From patchwork Wed Oct 11 16:50:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Brijesh Singh X-Patchwork-Id: 10000083 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D4F07602BF for ; Wed, 11 Oct 2017 16:50:53 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CF57128AE7 for ; Wed, 11 Oct 2017 16:50:53 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C115028AE8; Wed, 11 Oct 2017 16:50:53 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9397F28AE7 for ; Wed, 11 Oct 2017 16:50:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751710AbdJKQuu (ORCPT ); Wed, 11 Oct 2017 12:50:50 -0400 Received: from mail-bl2nam02on0047.outbound.protection.outlook.com ([104.47.38.47]:2658 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752065AbdJKQus (ORCPT ); Wed, 11 Oct 2017 12:50:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amdcloud.onmicrosoft.com; s=selector1-amd-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=eY3RLJWMOG0nhzW1dFoB2Weu9N+XFPblyjG4KLmoNdM=; b=NJowzEJRgulQu8JZHcLjpBVeZk2P53w+TBD3Hx3thBP/JxH7Bfjp9SBntZJeJ7PDxv788VLi6PhCcseyR1rSBhPlNSyi3x9ewfelsU4TuBAMyX/JJj+NIOfJtWdeQpYCe7d3sL+bCTXjiL0EIsVLSLoCehltXFgjsqdcmjp6P4M= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; Received: from ubuntu-010236106000.amd.com (165.204.78.1) by BY2PR12MB0147.namprd12.prod.outlook.com (10.162.82.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Wed, 11 Oct 2017 16:50:41 +0000 From: Brijesh Singh To: bp@suse.de Cc: Brijesh Singh , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [Part2 PATCH v5.2 12.2/31] crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support Date: Wed, 11 Oct 2017 11:50:30 -0500 Message-Id: <20171011165030.115696-1-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171007010607.78088-1-brijesh.singh@amd.com> References: <20171007010607.78088-1-brijesh.singh@amd.com> MIME-Version: 1.0 X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: BN6PR08CA0053.namprd08.prod.outlook.com (10.172.144.15) To BY2PR12MB0147.namprd12.prod.outlook.com (10.162.82.20) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: fc458acb-0910-4dcf-5689-08d510c83602 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:BY2PR12MB0147; X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0147; 3:t6UW6wQkCGv+hP9lMeivDzSYdzUg/pebHJT/FtqQ/bne4o2ZPQ/3oUy2to86CFphH8KA2oca9t8l97dO4D7aUiwBCEwNXuP88l4mIW7Jv6QzBTI2PGIX7yCydmvDGuOquKIu16HELc1ZeyRk8LyPyN22UeJdoTpJTi8oztwyZWPCFstZ9ZS4aDQzF0xizFHN5IuLJmdOUiLY25oheEk9U6FK6s1/AUVXM/fZxCcr1Fr2Z8TuXzxxfj2A7TEBUjeG; 25:Z5lHzRg4q2q3dY3Mm5YSTQCeaGsM5GANMyf0rzjZ66N3Pei0odyM6/EUQOFoCH4i4WSEgRVnG2Ckv454RoAeOn22kluKccNdoTN+Gkas/OQNtQhFsATH/SfvLsSzXwAz7vB1sCMskS3o2YULDAMzmhbyOT6w5Y14lGNXjeWWY00zQTtLqwNca6FUL9aYpAFlue5IsPM3m+2Qxlm8Z78mtvR/bHt9BsSZ7a/6BJXZ/eG5lCp42NYn1IhltmVFj7q9ApO1kLFfEsuiy0XF1Wb8To+NSTUqKeOt/4WX8CHHBROxJ3ZWnSQs78+6/+wE5LznAnJrsIYi/N+v7aOu7la5tw==; 31:nLoUEmOJYqyFAwMUbDYT0xU1zpLBeE96lGT6ndAhEO0Sr8kn7Ys0DivzS1cQHY+RIohJC5ikGIPVHXyeLojinRkH7qxa/5g1r3AlU5v4v6lmV2zHORsLV9H1R7a5sU5I2Pr/2WRfdWWQGiCAsoeqKhvkbnh7IOegJIbCvvo0V8Q5z1ds6Fo27wJ0QHtR37zybU2QctAEpDDGQ2PT0cH45VzxSgnUWBlYMDPD0FcK13E= X-MS-TrafficTypeDiagnostic: BY2PR12MB0147: X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0147; 