From patchwork Fri Aug 23 13:21:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775236 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2056.outbound.protection.outlook.com [40.107.237.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1683F186601; Fri, 23 Aug 2024 13:27:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419664; cv=fail; b=CGXShdPEDnGObAzhYPNyKznUnzPeMGzjscYPtr02LUD5QzlCBHRBQCEZE5D8IKwoK1hJAkNj7+8/U6M6obhpHTQ5HUp1DTHZIn/HpOzEZWmsUk1ummza3GnkeUs8EiqU9cU/gK+u6A1XVl+NH+kGTHx97gbfTA8/uR3mtpO598U= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419664; c=relaxed/simple; bh=wCZkYK1X19TRNlU0ZD+LtT2+hVDfTkEAFW23mMGdFqU=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qyX6W94FHp2wAR+5/nVoCsBA1PcJ2LBzdDjxajWYqmCrVma7nWFG+u78fMVNRyXakic0E22p71Eov38To74EJaxj/tgPLJLyBkfTvVsE7LyPe+bmcEPR+h8GFWYhxGeB3lDQS6x64QvGvTzjrNtKdALvlITBsOOXBCcUc7qmrEA= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=mj6tfmao; arc=fail smtp.client-ip=40.107.237.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="mj6tfmao" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=POp/dYi0PyaNjjOnEr06219QwzePKh+Nr3y4YoY4iNkFvFlWwh/6JqVInIYqOUmtZewFbuUErU8mUSUXOxKEym2pFR2OZHMNmUtQVLJeRlNmknECgzehArdsx+QTxW02qU115N7f4UduFZGpJYwrTCKyRilHb53JTRJdyT1tJvnBCJQnKM8k/bvvn+ugJb31k8TUQBQ3gD/iqPQbiPgbLCJYj5e4vEPA2Qm0S7dqxl+K60MzcXxruLXK/SjjU68bgvHLVVNFZ9cThYjB/65e7IxxOTM1v9muB2S9YOpOhhZR7VQZtSszeUKx8x5IDigSVgvs0DB6M/YpH/05OHN/CA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4P/rxNsLNVWWgGnBX7xA8uanIeUgEWEzCHRmWBSt3fg=; b=cY7d2wNvurUQmmDgIomD107FEtIy1XGaM/KQA3Y/GpE8BdqhzgCei6mz7+5xODLzn5kM/BajzeY2y6bgT3D8fwmx3yX+xd/NQSyTZKtQ5j5Q5cxiMbVAYT7xa5fl5Xm8x6LL5aUAut50q79emWhqMdB5pl3xMKMHoCKJmXTlDyRG8NfQu+rWg/ZcYqwY21yjx/nlu9UROMwm1CyDtVm4+NQJbFK2l5C/CInF+TJuUbUNhm2vZH9P5VfZrbBLUeAZ7ShQlR+7oobtM635rblrfemVlqpJYaFPpiTiKyeydwSOdRSYhzxIgQ0xvUXKQfj6dQzfZDC3NzGZv6RpbqE/dw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4P/rxNsLNVWWgGnBX7xA8uanIeUgEWEzCHRmWBSt3fg=; b=mj6tfmaoFTV72DtGI3LUgQbM97KkkjyJWi1KPFNYe/tWu0Z5pupjJyHx6IA8aOqPBwmoCPT8XqQwOXkNSZTFb1Lll18vv4ojIoR05CcMb6hhsqoonCIQd/upPESveUiIpnMpICPcuIg3A2B7YOsQRh80I9cWvUYGtvoDk5DM2ik= Received: from CH2PR04CA0021.namprd04.prod.outlook.com (2603:10b6:610:52::31) by DS7PR12MB8290.namprd12.prod.outlook.com (2603:10b6:8:d8::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:27:36 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:52:cafe::2e) by CH2PR04CA0021.outlook.office365.com (2603:10b6:610:52::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:27:36 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:27:36 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:27:31 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 01/21] tsm-report: Rename module to reflect what it does Date: Fri, 23 Aug 2024 23:21:15 +1000 Message-ID: <20240823132137.336874-2-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|DS7PR12MB8290:EE_ X-MS-Office365-Filtering-Correlation-Id: e5335895-cab8-4326-8316-08dcc3775a64 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|1800799024; X-Microsoft-Antispam-Message-Info: HW5CBVnQ9P2lJcbahRnlqMlALXmWW5YV4oUoNLbyRbVty2JWbilOuD8zkP3x46fHeMkMjlGL8jXyvaxJLXsYA0jJ5b0D+TBkCbdt85OjG/WPzC/ChqZhSA61OFLrpvnZerZ9oQd4G2i7YLRl+6PHs2HFw2qn4KJPYbfpngr81DjE384C9xsoOENuMgx4kyg0+QX4F1vOrGqJScBsvOTOSV6/DYAIAhX9AL9sHdHXnwxaaPYaMXkgrKi/60zksdWhKRuOZ3I3LlRS1JTKjHF6cX6wBe5KqMVjAFYMVjox1mlfkJYHr6T7OSVLGjQsC7vs8b8GExjJdT4mU/FP2Q18KvloK5jtHAFZxy+WCPDO+orkMsKDbjxjfHDx/0FwpM7wCZdQZIrHEUH6dho5kXe/z+8/rn/n7osObdboNc6SzJ2SCvG25Yo9m89dYiq+I6PciWZ/RUZXKIkxM+sX/NakAjR9WN3jhyNZ/vfDaOByuB5Uu0n4nE7jfU22PfCQn+HcS39OtaQNBT/hC+57wnxK0G1a27G5CVnyHNiGfM2MfCygSPI/VYPygxQquayyP55o9tn4QUA14H2LdcInxqF3MNMnRWrJFXhzz/useuGOdjg4+T/x0iUNmDmWRS49GHbLY1MGle8NyswbgNpKM+e1JReeVocKqveEDkx9wo/uKgERHIp3cISIdmWOSQqA6Ql+9Tf96rJ6bSO8OMnZbq9BDoEej/lGgOxIivRTWyMcafKQ6rSAC2w6z8seePQ/33EhVTOJpuxeT2eoQDNShamaHOrim2yHpqVEn7FaPC8VIj2DLWxohGMtJhtLKcrirP8Q1kbk1eW6ALp+j0fAWv0RQiBCEUFS9LPcXgGiTmGQNZ8UhdGPfq9bFAhwUAW2dG0zVCvlUwyfdfdSUtWohX8WmKUkieT78Sahz+zb39sNZc9J2SFpN0VkvkW4GyviHrDjYdJmQB5HuQu+wF5qGvs7xN7e5Xyw8K4JZQnONYy5Xn16PVCpwrHluAObLy5v0WZCH84ITzcnfjoQDf/z1MciDHkzbeSgC2mtKMbJi3UIYFpAIQ9Cdw3KfDbvS59paOt9dyEJbQYdKEjaZHcT9Sh4dvDhiJ+jrXwBbBTA62bKpWQJYHlXBkSCJafLik28HwSlg0C1/bNmrPgvuK7Y86hVwe37cuPNTLsvKSOQ+ggnFC5VnSaePKid40wG/CpCDBK4a3KCjDiDEuHSq/xDRDo+gDsvDdPGPGkMwCJdB30auaDVpwiU5Hs+WLGRBdKgsgqgjhQ5Twv1YS9DtWYY5Aw8UuO6ejnxUKlBd/NvKY2eEm/jwZqJr1JYozywd5FmuvbWs+cE1tphhubEPQUa2A5F1bI8TQwz+HBd//eqzFQWyV4tNnk1u2vACDSVL3iR4RPsuU7dgf3Gp+mzSyQP3Nif29namcE9RG38C5Yw4ZvZwOMnno6fIa/r0NcRCfmkhf1e X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:27:36.3735 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e5335895-cab8-4326-8316-08dcc3775a64 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR12MB8290 And release the name for TSM to be used for TDISP-associated code. Suggested-by: Dan Williams Signed-off-by: Alexey Kardashevskiy --- drivers/virt/coco/Makefile | 2 +- include/linux/{tsm.h => tsm-report.h} | 15 ++++++++------- drivers/virt/coco/sev-guest/sev-guest.c | 10 +++++----- drivers/virt/coco/tdx-guest/tdx-guest.c | 8 ++++---- drivers/virt/coco/{tsm.c => tsm-report.c} | 12 ++++++------ MAINTAINERS | 4 ++-- 6 files changed, 26 insertions(+), 25 deletions(-) diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile index 18c1aba5edb7..75defec514f8 100644 --- a/drivers/virt/coco/Makefile +++ b/drivers/virt/coco/Makefile @@ -2,7 +2,7 @@ # # Confidential computing related collateral # -obj-$(CONFIG_TSM_REPORTS) += tsm.o +obj-$(CONFIG_TSM_REPORTS) += tsm-report.o obj-$(CONFIG_EFI_SECRET) += efi_secret/ obj-$(CONFIG_SEV_GUEST) += sev-guest/ obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ diff --git a/include/linux/tsm.h b/include/linux/tsm-report.h similarity index 92% rename from include/linux/tsm.h rename to include/linux/tsm-report.h index 11b0c525be30..4d815358790b 100644 --- a/include/linux/tsm.h +++ b/include/linux/tsm-report.h @@ -1,6 +1,6 @@ /* SPDX-License-Identifier: GPL-2.0 */ -#ifndef __TSM_H -#define __TSM_H +#ifndef __TSM_REPORT_H +#define __TSM_REPORT_H #include #include @@ -88,7 +88,7 @@ enum tsm_bin_attr_index { }; /** - * struct tsm_ops - attributes and operations for tsm instances + * struct tsm_report_ops - attributes and operations for tsm instances * @name: tsm id reflected in /sys/kernel/config/tsm/report/$report/provider * @privlevel_floor: convey base privlevel for nested scenarios * @report_new: Populate @report with the report blob and auxblob @@ -99,7 +99,7 @@ enum tsm_bin_attr_index { * Implementation specific ops, only one is expected to be registered at * a time i.e. only one of "sev-guest", "tdx-guest", etc. */ -struct tsm_ops { +struct tsm_report_ops { const char *name; unsigned int privlevel_floor; int (*report_new)(struct tsm_report *report, void *data); @@ -107,6 +107,7 @@ struct tsm_ops { bool (*report_bin_attr_visible)(int n); }; -int tsm_register(const struct tsm_ops *ops, void *priv); -int tsm_unregister(const struct tsm_ops *ops); -#endif /* __TSM_H */ +int tsm_register(const struct tsm_report_ops *ops, void *priv); +int tsm_unregister(const struct tsm_report_ops *ops); +#endif /* __TSM_REPORT_H */ + diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 6fc7884ea0a1..ecc6176633be 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -16,7 +16,7 @@ #include #include #include -#include +#include #include #include #include @@ -1068,7 +1068,7 @@ static bool sev_report_bin_attr_visible(int n) return false; } -static struct tsm_ops sev_tsm_ops = { +static struct tsm_report_ops sev_tsm_report_ops = { .name = KBUILD_MODNAME, .report_new = sev_report_new, .report_attr_visible = sev_report_attr_visible, @@ -1077,7 +1077,7 @@ static struct tsm_ops sev_tsm_ops = { static void unregister_sev_tsm(void *data) { - tsm_unregister(&sev_tsm_ops); + tsm_unregister(&sev_tsm_report_ops); } static int __init sev_guest_probe(struct platform_device *pdev) @@ -1158,9 +1158,9 @@ static int __init sev_guest_probe(struct platform_device *pdev) snp_dev->input.data_gpa = __pa(snp_dev->certs_data); /* Set the privlevel_floor attribute based on the vmpck_id */ - sev_tsm_ops.privlevel_floor = vmpck_id; + sev_tsm_report_ops.privlevel_floor = vmpck_id; - ret = tsm_register(&sev_tsm_ops, snp_dev); + ret = tsm_register(&sev_tsm_report_ops, snp_dev); if (ret) goto e_free_cert_data; diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c index 2acba56ad42e..221d8b074301 100644 --- a/drivers/virt/coco/tdx-guest/tdx-guest.c +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c @@ -15,7 +15,7 @@ #include #include #include -#include +#include #include #include @@ -300,7 +300,7 @@ static const struct x86_cpu_id tdx_guest_ids[] = { }; MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids); -static const struct tsm_ops tdx_tsm_ops = { +static const struct tsm_report_ops tdx_tsm_report_ops = { .name = KBUILD_MODNAME, .report_new = tdx_report_new, .report_attr_visible = tdx_report_attr_visible, @@ -325,7 +325,7 @@ static int __init tdx_guest_init(void) goto free_misc; } - ret = tsm_register(&tdx_tsm_ops, NULL); + ret = tsm_register(&tdx_tsm_report_ops, NULL); if (ret) goto free_quote; @@ -342,7 +342,7 @@ module_init(tdx_guest_init); static void __exit tdx_guest_exit(void) { - tsm_unregister(&tdx_tsm_ops); + tsm_unregister(&tdx_tsm_report_ops); free_quote_buf(quote_data); misc_deregister(&tdx_misc_dev); } diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm-report.c similarity index 98% rename from drivers/virt/coco/tsm.c rename to drivers/virt/coco/tsm-report.c index 9432d4e303f1..753ba2477f52 100644 --- a/drivers/virt/coco/tsm.c +++ b/drivers/virt/coco/tsm-report.c @@ -3,7 +3,7 @@ #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt -#include +#include #include #include #include @@ -13,7 +13,7 @@ #include static struct tsm_provider { - const struct tsm_ops *ops; + const struct tsm_report_ops *ops; void *data; } provider; static DECLARE_RWSEM(tsm_rwsem); @@ -272,7 +272,7 @@ static ssize_t tsm_report_read(struct tsm_report *report, void *buf, size_t count, enum tsm_data_select select) { struct tsm_report_state *state = to_state(report); - const struct tsm_ops *ops; + const struct tsm_report_ops *ops; ssize_t rc; /* try to read from the existing report if present and valid... */ @@ -448,9 +448,9 @@ static struct configfs_subsystem tsm_configfs = { .su_mutex = __MUTEX_INITIALIZER(tsm_configfs.su_mutex), }; -int tsm_register(const struct tsm_ops *ops, void *priv) +int tsm_register(const struct tsm_report_ops *ops, void *priv) { - const struct tsm_ops *conflict; + const struct tsm_report_ops *conflict; guard(rwsem_write)(&tsm_rwsem); conflict = provider.ops; @@ -465,7 +465,7 @@ int tsm_register(const struct tsm_ops *ops, void *priv) } EXPORT_SYMBOL_GPL(tsm_register); -int tsm_unregister(const struct tsm_ops *ops) +int tsm_unregister(const struct tsm_report_ops *ops) { guard(rwsem_write)(&tsm_rwsem); if (ops != provider.ops) diff --git a/MAINTAINERS b/MAINTAINERS index fcd91e4c5665..5169b13b2e55 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -23256,8 +23256,8 @@ M: Dan Williams L: linux-coco@lists.linux.dev S: Maintained F: Documentation/ABI/testing/configfs-tsm -F: drivers/virt/coco/tsm.c -F: include/linux/tsm.h +F: drivers/virt/coco/tsm-report.c +F: include/linux/tsm-report.h TRUSTED SERVICES TEE DRIVER M: Balint Dobszay From patchwork Fri Aug 23 13:21:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775237 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2056.outbound.protection.outlook.com [40.107.243.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 79DA9186614; Fri, 23 Aug 2024 13:27:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.56 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419678; cv=fail; b=faPOZUsmmQE76cbm8eCSTULDISrH6p5XD9nrgrCOrwfzAiB3GUB4CRKA5Gztr/aTOisZfH91BvD/8+5e5qPEfd23h0B/LDAKSLHjqYIbQyWlWl6n14GJQgb+z3rvUjOj4UQxW1DsyAhnD80zo7Ubf3O1mKXQRL1QEyI7ZIrWOvU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419678; c=relaxed/simple; bh=uBnDgM8215WmATGMshEwRfo66WmXlagZkuONWY37IoY=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=p9cyqWl37i4beHEvSgu42WfUeIgK7ft/lbhvzqwirEK2QgVeebBbdQdJa8M+RCkVTSjPwoxpccO53zs9vtcpiePnjtHMVONesVttXiWybv5TdlTsoIBtAnT3Iu9SQ6G+G/xNOf/aKaacy+J1k9RFmduDy1NMbWN7mmjDjnznMLY= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=UFaw+ndn; arc=fail smtp.client-ip=40.107.243.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="UFaw+ndn" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=wWyxdrhe+kYZbDLtazCS1GnIcEHbIOgsKaWZqgy0ndE+GfDEPK2aOqCmKbU2dkMXgmOcMsX5JFivzbmDGxtpQHw5oCN5X5+am6GGFBNihozRRQbHrphGU6qtJl/0uMsZRdnXTnBKM/8UtJIZd/actwJzmshWXT5H8RrjBY1XHYQsUnY0pfKvrkdXzUvl8UoCcNOwq6B7qmbw9bhd3p5F/2D3NQGSHqUBcdmBYcBzKB+3cVsZCHj6DQYRU30g8AkKeEC2UIozuSeeHRjal/W6uvCXOMTpCq14cqLkY2sh3YR2VFDAZVz2TjhzZTxQ/iMgy1hMEKfWUYJv5Anh3ENTfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=p/U83MAo6qu+gFvOyK1ForNSdQEjcMEug6mSTsWwnhw=; b=D/4zDhtfkL5K1FIYtCV9+Kn0Td6vx5hU4riXEUosBXoQOTv4ThuZAx43xvLEtYwExRHSbgH/gQSF5gtT3L3jlClLlXMQ5eDcIxx+gYGNISnBvIr4wnc40KK4UxaivkZO1psz8stscDg8C7lzZwmN/vWm59KginbdE+pxyhyfAk3nYjQyKnfjPwOj9NFfJ996Um2KsNgeh2dOQ+M8lVeo0RyxVXhTuG41TSuOLZg/MsSLnCONkEFH2fVazhj/0Tk2x5TOT7J/UPx53GLEfGcKOlTYYEKI36IHe4JLZnyrJIb6yzuI+jpZDO31na7UhAF+ZzXiosoLvyMbdDYTgi2MZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p/U83MAo6qu+gFvOyK1ForNSdQEjcMEug6mSTsWwnhw=; b=UFaw+ndnRZ9yicgsY195/OalIKhJ5Np+6DyTx0GLhoJPpE7mldwmjFSycg9Ujjd+H//ulQHZD7iA2QSEUsqO1PX83EaZ+E/qXhreyFx9gjAZaO7uqu765vZKoEH4Wm4GrfafqEesVQW7gJspV0FIQCPs7dhSCCoeXu6Lp9Xo8Pg= Received: from CH2PR15CA0016.namprd15.prod.outlook.com (2603:10b6:610:51::26) by MW4PR12MB5668.namprd12.prod.outlook.com (2603:10b6:303:16b::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.18; Fri, 23 Aug 2024 13:27:54 +0000 Received: from DS2PEPF0000343E.namprd02.prod.outlook.com (2603:10b6:610:51:cafe::19) by CH2PR15CA0016.outlook.office365.com (2603:10b6:610:51::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:27:54 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343E.mail.protection.outlook.com (10.167.18.41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:27:53 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:27:48 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 02/21] pci/doe: Define protocol types and make those public Date: Fri, 23 Aug 2024 23:21:16 +1000 Message-ID: <20240823132137.336874-3-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343E:EE_|MW4PR12MB5668:EE_ X-MS-Office365-Filtering-Correlation-Id: 5a86893d-d09e-4772-458f-08dcc37764e0 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013|376014; X-Microsoft-Antispam-Message-Info: sdGg+ThU7A0fYLASmEWV8jvkLYI3RBz0b8mKoSsekr6wOjKS0VRGh2oqy3VJGA/kR21X/8+TR8gIaDMhMwfQ4US2Fa1lo+0P6ilDXtppek6bia+8q2y8v4xSInhUajjPoMgDIwJ0GOEb1A/IutsCkGILSKjH5RXmrR8lVEI2lzt8wnHOPK47XDhoS7iWsc99KudLPRM/U/TQHHLKSvWoZiUt53/Pbr1RGpadPoqSjFt/AFwvBcwQkecrlo22r4pE8NklSMFLAUSNeuW6P+m02CCujG4EbYQG75mbD5xmCFhrbqRcrl5Q6ZiilQKXWr1wuj2FBwAhO0dH+1OBNpdjpOAwyoO5fXL/VR0pbqEHTQApLE2Z6wTrKDNc+B970h6q9fHZuCT1yTbaC22HDXhlFHnmtYSFbSyadHJsjvsn2TVAmWfVBTHBiQkmhicw0pCZ14xZucvFJCmESZDtUQkVUnzFWJxOOHsOejk7WIam5J/96FI1WU2yS1KJSZPpFHP+Eevn4DNaWRjs0BNM+8na9pfQzbhtxUba6+VTZqyPkybmFjF5xJfRLwCSnfmfU/gJLlZ/m5mteg5tdkWw/SYsIwsEzq9LrHfEq7v+Qcp1KAx4BBwrl8IPldQz+2rNTEmlx769NQWnqgnAfnJcrghjODdM1u/o3lCtcwUpPo8SYE3R0BReIEKVtJ3ZUYiipMj4Kiks5Vj5YC5Dt/BfgQY887d/vaYBAF0S3dOmQoCg7R9HyTJDE109+qTOIJNMnXIYUdJFZrnHOCI+iLE5uURZxG0CHsofdEUsafjgNCwSQEUDwqDhhzmGU02uVWMSxj8a5xTebLkibhnpAsNN1KC9tVdauCnEgwm/nVQem9RCC4S+uI/qBudWYFdx4PSaC2UWO3QjgM6lVS6UdZe1WkL3m8KPKznSQ0FRin1iTUidpJuQSRioOPKyRu/IczbUgpZdU17sHglbH4VdS1Iqez2O+2/KdGWFSMdLNcDINrpJmai1DILeQ2B0FbwCwbVzuAcNLlhoJygwPfM/R02QIMQTeLZxrHaaoOrcy9P9n+AHxhoOFMmc2CNkS5wzq7u6xuOPQvv/tyzI2Xu0Eh0NKBKzt9iwEAelqeGtRhEOdE/jWschzjJapmx87wHvqT7Af//GmQrPeL+pW4SGrjy/2Z1euxYH+daMztjffKRt8f/8GVjGGfasDp7251BimBnFLEpNQrI1jBUVcpsX4mcjcsndHODPedXq98aNH9Oay4YYL4gauMzijSqTrl8Bi8xA+yAPak2Q75eyj8EdJklv5e+Htlh3ga91RuDANamGJ5RV2duSreGEnZQ1XykZUjpSg+QNsOBdxT0yOrMMlyIzkKpjV5J8++9YQg/xMiWxUWXiEQp9UTjmHmPduzKK7Veznt1tVkWN+eplt97Cu3BnkKwzbiivyy6fDLczqzzUyu10OghrBKwmoUdcV/wwSf1z0bGP X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:27:53.9618 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 5a86893d-d09e-4772-458f-08dcc37764e0 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343E.