From patchwork Mon Nov 6 18:15:26 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10044055 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 6066360247 for ; Mon, 6 Nov 2017 18:17:46 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5775129E2A for ; Mon, 6 Nov 2017 18:17:46 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4A6C229EBC; Mon, 6 Nov 2017 18:17:46 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3BA929E2A for ; Mon, 6 Nov 2017 18:17:45 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754569AbdKFSRa (ORCPT ); Mon, 6 Nov 2017 13:17:30 -0500 Received: from mail-co1nam03on0077.outbound.protection.outlook.com ([104.47.40.77]:18934 "EHLO NAM03-CO1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932882AbdKFSPs (ORCPT ); Mon, 6 Nov 2017 13:15:48 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=/J5GhAhJTIE0hslSy9SpkA8CfZFQg+NxxGrOSWyEfyw=; b=xt4wNT0pq8QOjTO84SkkAfTTvX6oPq1C886PHZTI0z3xR9UdTctJiXRQVnimVGNWVD5Xe0DGFHJQ7Ciy+Roti6tgqlFDK6YLqSFyt/ycSqP6wHxeOiXM7888lfOX6QMaLxKvzLJzmq5fmLcaUrZUQJ73XkguoCru5ZoNZsd4e4g= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from wsp141597wss.amd.com (165.204.78.1) by SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 6 Nov 2017 18:15:42 +0000 From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v8 34/38] KVM: SVM: Add support for SEV LAUNCH_SECRET command Date: Mon, 6 Nov 2017 12:15:26 -0600 Message-Id: <20171106181530.68894-5-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171106181530.68894-1-brijesh.singh@amd.com> References: <20171106181530.68894-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: SN4PR0601CA0012.namprd06.prod.outlook.com (10.162.115.150) To SN1PR12MB0157.namprd12.prod.outlook.com (10.162.3.144) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9623c6a5-f275-4f4f-4013-08d52542649e X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603249); SRVR:SN1PR12MB0157; X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 3:MLRLA2QyMuD96bhJ/qon++25Fd36Dj6exeIDb2eYGAPle03omf5BO7NzmlOz0tYODUdbJBQdlBmSAPeyMvm+IbqQ7ioIw7SJd6qZQZFHQ2OtiqU+FfTS+hNFwVsNV60P8fyuQWqHoykaMwnR28/rGA1LTlmFV1ZLK93TUc0XOEJ6auFjwG0UIdzoX9m0fAH3qDz0H5rcCXx5ettWVTwDmWCduCT5Kl81o7W+Bu2+z7S9UbWrnCIyZee5Ae0FeG0L; 25:SZ6aAzJkbA3df2USsBCu79MjSFhkIwSkcn46XOsD9PSlA2ghz33usSoolW52iaAyFzDeKUL9xNmnjGdSPz0kKa5ZMO7O14Pl40KRWz4Vft9xrOl+qyJ53/q1xPteWTiQ4cirLjpGT+vB49ynlzhUdJLG4yt+lif3msP14Qv9jYTB4Zwh/zkVWFMB1LE1sYPivd8f/ft6PFZ6JRlEdUsaDb5qHD1x9QQjiCGkNSOwlPuphGGcIoPK4ywp1ssSKf/INP4UBwrsjHEZjTxzPPPI9lVfAGJy9Bi7Bnta1+k2O5DS+m+Q2lL0bqLzjUzc+UrOb35YqFh+8ytbzqIz5YtKkQ==; 