20:CXXCLp/CR6yqaRfKbL9QSWz7fygWkMLqM6HScdddI+8WlQ9VN8A4jMahy7vpBerum2Vb4s+3e7hLmx7g1LSH8RmJrrSy+FPBQh+TNHAaki7I1KPLvvq0Ldw4MEuDYXst5xN3suYP50wzvwdYgVZrgz08hHpKOdux7Jw2JL55MZGwq225gfbqB9JjYwnFygkefiH6qLraAIrP2g0aeKHM78v9RUTBf9MfG6YH+1y+Q8TnLpBY3muac/FDErKBXeVm6w6ZXfks1L0XqIUpSAD5hzIaN51C5KIzphy4cvrDpsSHzBvhMAeMrUrFPznZE8Zb9ecJxA/nqIAva/CPWQEjND7+cGbqkm29uf4BsVYVOb45Ji7K5D7ktvZs56/fXOqIUD1tk/74j56u0aBicBLCpTIj3clgKgsyCTu9GSM5I4DnYwTeFXJsXCrXRIe6DEaqdzgQlmZpsGBDwmcN1FhgKWF31G4O36Dj3zyAUPJjhIaBCLjxwjWHIWCNJlcO4FUg; 4:Uv9DMX4WfdvOoJEV+UXolst47EX/m1bgNDFC3TapFTt4aZCRm2gwUehrwknzFS1Hbk2DAeGTiVUlMUjNYpV6KAwTzOiin2VtFv4nlnBdSXBJD0nX5yaot4UNGw+dvlRyekGOFTCfGQ3pnnCWAj4GHSHFaNzZ46u20DH0Vs3IDKpbJAHcooryLfMqADy7xZmv9needwN6NwzC2tDH9HyOYp2bBmsCGpkp7NNMM7R0Zg8GdJ0rnk5uSWpRWC2WGofDgD/vYIecwHjOz6erytlgkUL+wh0SYzAUayfwkxUMKfuM/tuOOuYymcCqqwC7WJa3brQORl+reYQB1Usn7fQJ3g== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(100000703101)(100105400095)(93006095)(93001095)(3002001)(10201501046)(6055026)(6041248)(20161123562025)(20161123558100)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:BY2PR12MB0147; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:BY2PR12MB0147; X-Forefront-PRVS: 0457F11EAF X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6009001)(39860400002)(376002)(346002)(5423002)(199003)(189002)(6666003)(54906003)(66066001)(23676002)(16526018)(966005)(68736007)(189998001)(33646002)(2361001)(5660300001)(316002)(4326008)(478600001)(36756003)(50466002)(47776003)(8936002)(6486002)(53936002)(101416001)(8676002)(305945005)(105586002)(81156014)(50986999)(106356001)(2870700001)(1076002)(6306002)(2906002)(7736002)(50226002)(97736004)(2351001)(3846002)(25786009)(81166006)(76176999)(6916009)(6116002)(53416004)(2950100002)(86362001)(134885004); DIR:OUT; SFP:1101; SCL:1; SRVR:BY2PR12MB0147; H:ubuntu-010236106000.amd.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; Received-SPF: None (protection.outlook.com: amd.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCWTJQUjEyTUIwMTQ3OzIzOkVwYmVRLzB6VEtnU21Sd3ArQ2RkN21Vby9j?= =?utf-8?B?ak5UT1FVQkRoT1kyOGFObnA3THMvWTlDQkg3WFZqbmZZZ2NuUnJNM1M1Zi9s?= =?utf-8?B?VS93MXJ2RzJGM2pyYW9YazVWWExmNk5ZbStjSmtZcGYzS2pMSU96dlVGQWF5?= =?utf-8?B?b3NVMlVzOEJQOTFlYTA1VUJkRVMrdzR4TVdzczhXWEhnMmxqM1dlMXlneUkv?= =?utf-8?B?THAxUS94eG5lby83a21QQTlwY1NRMXI3Y1NZNmJ4TVNvVHBHT2hHMjdJTnpB?= =?utf-8?B?NmRVbndyOTNJbEg3enRDaVdEM2RYcEVtV2lqVGs3V1ZhNEJ1RmNOb0NnUlpp?= =?utf-8?B?VlFKY3c0d2xTZEtkRVRqdCs3SVdqQmpCcmlHdUltT0pNTDhsc3l0NGdUY05m?= =?utf-8?B?ZkJ0SHdiSGpROWg5VW5vYWhnTERSaWc5WW1sTjVnNG91ajlHV3RZc043Qld1?= =?utf-8?B?Y2xhMW1pdUtReVgvRHYxTkFjYThweTAzaUUxSjZnWGxpVzZyd0xMZzFWOXhi?= =?utf-8?B?aXI0TlZNTXBQU0NCQVd6TFcwZUNhTnZsbjc3R0ZFSGF4SzVwbzJvb1ZZdjVY?= =?utf-8?B?NUZndWM3QktDRXAzS0wrV0JyTzFTTzdSQU5RWTZXMU1SQkdmRzZOdG10R0Zi?= =?utf-8?B?cVhnS1lFUW1FNlRxNXEyYkZmK1NRMzJRUmNVQkhDWjJmVHBiNURRbmZNZVAv?= =?utf-8?B?bXBaNEdFR1JhVGs3S1JIU0tNbFdlc2FrODJpbDZsQTJGNFZpekx4bFYvc3Nq?= =?utf-8?B?cGpKcGVJeSs1UlExWnNWdnZSelIwVWtFcEdCc2p5TWtKVCs3clpOUE94MmtG?= =?utf-8?B?UUM5VTFsRTkzQWRmN3NTSXI1OUxJY2Nmc09oSWpJWnpTNVNHWGdKUWhXbmt5?= =?utf-8?B?UG9CRWNuZU5FdGhhcElmQWxNY3o5TGg5Z3V4UnV1d3ozYStlUjZFYlNaSWk4?= =?utf-8?B?NDM5N1lnS1pPUXFOaVYvazJUZ1lmTkdaS0tBN3JLSzlZMnhkTDJITzV5K0FP?