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR12MB5668 Already public pci_doe() takes a protocol type argument. PCIe 6.0 defines three, define them in a header for use with pci_doe(). Signed-off-by: Alexey Kardashevskiy --- include/linux/pci-doe.h | 4 ++++ drivers/pci/doe.c | 2 -- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/linux/pci-doe.h b/include/linux/pci-doe.h index 0d3d7656c456..82e393ba5465 100644 --- a/include/linux/pci-doe.h +++ b/include/linux/pci-doe.h @@ -13,6 +13,10 @@ #ifndef LINUX_PCI_DOE_H #define LINUX_PCI_DOE_H +#define PCI_DOE_PROTOCOL_DISCOVERY 0 +#define PCI_DOE_PROTOCOL_CMA_SPDM 1 +#define PCI_DOE_PROTOCOL_SECURED_CMA_SPDM 2 + struct pci_doe_mb; /* Max data object length is 2^18 dwords (including 2 dwords for header) */ diff --git a/drivers/pci/doe.c b/drivers/pci/doe.c index 0f94c4ed719e..30ba91f49b81 100644 --- a/drivers/pci/doe.c +++ b/drivers/pci/doe.c @@ -22,8 +22,6 @@ #include "pci.h" -#define PCI_DOE_PROTOCOL_DISCOVERY 0 - /* Timeout of 1 second from 6.30.2 Operation, PCI Spec r6.0 */ #define PCI_DOE_TIMEOUT HZ #define PCI_DOE_POLL_INTERVAL (PCI_DOE_TIMEOUT / 128) From patchwork Fri Aug 23 13:21:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775238 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02on2046.outbound.protection.outlook.com [40.107.96.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C19FA186E2E; Fri, 23 Aug 2024 13:28:15 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.96.46 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419697; cv=fail; b=T5acpEZWfVB+aKLGBcbe53hznJDrO/YBsYdFr54/AKPMzcKKOeRV4Y6lZTqAL+LLu65ab454JxT7noukmQDx9rpxKwioHibRPXuI4Gz1rJD4gcREXiILj7QU0Y5vjA+JZdKBEryL1dILykucPzs2+hORR7RC7es78S7SJS92IZE= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419697; c=relaxed/simple; bh=cgmQ4ZyBdo1nDOdqDWpiK6RX7psT+/mLZf9PRsToARk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nxF+KG+qYAM/wAVwebhaq8RYFJ1Y4CmSv6NDB8CUjVPLBiYzlpOXZIeOUDI/j8KbFmXN11ePgzqCXkVyo1xg9umishkXaU1bgVM+30AGjddRcCAzGiEaIdaFPPe15G0VykK1jPpH6Ewqx8GCi8vwxR8OCS9JOuhX7SVepjsawA4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=E+YIARNa; arc=fail smtp.client-ip=40.107.96.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="E+YIARNa" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=soXzfpfs7Veqvjq3Tn58x4EwjAunt+hj4MGsolIZTwj/zOrqomn4M1DK/CEf12jXThF+OG0t3y+W6//6IAQPeY8KKc/IAmDTpjeNIWSRT1eTjna1H8Y74D4tjQEU/N223APkUbXrnjv5crw+BvGnb5Gry2Rsapcw8cZgYWg21aIfu/BE7y0CZENclrBGN6OeIMgel/qvwnQk4RK9MMMw/UrSrVo85ArnIGiFyBAudH7vo92cwv33eN66td2jclK0Pp0yTXpVl9BvX/Bdr2f3Rwl+2/DiDT5sg4eYAZ5iggM0/FiG4o52otLVKobQgr+0Z471z5dqUFhn47fBWfjX/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4MfnhXbC6eEvw4KXOfYX4A7QfJIE1AMdSlfvO6KhLNU=; b=asVvwhZ28LnitFes4aV3EX9hxoqSDk+DeNTBRjGosXjk1v0v6srlqmLdClgAtLU4vin8Z13DdjTCv7cO3HCVcytTF8DjyvdxqwbM7ImekmF5qJC+SL2Whj2Azi9Mzt388Ec7GIJuYaqGKf0UPub63A1HnD8Nie+S2hMPqR7XqEp9oWtaMOUVYzU0LlgB+U5bUa2OiOOKMuPYWSOkaG/f+yePI+8Uosr1uL30BbLrhkInnHpMbYwB9WqfGlG3MqhDrYBqPosAjXBOi1vliU9zhMTm9Ga+PxBsYlIUOj6hNBj4AM1WyxsnxtEuCG9JRbqBC8k0K+LSjUTZsFvVuuqrSQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4MfnhXbC6eEvw4KXOfYX4A7QfJIE1AMdSlfvO6KhLNU=; b=E+YIARNaTea4eZcgPYaxN0rE2E1PlDlTyXCY+qnt7bWE4u8goWTNOvzrNUj997OvVFE1fn489VYoUUXX/jKKfpEMsLsHPmcxo9ZD9pOW5zi2gC+V8mo47DTcU1vTYIg+Msf91tBsafw58jOT0M/5GMGh/Dn4hc3wIN6rcYAZr1s= Received: from CH2PR04CA0009.namprd04.prod.outlook.com (2603:10b6:610:52::19) by IA1PR12MB6458.namprd12.prod.outlook.com (2603:10b6:208:3aa::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:28:11 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:610:52:cafe::50) by CH2PR04CA0009.outlook.office365.com (2603:10b6:610:52::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:28:11 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:28:11 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:28:06 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 03/21] pci: Define TEE-IO bit in PCIe device capabilities Date: Fri, 23 Aug 2024 23:21:17 +1000 Message-ID: <20240823132137.336874-4-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|IA1PR12MB6458:EE_ X-MS-Office365-Filtering-Correlation-Id: 236fd4ef-5e67-4ed1-1bd0-08dcc3776f60 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|376014|1800799024; X-Microsoft-Antispam-Message-Info: MgiTxUAzToOIbvvngD/AFQc3b4VRARG7xMABCNGfGhqm5lXy0WWUrOL3BVjpFnowy9Tc4lvHjY7x82q9/jjvfholFC7tEHHuOjCTBp34ENHYTiWEqOAF3WrV6Jf44XekLK5BYhxnaveQj7b4ftptArXAD9Ndb1HK+gVmc4PKOHI0ON/H9vQ1bqlBtwrW0/EImuraSZ7RM0LwfyokWUg2bAFwQUrA/B87rZdYDv+UgUNB0WFlpmqmTytTJ/MgzNWsL94/o80gqUAtmU+qqvS/CBn3/xEr4xYhWoadosttWS1druQJ+9vqrdUvmPbuWe70nS0inZyCUHM2kFtqEpRPIBQSe464CWTbdy5iOrgdsCyG0ixfs0tyvkrf2m+FeGpTIDoa+ORlbXNpQTXKzcwc2ivBjuPvcpAZqyBQp86uTn907i6Jqc2vPT3jQmdygzOcuwKBKsdxNSkp82bN/F01HPjXSlUgUP06ZY5Jbz6yWJWBGU1DGbD9fvHA3LSqAMAj8qRV+07JCtVi/XC/WUVM1/cNvejH8IEBZfuRs+JA9O6e34Oh98uZd9JJSRhqeAe6IJNuG0Pk+6sCcWwaW9a007l8jliZRIG0kMD2dOu09zfwtPm+u1BtxBcCimWT989+CduIC3bYUSoeyDUA2iZy2bwtC/jUgV90BDS/FPton76DNmrEt/EYMsqhMIuDvzDYDWf7iz8gXvF//JHkgkT8mnFeXX9Ki6e5aK3M1hP5n4FsvF9RWyCEc/5CMZZlYQa0BeWWv+cS55B+vuNr+LuLoJL5PVHqzOj9sMpo2nrZ8f808IeSFM5io7gfm+N1uTKCFowyDplQZu8VLVVj3gUTELW4iH5rg369weCBexM4Exmb6Hk/1unRw3bHk2vHzvgRt+BRj/annhYrDXBCwkih0Qm8dG9s69gMyZZAFUo8oeQqPV2ngtcbui8TBJSXmbPbRdNB9CTwqncvPhP04ocWeolyNyfcqZ7tsGmguWD7Jb/8ZHsDIPOhO/mb+OmmIS5EfE21vDRfiuUXzULtP3NGNgUimCJeGaaZFcNcVuOewKUkEiqvGTTJONhw/7hv9ydPJh6JF0ENv8sIjZFaC/Zp+UeEeI6laZL88hbhnlTk/389vBixZmLiTf69w+6sdNSAu+kxj+fMml913MjJXjBBX9i3bzuTLMggMrun79mVm2pPWbiuBkHSj8fREEt0/RPfSMMGG1I5UlbPZqkJebegchIMWROb7FlZznXqN/zy7zg0NzPQXva1/3cDmB4Qlhkg5U9KSxQxNYky1NZUdhMdPiR5ajwyGMN3WOL/4kOd3sFqtI+bpleCCRPz5FBj4aoXUemo1i2SHyBaQugdO14Tzp5C+PdkD8azwO+GV+Pmb1XBcsS4Kd8USFXgwvexGg/O9MxPB+plm4BsmC1TRbyCa1KJMpsBNCnGXFmIKzNmDm3JVUcS/63tkGIK1jNjLSXA X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:28:11.5924 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 236fd4ef-5e67-4ed1-1bd0-08dcc3776f60 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6458 A new bit #30 from the PCI Express Device Capabilities Register is defined in PCIe 6.1 as "TEE Device Interface Security Protocol (TDISP)". Define the macro. Signed-off-by: Alexey Kardashevskiy --- include/uapi/linux/pci_regs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 94c00996e633..0011a301b8c5 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -498,6 +498,7 @@ #define PCI_EXP_DEVCAP_PWR_VAL 0x03fc0000 /* Slot Power Limit Value */ #define PCI_EXP_DEVCAP_PWR_SCL 0x0c000000 /* Slot Power Limit Scale */ #define PCI_EXP_DEVCAP_FLR 0x10000000 /* Function Level Reset */ +#define PCI_EXP_DEVCAP_TEE_IO 0x40000000 /* TEE-IO Supported (TDISP) */ #define PCI_EXP_DEVCTL 0x08 /* Device Control */ #define PCI_EXP_DEVCTL_CERE 0x0001 /* Correctable Error Reporting En. */ #define PCI_EXP_DEVCTL_NFERE 0x0002 /* Non-Fatal Error Reporting Enable */ From patchwork Fri Aug 23 13:21:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775239 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2083.outbound.protection.outlook.com [40.107.94.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 83FDF186E20; Fri, 23 Aug 2024 13:28:34 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.83 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419716; cv=fail; b=ANV8Aqgr+0ab6AB7Hcm7n47EPH/xaVik1fh0metPrSIkE+D2pY4dqRMv9vLfpKHKJ30wOawMk95nDfBRVDeS9HzEY8gwzN/wwZ1lMLA46n4qHrOa4NIUcqzmz2s8Kls4/4iOZKQ7UxGvxMKxfu9FUDZV7me9rXd1v/185dTbAfc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419716; c=relaxed/simple; bh=sIluQ+z5vKzS0Ve+e4WeU+O8hyHzDhEs0Qq6MGBwPuk=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=nEtGvQx7xu3q7o4KvEpEDvSr/KpryH0xCjY/1yuVoD8ry5JKRe4/Ia9Sd7eDsDLtiAUkh8pgE+EcA5iDAjOXPi1Y4cM++wFk99OdleVHM8bTBm69MeY3oRHw7j9NR/hWKaxykVgy7qzmSXIVUTEUpq43KY7jEuQsBktEa89TsV0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=dEMgDd8/; arc=fail smtp.client-ip=40.107.94.83 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="dEMgDd8/" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=D5CIOKXV7kvo2j++xcwgFzXg+lxOVT+kmwgGfoVbYGYSI8IC8eVCZDIOU7gm/vrblHKV7nN6Kmbsi0j8U8NsiUgS82uoFazYtXE118YusI6kbuhTQX836EODz5zDREqm4gAV+TZ3Ucdcv8qg+AspVTm4YJ3VK2rtRXZqE4olHGYve7p+IqCpPkWZwBXylVybTzIEKRpHKxOZDdyh5aIvjUzdoeQ6JcLQBkog1QYiFWGDk2A6z0Dmynh9vqhsPRG32eT8K5RVwHRuea3aG/TrRwtZec67O1mfaxsBxly0CuF92mm/B8NoTe5iJyPNAZuXNvPP33QMcYa+kta3mpoDMg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=BvVGjfo12NbKcGRS65leXwnl7ZQxoXw+RxLqiYxXAsk=; b=fKymEDZo6UChkmhl0odPaCsslTA/BfgLiwgugKgzahyjo9FAEBA9WHDDlr5KxrljDP6EsrImAlPDpjueUV94Spycvb00jj0RA2nnni6XPaqGvYXF9NCmwgwmJxQ2gaqQ8TNe7/YUyncVF0qmC2wIrLZ3LPQw28ve+J4b4nrSd7z8qTWfGGWr185VPtKrid96PEEAm2Dc5he5wl88EIJ+UHoaCPPNuqD85isGTU9ZeDuuZ4dGYmnIGtb12y/i1p9usfOMxY+bPRv9Xho5V446MuVpMkw3oZ0Q+X0sunN/Rogj9052F5E2wRSFtZgtgso18MMyihRo5kzqA5m2GQiMjw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BvVGjfo12NbKcGRS65leXwnl7ZQxoXw+RxLqiYxXAsk=; b=dEMgDd8/qeRoD6d3y7OWdqEilmIQv4AQ1/Pc3VvAYupHjODM2TRdsyGMcBMzlk9MXb/Q2YpGhQB0grEgmcxhHVcD1cmD+2vO3T4WfQLSg72mTKUe+IA/di8+sDvo74gYNmJ4WkKo0yw6C7yGaGBUyW0/jrzrXa1ubXW7QulnkxA= Received: from CH2PR18CA0012.namprd18.prod.outlook.com (2603:10b6:610:4f::22) by SA3PR12MB9158.namprd12.prod.outlook.com (2603:10b6:806:380::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:28:29 +0000 Received: from DS2PEPF0000343A.namprd02.prod.outlook.com (2603:10b6:610:4f:cafe::d8) by CH2PR18CA0012.outlook.office365.com (2603:10b6:610:4f::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21 via Frontend Transport; Fri, 23 Aug 2024 13:28:29 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343A.mail.protection.outlook.com (10.167.18.