From patchwork Mon Nov  6 18:11:10 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Brijesh Singh <brijesh.singh@amd.com>
X-Patchwork-Id: 10043987
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	1D8BB603FF for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon,  6 Nov 2017 18:12:43 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1417029F53
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon,  6 Nov 2017 18:12:43 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 08F9929F5B; Mon,  6 Nov 2017 18:12:43 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B82829F53
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Mon,  6 Nov 2017 18:12:42 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932738AbdKFSMh (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Mon, 6 Nov 2017 13:12:37 -0500
Received: from mail-dm3nam03on0078.outbound.protection.outlook.com
	([104.47.41.78]:9872
	"EHLO NAM03-DM3-obe.outbound.protection.outlook.com"
	rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
	id S932704AbdKFSMb (ORCPT <rfc822;linux-crypto@vger.kernel.org>);
	Mon, 6 Nov 2017 13:12:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=amdcloud.onmicrosoft.com; s=selector1-amd-com;
	h=From:Date:Subject:Message-ID:Content-Type:MIME-Version;
	bh=lGu8BkU2UKkeGFcOoNlFbpQvD7yqASwQY8CDr6KO0HU=;
	b=CHpNJ1uMDw/uZ42oBNSeU78pWb9KJUJcSnOAKV2xSVIzDiEXzX800nCRfXO/sQCcpEWKY9ILYyesKi7yklkn4mGatqJS6CMmGasJIxnu4DGhgiHDyTTG7QTl/wTfWMmItWNavfXO4dskp3RySAq+vPcS+VCk4wFkEMVFI8+v8NM=
Authentication-Results: spf=none (sender IP is )
	smtp.mailfrom=brijesh.singh@amd.com;
Received: from wsp141597wss.amd.com (165.204.78.1) by
	SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146) with Microsoft
	SMTP Server (version=TLS1_2,
	cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id
	15.20.197.13; Mon, 6 Nov 2017 18:12:17 +0000
From: Brijesh Singh <brijesh.singh@amd.com>
To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: bp@alien8.de, Brijesh Singh <brijesh.singh@amd.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	=?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= <rkrcmar@redhat.com>,
	Borislav Petkov <bp@suse.de>, Herbert Xu <herbert@gondor.apana.org.au>,
	Gary Hook <gary.hook@amd.com>, Tom Lendacky <thomas.lendacky@amd.com>,
	linux-crypto@vger.kernel.org
Subject: [Part2 PATCH v8 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl
	command
Date: Mon,  6 Nov 2017 12:11:10 -0600
Message-Id: <20171106181130.68491-19-brijesh.singh@amd.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20171106181130.68491-1-brijesh.singh@amd.com>
References: <20171106181130.68491-1-brijesh.singh@amd.com>
MIME-Version: 1.0
X-Originating-IP: [165.204.78.1]
X-ClientProxiedBy: BN6PR10CA0031.namprd10.prod.outlook.com (10.175.102.145)
	To SN1PR12MB0159.namprd12.prod.outlook.com (10.162.3.146)
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: c6a98c54-0ad2-44e1-0a02-08d52541eae0
X-MS-Office365-Filtering-HT: Tenant
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0;
	RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603199);