31:5RILSS91+0Ak5bkhfbB7h8LTYOn3/Z0jvPsmjZnEMYjkQQOdUWxbLEjMWikzN9X+D/qqTsVAEnaLnw7mdPDvI53YBm4tKK7Ksz+8Vyacj3QalpapBa/EHQ2wEqcyOht141nvgpj88oGj9u6FoPGHba7miVZnox72gFUbr29FMcKx/uit86Yu24YxJSxQLP6i/YcYYhEbOgF2Or6GkINJdFTy3wd4oNIK9F6gQ6m7J1A= X-MS-TrafficTypeDiagnostic: SN1PR12MB0157: X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:2KpDkjFLpJYT4Xn3SI0YyDz1Vlr2LxYvIoDt/8/Pu/Lh2MCFxHJB6B8ykvYUYAEBBnHXYbtzox0cXhA/GI9uiAe+DSULH759S+D3r09GqCjmrZTR368m/YilparFRVYcT/lDhtkmz/g5q+birhHpskFaa8dnSZB5bskyn+O0AGU/+dj5rkTRvhNrYx5/5FcsRrrM1arBk7xzgKUbmOroBVhP0xlEhwsOmtAp/wLT7JL0EBJYJQ76ZEbx8W/2FvE1Entdi/QaTiomDGU6//gWqlwhZ5ATExzQE2rZKXV4DJ73+vyoYaDP2iO5qGEFDndoiam/lnGhvSg70r419NPAuDWmFd6Cgqcou8Jljzq0YVa3SnhZ0oXvaUs00lh90PhvNZqRmRBee7zBrBdo2H/aFiSqLnT3rzhFEKnUtLFvzd/cyR/9JLz+fYI4W/LJGsl0gn3XIp9puHCqHsB2m1vflHfXxn3P4rzxZM72D6bYMZD7glOAnHcn8zaGtKizBryP; 4:fH4hn6rZdcjOFk2wxucak2JKhSSue9rebCg8IDoqdU9dRYxJ4C5523bnEALph2cbbJUpmrsG/e8gLHX5vKoHwQ7Y3/X28Fp/z+znKDwW6rcr+UuPrOcugRwe6S2vzzqzUDH9rC3A+sNi8YFL5YYuYoZAKyd3XpmbrW0Az4yEihyX/SUaTq3FtgQ/JTd+K2xKvNw4fer8UlqyH8qhJ2h0NHCumDDl0sYAtn8fKBXI1H3rj7Q/C0IccC6m/g1bR85I7kDofE5VxGde6fd8r395QoXeS8/ErIeeUGIioVgVgJ7/5XqQEaKPrQVSleidpP2Vz35MizLi3uEMZTzhOCJSXA== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(93006095)(93001095)(3231021)(10201501046)(3002001)(6055026)(6041248)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:SN1PR12MB0157; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:SN1PR12MB0157; X-Forefront-PRVS: 048396AFA0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(376002)(346002)(39860400002)(199003)(189002)(25786009)(1076002)(3846002)(6116002)(316002)(305945005)(50466002)(2870700001)(86362001)(50226002)(4326008)(23676003)(54906003)(50986999)(2906002)(76176999)(97736004)(53416004)(101416001)(7736002)(68736007)(16526018)(478600001)(53936002)(8936002)(5660300001)(6486002)(33646002)(106356001)(105586002)(7416002)(6666003)(36756003)(189998001)(2950100002)(81166006)(66066001)(47776003)(8676002)(81156014)(219293001); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0157; H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTU3OzIzOk1teVI4NDdteFJ4Wm90OTVhYjdBRW1WOW9w?= =?utf-8?B?TTMzOEpoMWVRbkJFMUNkd0R1cmhLQ1pIRU1tbGVBUlNYcmFJMHJRd2VNNlIx?= =?utf-8?B?bENBWEZYenJxaEF1SkxQWnN0MXlZMXprQnlxSFQyUlFGcEtwR1NZdDc2WVd2?