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:28:29 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:28:23 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 04/21] PCI/IDE: Define Integrity and Data Encryption (IDE) extended capability Date: Fri, 23 Aug 2024 23:21:18 +1000 Message-ID: <20240823132137.336874-5-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343A:EE_|SA3PR12MB9158:EE_ X-MS-Office365-Filtering-Correlation-Id: b084fa8d-c49d-4f77-6839-08dcc3777a0c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: nC9Ej5toNdaXLeAFTMbTTsOQiHEL3Iux0zP1We6/5hucULsAEK/YYIVh2wBvoLSd/HGzAUEax28MV0M7z8CqwoJTj4n3FB8GzLShUd0rz80ZUFcZxcdTisVeK33jLVyGTm9apVstDLWeImqQxS/T8b0kUjXVf8L7eRX6bFMkkjo+sVecR1S3ulf4+iBljg9GFmza8t1WK1w6al3gVcP07MFtIMgo3sO/SnU3n4d95SMhx+vG1a5bMzOilOjaBN816XFy/4uq4AoyfDw+/zSVrulBewrjWyzCtkJHPXv2KkZJzYfOiDzaDLl86vuypR/O68aEKHIRfZHOmHwLhExjJQNaJJve3cbvMYDFOlvq1haj7igBmRsoI/Re3jzvOxHDU4aJpLKC6WRhIK+aG8OqIpNM3rQb+vdH+P4p5eaGmUEillRZ8kF3MqIzGATlLhL6G6XGk8P0P51uXyq/tjuBMr4shpWC6LQXQc0S4c14DLJAVsDsctzxP7SPaOIDvH3IbE+VLX97icS153GbBki0kl75yr6LRkNhYO2y8SNIUrb9VlCrFkMpHLwcVOyk4BWOeaOpsF4lSdYQkmy8nUXPKjZ2CqIDTDhPze8FnZiBIlGDO3UVIKrC3WOqo7d/ZT1CJo6K/8W3715ZVCVWKsE5ZlI7Q/PJ6jyAo9Ml+EhPvQmWdCAHuoP1b7VNRFO/8yo9d4846Te0IpBwi8AGIJyivby0AXpzHsjlsJQnIhp2zKVLTFC1Vggq9WHnuTvPEwC20zwp3Wluf/iFs00qSx+hKyyegZrebyyU0tiD+FpHNAFEhBuUs7hCz/RoMTlcPZvEnpccmAAg36sxnJ3+uwCawFSOpHgaR5T55O2bZhgUPcPFs5ZIhb5/LTJxQc++6gihnfTWYmP0LwxV73RJzosvFrGeWm92/gTALxnJyaexHdc9W+/txMgy8K7HGARvDqEv4P53cKbKl7Akoe4TBTm0oyDdVQRpAekA29ql2D2edgWaGIvDcE5xbAIyupKRbChyuqueSjCNWL85z5JQRiwJ1oVNYyivR0elkBHq7d9H0FNzPWh9y5942RNRH9cEN24KdNL33TwZOztK7dBj3l9jNc0//Sc/fLQe5VkyOKy0zpnhgERGVpk+pZEfCAB+rdSBbQJvmolgnlFWaZ35plRcGDueW4D18sPhhXO2QBo9chJxmqV6d2HP4Prizh4n5vp6b5ToQRQphWPZB4RapVBBWkWltHgQGtypaLEwUhIvidV/iKmfV/hYZjBZ0MKC8xPl3PClfWi5A/Kb8VQBcmsfi5H2qTH6i16FnQ9+hRhX3oReyPpBOJnRHYKb6XixmP9RQRKVVWv6gxzWKZMsy7Q7CU1yYWn6pkT9tsvnwZOOkRccS2xEr6Yjf7/OD4A6oMtnSVVp67FTTVyGoflUtNpwPMEK0rJlApf5TonS4f6p2cB8T5ufuf1ryUOg8vhr6UzC X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:28:29.4832 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b084fa8d-c49d-4f77-6839-08dcc3777a0c X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343A.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB9158 PCIe 6.0 introduces the "Integrity & Data Encryption (IDE)" feature which adds a new capability with id=0x30. Add the new id to the list of capabilities. Add new flags from pciutils. Add a module with a helper to control selective IDE capability. TODO: get rid of lots of magic numbers. It is one annoying flexible capability to deal with. Signed-off-by: Alexey Kardashevskiy --- drivers/pci/Makefile | 1 + include/linux/pci-ide.h | 18 ++ include/uapi/linux/pci_regs.h | 76 +++++++- drivers/pci/ide.c | 186 ++++++++++++++++++++ drivers/pci/Kconfig | 4 + 5 files changed, 284 insertions(+), 1 deletion(-) diff --git a/drivers/pci/Makefile b/drivers/pci/Makefile index 1452e4ba7f00..034f17f9297a 100644 --- a/drivers/pci/Makefile +++ b/drivers/pci/Makefile @@ -34,6 +34,7 @@ obj-$(CONFIG_PCI_P2PDMA) += p2pdma.o obj-$(CONFIG_XEN_PCIDEV_FRONTEND) += xen-pcifront.o obj-$(CONFIG_VGA_ARB) += vgaarb.o obj-$(CONFIG_PCI_DOE) += doe.o +obj-$(CONFIG_PCI_IDE) += ide.o obj-$(CONFIG_PCI_DYNAMIC_OF_NODES) += of_property.o obj-$(CONFIG_PCI_CMA) += cma.o cma.asn1.o diff --git a/include/linux/pci-ide.h b/include/linux/pci-ide.h new file mode 100644 index 000000000000..983a8daf1199 --- /dev/null +++ b/include/linux/pci-ide.h @@ -0,0 +1,18 @@ +/* SPDX-License-Identifier: GPL-2.0 */ +/* + * Integrity & Data Encryption (IDE) + * PCIe r6.0, sec 6.33 DOE + */ + +#ifndef LINUX_PCI_IDE_H +#define LINUX_PCI_IDE_H + +int pci_ide_set_sel(struct pci_dev *pdev, unsigned int sel_index, unsigned int streamid, + bool enable, bool def, bool tee_limited, bool ide_cfg); +int pci_ide_set_sel_rid_assoc(struct pci_dev *pdev, unsigned int sel_index, + bool valid, u8 seg_base, u16 rid_base, u16 rid_limit); +int pci_ide_set_sel_addr_assoc(struct pci_dev *pdev, unsigned int sel_index, unsigned int blocknum, + bool valid, u64 base, u64 limit); +int pci_ide_get_sel_sta(struct pci_dev *pdev, unsigned int sel_index, u32 *status); + +#endif diff --git a/include/uapi/linux/pci_regs.h b/include/uapi/linux/pci_regs.h index 0011a301b8c5..80962b07719a 100644 --- a/include/uapi/linux/pci_regs.h +++ b/include/uapi/linux/pci_regs.h @@ -743,7 +743,8 @@ #define PCI_EXT_CAP_ID_PL_16GT 0x26 /* Physical Layer 16.0 GT/s */ #define PCI_EXT_CAP_ID_PL_32GT 0x2A /* Physical Layer 32.0 GT/s */ #define PCI_EXT_CAP_ID_DOE 0x2E /* Data Object Exchange */ -#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_DOE +#define PCI_EXT_CAP_ID_IDE 0x30 /* Integrity and Data Encryption (IDE) */ +#define PCI_EXT_CAP_ID_MAX PCI_EXT_CAP_ID_IDE #define PCI_EXT_CAP_DSN_SIZEOF 12 #define PCI_EXT_CAP_MCAST_ENDPOINT_SIZEOF 40 @@ -1150,9 +1151,82 @@ #define PCI_DOE_DATA_OBJECT_DISC_RSP_3_PROTOCOL 0x00ff0000 #define PCI_DOE_DATA_OBJECT_DISC_RSP_3_NEXT_INDEX 0xff000000 + /* Compute Express Link (CXL r3.1, sec 8.1.5) */ #define PCI_DVSEC_CXL_PORT 3 #define PCI_DVSEC_CXL_PORT_CTL 0x0c #define PCI_DVSEC_CXL_PORT_CTL_UNMASK_SBR 0x00000001 +/* Integrity and Data Encryption Extended Capability */ +#define PCI_IDE_CAP 0x4 +#define PCI_IDE_CAP_LINK_IDE_SUPP 0x1 /* Link IDE Stream Supported */ +#define PCI_IDE_CAP_SELECTIVE_IDE_SUPP 0x2 /* Selective IDE Streams Supported */ +#define PCI_IDE_CAP_FLOWTHROUGH_IDE_SUPP 0x4 /* Flow-Through IDE Stream Supported */ +#define PCI_IDE_CAP_PARTIAL_HEADER_ENC_SUPP 0x8 /* Partial Header Encryption Supported */ +#define PCI_IDE_CAP_AGGREGATION_SUPP 0x10 /* Aggregation Supported */ +#define PCI_IDE_CAP_PCRC_SUPP 0x20 /* PCRC Supported */ +#define PCI_IDE_CAP_IDE_KM_SUPP 0x40 /* IDE_KM Protocol Supported */ +#define PCI_IDE_CAP_ALG(x) (((x) >> 8) & 0x1f) /* Supported Algorithms */ +#define PCI_IDE_CAP_ALG_AES_GCM_256 0 /* AES-GCM 256 key size, 96b MAC */ +#define PCI_IDE_CAP_LINK_TC_NUM(x) (((x) >> 13) & 0x7) /* Link IDE TCs */ +#define PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(x) (((x) >> 16) & 0xff) /* Selective IDE Streams */ +#define PCI_IDE_CAP_TEE_LIMITED_SUPP 0x1000000 /* TEE-Limited Stream Supported */ +#define PCI_IDE_CTL 0x8 +#define PCI_IDE_CTL_FLOWTHROUGH_IDE 0x4 /* Flow-Through IDE Stream Enabled */ +#define PCI_IDE_LINK_STREAM 0xC +/* Link IDE Stream block, up to PCI_IDE_CAP_LINK_TC_NUM */ +/* Link IDE Stream Control Register */ +#define PCI_IDE_LINK_CTL_EN 0x1 /* Link IDE Stream Enable */ +#define PCI_IDE_LINK_CTL_TX_AGGR_NPR(x)(((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_LINK_CTL_TX_AGGR_CPL(x)(((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_LINK_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_LINK_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_LINK_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_LINK_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_LINK_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ +#define PCI_IDE_LINK_CTL_ID_MASK 0xff000000 + +/* Link IDE Stream Status Register */ +#define PCI_IDE_LINK_STS_STATUS(x) ((x) & 0xf) /* Link IDE Stream State */ +#define