| Message ID | 2f1686d0164e0f1b3d6a41d620408393e0a48376.1618498113.git.ashish.kalra@amd.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Add AMD SEV guest live migration support | expand |
On 15/04/21 17:53, Ashish Kalra wrote: > From: Brijesh Singh <brijesh.singh@amd.com> > > The command is used to create an outgoing SEV guest encryption context. > > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: "H. Peter Anvin" <hpa@zytor.com> > Cc: Paolo Bonzini <pbonzini@redhat.com> > Cc: Joerg Roedel <joro@8bytes.org> > Cc: Borislav Petkov <bp@suse.de> > Cc: Tom Lendacky <thomas.lendacky@amd.com> > Cc: x86@kernel.org > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Reviewed-by: Steve Rutherford <srutherford@google.com> > Reviewed-by: Venu Busireddy <venu.busireddy@oracle.com> > Signed-off-by: Brijesh Singh <brijesh.singh@amd.com> > Signed-off-by: Ashish Kalra <ashish.kalra@amd.com> > --- > .../virt/kvm/amd-memory-encryption.rst | 27 ++++ > arch/x86/kvm/svm/sev.c | 125 ++++++++++++++++++ > include/linux/psp-sev.h | 8 +- > include/uapi/linux/kvm.h | 12 ++ > 4 files changed, 168 insertions(+), 4 deletions(-) > > diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst > index 469a6308765b..ac799dd7a618 100644 > --- a/Documentation/virt/kvm/amd-memory-encryption.rst > +++ b/Documentation/virt/kvm/amd-memory-encryption.rst > @@ -284,6 +284,33 @@ Returns: 0 on success, -negative on error > __u32 len; > }; > > +10. KVM_SEV_SEND_START > +---------------------- > + > +The KVM_SEV_SEND_START command can be used by the hypervisor to create an > +outgoing guest encryption context. > + > +Parameters (in): struct kvm_sev_send_start > + > +Returns: 0 on success, -negative on error > + > +:: > + struct kvm_sev_send_start { > + __u32 policy; /* guest policy */ > + > + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ > + __u32 pdh_cert_len; > + > + __u64 plat_certs_uaddr; /* platform certificate chain */ > + __u32 plat_certs_len; > + > + __u64 amd_certs_uaddr; /* AMD certificate */ > + __u32 amd_certs_len; > + > + __u64 session_uaddr; /* Guest session information */ > + __u32 session_len; > + }; > + > References > ========== > > diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c > index 874ea309279f..2b65900c05d6 100644 > --- a/arch/x86/kvm/svm/sev.c > +++ b/arch/x86/kvm/svm/sev.c > @@ -1110,6 +1110,128 @@ static int sev_get_attestation_report(struct kvm *kvm, struct kvm_sev_cmd *argp) > return ret; > } > > +/* Userspace wants to query session length. */ > +static int > +__sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp, > + struct kvm_sev_send_start *params) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct sev_data_send_start *data; > + int ret; > + > + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); > + if (data == NULL) > + return -ENOMEM; > + > + data->handle = sev->handle; > + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); This is missing an "if (ret < 0)" (and this time I'm pretty sure it's indeed the case :)), otherwise you miss for example the EBADF return code if the SEV file descriptor is closed or reused. Same for KVM_SEND_UPDATE_DATA. Also, the length==0 case is not documented. Paolo > + params->session_len = data->session_len; > + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, > + sizeof(struct kvm_sev_send_start))) > + ret = -EFAULT; > + > + kfree(data); > + return ret; > +} > + > +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) > +{ > + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; > + struct sev_data_send_start *data; > + struct kvm_sev_send_start params; > + void *amd_certs, *session_data; > + void *pdh_cert, *plat_certs; > + int ret; > + > + if (!sev_guest(kvm)) > + return -ENOTTY; > + > + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, > + sizeof(struct kvm_sev_send_start))) > + return -EFAULT; > + > + /* if session_len is zero, userspace wants to query the session length */ > + if (!params.session_len) > + return __sev_send_start_query_session_length(kvm, argp, > + ¶ms); > + > + /* some sanity checks */ > + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || > + !params.session_uaddr || params.session_len > SEV_FW_BLOB_MAX_SIZE) > + return -EINVAL; > + > + /* allocate the memory to hold the session data blob */ > + session_data = kmalloc(params.session_len, GFP_KERNEL_ACCOUNT); > + if (!session_data) > + return -ENOMEM; > + > + /* copy the certificate blobs from userspace */ > + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, > + params.pdh_cert_len); > + if (IS_ERR(pdh_cert)) { > + ret = PTR_ERR(pdh_cert); > + goto