/0z0miUVsDR8GFEyaLnii+PLizoWyXSy8XnadNTEGlT65uJhjvhQbj7G95pEfYWUrJnAqC7v/H89qr5YE//; 25:cbdPN9HHsDhcMesb3dmydabfWXFHgJkY3sQxN7wiqTyB7pjFwWH0ReVMo3dR6T78r4S6OTlzwqHiApqUD7MpLwTSUHD1FBISq45xA2Awf9o6Ip723+v7Earm64JI2N0zFhBiH/3lv+LnsOkouAU35fC5qHR1oMAj3DhDYAe/1+tyh2fXVtC5xJ+b9R1KH1ZufX5yVvYi09mx9H2xMw0ELEEi+ZRBeOHaThqos6gFDnSoJKmt/0Cgk3vE6nGD5QAuwGXC/pDPWM9R1spbcJX2AaaSlIwvskwmQ+QwQ9StZMr8T+4Rx/rIG9I37IwOf6Ls9VL9xr1RPgqlh9M+73wfMQ==; 31:u5mGXTUe/xYn4uAzv1VUVnDcqvCr2JD4EKYhldbQ2fD693mH25ET3D7ehRfK1wfNpLp/Pf4mLQqe/Ge7lzzFP6KpElhvVy1dNoHwGIrQJdn+Xoq4KeaHTffGqy6aerh7V4I9Do5XUu6CSTvWWnPyOqkPcD14cx79oNpzIPBjKzoXMiMQUcliKf+cMk8fyN6LZnkVUT2fa6dFAepLrUD3lk3RAPS7EzTgSoJR5sV1ESI= X-MS-TrafficTypeDiagnostic: SN1PR12MB0159: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:74PekLHtSnkDnyzNBS7aL5Z1A0d+n3zYxUeZJ4CHJNwdJLLggqI4TmrTZP+JSWFzII23MG+Tuz6TLYuPXVMKutyQ05CSED+fynYMEcWtaZrx+aw8l7si5e+sYmcYpqUwU/2LX5hFX6saxflv2M1+WhpETYQYsWbhjTeHRaxoxDbnJZ63jOSG7z52bdGaUJRtW5+AIe3QmonwGDNPTaJPB1L4tH+ISlO/vuv3+mFCz5Yt6/LA7seKKDYqiIcQTvu1WDET9bII3OjLKU60Zvbhx568dp8FGpX79CYM+VVXNGvTyZKijvTuXyCtSO79RlYfFvu7eVb5E+FPHQkVXe8cAEJdRST2vO2D3VgKeL49aAANfx1qhNw1GPexBIYNCh3/tqBH+F5Wymx1gAi/mpf7LA/YyBiZpvYqf4hAXSMpHp7+G28/IyGvD1y3cmAzL2eZeYLnyBPmGol8pT8xMZeMMTku9Gm70kZEwtUxU6XFoF6uyWV88KSvGWmK22uzfrqK; 4:S6tKUKmgc56BwWD5mOL+Y9iplq+sBgZJAjR3C6/5lzRWE99KuchywrUrsWqwgbKx1zSZUYyfsmjUrPTClJ7/93Myj4dSixBVeHigGMve43jay5TrAlIQN3JapwMSGEbduePJ5nigNct2QXF7rNCBdyNZlbVsgMvQiw9bARPV2O1a0pjfqWsTH/NhXltPbpL1Wz7tueEXl3p/mN3kAi1ScesE3mtZxtJJ6e9OG/TFYCW+yN6jgDljVPC7f6Y5H6kEShqxVQMCRKlCPuSJf7QtKrzsiPz7ajVy1smAJ2f6nK8vWznSZpDY7IUsMz4i98lZpLekCYOChT5YlzzXQTdPAA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0159; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0159; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(7416002)(76176999)(478600001)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOjNlYzB4SlJhOHRybmlvM0JLRWlYTHRzZGVv?= =?utf-8?B?dDEwQVV1dVFtRzJlY0p3eGdGU0wvQlRqNlNyQ2N5akpNUWR2dU1kNU02c3du?= =?utf-8?B?RHVuVlVJSkVMeldKNDQyb3didTJ4aE5McE9NaUREK3g0ZXA5M3ExaHRSWSsz?= =?utf-8?B?NmlZR1hVTnVjOHZFZWlWRlZwRWkzaFQ4QXRHdHNoRGQ0clVQWlFld3NnbzdQ?= =?utf-8?B?TnBpV3JCTU1qcUlXQWVER1VGUklIb3JkcDNTT1Frb2JjTC81eUpmTVFEQlo2?