PCI_IDE_LINK_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* Selective IDE Stream block, up to PCI_IDE_CAP_SELECTIVE_STREAMS_NUM */ +/* Selective IDE Stream Capability Register */ +#define PCI_IDE_SEL_CAP_BLOCKS_NUM(x) ((x) & 0xf) /*Address Association Register Blocks Number */ +/* Selective IDE Stream Control Register */ +#define PCI_IDE_SEL_CTL_EN 0x1 /* Selective IDE Stream Enable */ +#define PCI_IDE_SEL_CTL_TX_AGGR_NPR(x) (((x) >> 2) & 0x3) /* Tx Aggregation Mode NPR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_PR(x) (((x) >> 4) & 0x3) /* Tx Aggregation Mode PR */ +#define PCI_IDE_SEL_CTL_TX_AGGR_CPL(x) (((x) >> 6) & 0x3) /* Tx Aggregation Mode CPL */ +#define PCI_IDE_SEL_CTL_PCRC_EN 0x100 /* PCRC Enable */ +#define PCI_IDE_SEL_CTL_CFG_EN 0x200 /* Selective IDE for Configuration Requests */ +#define PCI_IDE_SEL_CTL_PART_ENC(x) (((x) >> 10) & 0xf) /* Partial Header Encryption Mode */ +#define PCI_IDE_SEL_CTL_ALG(x) (((x) >> 14) & 0x1f) /* Selected Algorithm */ +#define PCI_IDE_SEL_CTL_TC(x) (((x) >> 19) & 0x7) /* Traffic Class */ +#define PCI_IDE_SEL_CTL_DEFAULT 0x400000 /* Default Stream */ +#define PCI_IDE_SEL_CTL_TEE_LIMITED (1 << 23) /* TEE-Limited Stream */ +#define PCI_IDE_SEL_CTL_ID(x) (((x) >> 24) & 0xff) /* Stream ID */ +/* Selective IDE Stream Status Register */ +#define PCI_IDE_SEL_STS_STATUS(x) ((x) & 0xf) /* Selective IDE Stream State */ +#define PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK 0x80000000 /* Received Integrity Check Fail Msg */ +/* IDE RID Association Register 1 */ +#define PCI_IDE_SEL_RID_1_LIMIT(x) (((x) >> 8) & 0xffff) /* RID Limit */ +#define PCI_IDE_SEL_RID_1(rid_limit) (((rid_limit) & 0xffff) << 8) +/* IDE RID Association Register 2 */ +#define PCI_IDE_SEL_RID_2_VALID 0x1 /* Valid */ +#define PCI_IDE_SEL_RID_2_BASE(x) (((x) >> 8) & 0xffff) /* RID Base */ +#define PCI_IDE_SEL_RID_2_SEG_BASE(x) (((x) >> 24) & 0xff) /* Segmeng Base */ +#define PCI_IDE_SEL_RID_2(v, rid_base, seg_base) ((((seg_base) & 0xff) << 24) | \ + (((rid_base) & 0xffff) << 8) | ((v) ? 1 : 0)) +/* Selective IDE Address Association Register Block, up to PCI_IDE_SEL_CAP_BLOCKS_NUM */ +#define PCI_IDE_SEL_ADDR_1_VALID 0x1 /* Valid */ +#define PCI_IDE_SEL_ADDR_1_BASE_LOW(x) (((x) >> 8) & 0xfff) /* Memory Base Lower */ +#define PCI_IDE_SEL_ADDR_1_LIMIT_LOW(x)(((x) >> 20) & 0xfff) /* Memory Limit Lower */ +/* IDE Address Association Register 2 is "Memory Limit Upper" */ +/* IDE Address Association Register 3 is "Memory Base Upper" */ +#define PCI_IDE_SEL_ADDR_1(v, base, limit) ((FIELD_GET(0xfff00000, (limit)) << 20) | \ + (FIELD_GET(0xfff00000, (base)) << 8) | ((v) ? 1 : 0)) +#define PCI_IDE_SEL_ADDR_2(limit) ((limit) >> 32) +#define PCI_IDE_SEL_ADDR_3(base) ((base) >> 32) + #endif /* LINUX_PCI_REGS_H */ diff --git a/drivers/pci/ide.c b/drivers/pci/ide.c new file mode 100644 index 000000000000..dc0632e836e7 --- /dev/null +++ b/drivers/pci/ide.c @@ -0,0 +1,186 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Integrity & Data Encryption (IDE) + * PCIe r6.0, sec 6.33 DOE + */ + +#define dev_fmt(fmt) "IDE: " fmt + +#include +#include +#include +#include + +#define DRIVER_VERSION "0.1" +#define DRIVER_AUTHOR "aik@amd.com" +#define DRIVER_DESC "Integrity and Data Encryption driver" + +/* Returns an offset of the specific IDE stream block */ +static u16 sel_off(struct pci_dev *pdev, unsigned int sel_index) +{ + u16 offset = pci_find_next_ext_capability(pdev, 0, PCI_EXT_CAP_ID_IDE); + unsigned int linknum = 0, selnum = 0, i; + u16 seloff; + u32 cap = 0; + + if (!offset) + return 0; + + pci_read_config_dword(pdev, offset + PCI_IDE_CAP, &cap); + if (cap & PCI_IDE_CAP_SELECTIVE_IDE_SUPP) + selnum = PCI_IDE_CAP_SELECTIVE_STREAMS_NUM(cap) + 1; + + if (!selnum || sel_index >= selnum) + return 0; + + if (cap & PCI_IDE_CAP_LINK_IDE_SUPP) + linknum = PCI_IDE_CAP_LINK_TC_NUM(cap) + 1; + + seloff = offset + PCI_IDE_LINK_STREAM + linknum * 2 * 4; + for (i = 0; i < sel_index; ++i) { + u32 selcap = 0; + + pci_read_config_dword(pdev, seloff, &selcap); + + /* Selective Cap+Ctrl+Sta + Addr#*8 */ + seloff += 3 * 4 + PCI_IDE_SEL_CAP_BLOCKS_NUM(selcap) * 2 * 4; + } + + return seloff; +} + +static u16 sel_off_addr_block(struct pci_dev *pdev, u16 offset, unsigned int blocknum) +{ + unsigned int blocks; + u32 selcap = 0; + + pci_read_config_dword(pdev, offset, &selcap); + + blocks = PCI_IDE_SEL_CAP_BLOCKS_NUM(selcap); + if (!blocks) + return 0; + + return offset + 3 * 4 + // Skip Cap, Ctl, Sta + 2 * 4 + // RID Association Register 1 and 2 + blocknum * 3 * 4; // Each block is Address Association Register 1, 2, 3 +} + +static int set_sel(struct pci_dev *pdev, unsigned int sel_index, u32 value) +{ + u16 offset = sel_off(pdev, sel_index); + u32 status = 0; + + if (!offset) + return -EINVAL; + + pci_read_config_dword(pdev, offset + 8, &status); + if (status & PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK) { + pci_warn(pdev, "[%x] Clearing \"Received integrity check\"\n", offset + 4); + pci_write_config_dword(pdev, offset + 8, + status & ~PCI_IDE_SEL_STS_RECVD_INTEGRITY_CHECK); + } + + /* Selective IDE Stream Control Register */ + pci_write_config_dword(pdev, offset + 4, value); + return 0; +} + +int pci_ide_set_sel(struct pci_dev *pdev, unsigned int sel_index, unsigned int streamid, + bool enable, bool def, bool tee_limited, bool ide_cfg) +{ + return set_sel(pdev, sel_index, + FIELD_PREP(PCI_IDE_LINK_CTL_ID_MASK, streamid) | + (def ? PCI_IDE_SEL_CTL_DEFAULT : 0) | + (enable ? PCI_IDE_SEL_CTL_EN : 0) | + (tee_limited ? PCI_IDE_SEL_CTL_TEE_LIMITED : 0) | + (ide_cfg ? PCI_IDE_SEL_CTL_CFG_EN : 0) + ); +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel); + +int pci_ide_set_sel_rid_assoc(struct pci_dev *pdev, unsigned int sel_index, + bool valid, u8 seg_base, u16 rid_base, u16 rid_limit) +{ + u16 offset = sel_off(pdev, sel_index); + u32 rid1 = PCI_IDE_SEL_RID_1(rid_limit); + u32 rid2 = PCI_IDE_SEL_RID_2(valid, rid_base, seg_base); + u32 ctl = 0; + + if (!offset) + return -EINVAL; + + pci_read_config_dword(pdev, offset + 4, &ctl); + if (ctl & PCI_IDE_SEL_CTL_EN) + pci_warn(pdev, "Setting RID when En=off triggers Integrity Check Fail Message"); + + /* IDE RID Association Register 1 */ + pci_write_config_dword(pdev, offset + 0xC, rid1); + /* IDE RID Association Register 2 */ + pci_write_config_dword(pdev, offset + 0x10, rid2); + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel_rid_assoc); + +int pci_ide_set_sel_addr_assoc(struct pci_dev *pdev, unsigned int sel_index, unsigned int blocknum, + bool valid, u64 base, u64 limit) +{ + u16 offset = sel_off(pdev, sel_index), offset_ab; + u32 a1 = PCI_IDE_SEL_ADDR_1(1, base, limit); + u32 a2 = PCI_IDE_SEL_ADDR_2(limit); + u32 a3 = PCI_IDE_SEL_ADDR_3(base); + + if (!offset) + return -EINVAL; + + offset_ab = sel_off_addr_block(pdev, offset, blocknum); + if (!offset_ab || offset_ab <= offset) + return -EINVAL; + + /* IDE Address Association Register 1 */ + pci_write_config_dword(pdev, offset_ab, a1); + /* IDE Address Association Register 2 */ + pci_write_config_dword(pdev, offset_ab + 4, a2); + /* IDE Address Association Register 1 */ + pci_write_config_dword(pdev, offset_ab + 8, a3); + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_set_sel_addr_assoc); + +int pci_ide_get_sel_sta(struct pci_dev *pdev, unsigned int sel_index, u32 *status) +{ + u16 offset = sel_off(pdev, sel_index); + u32 s = 0; + int ret; + + if (!offset) + return -EINVAL; + + + ret = pci_read_config_dword(pdev, offset + 8, &s); + if (ret) + return ret; + + *status = s; + return 0; +} +EXPORT_SYMBOL_GPL(pci_ide_get_sel_sta); + +static int __init ide_init(void) +{ + int ret = 0; + + pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); + return ret; +} + +static void __exit ide_cleanup(void) +{ +} + +module_init(ide_init); +module_exit(ide_cleanup); + +MODULE_VERSION(DRIVER_VERSION); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR(DRIVER_AUTHOR); +MODULE_DESCRIPTION(DRIVER_DESC); diff --git a/drivers/pci/Kconfig b/drivers/pci/Kconfig index b0b14468ba5d..8e908d684c77 100644 --- a/drivers/pci/Kconfig +++ b/drivers/pci/Kconfig @@ -137,6 +137,10 @@ config PCI_CMA config PCI_DOE bool +config PCI_IDE + tristate + default m + config PCI_ECAM bool From patchwork Fri Aug 23 13:21:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775240 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2075.outbound.protection.outlook.com [40.107.237.