= =?utf-8?B?Rk50YTJyaUJnSXVYS054Q2J0cTVzWWJJUmpmVWx6UzA1M1hsUGFWcDYybjZC?= =?utf-8?B?N0hvTmw2RXdGKzhudTBaM1pXTzV2TjdBdVFGOW50bk1NemZLVEh5VThNUE03?= =?utf-8?B?Nnl4YmtLVHh5bHhsc0g2VUJ2NEJ5M0xuMWlUV1VYSVRLYUhISmZSNmo2S1B1?= =?utf-8?B?ak9kcEhJMXQwY3hYRWplOUNid2lsS0wwU1o1VWFwRWRraXM5NHZzVUYvVWdY?= =?utf-8?B?OVYxOFJTa2JoZVUrUXFOZzhubEtmaWtvaVR1MHBpNm43Uk9jbGUvblVHUjRo?= =?utf-8?B?aTczQVI3OEkwTDZKV0MvZHdDd1JTM08vRlpiNFRxejZKYkIwMVhqNE5ydmhM?= =?utf-8?B?OW81RlhZekY0ZExHT0E2NlhPaXl4NGFPakJCUE02WWZsdzRYa1JDS2FiNFlv?= =?utf-8?B?VXRrc3huN0FKWEFndEZuQVZKRlNyUU5DOUk3S0FSeXVXZ3pMNHdsZEhhUE5N?= =?utf-8?B?WWl3M1dxQnRhOHEzNjhmbVoxaFF2MlRqK1lLcmhZVlpNd05kUGJzTENUb3lB?= =?utf-8?B?dm1vWWN5OWhQUldGY0g4ajZIc2ZUKzlFZ3k0QkhpVUU1N05FQlUyV2Iwd1dU?= =?utf-8?B?RkR4b2dPUjcwYzhLaEZsT2R0ZWpuV3lPa1JxMFpUMUorcFVuWGZTZXRVSEF0?= =?utf-8?B?WHQ4UVgwcVBRWWo5dTZDRFk0UHV0SDVGZ01kV1FUQmF1Q0RvMzVNNHJlSmp3?= =?utf-8?B?TlJMeWR3TkxudzZycDVnNDEvVkdPaWQzRXU2ZUgwb2djVEVXT0tZVVFkT2NW?= =?utf-8?B?V05qYm1LN2o3bENzVzFxckJUWXdCTmdiRmpsR3BNaFp0WlVVVjhZR2Y4OHBw?= =?utf-8?B?OS9SOHIvR0dkQm1lVU5nK1NaVGxJN2lENS9KSFJzdFczT2hGcThpbFk0ZVJy?= =?utf-8?B?cDJZVXhIMEJweVYrTVRzMHZoSXRFUjVvdWQwNWwyWnVVRmRFWWNGaGRZMUFX?= =?utf-8?B?MTgwTEl2SlZ5dFY1K1l0U2xkRGZRWCtrUFZUcFhhemN3ZEticm5sYkNTcHBG?= =?utf-8?B?NXgzNWJPN3VFVUhCMkpHaW9jV0d2L3JNbG1yZlJndzVxRytSTHQ5MklSL0pB?= =?utf-8?B?VFNhNllTUU1XbVgrWktCN2V1OGwyQ0duV3FJdCs1Z3RDRXJBSmJYNk5ZZ3E2?= =?utf-8?B?aDRzdzVrZFJDemVGOENmd3RhaWNSM2E3Z1VWTnJEMW9hTWdkSDJzK0JOdXd6?= =?utf-8?B?UHNDRU1RK3FtR2EydG5GNi9oWld1NUl1TmVtelZsN1BubzNmbFRFZXZhYlJt?= =?utf-8?B?VEJjMEdIM0NFUUxsSHZtbCtsaCs0TjNHUGpDMHhxY252ekJvd083c2w0L2pt?= =?utf-8?B?UTNVUT09?= X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 6:SGTd0av95wPuPyClkUbHCapAhjT/a14l6zu1wcstgw6yd5MBfH7AlpW9cTZRKL18+5rQpjaC4JS6FkER3VOgFmV5qDFSm7NUoOk3ot5MzqO9sF+ZmKkdI09UwdfTe+n1LhYmsqVIlwdrd1EgH4tyh6LhTAtTlh+oPgRy0wirhMe+JbUCis1canlU0d6ctzTnZuF/sq8K4QVGHRTVYS1gvG1I5F+7UDA00O/V+oc2fWAjXLSmIMh0i4VbhFFcIrOZGxyTGMhkVuQxr6Lxuw+Ro3fw8usX/o9RuIawrc6VifB9Qcw6Dax9sKFNrgCcVrRQUqTlpXwrvSxwuhC/XtDGbY6iYA/Q4JDuSxvJUcxa6zI=; 5:xaWxEu5ie3h5vXCoQoWMi6GbbBj6j0j1TQ5IAAn/uXxEETbyvH6S0Q9EP4q5cpgMYW6CuansIRptzE4UZ3sX3gNY8CnidGlCzs3CSGxeon/aElSPoTrFpo2BLyQyygdfWRBOQjPiP7xhrcstW0Xzhi+Tmm72PjzVri7DSTCvCpg=; 24:y6JYH28FHLhj/bS188+XuNe/Drb6U9X9OqBtKcXABU2n9f6PqfXRlYpGCJgsx1jhCGNuMUJNd6sX6S/KHrvP2CIzuvyZZvTGQy1eiqQbF9I=; 