e_free_session; > + } > + > + plat_certs = psp_copy_user_blob(params.plat_certs_uaddr, > + params.plat_certs_len); > + if (IS_ERR(plat_certs)) { > + ret = PTR_ERR(plat_certs); > + goto e_free_pdh; > + } > + > + amd_certs = psp_copy_user_blob(params.amd_certs_uaddr, > + params.amd_certs_len); > + if (IS_ERR(amd_certs)) { > + ret = PTR_ERR(amd_certs); > + goto e_free_plat_cert; > + } > + > + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); > + if (data == NULL) { > + ret = -ENOMEM; > + goto e_free_amd_cert; > + } > + > + /* populate the FW SEND_START field with system physical address */ > + data->pdh_cert_address = __psp_pa(pdh_cert); > + data->pdh_cert_len = params.pdh_cert_len; > + data->plat_certs_address = __psp_pa(plat_certs); > + data->plat_certs_len = params.plat_certs_len; > + data->amd_certs_address = __psp_pa(amd_certs); > + data->amd_certs_len = params.amd_certs_len; > + data->session_address = __psp_pa(session_data); > + data->session_len = params.session_len; > + data->handle = sev->handle; > + > + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); > + > + if (!ret && copy_to_user((void __user *)(uintptr_t)params.session_uaddr, > + session_data, params.session_len)) { > + ret = -EFAULT; > + goto e_free; > + } > + > + params.policy = data->policy; > + params.session_len = data->session_len; > + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, > + sizeof(struct kvm_sev_send_start))) > + ret = -EFAULT; > + > +e_free: > + kfree(data); > +e_free_amd_cert: > + kfree(amd_certs); > +e_free_plat_cert: > + kfree(plat_certs); > +e_free_pdh: > + kfree(pdh_cert); > +e_free_session: > + kfree(session_data); > + return ret; > +} > + > int svm_mem_enc_op(struct kvm *kvm, void __user *argp) > { > struct kvm_sev_cmd sev_cmd; > @@ -1163,6 +1285,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) > case KVM_SEV_GET_ATTESTATION_REPORT: > r = sev_get_attestation_report(kvm, &sev_cmd); > break; > + case KVM_SEV_SEND_START: > + r = sev_send_start(kvm, &sev_cmd); > + break; > default: > r = -EINVAL; > goto out; > diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h > index b801ead1e2bb..73da511b9423 100644 > --- a/include/linux/psp-sev.h > +++ b/include/linux/psp-sev.h > @@ -326,11 +326,11 @@ struct sev_data_send_start { > u64 pdh_cert_address; /* In */ > u32 pdh_cert_len; /* In */ > u32 reserved1; > - u64 plat_cert_address; /* In */ > - u32 plat_cert_len; /* In */ > + u64 plat_certs_address; /* In */ > + u32 plat_certs_len; /* In */ > u32 reserved2; > - u64 amd_cert_address; /* In */ > - u32 amd_cert_len; /* In */ > + u64 amd_certs_address; /* In */ > + u32 amd_certs_len; /* In */ > u32 reserved3; > u64 session_address; /* In */ > u32 session_len; /* In/Out */ > diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h > index f6afee209620..ac53ad2e7271 100644 > --- a/include/uapi/linux/kvm.h > +++ b/include/uapi/linux/kvm.h > @@ -1729,6 +1729,18 @@ struct kvm_sev_attestation_report { > __u32 len; > }; > > +struct kvm_sev_send_start { > + __u32 policy; > + __u64 pdh_cert_uaddr; > + __u32 pdh_cert_len; > + __u64 plat_certs_uaddr; > + __u32 plat_certs_len; > + __u64 amd_certs_uaddr; > + __u32 amd_certs_len; > + __u64 session_uaddr; > + __u32 session_len; > +}; > + > #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) > #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) > #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2) >
diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst index 469a6308765b..ac799dd7a618 100644 --- a/Documentation/virt/kvm/amd-memory-encryption.rst +++ b/Documentation/virt/kvm/amd-memory-encryption.rst @@ -284,6 +284,33 @@ Returns: 0 on success, -negative on error __u32 len; }; +10. KVM_SEV_SEND_START +---------------------- + +The KVM_SEV_SEND_START command can be used by the hypervisor to create an +outgoing guest encryption context. + +Parameters (in): struct kvm_sev_send_start + +Returns: 0 on success, -negative on error + +:: + struct kvm_sev_send_start { + __u32 policy; /* guest policy */ + + __u64 pdh_cert_uaddr; /* platform Diffie-Hellman certificate */ + __u32 pdh_cert_len; + + __u64 plat_certs_uaddr; /* platform certificate chain */ + __u32 plat_certs_len; + + __u64 amd_certs_uaddr; /* AMD certificate */ + __u32 amd_certs_len; + + __u64 session_uaddr; /* Guest session information */ + __u32 session_len; + }; + References ========== diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 874ea309279f..2b65900c05d6 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1110,6 +1110,128 @@ static int sev_get_attestation_report(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +/* Userspace