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03511186E20; Fri, 23 Aug 2024 13:28:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.237.75 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419732; cv=fail; b=Z2IBCOe65ffuIbXpm8RM6m3PEVn1FgPMKVp5t5V5zkgxqO6RSVti5LfZZqFmKYnx/6G44wFSWun1ruEfHfA4Do8sxl25K2i41SDJEzAnpRuSrSsvDKw9Y0liEAQnp0IrIL6KMCVFU+JOajEV6NXVtCYMoq+IpBdQ6FOn2iSfRe0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419732; c=relaxed/simple; bh=WGjp8B11e3jQc3W7BZAy8/Han9bbmUjy0cuZNlHsKlc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=vAnIO+BF2G/nYsKA1XY6L/lfgEiXmslaZAanh7ImZqB8EtiO3Oiwz3hNBpXyWayqRbTQktTjhVtyND184qIPgKzIlnlz1uCduRqlCNBGPdbP8aY6qY3NNywm/zxEb4u8bN1fdqKDSqWObrfrXpjnCwv8wsFT0t59r+gIeYXZ9kg= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ojApKVkz; arc=fail smtp.client-ip=40.107.237.75 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ojApKVkz" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kGEGUtZhjUFiNFBODklm+hjfoLNTcTPSgVN6b9gl7V1Ddf3qpOI9NzBog6F4L/xk5/V5l7ecjAVv5LoHuvtVQbdvSBCzYY6R7HI9Cxj58JMl0BjGllPqAQUyZ/O/SsUDjODnQdGQ9kMbuTQSFboTeTHvNKJF0l7kqJPOohPBhmY0lA8lcrqLw4WZNJIbO9mFCfEXHDdvFZpQ6Z+TWNM5c6LrJieHi4RJ9RPBFm5rUQo+XLKi9q2CMVXblEdTzdKA8tdIbFhU4Gzz7gO+YIdi6xewSOZV+FNlPy1MIshPQgnEuVDn6L0R+N/h3/HRd8uyi9zPXL02QEELltybl2Um0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=93VYtRsZiQs6TMdHW8fkIg92dTcAvuyPf0Axhy+ubFI=; b=ak8Ab3ybe2/ni6jTcOTSrmkEt33iUtqm2NfEs2/bp0WV4XZLNTaU9Ipv5SZCp15h486QZ8eOYDpsfDy87sbnSj5RMPYP7BmedIwDmjYvTN5cvMYGIwxFLVS7FOeO3db2XW3GA/+kIGQGa/bPtQW+VjuBTNLNSwbmk+ktwjn1M2wPXJZWGuOrq9mpE/I1MN4JKUEUjfbNOKOzTiNr6ten8bwR3rXAmh6R5S82dS5K2S/j+0FpjQSfpfK5FcaCPUisflrTxRG2gogFgGuvYHVJyXsPcC0LigC0NbZenpk+//mORxKciDhhkJGRx8dgne8J+OK4cVNTxM35FcUOVi4Fbg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=93VYtRsZiQs6TMdHW8fkIg92dTcAvuyPf0Axhy+ubFI=; b=ojApKVkzRKDvhepLaA4e+LabpTsZxWfpexnMItucqav18glo6kMNmNQLx3DheAUthwsH9+YUod/doWZhix6LmamGiSqWccQdIHd60TVEwhi1yPpbFGs73yZogHMJ7ThvLihtV3NGtN7ePPPijoon7pjEq0VCvGKOI6Rh81IJMrs= Received: from CH0PR04CA0062.namprd04.prod.outlook.com (2603:10b6:610:74::7) by SA3PR12MB8762.namprd12.prod.outlook.com (2603:10b6:806:31f::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:28:47 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:610:74:cafe::72) by CH0PR04CA0062.outlook.office365.com (2603:10b6:610:74::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:28:47 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:28:47 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:28:41 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 05/21] crypto/ccp: Make some SEV helpers public Date: Fri, 23 Aug 2024 23:21:19 +1000 Message-ID: <20240823132137.336874-6-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|SA3PR12MB8762:EE_ X-MS-Office365-Filtering-Correlation-Id: 8dcb84b1-dd0d-455a-7840-08dcc37784d8 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: kQa+VGFQkeE3TYo92KhbYtFSi94dhLkNdGmIKsXDpz3DRXIsK9L0+D6jr6maetCW0cRTUfHaBzGT4KduDJKP4CPvFVol8XGI17KtMSuMN1Ecs0Q1EmZit6SO9TH3o55B9R3VonbWsiNpMJ7K/odb8X8Yy79c/dFyeBuWhFwMzMu2Tgegq7DvBvaWU6Qz6bP/QyqWV753TCJ6tE1WMt275SplMrcT/GXmi/8ntiTM98j/kqpLgBEI2dNZMtqnDW8nhbtAgqI7AtKQ1wlzrYZulJ2kqt/E/YJ3WpZKGblz9oEXCcpZvpk31JBhCfnP2HK8boJpReQk+wtOabPIapDT2SDc62jt2vpya7BUUYB20tUvy9dfRBixq6zrlunsAzTg3/8MekTByp9gmmQWr/b9LzP/hCqzMp5x+Q/uC4gR9/dISoxaGJ22XzB7xf1J1z0/d1qDs/ANsqCGkSnMZuHz7inHplYRkAoBqAnN7vgc6YGBdxeWbraXQWgdseVPekXTgBSCJ5u1qYx/5via0nQ7cNwWqvpiYJ6us9sI0D5DyUfdzg4KaZo+0wgcsH+ZQkmkRKs+cn82VObTffx/02bWA9Re3drTGAVlRqHExRZp/eeYRcEgw890PhSn34rSt6K8tcxJlWWkjt1F3F0/lkAsx/hXGUtHKw7aXjIeQmjWyI5Z+B2YZChnLPM4lSTYuZ9BjonH/VF98QfnZG5P5FAHyvlXbewBJUZ3PdeSYzK5YValMS7BTUUX/NToVhwxy2y3ZGyRgrnm/TcDxITxvsmjBAxrHzkDgmoSfAbgtQZmrUHZ5FjdMK15ixgwT5LZnnuC4toXPQeInoP4HFaMrdp4p2kENkDtadUbd9Oxxp87H8Wpo7FxrcIWIG6gGUD/SmDTz+LcR49HS/qF56qVe2nnJwtcTH8It71C3FGBpV7HrE/aJnGLMIrcCt66YP88jIS68MTIN7AVRFCeLUZ/9arsu9mPU3H1X2aKfY9nL441Fgw5I7sl0qyaJ78H/xDz449e5SQrfJ9HJHL15MHS8cPc8XbwwyKVsMcRIEUIiiXEhTJHmG7opXZrMVZV4nT7rVoseXxCkQGuEmDCQ060nHn+duez7Ob6+eQWXR689rQE3Fe0pEF8TLyDK7TV1omMy8nTRqGGneNJpBZNHAmqow85ys8krrwKGB1r5wKFdwo4dHv8PGiMWGHUf3hg6BC57mpS8GSZpw/MAlGVpmpz47Z7T7prZ0FahLtI2VA9tePDjM+Kn8T+zV8WkVG3ue+AKB51VOFNEfMz0dskICbU9cMbYjelTDTuLeggRyLnFhsfyC7ebGFvjyd7OjGQeQAw57P5IpGU0+V9FkReyF3nVeZw4e85xpGsdDcW0DZBZBvjUYsYZ78dhrqg7RnhGFUdJJtxwXd0v32CwIti++Dtlcw6Z7ywRGJes0mvXTpRbbGYpaWgesQawawIRMkuwB9rNAwG X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:28:47.5977 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 8dcb84b1-dd0d-455a-7840-08dcc37784d8 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA3PR12MB8762 For SEV TIO. Signed-off-by: Alexey Kardashevskiy --- drivers/crypto/ccp/sev-dev.h | 2 ++ include/linux/psp-sev.h | 1 + drivers/crypto/ccp/sev-dev.c | 4 ++-- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 3e4e5574e88a..59842157e9d1 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -65,4 +65,6 @@ void sev_dev_destroy(struct psp_device *psp); void sev_pci_init(void); void sev_pci_exit(void); +bool sev_version_greater_or_equal(u8 maj, u8 min); + #endif /* __SEV_DEV_H */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 903ddfea8585..52d5ee101d3a 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -945,6 +945,7 @@ int sev_do_cmd(int cmd, void *data, int *psp_ret); void *psp_copy_user_blob(u64 uaddr, u32 len); void *snp_alloc_firmware_page(gfp_t mask); void snp_free_firmware_page(void *addr); +int snp_reclaim_pages(unsigned long paddr, unsigned int npages, bool locked); #else /* !CONFIG_CRYPTO_DEV_SP_PSP */ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index 82549ff1d4a9..f6eafde584d9 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -109,7 +109,7 @@ static void *sev_init_ex_buffer; */ static struct sev_data_range_list *snp_range_list; -static inline bool sev_version_greater_or_equal(u8 maj, u8 min) +bool sev_version_greater_or_equal(u8 maj, u8 min) { struct sev_device *sev = psp_master->sev_data; @@ -365,7 +365,7 @@ static int sev_write_init_ex_file_if_required(int cmd_id) */ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret); -static int snp_reclaim_pages(unsigned long paddr, unsigned int npages, bool locked) +int snp_reclaim_pages(unsigned long paddr, unsigned int npages, bool locked) { int ret, err, i; From patchwork Fri Aug 23 13:21:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775241 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2080.outbound.protection.outlook.com [40.107.220.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id BD8CD186601; Fri, 23 Aug 2024 13:29:12 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.80 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419754; cv=fail; b=bq5l5cqMCaATclDIkSNgsqJ7xNTp1thHdDxRvqLHE7QjDsKWzT54xfK5mM7FVgosmhC23YRmPAKOYQNW+C8VtPIJ+jLRTdO7unI3Z3MkwmvDVt/vjh+jc9TqcZfxypN/JfbIBLjRTY4ScHfpT5rHKpgf5PinpG7gFPZlwurVmYg= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419754; c=relaxed/simple; bh=XZwg+pWtUWIjRj+l4+xAVQ1DTfFU/OVF6TkqbWYmH00=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=BRzNMfOHLMCJ/NKVQXTnZhGGiPD7lL7vR600MmWs5TX+MCT5YK0obqgwfDoN9hxCsds/RDPOIuqlVQJdiwNixJaEnGf56c/NvOuKbJHJCd4X19NejAwia4VJ7bJLHBrwjUxwKOjkXmMm8osK/9CRmfp1BwM/Iyc8LNHOvZUDzDM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=m9RS1VGY; arc=fail smtp.client-ip=40.107.220.80 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="m9RS1VGY" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=sVYC6Q+hGLYDMoewSdp2v+RtYC31twN1XDMC9pMbakH4hb9YmdqbsaqjOMjotnZFZScbzwUkPXE4kmkE1Rk8X48J0JZDCxE11NTvkMRBJ06I/xcrxlh3F+rRmzRk8bIg6jmIc9q1XO0XeiHL/dTF7h7cG43x1tJEcnIvA+t8XMUUBrxdTB9cXR25yZEicNgMANADFEKBbfjaDMjkt7eNNL+Zq2UA8QEdSK+urP4TdPGuV9ZiCwWB1+ppjIfj09PxB/u2tMWKPDcCYU05fu84rFk1uoA8A50LbhBl0n2sCB8cn1UiyQAV4BDYUWK12QQB6DrsqLEGYWx2sUcplLjojQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=DGkXFzZ8jaJKxMht/c7C4G/4z0BV8248LV2V3Z1yLto=; b=vNr13Tfn6COXlOtu0v4N6v/DpUqyeDgEFHgu+B9KCX/4f5qoRuD/5UPZLDcRNlzrwNqCiGe4pSWERJY+YzQpZsRkc5ko/9CJXUt9naMy6F9yUo8xaTtJA/zK2hSc0Za2Bod42p2yV6nfnYnKYl36s2pDxdqn1t/QtAokEiE1zmI/E6s5etW9tBSpNKMyQrf7sUqMQJr+fWhbuoUbtAnprlqWb6G/kev3lSPHNo9KDZAad7mA8bz96GrWXs+63rATYu5aq/6dGTsDmp5BV7GKcWPr789VHw2pc9TfHWvQShxnt0IJZiE4O05lAwpkF14wDKOZb/E7w5qOiERa5eoh5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=DGkXFzZ8jaJKxMht/c7C4G/4z0BV8248LV2V3Z1yLto=; b=m9RS1VGYyRd2qyLnqPZx1zm7Q+ZO462icbYrfhXVWrD37EoyvR3/f7MUPC5PplB3TWXLY5na4bXtO15H22dpm/dmM30eEfUScV8Xop8WQmGt80VmZCuHTqzI363jtqxCJc3kEAP4NZMU7Gj5ZKWpr+yNfc3cKOBqNHNnTD4T114= Received: from DM6PR21CA0023.namprd21.prod.outlook.com (2603:10b6:5:174::33) by DM6PR12MB4433.namprd12.prod.outlook.com (2603:10b6:5:2a1::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:29:04 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:5:174:cafe::c) by DM6PR21CA0023.outlook.office365.com (2603:10b6:5:174::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7918.9 via Frontend Transport; Fri, 23 Aug 2024 13:29:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:29:04 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:28:59 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 06/21] crypto: ccp: Enable SEV-TIO feature in the PSP when supported Date: Fri, 23 Aug 2024 23:21:20 +1000 Message-ID: <20240823132137.336874-7-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|DM6PR12MB4433:EE_ X-MS-Office365-Filtering-Correlation-Id: e389ab2e-841b-46ae-8c9e-08dcc3778f10 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: iRM3oeqaDtBr8N7h53sRx8IvQnQ+goeWnxLzuV4md5dCkqQnb1xdaxwtmrCFLKZ6nO9uZlbal6lnhHv6iFI7ppsiufuJOe641x5Cfz6HLJ/SDcDP4AsEIsLSJuF+BcffFSsV+iWWm2fu5MGpAdpOHv0twHiBA18gXipU9hJOtE7ZXiFmziYJlfEHjrxFGoX9TH6EDPfQksde08gm9Itj1YelyGztDXvpRrTjBRFG013yNbeQR98UYjCYUgynRxqt21LmFj7k0EXu/EqUsy4yR2TW07nk8pbC6ffD3wKsBxNZKfqlqwXLRFK8MQSkOR43rWlEq/yjBsh+qdK0vlI0sSXacd72AIwjXItrrjxsseNd4u+pxWplvJV5GrNpz/zeIfg2YCI3DmziBOsCO8ZxehdcPAoaB/8kdIpYVB6Pqy0nVtiOTVyrdgxnJ8JGjlx36ebnSrsLSRtL6t2I7fNua0aeFkHePOzIqbV/WpIKq5W9SwZBFry9ndvon7LqGovDlHx7MxiWrDrPA8Hq3pIv4QnC+d9UL/uWEtFjGZQIfCTNQjjAD0vQ497VXQ3/2N1/dEqtO4pSP+9qz385j0He52d23F/PoYkUFEccSRBHa4dcXktcRAINJIPSc6l9D/ceehadCeMcbBzZEhkQNMSNHtDxIHa3xHEnjK5RDMl2BE6uHLRY/buxHTWEP6TE8bpGa4hEqzP9EJQ/WT7ZyeRuTVD2Mdx+c3c9NoWZL7vZvYUALFDjUHcIP2mojDAkYRULBdzK4V1t+Y3sLh5YEqRE8y/p32fmyz+yQZ2PxeeOUyqAfYwVRv4HijlDWOOWnLzesu9eQtGamXy0p61EBCq1a4MWofRLHyWXYywSRi9vkjUyG8f0pRGX0vWYegbLQfCeAHSfC6iY6iktk3tjLfXWvxvCTxaKnBrWbguQpUWMPKpHrS9CnohgoTTsTzEGURUK/BmzizAbO1kt7bReNqJfew/2qOxyf3fH+3S5ZMSy5YCI4lPg5JZ4jqVMUNvi7c9wjMbyK94oYhx/s84oy/31iIBRBfNHXe/kEhlqxgnsFs2u69uWELyGdIoKNylxfzFrUZWIUp0hnHMnhoqwuXEAozXJgEDWvS+yeMhm5BgbFDzKBtKEH1fsdwle7ytAUZZUU1V8ASqmDJx7gsq9UHs1RcRuHfcLMZg9fGv9714ZuVoeoaTURb3YlH4z89Y/3RNIHL6GFvojioVLZolMujlsdEkI/ydb1ltGtmtVz43oYNI2/Ne0bZvTKV9U4npkTjdMypHyKy1qqD2gn2+opCCBBgsJWDhhY54jIwoeHubYJCcYbupAXgCteT4odFe5wZGROfjrwf+doH5/Mb4zMz9/qW2jZePrwfhFeTJSzM5hi1Ta8+GklUjlOyf7O0TbAMEktHnGO/eD/52CMERXSAOxIo4eVW6JFafV1WoLVrl3C6fuwwojb0yroSvhKoQ/UUsG X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:29:04.7425 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e389ab2e-841b-46ae-8c9e-08dcc3778f10 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR12MB4433 The PSP advertises the SEV-TIO support via the FEATURE_INFO command support of which is advertised via SNP_PLATFORM_STATUS. Add FEATURE_INFO and use it to detect the TIO support in the PSP. If present, enable TIO in the SNP_INIT_EX call. While at this, add new bits to sev_data_snp_init_ex() from SEV-SNP 1.55. Note that this tests the PSP firmware support but not if the feature is enabled in the BIOS. While at this, add new sev_data_snp_shutdown_ex::x86_snp_shutdown Signed-off-by: Alexey Kardashevskiy --- include/linux/psp-sev.h | 31 ++++++++- include/uapi/linux/psp-sev.h | 4 +- drivers/crypto/ccp/sev-dev.c | 73 ++++++++++++++++++++ 3 files changed, 104 insertions(+), 4 deletions(-) diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 52d5ee101d3a..1d63044f66be 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -107,6 +107,7 @@ enum sev_cmd { SEV_CMD_SNP_DOWNLOAD_FIRMWARE_EX = 0x0CA, SEV_CMD_SNP_COMMIT = 0x0CB, SEV_CMD_SNP_VLEK_LOAD = 0x0CD, + SEV_CMD_SNP_FEATURE_INFO = 0x0CE, SEV_CMD_MAX, }; @@ -584,6 +585,25 @@ struct sev_data_snp_addr { u64 address; /* In/Out */ } __packed; +/** + * struct sev_data_snp_feature_info - SEV_CMD_SNP_FEATURE_INFO command params + * + * @len: length of this struct + * @ecx_in: subfunction index of CPUID Fn8000_0024 + * @feature_info_paddr: physical address of a page with sev_snp_feature_info + */ +#define SNP_FEATURE_FN8000_0024_EBX_X00_SEVTIO 1 + +struct sev_snp_feature_info { + u32 eax, ebx, ecx, edx; /* Out */ +} __packed; + +struct sev_data_snp_feature_info { + u32 length; /* In */ + u32 ecx_in; /* In */ + u64 feature_info_paddr; /* In */ +} __packed; + /** * struct sev_data_snp_launch_start - SNP_LAUNCH_START command params * @@ -745,10 +765,14 @@ struct sev_data_snp_guest_request { struct sev_data_snp_init_ex { u32 init_rmp:1; u32 list_paddr_en:1; - u32 rsvd:30; + u32 rapl_dis:1; + u32 ciphertext_hiding_en:1; + u32 tio_en:1; + u32 rsvd:27; u32 rsvd1; u64 list_paddr; - u8 rsvd2[48]; + u16 max_snp_asid; + u8 rsvd2[46]; } __packed; /** @@ -787,7 +811,8 @@ struct sev_data_range_list { struct sev_data_snp_shutdown_ex { u32 len; u32 iommu_snp_shutdown:1; - u32 rsvd1:31; + u32 x86_snp_shutdown:1; + u32 rsvd1:30; } __packed; /** diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h index 7d2e10e3cdd5..28ee2a03c2b9 100644 --- a/include/uapi/linux/psp-sev.h +++ b/include/uapi/linux/psp-sev.h @@ -214,6 +214,7 @@ struct sev_user_data_get_id2 { * @mask_chip_id: whether chip id is present in attestation reports or not * @mask_chip_key: whether attestation reports are signed or not * @vlek_en: VLEK (Version Loaded Endorsement Key) hashstick is loaded + * @feature_info: Indicates that the SNP_FEATURE_INFO command is available * @rsvd1: reserved * @guest_count: the number of guest currently managed by the firmware * @current_tcb_version: current TCB version @@ -229,7 +230,8 @@ struct sev_user_data_snp_status { __u32 mask_chip_id:1; /* Out */ __u32 mask_chip_key:1; /* Out */ __u32 vlek_en:1; /* Out */ - __u32 rsvd1:29; + __u32 feature_info:1; /* Out */ + __u32 rsvd1:28; __u32 guest_count; /* Out */ __u64 current_tcb_version; /* Out */ __u64 reported_tcb_version; /* Out */ diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index f6eafde584d9..a49fe54b8dd8 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -223,6 +223,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_GUEST_REQUEST: return sizeof(struct sev_data_snp_guest_request); case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); + case SEV_CMD_SNP_FEATURE_INFO: return sizeof(struct sev_data_snp_feature_info); default: return 0; } @@ -1125,6 +1126,77 @@ static int snp_platform_status_locked(struct sev_device *sev, return ret; } +static int snp_feature_info_locked(struct sev_device *sev, u32 ecx, + struct sev_snp_feature_info *fi, int *psp_ret) +{ + struct sev_data_snp_feature_info buf = { + .length = sizeof(buf), + .ecx_in = ecx, + }; + struct page *status_page; + void *data; + int ret; + + status_page = alloc_page(GFP_KERNEL_ACCOUNT); + if (!status_page) + return -ENOMEM; + + data = page_address(status_page); + + if (sev->snp_initialized && rmp_mark_pages_firmware(__pa(data), 1, true)) { + ret = -EFAULT; + goto cleanup; + } + + buf.feature_info_paddr = __psp_pa(data); + ret = __sev_do_cmd_locked(SEV_CMD_SNP_FEATURE_INFO, &buf, psp_ret); + + if (sev->snp_initialized && snp_reclaim_pages(__pa(data), 1, true)) + ret = -EFAULT; + + if (!ret) + memcpy(fi, data, sizeof(*fi)); + +cleanup: + __free_pages(status_page, 0); + return ret; +} + +static int snp_get_feature_info(struct sev_device *sev, u32 ecx, struct sev_snp_feature_info *fi) +{ + struct sev_user_data_snp_status status = { 0 }; + int psp_ret = 0, ret; + + ret = snp_platform_status_locked(sev, &status, &psp_ret); + if (ret) + return ret; + if (ret != SEV_RET_SUCCESS) + return -EFAULT; + if (!status.feature_info) + return -ENOENT; + + ret = snp_feature_info_locked(sev, ecx, fi, &psp_ret); + if (ret) + return ret; + if (ret != SEV_RET_SUCCESS) + return -EFAULT; + + return 0; +} + +static bool sev_tio_present(struct sev_device *sev) +{ + struct sev_snp_feature_info fi = { 0 }; + bool present; + + if (snp_get_feature_info(sev, 0, &fi)) + return false; + + present = (fi.ebx & SNP_FEATURE_FN8000_0024_EBX_X00_SEVTIO) != 0; + dev_info(sev->dev, "SEV-TIO support is %s\n", present ? "present" : "not present"); + return present; +} + static int __sev_snp_init_locked(int *error) { struct psp_device *psp = psp_master; @@ -1189,6 +1261,7 @@ static int __sev_snp_init_locked(int *error) data.init_rmp = 1; data.list_paddr_en = 1; data.list_paddr = __psp_pa(snp_range_list); + data.tio_en = sev_tio_present(sev); cmd = SEV_CMD_SNP_INIT_EX; } else { cmd = SEV_CMD_SNP_INIT; From patchwork Fri Aug 23 13:21:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775242 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2084.outbound.protection.outlook.com [40.107.243.