	SRVR:SN1PR12MB0159;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159;
	3:U0Nf69FFTuB6kSTq0JR37cQgfTy7nQzh3Z/JcuYzX2DkOAiVV82/+6woJRogbhP17nzYukOSuyoutXY4CNk+O5yg8DNEHyiShg0FV8vOWMHi3+p2HPx0lhjtuKZ9sTeBIIhqBngl1w6GOOO1tYAnCrqQB+nMyyeY9TctRopZprOFUpVPEA+yXgYAeW14synstLToVQ29hhKfWWzZt92iyQ3pY8g3Ts4zLslMR+w9xpa2PKfqn5c54hA3xagDKjFP;
	25:/Jn+/Wrjhtn+n3zmjMyutppBxEWp8KsUhMlFv6ya9ThduxGXY4pkvRTmDvDgrh6DKopso7DodjRtx9gMQfqXzEMd7mU1Z9X179UARekiz9SSuzkcQIuJ4HTz53QwggCOzRF2oscm4P86JIsXwP2YPQg3to1V+BA6YMSXN5Ab6GgEcfuvxyj6ji4VI/HZ0x3TMeuoeBmp/dfHPZ6L+gGzZ148CQAp0PFDGyOwODX8ngUH6yohkOnRRa+kaXUX5D0j0ps5mYdAt2rszAl8p+kabDRLegsfkFHjgYpfGtfelFmexLXgI1TZxSpzbGzLrM+uB1NgWSkMQJSZgi8uFzuyTA==;
	31:sJot2FQ5O52sSBmdI6p4anTGlpfV3Mk06qYxNhEbTvstP5iBOVG9Kb9Sg3sjjPjA71ME8Q08nPobR5/bAvV2VZXWMo3oUs0vVls1biiCvN2eu9BH+Irapxcg5b4cs/5MxQOZ6RPdOEsqVfClr+JxgfkukDnjGISgpopV7IZcFrSSHpTNZIJ5Xz9qutdlHzVv5GrSbq93hQFhC3Y7J7kRz1dHGfIiFVxUmCfrQ59qPNc=
X-MS-TrafficTypeDiagnostic: SN1PR12MB0159:
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159;
	20:d6roNaD6Vx3hhi0WeG0Fm5lja7Pd+x+K+BkSbyAnLR1VIFo2bGHDO1s5fMgFoZ2QhDBPUK+MvC3QPd8gdj+5CoN9iYihKIWHjUIht3n8nDWqphhpWk/0rDcbgMJ/Z1yn9oVuqqYb0l9YiKDh9qL0fhIcbgw1uM522TR4Zjlb0xKq5W9QEUmJqF4FQCXMMUt+NfipHYAcE7W4cyB6JhWiRK4x0hho5NLiPXyjmnrTZgxxEFskhXullSkGXF0dZ3E9FChPWGJtBDEpRwz2yNBiWGDovTVgrMWBW5B15TteO8d6oEhJ7hH74urQHhCVbtgXmftE87qd2RDXercLVSizkkeOUavJkpKbZQjLQN0CnmSndgnhQK0YMLDKdUayecqdRsmsXL+ZCHCKn+QMu7M46v9fYsxlX34RzYDKLdfm0FjHgQ6dEhCOyz8twvwVVwjLRztjQEsTrW7f28XnZwLPncPPp5b2YLPJoooKHDqg7RCvxMyK+yLcjwH4KWb2MVrl;
	4:/zQBbcXmrY0VBtLV+GNyFviO9EiV4TcWcECYvsY0hWp0k4fHMVgK+P6rhrmqRqhoo4FadIT9OTHbiVSdERBb2FuuOtkfB0OYhNti2Qnsw2F1b93FCfDV9pn3Lh7y6Z38/WnoMsyEp6GRrc8UUwjbCnqIFWxZTTsBc0Sa6YNiv1nvBjjLZksj8tVFglJATZWh/2qGDe5c7fElWzFd5X8HmbmVv8/JIL/zCkuEiI5iS/wS6JKAJaz4K7xejAd0JY9UfLtmb3wiPVsX9hCrZ0U/LjBrQ7J6fNA3WLExh5Kg65wetkd3SaJkAfuYsMootgoBMVeM+9+Ki/WqHemgU7UJmA==
X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110);
X-Microsoft-Antispam-PRVS: 
 <SN1PR12MB01595A29A6F00A576B521AADE5500@SN1PR12MB0159.namprd12.prod.outlook.com>
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0;
	RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(3231021)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(20161123564025)(20161123562025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);
	SRVR:SN1PR12MB0159; BCL:0; PCL:0;
	RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);
	SRVR:SN1PR12MB0159;
X-Forefront-PRVS: 048396AFA0
X-Forefront-Antispam-Report: SFV:NSPM;
	SFS:(10009020)(6009001)(346002)(376002)(39860400002)(189002)(199003)(68736007)(97736004)(4326008)(316002)(16526018)(54906003)(7736002)(8936002)(2906002)(81166006)(81156014)(25786009)(53936002)(8676002)(2870700001)(1076002)(6116002)(575784001)(23676003)(50226002)(189998001)(305945005)(86362001)(3846002)(50466002)(33646002)(66066001)(36756003)(53416004)(47776003)(5660300001)(76176999)(478600001)(6486002)(105586002)(50986999)(2950100002)(101416001)(106356001)(6666003);
	DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR12MB0159;