wants to query session length. */ +static int +__sev_send_start_query_session_length(struct kvm *kvm, struct kvm_sev_cmd *argp, + struct kvm_sev_send_start *params) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + int ret; + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) + return -ENOMEM; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + params->session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, params, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + + kfree(data); + return ret; +} + +static int sev_send_start(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct sev_data_send_start *data; + struct kvm_sev_send_start params; + void *amd_certs, *session_data; + void *pdh_cert, *plat_certs; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_send_start))) + return -EFAULT; + + /* if session_len is zero, userspace wants to query the session length */ + if (!params.session_len) + return __sev_send_start_query_session_length(kvm, argp, + ¶ms); + + /* some sanity checks */ + if (!params.pdh_cert_uaddr || !params.pdh_cert_len || + !params.session_uaddr || params.session_len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + /* allocate the memory to hold the session data blob */ + session_data = kmalloc(params.session_len, GFP_KERNEL_ACCOUNT); + if (!session_data) + return -ENOMEM; + + /* copy the certificate blobs from userspace */ + pdh_cert = psp_copy_user_blob(params.pdh_cert_uaddr, + params.pdh_cert_len); + if (IS_ERR(pdh_cert)) { + ret = PTR_ERR(pdh_cert); + goto e_free_session; + } + + plat_certs = psp_copy_user_blob(params.plat_certs_uaddr, + params.plat_certs_len); + if (IS_ERR(plat_certs)) { + ret = PTR_ERR(plat_certs); + goto e_free_pdh; + } + + amd_certs = psp_copy_user_blob(params.amd_certs_uaddr, + params.amd_certs_len); + if (IS_ERR(amd_certs)) { + ret = PTR_ERR(amd_certs); + goto e_free_plat_cert; + } + + data = kzalloc(sizeof(*data), GFP_KERNEL_ACCOUNT); + if (data == NULL) { + ret = -ENOMEM; + goto e_free_amd_cert; + } + + /* populate the FW SEND_START field with system physical address */ + data->pdh_cert_address = __psp_pa(pdh_cert); + data->pdh_cert_len = params.pdh_cert_len; + data->plat_certs_address = __psp_pa(plat_certs); + data->plat_certs_len = params.plat_certs_len; + data->amd_certs_address = __psp_pa(amd_certs); + data->amd_certs_len = params.amd_certs_len; + data->session_address = __psp_pa(session_data); + data->session_len = params.session_len; + data->handle = sev->handle; + + ret = sev_issue_cmd(kvm, SEV_CMD_SEND_START, data, &argp->error); + + if (!ret && copy_to_user((void __user *)(uintptr_t)params.session_uaddr, + session_data, params.session_len)) { + ret = -EFAULT; + goto e_free; + } + + params.policy = data->policy; + params.session_len = data->session_len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, + sizeof(struct kvm_sev_send_start))) + ret = -EFAULT; + +e_free: + kfree(data); +e_free_amd_cert: + kfree(amd_certs); +e_free_plat_cert: + kfree(plat_certs); +e_free_pdh: + kfree(pdh_cert); +e_free_session: + kfree(session_data); + return ret; +} + int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -1163,6 +1285,9 @@ int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_GET_ATTESTATION_REPORT: r = sev_get_attestation_report(kvm, &sev_cmd); break; + case KVM_SEV_SEND_START: + r = sev_send_start(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index b801ead1e2bb..73da511b9423 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -326,11 +326,11 @@ struct sev_data_send_start { u64 pdh_cert_address; /* In */ u32 pdh_cert_len; /* In */ u32 reserved1; - u64 plat_cert_address; /* In */ - u32 plat_cert_len; /* In */ + u64 plat_certs_address; /* In */ + u32 plat_certs_len; /* In */ u32 reserved2; - u64 amd_cert_address; /* In */ - u32 amd_cert_len; /* In */ + u64 amd_certs_address; /* In */ + u32 amd_certs_len; /* In */ u32 reserved3; u64 session_address; /* In */ u32 session_len; /* In/Out */ diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index f6afee209620..ac53ad2e7271 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -1729,6 +1729,18 @@ struct kvm_sev_attestation_report { __u32 len; }; +struct kvm_sev_send_start { + __u32 policy; + __u64 pdh_cert_uaddr; + __u32 pdh_cert_len; + __u64 plat_certs_uaddr; + __u32 plat_certs_len; + __u64 amd_certs_uaddr; + __u32 amd_certs_len; + __u64 session_uaddr; + __u32 session_len; +}; + #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0) #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1) #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)