From patchwork Tue Dec  5 01:04:18 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10091917
Return-Path: <kvm-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	C300460327 for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  5 Dec 2017 01:12:54 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B789428BA1
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  5 Dec 2017 01:12:54 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id AC364294F5; Tue,  5 Dec 2017 01:12:54 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A2B028BA1
	for <patchwork-kvm@patchwork.kernel.org>;
	Tue,  5 Dec 2017 01:12:54 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751793AbdLEBMw (ORCPT
	<rfc822;patchwork-kvm@patchwork.kernel.org>);
	Mon, 4 Dec 2017 20:12:52 -0500
Received: from mail-by2nam03on0057.outbound.protection.outlook.com
	([104.47.42.57]:42880
	"EHLO NAM03-BY2-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S1752484AbdLEBFk (ORCPT <rfc822;kvm@vger.kernel.org>);
	Mon, 4 Dec 2017 20:05:40 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=lGu8BkU2UKkeGFcOoNlFbpQvD7yqASwQY8CDr6KO0HU=;
	b=iF9ztxazQ0163/FtjaCBuipLx3RY5BOn+Ogus/asoHxPahbpiFo/4L3HcA1Ul/L9v57KWEw7yRzIFwK50N/EesOLzZQKTKTddyNH8ZM5iJA1eMuhAkNctqpk6yYm+5kdou65GAO7cGwahgPTbyY/MSEU0u4X8XE8NHO+Rd0uiQo=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) with
	Microsoft SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.282.5; Tue, 5 Dec 2017 01:05:10 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org
Cc: bp@alien8.de, Brijesh Singh <brijesh.singh@amd.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Borislav Petkov <bp@suse.de>, Herbert Xu <herbert@gondor.apana.org.au>,
	Gary Hook <gary.hook@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org
Subject: [Part2 PATCH v9 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl
	command
Date: Mon,  4 Dec 2017 19:04:18 -0600
Message-Id: <20171205010438.5773-19-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com>
References: <20171205010438.5773-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156)
	To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 449c407b-d273-4708-c819-08d53b7c3c12
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286);
	SRVR:CY1PR12MB0149;
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149;
	3:yYNfm3/N5d3Z+6P12flsyFgyEznClYkoSJXbaijeuB/qVqs7Ts1tmhHA0+oOcSfyzWOQUvd5GZEho27EwYbXtfPvDW+4+3l/LkGDu+ayPLu0Ocm7CcQ9StJv0pCcSR9Il1xs6BLODO8v8Lvkdf9rQn+iVopVeOeN+TExJvrxmdiCQ1/7jQl6/wgFoENV6JUj4Lg2iQamnZygBzdhgnrp6PsAuc9UvwrKNNbrbueGUTgf4Prz0+9nWgdAqbC/cLZa;