= =?utf-8?B?L1dXeXFRbER4SS9OSEUwZklVQzI2dDhaZVB6dlVLazdHaEtjbVZlSUNSS2du?= =?utf-8?B?eEF0VFhiblRJTlh1TlNkdFkvQ1BNczN1OVdINW5Bb0dmLzhlMFFuUklSdlhX?= =?utf-8?B?Tk1CZGtJYytOU1Y5VTVoYnhFZlgwUG9OT1NLN1BPdTVsdWsxSmI5eE9JbElU?= =?utf-8?B?T0VJV0tEQ2w3QnRzZUtHMzZDU21IWHI3cG5rQmF0RnJEMUNzaHpSVDErREVD?= =?utf-8?B?bTl0MTczdno4bi9mWmsvRDdjMU1SOWlPSmJjNHJtWGIzZy94dW5JZDVHNkNa?= =?utf-8?B?dE1KMzBmZHRCTEFPbFkwOFZPcDFGcGVheEhObGM0MjBlamE4WUFiZVFPRWRu?= =?utf-8?B?aHNGRllJdGs2TWhGd2p2K3B6QXBzU1Q0QVR1VHNVV1I4UVB3aGJNMGlSZzQr?= =?utf-8?B?UEIrS3pQd01oYnp0c2tXK1ZRQlZ1eUpWUDF5RUM0V0kzQlNMVkFQTm9obGJ3?= =?utf-8?B?ZkYwb2tOZmZrOVZINDZ6aWpXdU9qY1pKK0xFUzNnejZ4Y3VhK3FBY1ZqckRZ?= =?utf-8?B?Mk9BMkdZUHZYM21UTDNNZlhXVXVINTlyRkFzRnFLOWR1NlRON2VjNURBaWIr?= =?utf-8?Q?cYc/SPmhIkhJtsvxaNUP?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0147; 6:D1HFK3IRPdFMhSIO/wuZDZm6B+ef43VvO3lw3eA5T5o7WJfrDcLAwUnQzLSakBsRMvRT34ik7BEa0kf0Aj25FXZ1WcKdAPwEmnb2zpRI9zS99O+3j0X3gVNW3Zyowv1YskSZhW1gsDSI0tUhjMcE5tBwyo2lrx65Jp4THG0K+UQZcK6iFl/uYJUqgUC97nl2r4FtDRIltOXuST239sfCCBPpS5D4FiqDcWad9aDHIKuIGMlYnQsbDI7Ffu3luI9+cvAHvaiJYN7tA9eeIxXC9uRHNp9dwR5IFMo7XunDexC0eoTwtPQDfsjMdv8NuBzCibOn1j5cBQTeikqONJSZhQ==; 5:4LSNgraGPoi3bNhHwRdMHrvkB5pgbxwBqQcTzeL8QHDbqhGAGDslMdj0WhT997fMCr5mxiyMUztg1ARMCbKwS8ocEwPQnmxu7hDXp1GJSmXXKppVCJKX/fa7w1pktwaZ6sjIKCo8s3V3YYj4SYiOATI1sig+vW/0ONHZ9kk6Yyo=; 24:L04LreNNNhqAWA+/ByTvQWzZX298fkgJmTPa1ubBRr51sId1bIc9vz6fCZOsiijurjkuC52bl4nPPzBRpmnABGLHEnoRsMPmTBDXGVvpj6M=; 7:kn4DZA8lKqHVzbM7F8ZRl8fDV5sTzo/p8hyR/bJ3QwhuyOXCQfRHGCRWW18G9djocs2dpiUp20rSrXDahGMBD8ij7GjOyt3J/+5019KewG04x0/DdyFPtEJ/T8k5kO/dfG5TBwS0TjWyrj6XrFlY6YjPX1hvuaVX9SByiUbt4R6iaTfy2L1oxmU6/K0ohbm3ZSYbTsY07Wf9bAxbWM0jEJU62jn1iTkw+V2fhv29EaQ= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1; BY2PR12MB0147; 20:sLu3o3TgfgIL/gs6x3enFlYV5uwVUKyCt95bofrjPdb/NwnNX6qhya+fDLcB/YvV6IIt0HAaK7Udm6B1Coe5zaYrJDThc0TahUPyCW0J134au+ow4oKEWWp5u8gNJ8G09r1JHCilbFt+79gmpvliVuX8yV6XzmP4ymu8a91BS81vn9PCmNvY4Kl1KQVZRoQJW/MPFSESYUsMq4FuYJ++I0K5n9+JGgwhUWTmKTqmvAUJhCCupWRYi3dgeBP/ey3z X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Oct 2017 16:50:41.4200 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR12MB0147 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP AMD's new Secure Encrypted Virtualization (SEV) feature allows the memory contents of virtual machines to be transparently encrypted with a key unique to the VM. The programming and management of the encryption keys are handled by the AMD Secure Processor (AMD-SP) which exposes the commands for these tasks. The complete spec is available at: http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf Extend the AMD-SP driver to provide the following support: - an in-kernel API to communicate with the SEV firmware. The API can be used by the hypervisor to create encryption context for a SEV guest. - a userspace IOCTL to manage the platform certificates. Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Borislav Petkov Cc: Herbert Xu Cc: Gary Hook Cc: Tom Lendacky Cc: linux-crypto@vger.kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Improvements-by: Borislav Petkov Signed-off-by: Brijesh Singh --- Make it as a second patch in the series (changes from 12.1 -> 12.2) Changes since v5.1: * text streamlining (from Boris) * rename sev_handle_cmd -> sev_do_cmd (from Boris) * PSP_P2CMSG needs arg eval (from Boris) * use #ifdef instead of #if defined() (from Boris) drivers/crypto/ccp/psp-dev.c | 251 +++++++++++++++++++++++++++++++++++++++++++ drivers/crypto/ccp/psp-dev.h | 16 +++ include/linux/psp-sev.h | 159 +++++++++++++++++++++++++++ 3 files changed, 426 insertions(+) diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index b5789f878560..175cb3c3b8ef 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -23,9 +23,16 @@ #include #include +#include + #include "sp-dev.h" #include "psp-dev.h" +#define DEVICE_NAME "sev" + +static DEFINE_MUTEX(sev_cmd_mutex); +static bool sev_fops_registered; + static struct psp_device *psp_alloc_struct(struct sp_device *sp) { struct device *dev = sp->dev; @@ -45,9 +52,246 @@ static struct psp_device *psp_alloc_struct(struct sp_device *sp) static irqreturn_t psp_irq_handler(int irq, void *data) { + struct psp_device *psp = data; + unsigned int status; + int reg; + + /* Read the interrupt status: */ + status = ioread32(psp->io_regs + PSP_P2CMSG_INTSTS); + + /* Check if it is command completion: */ + if (!(status & BIT(PSP_CMD_COMPLETE_REG))) + goto done; + + /* Check if it is SEV command completion: */ + reg = ioread32(psp->io_regs + PSP_CMDRESP); + if (reg & PSP_CMDRESP_RESP) { + psp->sev_int_rcvd = 1; + wake_up(&psp->sev_int_queue); + } + +done: + /* Clear the interrupt status by writing the same value we read. */ + iowrite32(status, psp->io_regs + PSP_P2CMSG_INTSTS); + return IRQ_HANDLED; } +static int sev_wait_cmd_ioc(struct psp_device *psp, unsigned int *reg) +{ + psp->sev_int_rcvd = 0; + + wait_event(psp->sev_int_queue, psp->sev_int_rcvd); + *reg = ioread32(psp->io_regs + PSP_CMDRESP); + + return 0; +} + +static int sev_cmd_buffer_len(int cmd) +{ + switch (cmd) { + case SEV_CMD_INIT: return sizeof(struct sev_data_init); + case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_data_status); + case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr); + case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import); + case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export); + case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start); + case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data); + case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa); + case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish); + case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure); + case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate); + case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate); + case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission); + case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status); + case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg); + case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg); + case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start); + case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data); + case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa); + case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish); + case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start); + case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish); + case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data); + case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa); + case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret); + default: return 0; + } + + return 0; +} + +static int sev_do_cmd(int cmd, void *data, int *psp_ret) +{ + unsigned int phys_lsb, phys_msb; + struct psp_device *psp; + unsigned int reg, ret; + struct sp_device *sp; + + sp = sp_get_psp_master_device(); + if (!sp) + return -ENODEV; + + psp = sp->psp_data; + if (!psp) + return -ENODEV; + + /* Get the physical address of the command buffer */ + phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0; + phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0; + + dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x\n", + cmd, phys_msb, phys_lsb); + + print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data, + sev_cmd_buffer_len(cmd), false); + + /* Only one command at a time... */ + mutex_lock(&sev_cmd_mutex); + + iowrite32(phys_lsb, psp->io_regs + PSP_CMDBUFF_ADDR_LO); + iowrite32(phys_msb, psp->io_regs + PSP_CMDBUFF_ADDR_HI); + + reg = cmd; + reg <<= PSP_CMDRESP_CMD_SHIFT; + reg |= PSP_CMDRESP_IOC; + iowrite32(reg, psp->io_regs + PSP_CMDRESP); + + ret = sev_wait_cmd_ioc(psp, ®); + if (ret) + goto unlock; + + if (psp_ret) + *psp_ret = reg & PSP_CMDRESP_ERR_MASK; + + if (reg & PSP_CMDRESP_ERR_MASK) { + dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n", + cmd, reg & PSP_CMDRESP_ERR_MASK); + ret = -EIO; + } + +unlock: + mutex_unlock(&sev_cmd_mutex); + print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data, + sev_cmd_buffer_len(cmd), false); + return ret; +} + +static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) +{ + return -ENOTTY; +} + +static const struct file_operations sev_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = sev_ioctl, +}; + +int sev_platform_init(struct sev_data_init *data, int *error) +{ + return sev_do_cmd(SEV_CMD_INIT, data, error); +} +EXPORT_SYMBOL_GPL(sev_platform_init); + +int sev_platform_shutdown(int *error) +{ + return sev_do_cmd(SEV_CMD_SHUTDOWN, 0, error); +} +EXPORT_SYMBOL_GPL(sev_platform_shutdown); + +int sev_platform_status(struct sev_data_status *data, int *error) +{ + return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error); +} +EXPORT_SYMBOL_GPL(sev_platform_status); + +int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd, + void *data, int *error) +{ + if (!filep || filep->f_op != &sev_fops) + return -EBADF; + + return sev_do_cmd(cmd, data, error); +} +EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user); + +int sev_guest_deactivate(struct sev_data_deactivate *data, int *error) +{ + return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_deactivate); + +int sev_guest_activate(struct sev_data_activate *data, int *error) +{ + return sev_do_cmd(SEV_CMD_ACTIVATE, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_activate); + +int sev_guest_decommission(struct sev_data_decommission *data, int *error) +{ + return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error); +} +EXPORT_SYMBOL_GPL(sev_guest_decommission); + +int sev_guest_df_flush(int *error) +{ + return sev_do_cmd(SEV_CMD_DF_FLUSH, 0, error); +} +EXPORT_SYMBOL_GPL(sev_guest_df_flush); + +static int sev_ops_init(struct psp_device *psp) +{ + struct device *dev = psp->dev; + struct miscdevice *misc; + int ret; + + /* + * SEV feature support can be detected on multiple devices but the SEV + * FW commands must be issued on the master. During probe, we do not + * know the master hence we create /dev/sev on the first device probe. + * sev_do_cmd() finds the right master device to which to issue the + * command to the firmware. + */ + if (!sev_fops_registered) { + + misc = devm_kzalloc(dev, sizeof(*misc), GFP_KERNEL); + if (!misc) + return -ENOMEM; + + misc->minor = MISC_DYNAMIC_MINOR; + misc->name = DEVICE_NAME; + misc->fops = &sev_fops; + + ret = misc_register(misc); + if (ret) + return ret; + + sev_fops_registered = true; + psp->sev_misc = misc; + init_waitqueue_head(&psp->sev_int_queue); + dev_info(dev, "registered SEV device\n"); + } + + return 0; +} + +static int sev_init(struct psp_device *psp) +{ + /* Check if device supports SEV feature */ + if (!(ioread32(psp->io_regs + PSP_FEATURE_REG) & 1)) { + dev_dbg(psp->dev, "device does not support SEV\n"); + return 1; + } + + return sev_ops_init(psp); +} + +static void sev_exit(struct psp_device *psp) +{ + if (psp->sev_misc) + misc_deregister(psp->sev_misc); +} + int psp_dev_init(struct sp_device *sp) { struct device *dev = sp->dev; @@ -84,11 +328,17 @@ int psp_dev_init(struct sp_device *sp) if (sp->set_psp_master_device) sp->set_psp_master_device(sp); + ret = sev_init(psp); + if (ret) + goto e_irq; + /* Enable interrupt */ iowrite32(-1, psp->io_regs + PSP_P2CMSG_INTEN); return 0; +e_irq: + sp_free_psp_irq(psp->sp, psp); e_err: sp->psp_data = NULL; @@ -101,5 +351,6 @@ void psp_dev_destroy(struct sp_device *sp) { struct psp_device *psp = sp->psp_data; + sev_exit(psp); sp_free_psp_irq(sp, psp); } diff --git a/drivers/crypto/ccp/psp-dev.h b/drivers/crypto/ccp/psp-dev.h index 55b7808367c3..7a781ec20684 100644 --- a/drivers/crypto/ccp/psp-dev.h +++ b/drivers/crypto/ccp/psp-dev.h @@ -25,9 +25,21 @@ #include #include #include +#include +#include #include "sp-dev.h" +#define PSP_C2PMSG(_num) ((_num) << 2) +#define PSP_CMDRESP PSP_C2PMSG(32) +#define PSP_CMDBUFF_ADDR_LO PSP_C2PMSG(56) +#define PSP_CMDBUFF_ADDR_HI PSP_C2PMSG(57) +#define PSP_FEATURE_REG PSP_C2PMSG(63) + +#define PSP_P2CMSG(_num) ((_num) << 2) +#define PSP_CMD_COMPLETE_REG 1 +#define PSP_CMD_COMPLETE PSP_P2CMSG(PSP_CMD_COMPLETE_REG) + #define PSP_P2CMSG_INTEN 0x0110 #define PSP_P2CMSG_INTSTS 0x0114 @@ -54,6 +66,10 @@ struct psp_device { struct sp_device *sp; void __iomem *io_regs; + + unsigned int sev_int_rcvd; + wait_queue_head_t sev_int_queue; + struct miscdevice *sev_misc; }; #endif /* __PSP_DEV_H */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 496375d7f6a9..5d562d49deac 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -512,4 +512,163 @@ struct sev_data_dbg { u32 len; /* In */ } __packed; +#ifdef CONFIG_CRYPTO_DEV_SP_PSP + +/** + * sev_platform_init - perform SEV INIT command + * + * @init: sev_data_init structure to be processed + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_platform_init(struct sev_data_init *init, int *error); + +/** + * sev_platform_shutdown - perform SEV SHUTDOWN command + * + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_platform_shutdown(int *error); + +/** + * sev_platform_status - perform SEV PLATFORM_STATUS command + * + * @init: sev_data_status structure to be processed + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + */ +int sev_platform_status(struct sev_data_status *status, int *error); + +/** + * sev_issue_cmd_external_user - issue SEV command by other driver with a file + * handle. + * + * This function can be used by other drivers to issue a SEV command on + * behalf of userspace. The caller must pass a valid SEV file descriptor + * so that we know that it has access to SEV device. + * + * @filep - SEV device file pointer + * @cmd - command to issue + * @data - command buffer + * @error: SEV command return code + * + * Returns: + * 0 if the SEV successfully processed the command + * -%ENODEV if the SEV device is not available + * -%ENOTSUPP if the SEV does not support SEV + * -%ETIMEDOUT if the SEV command timed out + * -%EIO if the SEV returned a non-zero return code + * -%EINVAL if the SEV file descriptor is not valid + */ +int sev_issue_cmd_external_user(struct file *filep, unsigned int id, + void *data, int *error); + +/** + * sev_guest_deactivate - perform SEV DEACTIVATE command + * + * @deactivate: sev_data_deactivate structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_deactivate(struct sev_data_deactivate *data, int *error); + +/** + * sev_guest_activate - perform SEV ACTIVATE command + * + * @activate: sev_data_activate structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_activate(struct sev_data_activate *data, int *error); + +/** + * sev_guest_df_flush - perform SEV DF_FLUSH command + * + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_df_flush(int *error); + +/** + * sev_guest_decommission - perform SEV DECOMMISSION command + * + * @decommission: sev_data_decommission structure to be processed + * @sev_ret: sev command return code + * + * Returns: + * 0 if the sev successfully processed the command + * -%ENODEV if the sev device is not available + * -%ENOTSUPP if the sev does not support SEV + * -%ETIMEDOUT if the sev command timed out + * -%EIO if the sev returned a non-zero return code + */ +int sev_guest_decommission(struct sev_data_decommission *data, int *error); + +#else /* !CONFIG_CRYPTO_DEV_SP_PSP */ + +static inline int +sev_platform_status(struct sev_data_status *status, int *error) { return -ENODEV; } + +static inline int +sev_platform_init(struct sev_data_init *init, int *error) { return -ENODEV; } + +static inline int sev_platform_shutdown(int *error) { return -ENODEV; } + +static inline int +sev_guest_deactivate(struct sev_data_deactivate *data, int *error) { return -ENODEV; } + +static inline int +sev_guest_decommission(struct sev_data_decommission *data, int *error) { return -ENODEV; } + +static inline int +sev_guest_activate(struct sev_data_activate *data, int *error) { return -ENODEV; } + +static inline int sev_guest_df_flush(int *error) { return -ENODEV; } + +static inline int +sev_issue_cmd_external_user(struct file *filep, + unsigned int id, void *data, int *error) +{ + return -ENODEV; +} + +#endif /* CONFIG_CRYPTO_DEV_SP_PSP */ + #endif /* __PSP_SEV_H__ */