	H:wsp141597wss.amd.com; FPR:; SPF:None; PTR:InfoNoRecords;
	MX:1; A:1; LANG:en;
Received-SPF: None (protection.outlook.com: amd.com does not designate
	permitted sender hosts)
X-Microsoft-Exchange-Diagnostics: 
 =?utf-8?B?MTtTTjFQUjEyTUIwMTU5OzIzOmJpQmRkd2E1TmxkK2JndzdKdEZnTDViWjVu?=
	=?utf-8?B?NlN3bXB5VWEraEpoMXRwOVBQbFQ3UXh1cVYxc2QvQ0ZVVEJuOENDVkhSOXlQ?=
	=?utf-8?B?NTRNaGpCN1czZ29pNU41THM3R08yT2d4MWVTOHUzK21xTmwvaHJDT1NMVjhj?=
	=?utf-8?B?RUt3RnJNTU5qYWNnemRMejVoZVo5eDZ3TkN3WGxqYk9Bb285SDdJNWs0dGU5?=
	=?utf-8?B?MFpzZGNaWSsxTE1WMkduNW5JcnlEZHFVZ1B0L3UyNW9ENExWQ2dubGc2SklO?=
	=?utf-8?B?Z1BMTFMyVTB4WTNZdWlSMWdBVjgrYU4wZW1IQ0FpTVlMK2lTNGtIODFBcmFv?=
	=?utf-8?B?YmVicmpvcUVuWUJhMDVpaENvdndhVHdqcC85Y3E3T0ZTaDM3V28xMG1wSy9u?=
	=?utf-8?B?REdQWmsvaVdMUVdGOGVBZEJ1d1F2Njh4SkdaMEV3QndwUDR1bTdzUmcxY2pv?=
	=?utf-8?B?TDE0VlI4NExJMmtQWGRieU4yeUZZc3hIVnBmT0prK1FiTVVBYk5LVHRNMURt?=
	=?utf-8?B?M2dYdTN1REU2aGpaNmJ2dlpPbW9qMnZzandnaENwM0JERWNhNlZ1TWlxZ3Vi?=
	=?utf-8?B?SGRSN3hrMFZoZGVFMk5uRTYwZ2RIdmpwUEUvRU9BMTg5NTYxS3RmaXIvYnRO?=
	=?utf-8?B?NmttQVd2UUNXWUppMlJIUmNtQW1PSXF6TG1PaWRoRnM5VVF3VGFQMnoyT2xP?=
	=?utf-8?B?MjlGYkc4NE1NS1VYMTQ1MExlR1Y0TTl6elZTVlpac2FCSVhPYTlUY2txcHZ4?=
	=?utf-8?B?blp2SFBESmNkdmtmbHpyTG1MVUQzc0hJeCt4cDRTeUxCR2diTStGNXhCMnh4?=
	=?utf-8?B?dDhKRzdSQTEyeFBiMXoyUTljanh3anFpUm1odTN5dHRhNk1pbk5Bd0tXQ3Jx?=
	=?utf-8?B?YlE0bDl2V3VRUnRkeC8rVTNmN0h1QVVXVzNBcHd6V0RJb3doZ21zR0ZyTW5h?=
	=?utf-8?B?K1ljbzlDQ1BQNUhMbXJ3OTVOcDg1S1R0M0pXN1UyU2FkT1ZEMzRRUEx6RGtL?=
	=?utf-8?B?WktkSExUcllFZE0zTmluclJqMCtmUGNITkJQMzZub05UbldEY29jVFFlU2hi?=
	=?utf-8?B?ejhmSHhIb2o3RkNJdDBBblEvSmZscjZKTFdHWHlBZVlxZUdkM0dObGhPanU1?=
	=?utf-8?B?NEdGWUFweFBiQmJERG1kcUl1MEtqRVBUbHpINmVTQ0l0UXo0cVlwSzQ4L1dt?=
	=?utf-8?B?eHJlenZ1SElUUUY1cTRjY0Zxa0VLdDFlS3JIWCtGMDFONjY5NlZZOGZLNUow?=
	=?utf-8?B?QUFNbVkweHkwT3RtQnNZUlhUTVNGVFVlYVFlaXRyWlVPNkRKWmM1NjUrVmwr?=
	=?utf-8?B?R0I2VHM3aDdqM3RHekhHYlNYczJCWHEvVldHTHphdTBpLytsMFNjZjRtQXU5?=
	=?utf-8?B?bnJ5M1hCTVBaZUJQWE16RWNxVGtlNEtQWUZkV0ZrV2xKb3FwaWpyVWhzYTZm?=
	=?utf-8?B?QU5RdTl5NjNPTEJvRHJxQTQ1YWF0R2I0dTdBZG9BTlR0NlgyM2RmUzlxR3hM?=
	=?utf-8?B?WEpudz09?=
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159;
	6:Dy19j9KChziBKiW2Sja7Gs8rD5Bu3nCO+7Dq0w+UCMu8v/MeJyGGH/BnygZGI0s1W5rLyciMOnKLdVs9hAJ38/WAt1VpUuKcqp/4uuNIV0YCA4R2BQl0x7pncBnqRlLnACSrAEbT+4ZrS2Bg8AtpZBHF7KoDv0oxG/YVCnNUQiFozz7iu7+dkAp36Z0Zd85OVWERBcI1S/l8t/HYYYEzKpKKP0QU6E3xtuCrKL3B0CJTmEi5vSZUkMr2GLfhaLmuUuuxj6rgXUj2QFDpJAEvZuvQ5HV4YnoouEJyR7QVVL+g0vNOhiMgJC1m+6uFhoMFhK+BBjmTD/h/cdALlJa7ZYhVePQrtwhIkxVTQQyMUHA=;
	5:UxB8aefc7bYWbbBbiNSd76mygizDk8AFeIOe6jTQw3u+Q1Jr2VmWlX3F3UXkdAyZciKPnP894Pu2MdaqyKRqiOmICW72b9+q+z2VlrG6vz0rUGmSf1E1Sh5N+ZszpULoQumoTVeUQwXq0mr9cJaoDQUClqZaSys8zeq6Xn2LXqM=;
	24:6o64xXLEXEwBvRpkm9d1XOJXRtFfOYfeRoRZTboebHNBnOua8JgV7cxSmOtvrUlMRBObpyI2VMkpG2kCd8c49H+yyVDTVTkGgUUCsWuloY4=;
	7:QNcMRT/Q1Uz+eJ8tuqNdBKo2jCJjIwnxznsv3c6NAdhEpP5gnOrm6nyxlBwK/822Aguv4bC1woN/fddCrsgvh9Vmqvul5e0f7eblzZ2yPyXD1x4QBDZgO1PHGAm/diW0eBKy/XsxtbxF1RJnesE4Z2/PeoAcpQGM4p4RRhA7v6mkn/TBm5DERUkWqK56F3bBr29b6BUSY4jSo70FnpazpRrV4TyccP4Mxbw8/oCqiHKa1PKokgf+TFMuZiqNaZxm