	25:dNP3AW3Kwnf+G1MBt+dIMEBfhUiub1dgXth0z72vtMnXPlE6srlZNRynHGldseT5h69mJTzyRGCU+NOy9HnV029k6ubzogQh/ngsOWEwHFnZrTPWVggGhQ3jzhgnr4wKk8VZl5pUE7mieNI7DaGNSyFD+x3/3nMZXKPaoWCOsQIrCMvOB295DBaXsjF4lSHW4ySS8GLR1TVi74egPU8q8gcYjaPmcxiNJVPb0DRD6v0HoxFtDl7LXYzCLrm2rlGuIuPmyhOHSyNMpEgy1rkam6fzuHcCRbSP8GiIUXUoPvQaB2dKVHk0ShLEV0nPQB1us3xG3JSHGOilJDXXcngR5g==;
	31:vnj3SB8oOcqtPKV+hh5Flci+zdPGb1OpOPJ1fAzb5wLOGYcRfyj3okGqQgCMx5aUNUOpzSXvw3nG63hFGJUdKtfmRNN/GV9lZQKr8jKab7JSnMedVU9wcSLGUMWN4H/L0YUfOONc/hpOIsGVV4UEe1HE70RT4WekilvmYDCQZECDi04ZrWZsUChAPOqVRMDW/9KSK4wgG9UEmWK1KDjCbt4/jpucd0Vlo18Rz6i9uLM=
X-MS-TrafficTypeDiagnostic: CY1PR12MB0149:
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149;
	20:ox54l7ADqHLZOgtZK8ZT78sv9cq/c4lyFN4q8ejKAjkUGjJanePShG9zvFaKuUVKm8L5lK9HKWgCmp/3gZhnrKoMQQNQNYIqAXQnKPcNmEJyDlhm5Xy/ugyQuuGt/nzDvBvVlDfPqtleaZ/x9VuIChrTxB6ziVkQMwFHstFcoU2uXn8GLKMwhfWWm2SiclA9jDPzY3PxV/0uk/dO7ghja+IEnAWojp48cLXzBXE6MqkXpGpPvlI4A+Vtn68J2pvizr7FL1nuCBP7cm+2n7PkCMJ7t3DUmmVGkgAuhocNRFs7tjwQx2vau1ik9XwzdQ37aoEWyIayAc+/r1rBL4eqcJppqeRJw4sI1mwTiLWlgNR+YwcmqVuwuuF9PkpjMBykplrjhP0fOa+JH6izma22JWX1DhTf2I2T6jI6/hlSp3W5P7AsOXPoU4m9sKuPAz/cKzfg7yqEOYw8FrBmNEuxfW1V9/LqKo3vJtwdkue6+ymmgS8mCbmoJZyGjuugZz5q;
	4:StC+SEinv+oknQUJgMQrtRKyZfmIMLrx4h2Om7Fj57qVOE0SAjXzuWAI5RGnPPblJ7inLMcNzrVcPXvFaky5cnohxvJcEjgdlJpmzRZQGlPWWpIRel72ZdkG5qa5+HmuABKchnzUijMlrxDIKIKPTbU27Gqoyz9oYzsP8nz1ImyFnVGDeGIifAERMf2QMIzgLaL5eRD4mXzZA4FSeL1dvXpqllnrKyBNGRkGXfgouyAPN6U69eNpsZCiW0Hueze0jYGuUrY89v/ZclFqTP9lX2JwaTmxqhnbwP+LHnf1G+mZgKWOrgSbBQkWHRpo8Dx1LQgsA720YNTp6cLyUxE0ag==
X-Microsoft-Antispam-PRVS: 
 <CY1PR12MB01490C28D7AB2526AF673E67E53D0@CY1PR12MB0149.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011);
	SRVR:CY1PR12MB0149; BCL:0; PCL:0;
	RULEID:(100000803101)(100110400095); SRVR:CY1PR12MB0149;
X-Forefront-PRVS: 0512CC5201
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(575784001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003);
	DIR:OUT; SFP:1101; SCL:1; SRVR:CY1PR12MB0149;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords;
	MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOjl1cUhDaXVOaVp0ZWsxWHBCQXBJcEZHelVE?=
	=?utf-8?B?RitZR2NsS0g0bkw2R1ZSQmEvM3QxeGMyd0NVcHhRc2IwSzhiVWdrV3MzY0Rv?=
	=?utf-8?B?V3FMRXJldFpXeWtPN0VzaExsMlJBUldCTFAzbkd5WC9wV0w0OURPUzlPM2lC?=
	=?utf-8?B?bVdvSzNFTFUxcWJiRjdWNTVneURuRyt5QmJlYmR4UnhEVkkvMTFDbFpYeHNw?=
	=?utf-8?B?OURIUW5PbG1WVDlhNnFEdUJ0Mms3dHNubUZJVUk2NXdLOFR4OHQ0K3ltYS9J?=
	=?utf-8?B?UWZTYklPRlJIL3ZqY25Oa1Q4T0NLRy9KTVkxc1pwL25uRTBpMGdYRUxVSStw?=
	=?utf-8?B?V1BMbTF1ZnczaU84U0Q4dy9JUiswSzYvUE1CaWVXUUxwTWZuNmtTQ21Bekcy?=