= =?utf-8?B?aUZzSVY0aDFGeXA2QnhPamc2ajVKbXV4SFZ0Wit3MUZDbnRDZmJGNXNNOVd4?= =?utf-8?B?bVR6dEg0YVZpVGJXTWdBTEtBbkZmRXlzMlRtVlZQOStoWEpGeUxOMTR4RzhC?= =?utf-8?B?OEsvRnA4TnZBUGlrSm5ZT25uVUNwS3RaOEhiQUJoakd6NTlFdDJjTEQ4dFlX?= =?utf-8?B?RUIrQXA3dXZhelZkMW5zM1ZQY243YnUwNk91djRNVEFpZkhxdzN2dHRWcnlS?= =?utf-8?B?SlBJZitiRm1zSEJRVUdMTGlGcHdVQUh0RGc0R0hlN21TOUxaTjFhbTZ1WGt1?= =?utf-8?B?T1prL21qVjF6L1NtTkQxZ2c2SzJIVXNLMlVza1lVVHhXOGM0RlptNmVidVg2?= =?utf-8?B?NWdOMDlLdW1rN2dJTTdJTUJySDZsdHY4Wkozd3ptcFh0aU5FTDArQXM5dGo1?= =?utf-8?B?b2NTZUpMZkE5ZWNBK0J4L256TE0rTUphWkJMLzdmcE9Ea3hCTHFyZGdEOUZ3?= =?utf-8?B?S3ZWLy9GeXBTdlZ5TUU4NHdiZUdNN294VjRCR0NJVXVBTDBmbTFsaXpkMVBC?= =?utf-8?B?MHE5enN4cGk4ZnZ6YUtBYmxHTWc1ZU9TemtnQ21jRmx1bGc3dVFkM1JaMDM1?= =?utf-8?B?Nm9DRUUvUVVwNkJlTDE3WFluMy9qMXlsTy9GUDArT1BtTTcwenM1OG05TG1G?= =?utf-8?B?dUtndzRia01welFmNDR0WkxRTmJkWXlVWjg1am1TMmhFQkFNcFN4Ym82a2VC?= =?utf-8?B?d1MzdU1uZTdzaThERFhSbEVMK2tJREovdlBDUGgvdnF0eGZnSERPVitsM1hm?= =?utf-8?B?Y3RhN1N3TDR6WkdFS1o2YTdHRlZaM0ZyQ3NBdEt5Y01HeHYzeVhqSm45RFVi?= =?utf-8?B?Q2NIdW5qM0haeFlFREsvZ3hadkl0cXlNQkQ5OUt4UTl4cmNnbU83WWRnckdx?= =?utf-8?B?WWN0cGxHaTVLb2ZYeXpYVWFnYlRHSnBOaW5pbWd5NTBtQThGWkd1Y2ZSN2dQ?= =?utf-8?B?SW5zS01QYXFnWTJlM3VFR01zcDdldWwzRVc3VUR1SDFJcW1qYkNpaHJoL293?= =?utf-8?B?b1QxMUlrcUEwbGdTVmJ5NkZlOXNHVG9TNFBtS3NHSnA3NnV2M0kxMTI1aGNT?= =?utf-8?B?dW90TWs5Sk1IWUFhbXRMQ3g0a1UrMEo5Mk9EeU1jOGtnV2xDZlZDNnFUeXpw?= =?utf-8?Q?m49qTL9rDV6Szg+SlSooad189E7?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 6:l3ABObeSLbAcTh/sI6PB1ejNSPXPBN50kTvSTTOeWrpCN/ZdE/kWUYYxfGhQe7N5gRfrDWr6XliwPckX9SNNVCS6LKh6KwlCmmT5A7TUhnNXe67QGmG18qtDwL8KghodtgxKyqtjg5eFwBgfeSKw6bKugOIiv0SCVuby5acijrGcwg0JofAT9iHdQ89TfxkZ1/H979s5lmj3tYTbHi/aPt1WHOESM8CWxWlWa3yyQ/QxaYsY7Q5kzvuHYLDyItc4UDyHoK9TTnb+1Op1CEwAKZf9jxfjksfnJzc9V0/PzMOxyiMv6SYUnzFPcBf66DY2nHt3rtYV8ELewdN9ukAo/FtzMVgCN6anE8JkJt61g5A=; 5:8RCsTTy1XwwXaXLlkCGN4aR3icoWPexs18MvmeLDo9FvbL8O13g4WwxJr/AvyX9wvF7UwZGHBMPYSvJn6FrW7iyAn79bcCuja72XACzDTOvjSz7LdbOEKrT9AGnEc867OTiqHV1zRXiPLhw6HcwXEprtBKgH/+jPcfCTcwYw50E=; 24:UA8C9O+DmKPC1+TZ4hNXkWe+RPQnAROtfaOmeIE+my0xL2oT6okVtTOlWqPiex0nDNI665sAxQk7DrH2Puv+R+3K34AcalWuU2mmsPris5s=; 7:7EGStd08VsiAKzQEGQSeQzAQOD0uR+vofFZnHfcpVNXnCNbdMexnscSFUHwJJu8d6XvEF+4QJJ+AFTOcUIQYkVYB25YMJ8AwieSCRslaTJ15IrC4cZcG3HVRJ9PyI5MP3TwsKZfbQ3gkCTd7QXeNkVJi9F+555dEbQDPLnMuH6HZ4+RhPTby5hFVqyvf65fy8LOUICCaUZvNbI1XRMdph3qJEsMlJ5eJtBcbgWUoEj2SeW8U16AsMsKyeOXLM6PZ SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159; 20:Eihw8Fu5PQfUeTGhv8amXIxUX8HiXjLb7sP971IT+g86ZS/qbkNMUnF2Xj9VdRIsIfyfl7tFycfHulKZXXEG1pqNy4vRsZwE2T9+TkdoYvcDE1bK6dkB6/zD4DAtVFTfg2UG0elA6eB8p+GQIlU6Sa85GQJqIKqbNdiiII4IcHaN+/Vsf8O+l79h0p0Si+Vsf5OsHe65PQ4ToMdM0rWa0Nw6wNIYoQ7AuPCjp90fmqW+4xSOL8egcYsHJxngFYsg X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:32.2074 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 844a803d-f713-4ed0-8af2-08d52541f390 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used to retrieve the measurement of contents encrypted through the KVM_SEV_LAUNCH_UPDATE_DATA command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 8f2a676b5553..3a5ae4fd7103 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6002,6 +6002,77 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_measure *data; + struct kvm_sev_launch_measure params; + void *blob = NULL; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* User wants to query the blob length */ + if (!params.len) + goto cmd; + + if (params.uaddr) { + if (params.len > SEV_FW_BLOB_MAX_SIZE) { + ret = -EINVAL; + goto e_free; + } + + if (!access_ok(VERIFY_WRITE, params.uaddr, params.len)) { + ret = -EFAULT; + goto e_free; + } + + ret = -ENOMEM; + blob = kmalloc(params.len, GFP_KERNEL); + if (!blob) + goto e_free; + + data->address = __psp_pa(blob); + data->len = params.len; + } + +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* + * If we query the session length, FW responded with expected data. + */ + if (!params.len) + goto done; + + if (ret) + goto e_free_blob; + + if (blob) { + if (copy_to_user((void __user *)(uintptr_t)params.uaddr, blob, params.len)) + ret = -EFAULT; + } + +done: + params.len = data->len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) + ret = -EFAULT; +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6025,6 +6096,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_UPDATE_DATA: r = sev_launch_update_data(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_MEASURE: + r = sev_launch_measure(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out;