7:IPFdWcQneSjI6IsZ0M+T810zklXKFSglemr4Pv63jyhSMTGr1WuCEdYq5tbaWJiJ5RwA4XmbQL5btefB7mgXx99WEOw49fOf8NudYmgaeI4k2o0WUijbDwToWF9unsrSrB6co21iAyaFPHVLkDOfsAySpRiB26tkwquwS9+8THZA9fBlRxdFHzEuO+aa45n8Y5G05tsdGE/fwBOI5B6A8czSx4DY5Lf0oItGHxIw4Wa93P9c/pKo9Iobo4HYnNgL SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0157; 20:qAy7GARdx2Nzexg54unRwckl3EhSZpnPkmUBRuTB/GF7jQ8Di9tZo3iznDzReiHKGuN6QlVVpRoSw2t7pUkqhQK7R/CDTN6puVYMH6gG7KnPyXpKre5WIGQRREOx963WZ6V+CEYSl9/ZH5anp4kYTNSNtD3Id1/d74c00DKVHgk2Soq767g8LOiQ/sA3M8D1jU1w7+BnD6jQPcWybtB9+Vu4DhJFe700yfhNlTAVnckFLdRaHtYG0SVV7oytF62+ X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:15:42.5205 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9623c6a5-f275-4f4f-4013-08d52542649e X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0157 Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP The command is used for injecting a secret into the guest memory region. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 3e7c7dc72c2d..9dae464cb712 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6357,6 +6357,71 @@ static int sev_dbg_crypt(struct kvm *kvm, struct kvm_sev_cmd *argp, bool dec) return ret; } +static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_secret *data; + struct kvm_sev_launch_secret params; + struct page **pages; + void *blob, *hdr; + unsigned long n; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1); + if (!pages) + return -ENOMEM; + + /* + * The secret must be copied into contiguous memory region, lets verify + * that userspace memory pages are contiguous before we issue command. + */ + if (get_num_contig_pages(0, pages, n) != n) { + ret = -EINVAL; + goto e_unpin_memory; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_unpin_memory; + + blob = psp_copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(blob)) { + ret = PTR_ERR(blob); + goto e_free; + } + + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + hdr = psp_copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free_blob; + } + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error); + + kfree(hdr); + +e_free_blob: + kfree(blob); +e_free: + kfree(data); +e_unpin_memory: + sev_unpin_memory(kvm, pages, n); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6395,6 +6460,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_DBG_ENCRYPT: r = sev_dbg_crypt(kvm, &sev_cmd, false); break; + case KVM_SEV_LAUNCH_SECRET: + r = sev_launch_secret(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out;