	=?utf-8?B?cHd3SWhZMUNmVUkrdFdQQ09KNHVla09uTVVpM2R6Tm5PaWtBT1gxQTF4Smoz?=
	=?utf-8?B?T3ZHcklkWE9Sa2JxaGhQb3lpazdZdENVdHRZQ1JwUkdCUEVIcXRzOTE2TUpR?=
	=?utf-8?B?S2RFV05URkZFMkRnMklyVDZyVGNaeExYdERsdDBBbHorRUpLeGJvVTZEaHJU?=
	=?utf-8?B?UjFQWUNuajNSOS83Ui96ak41TUtZQmdweDdPaG04NWROTmdjNjhYakEweHFV?=
	=?utf-8?B?ZExRblhmSGhrM1pZMWtQOXQ0c3Uvay9LeWR4SEIwTGZBQXhBeWgyeGV4RGxj?=
	=?utf-8?B?UDk0Rm0yTjh1Z2lkYjhNTFJIZjZnRHk5RlgraS9GSEVyOW0yTGZNNjFxZVJu?=
	=?utf-8?B?dXMza0FYeWdMeXBlK0tVVFlmSEgwaTBlek1mMDMzbnE4c2ZZYlZSTnlxN293?=
	=?utf-8?B?NFBjU0Y1VUQra3M2czRxN1dwTkdTWC9TSjV3Z21WSjVBWVhQTER4UjNob1Z1?=
	=?utf-8?B?ZWVwdTBiNXVkNEVqdUd5T3k4dmtZdUc0VURFa0hxNkkvMUNyTkJMdm94Rk9E?=
	=?utf-8?B?Z3ZHd0RqTjM5dDhqQ21tMWlxdUJIcER0TzlJREc5YVovRjFIMEpZNFZHaW9I?=
	=?utf-8?B?emZ3a0wxUTN6V1dnajg4d2JmWVNFQjNUajNzUnFWSTZ5WlRRbFBZUUQwa2oz?=
	=?utf-8?B?Q3pSUytKakFKMlVreFkvbTduZDR2d2YzenNMdWsrSTNiMktveVJkZFU1bjgy?=
	=?utf-8?B?dTkweWxDK0hyVkRTY2txNVhVd2lVR0FmM1JnL3FtU1F1djlwYndNdElNVmZo?=
	=?utf-8?B?SEcrUmFreGd3QUpSR1ZpOGozTU9QSVJSYTd0TlNDTVlUQy9wVjJxdUNhZkRS?=
	=?utf-8?B?ajBWTEliYlRjQkxtVHY4S3pnVWFEeVd6MVFTWHFvSkZ5Q1FvODhVaHhmNFBy?=
	=?utf-8?B?YXV1T2VGK2x4QlA0NEhTeGRmaWU5cE1MMG5PVm0xakF5Wkw1cTVNTnNnYTlI?=
	=?utf-8?B?UE9GNmtGUFVvSXZ4RE0xeXZ1N3hTdVNqY0dJbjJMT2ZVQzlTRlAwdEdSczBV?=
	=?utf-8?B?eDVDbGgvd25say9jMUNMcUJ0QWpnS1ZlRHNYQllKSkt1V3dYRkRwNmlROWFG?=
	=?utf-8?B?M2h1dz09?=
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149;
	6:4wEQESWYETS9juvzZeuVPEfirjhAxWX/zzmOQ0Gyczl6pcn2WXN7qZ7pjezFB8YJOYe50txncdELXUD3FF+0mAemAqCOnDBAhgv3dlAuTSU1wC6mE1Erg/sDvQlV7DySYwSY/xFfuUpcEr7OtV6bnbitcPSYVZWch4HlHyjQ2igAxByTkjKmVzmGJpXK5PJJLZ/S39ru6qmoKvVLro3vFC3G+aTzbdouNqlMqH39R8c3zD/+jByCbuFMl2cKRZEgvu7Yh9iQMZRsb75A3+90G2E7Ppm2K+QL87dabWV/33tBRq4ui+VTqW5Vi/K4Sl+WctJFNKpWrrIa4H1Yc9a+Y0JaBMwCHA87+23jgjIwZWU=;
	5:Q51LNbi8SKwDTWx/Zs3WWETBXTC2r56oqbhh24VcfNmTEMXWu+JQC0wrcYyrTP+TeFG96QU9Zsg590BEhRoENQSZShpMYc5Jw3Hx27hXuXuYie/XU8QeiJu0OaLtGuF1ou6fW9/iXmZY8Wou/HPQTSc/q/AkE3GZ4yw18BDJQkk=;
	24:ZCx4W/iCqCS2QnFio7QXGEkLNj00WEJAKBwa6dIFMF6lLPDgAkYa4Wo9rf+y40V+tUUXIxf79ILPgaxD/0XQuSgFM0MtCkeR2ncaaB9ztUQ=;
	7:1GPh0ZZZV88P1/Nhs3jun+kd68wQx6dKEoJh6UiB+sgEEyl5mK/afJNBCk/dEUTZbQozBNsblquOzTazHtyFmwhCEq2yAE1ztuVxqUMC3AEiDeLLB664pFeYTyWcxjsjRpigw1wN6FYJxd0GHRhOT0GneSyy9ZIQe3+feZuqNl5d5B1x8W0qlSfHUG+o3t+8816ByO3rlHPkUKKMSlQmL5ooLT1mtX5BcZePqKd5iisHUHG8PrOx+Xd1vnKJC7LE
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; CY1PR12MB0149;