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-Microsoft-Exchange-Diagnostics: 1; SN1PR12MB0159;
	20:SL06xQAvzfX3xkG6xeLsvBKi5X+CPAVc3cbxheBtzLyUZdgl9dZcR/YZz3C1WAczJAyBN66/EWcrQhdDTc2ei1ATEPsVBdsTMNRH3fvvTkT0RioLOexzwkKNweF98toARrdDR2wDHmyOF6GXt6Xa1EWX3h+nmLutFAVRoAGB+s0m4q8It48XMWPN07wSLo6Z93gDNAqLejMq983uam7Poh6uJqRn1pOXYuUXiwtM45BVSxUqIImpfvcv4SIlIZ5N
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2017 18:12:17.7696
	(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 c6a98c54-0ad2-44e1-0a02-08d52541eae0
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0159
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: "Radim Krčmář" <rkrcmar@redhat.com>
Cc: Borislav Petkov <bp@suse.de>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: linux-crypto@vger.kernel.org
Cc: kvm@vger.kernel.org
Cc: linux-kernel@vger.kernel.org
Improvements-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Acked-by: Gary R Hook <gary.hook@amd.com>
---
 drivers/crypto/ccp/psp-dev.c | 66 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)

diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index fd3daf0a1176..c3906bbdb69b 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -302,6 +302,69 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
 	return __sev_do_cmd_locked(cmd, 0, &argp->error);
 }
 
+static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
+{
+	struct sev_user_data_pek_csr input;
+	struct sev_data_pek_csr *data;
+	void *blob = NULL;
+	int ret;
+
+	if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
+		return -EFAULT;
+
+	data = kzalloc(sizeof(*data), GFP_KERNEL);
+	if (!data)
+		return -ENOMEM;
+
+	/* userspace wants to query CSR length */
+	if (!input.address || !input.length)
+		goto cmd;
+
+	/* allocate a physically contiguous buffer to store the CSR blob */
+	if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
+	    input.length > SEV_FW_BLOB_MAX_SIZE) {
+		ret = -EFAULT;
+		goto e_free;
+	}
+
+	blob = kmalloc(input.length, GFP_KERNEL);
+	if (!blob) {
+		ret = -ENOMEM;
+		goto e_free;
+	}
+
+	data->address = __psp_pa(blob);
+	data->len = input.length;
+
+cmd:
+	if (psp_master->sev_state == SEV_STATE_UNINIT) {
+		ret = __sev_platform_init_locked(&argp->error);
+		if (ret)
+			goto e_free_blob;
+	}
+
+	ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
+
+	 /* If we query the CSR length, FW responded with expected data. */
+	input.length = data->len;
+
+	if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
+		ret = -EFAULT;
+		goto e_free_blob;
+	}
+
+	if (blob) {
+		if (copy_to_user((void __user *)input.address, blob, input.length))
+			ret = -EFAULT;
+	}
+
+e_free_blob:
+	kfree(blob);
+e_free:
+	kfree(data);
+	return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
 	void __user *argp = (void __user *)arg;
@@ -336,6 +399,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 	case SEV_PDH_GEN:
 		ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
 		break;
+	case SEV_PEK_CSR:
+		ret = sev_ioctl_do_pek_csr(&input);
+		break;
 	default:
 		ret = -EINVAL;
 		goto out;