	20:3qyG8r6tBnceCsCkoqR1EcACKXTIo+hCWPmDytZdUNwgrlMG54zsyIPJgPdpcANWae+icqu8EG00eDk06RTmyCCqYKxBFmP+lben5WXwfWkF39z4OpRmiWM+DamikJ6wYtacnHoaW40BKwJ/OegbzbgVWES065lcy/RDqj1+Hc54byTmJYWZT1t9IUhp/WtgEIR7MgbWHEhKwy95Pdz7sjsXlv0sb07EGfaDEq2OGFXRkQt15EHDeJT2UkADHSYP
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:10.7015
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 449c407b-d273-4708-c819-08d53b7c3c12
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149
Sender: kvm-owner@vger.kernel.org
Precedence: bulk
List-ID: <kvm.vger.kernel.org>
X-Mailing-List: kvm@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Improvements-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
---
 drivers/crypto/ccp/psp-dev.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fd3daf0a1176..c3906bbdb69b 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -302,6 +302,69 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
 	return __sev_do_cmd_locked(cmd, 0, &argp->error);
 }
 
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+	struct sev_user_data_pek_csr input;
+	struct sev_data_pek_csr *data;
+	void *blob = NULL;
+	int ret;
+
+	if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+		return -EFAULT;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	/* userspace wants to query CSR length */
+	if (!input.address || !input.length)
+		goto cmd;
+
+	/* allocate a physically contiguous buffer to store the CSR blob */
+	if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+	    input.length > SEV_FW_BLOB_MAX_SIZE) {
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	blob = kmalloc(input.length, GFP_KERNEL);
+	if (!blob) {
+		ret = -ENOMEM;
+		goto e_free;
+	}
+
+	data->address = __psp_pa(blob);
+	data->len = input.length;
+
+cmd:
+	if (psp_master->sev_state == SEV_STATE_UNINIT) {
+		ret = __sev_platform_init_locked(&argp->error);
+		if (ret)
+			goto e_free_blob;
+	}
+
+	ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
+
+	 /* If we query the CSR length, FW responded with expected data. */
+	input.length = data->len;
+
+	if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
+		ret = -EFAULT;
+		goto e_free_blob;
+	}
+
+	if (blob) {
+		if (copy_to_user((void __user *)input.address, blob, input.length))
+			ret = -EFAULT;
+	}
+
+e_free_blob:
+	kfree(blob);
+e_free:
+	kfree(data);
+	return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	void __user *argp = (void __user *)arg;
@@ -336,6 +399,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	case SEV_PDH_GEN:
 		ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
 		break;
+	case SEV_PEK_CSR:
+		ret = sev_ioctl_do_pek_csr(&input);
+		break;
 	default:
 		ret = -EINVAL;
 		goto out;