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DB1551865EE; Fri, 23 Aug 2024 13:29:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.84 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419775; cv=fail; b=Yg+32dTHRJFdl1gtsLnZHYMgx6HbuFGEBrtua/AXkyH1hbMlE6kJUsvjlKU7QaA0cT+SzGlNUElrqCyAprmcqzanl4Iq3ZH1Pu1b9hAX+eYtEg7J2KoZkJzctIPOlZqaBWyoQc5TUulity/bwZ7WEZuM+Ou3i3QoVTYjGfoQB6k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419775; c=relaxed/simple; bh=P401G9wcb7stnaBnb1hE3fU43ReXY9/eq/VFQhN8n/A=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=YWKVQeOUTs7Pco2OxoIV1S0Lsxt/sRxKK5NJ8vyurkojPdfMFSb4A2dElnPncg1hltxq4M7VZaW48FI1+KTRtoMqxmYhYUiyD8/5EMRKwGXpprjZMDrPySFbIceyj79a3FBQzPMA9m0aE3gIGyH1OHT0oCUQb91PadUFL7L2cEk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=aL0gAV6C; arc=fail smtp.client-ip=40.107.243.84 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="aL0gAV6C" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=YsgXjliLqAYSPSP5FNd38H8zH+J3qDRk2JivvCQYvACXtxgEJ2moKsUbuZ7R6B3+lbuqCbgLTBOPwH27+pBrdgWSlXL9j4bp02nGsuwI1GAo+YUAAyry5hebhO3WQiUepUpp2vW2YHkKrh4GeMmiwCaSOzc6+BNqKzSec7W/trDEsGdKvz7ijrx9vn7oQS/0XG1vLnXGJNmUOMcbAXjfeidUDdqmtwlfN8rfDMr8w1SGguv/+UmrBtVdRMbWBJqkCvc2drqFbTeO8nUoT/DAh6EWie4O1SE4sl4vGh5dI5Dp7+xk4LQyq1TxtqG2vf8IkXl+vMu2K7a+3zOV8Er85w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RUnn2Yl1uEUsaGe+LFNnRmy3soYEJEoqFXjNQS1tL8k=; b=eucAc2xFQvh4oiXg6oEPdOjYHoPPMKx4PIWLdqh2id0ykj61LSeslXbsqYof1+mh4jTyK8IHT6PSS5XUWTTBtokDifKY2ZP+iNsdTfhXF+yjp6LnaXX/l67lowX53MCBcAowKnhBun4gtRlaThWn3/SOEEW3L479bdXKnmLspSO8L7duiU3aS8rhJqul8AYvkkUzbQQT8luQoCJ8E+5f+A2DeVDhEn13Rb3JbIUKFFX/Qrt4PV1jSCRTwzX+vUfENDx59o63C7V3JdA16lYmyPipjQBM4w2j1LIprgNSt874lSWwepMWbWsw40rqDgMaFGcYLgnZUhUoAFKP5je23Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RUnn2Yl1uEUsaGe+LFNnRmy3soYEJEoqFXjNQS1tL8k=; b=aL0gAV6CQVs4KE8E4gnyRpsb/zeLFmvBJRYGvN062HWyKMoZYtNykfluwamAwitMSgoMJ/EvcYKr+OWkmERzH3aZtfwR0HvAv7+7vQznVECLVPwR6/s3ua90e73FlTU3hphbmOCbsMKv5ByWiix5yDbRR/y4sNV4ii0+0twNcGQ= Received: from DS7PR06CA0019.namprd06.prod.outlook.com (2603:10b6:8:2a::18) by SA0PR12MB4446.namprd12.prod.outlook.com (2603:10b6:806:71::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:29:23 +0000 Received: from DS2PEPF00003440.namprd02.prod.outlook.com (2603:10b6:8:2a:cafe::d7) by DS7PR06CA0019.outlook.office365.com (2603:10b6:8:2a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.25 via Frontend Transport; Fri, 23 Aug 2024 13:29:23 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003440.mail.protection.outlook.com (10.167.18.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:29:23 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:29:17 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 07/21] pci/tdisp: Introduce tsm module Date: Fri, 23 Aug 2024 23:21:21 +1000 Message-ID: <20240823132137.336874-8-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003440:EE_|SA0PR12MB4446:EE_ X-MS-Office365-Filtering-Correlation-Id: 76ee3513-94fd-400b-6d70-08dcc37799f9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: =?utf-8?q?1QQg/pWXt1+PKsbCJL9mlVaXm2oSJcz?= =?utf-8?q?hPLVZiJxlrNft7V/0wejmCk8TVWBYi24s8xhzZAGtjhpFrva963xDmYnsEsKrnItb?= =?utf-8?q?kaFqhmhwflp1oFlMYz3K51IwR4Fn97U4KGLTfoaU6jrSz0qQx15AW8Izq6BY11AlO?= =?utf-8?q?FXmBG68e1GLXScGUtDCKJwK6vtyg7VEyorvvZCsK8CFgBc2oHuUB3tEEtUv1crcfo?= =?utf-8?q?qVibFpjJPGecEbkc0fVD9iwcQFaV1y6ycNptdg2mNKNTeElTZIu+/odPu5fpujtBZ?= =?utf-8?q?QHlaeoaHMEorZlImTvW4Z2ZCH7yeaHXZm6tWLPOfwAPBPbj4xB6FQAk7TXqWA+C5v?= =?utf-8?q?Ai+m7NXCiUyA8VaiV8s4QjCovgwEGwTaOSfhHXWm2IJUTMmX4XDx6objr3nc6ekHu?= =?utf-8?q?XC7UMUpy2fkUGdRZMvW8x3dfhZv76VvDL8Mn5aEWb3iDtPk1q+uzWMfmj2kiVEVpf?= =?utf-8?q?3Zc+/AE5/P2eafAcpTKahvMIPBtHckwUCIcbs/gpRTuPfBpkiYO1bZCDDRBcOBG6c?= =?utf-8?q?k2uvhm8lh37hm3j6Kf/jsh3GHSpSgkAPgglg7uZpXSMXz/7dFq+IkHszsaR+7PQSJ?= =?utf-8?q?EMCfb2IGcAA/KfW9o3IjLS8LYsyFyY+xlK1lHNFJcIKbLJpmidMMTFPqAPyIrqRWY?= =?utf-8?q?iZ+K83oTvZN1Iw1yhkDa6zLnxhTdE/NLnq0hoab05lNifbPHezZUctmWxNbCWGC40?= =?utf-8?q?cXu9aw9vlnJlvtWDIZ8jo1xNLFcodmaA/+xBU4352uZJr2BtrsmePRCLepyPRy+4w?= =?utf-8?q?IQzW7KH1KVOYE3x3p2XOdYPlbwBSZrF5ouURJQk94Yx7jyb5b56sQMgB6SyM9qfVr?= =?utf-8?q?XOjMpy3y82liL9Rjn+NOGqR/c9Uwbgw79EyzHi9zfHfR9qrEhp3SEIn6fPhEttmsA?= =?utf-8?q?MHvi5/z2dHXVta+VVejlT0pUAHSmq67dnDmTVp0Q3U4/VW1k0tfYHe6MlV24ijKv5?= =?utf-8?q?/+wDBBYpMcR6EYBtAHa4AgQDW74gVitmAAe6/0KVmOiHUWGIN61slOU1OAbD9Gn1M?= =?utf-8?q?3WIGgUmWGj5lYSq99ypOca3LxdOmt0bIw5xmKjg4u/4RdvM6wGfv9jyui/A9jAC5M?= =?utf-8?q?RSrYXMxZyEocP79qtnN/qtwiN4gnctQvM6roBb6fU4DFlNi9IsvCoaN/nudAcq96K?= =?utf-8?q?FWDmS+fu5S28/ko2CvQQuK+3ywOoALrVznVsD8Qc24fcwVj2T9+40r69q6ld3HXPA?= =?utf-8?q?LKPTAqnH/WODUbbFDeAS9B8KfUedbTmINoH9uF/qkST7FR7KorJS28RzhBrLAOdtZ?= =?utf-8?q?g7/+KedFklTU5Ngh8wKnD7sRXdxGmdFNGgrgJbmw5e8baIICuZeq2EU/9jmIxncv3?= =?utf-8?q?/wXSIusLNYWaXUMXu2N7xvs8SJT7KPt7qA=3D=3D?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(1800799024)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:29:23.0459 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 76ee3513-94fd-400b-6d70-08dcc37799f9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003440.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA0PR12MB4446 The module responsibilities are: 1. detect TEE support in a device and create nodes in the device's sysfs entry; 2. allow binding a PCI device to a VM for passing it through in a trusted manner; 3. store measurements/certificates/reports and provide access to those for the userspace via sysfs. This relies on the platform to register a set of callbacks, for both host and guest. And tdi_enabled in the device struct. Signed-off-by: Alexey Kardashevskiy --- drivers/virt/coco/Makefile | 1 + include/linux/device.h | 5 + include/linux/tsm.h | 263 ++++ drivers/virt/coco/tsm.c | 1336 ++++++++++++++++++++ Documentation/virt/coco/tsm.rst | 62 + drivers/virt/coco/Kconfig | 11 + 6 files changed, 1678 insertions(+) diff --git a/drivers/virt/coco/Makefile b/drivers/virt/coco/Makefile index 75defec514f8..5d1aefb62714 100644 --- a/drivers/virt/coco/Makefile +++ b/drivers/virt/coco/Makefile @@ -3,6 +3,7 @@ # Confidential computing related collateral # obj-$(CONFIG_TSM_REPORTS) += tsm-report.o +obj-$(CONFIG_TSM) += tsm.o obj-$(CONFIG_EFI_SECRET) += efi_secret/ obj-$(CONFIG_SEV_GUEST) += sev-guest/ obj-$(CONFIG_INTEL_TDX_GUEST) += tdx-guest/ diff --git a/include/linux/device.h b/include/linux/device.h index 34eb20f5966f..bb58ed1fb8da 100644 --- a/include/linux/device.h +++ b/include/linux/device.h @@ -45,6 +45,7 @@ struct fwnode_handle; struct iommu_group; struct dev_pin_info; struct dev_iommu; +struct tsm_tdi; struct msi_device_data; /** @@ -801,6 +802,7 @@ struct device { void (*release)(struct device *dev); struct iommu_group *iommu_group; struct dev_iommu *iommu; + struct tsm_tdi *tdi; struct device_physical_location *physical_location; @@ -822,6 +824,9 @@ struct device { #ifdef CONFIG_DMA_NEED_SYNC bool dma_skip_sync:1; #endif +#if defined(CONFIG_TSM) || defined(CONFIG_TSM_MODULE) + bool tdi_enabled:1; +#endif }; /** diff --git a/include/linux/tsm.h b/include/linux/tsm.h new file mode 100644 index 000000000000..d48eceaf5bc0 --- /dev/null +++ b/include/linux/tsm.h @@ -0,0 +1,263 @@ +/* SPDX-License-Identifier: GPL-2.0 */ + +#ifndef LINUX_TSM_H +#define LINUX_TSM_H + +#include + +/* SPDM control structure for DOE */ +struct tsm_spdm { + unsigned long req_len; + void *req; + unsigned long rsp_len; + void *rsp; + + struct pci_doe_mb *doe_mb; + struct pci_doe_mb *doe_mb_secured; +}; + +/* Data object for measurements/certificates/attestationreport */ +struct tsm_blob { + void *data; + size_t len; + struct kref kref; + void (*release)(struct tsm_blob *b); +}; + +struct tsm_blob *tsm_blob_new(void *data, size_t len, void (*release)(struct tsm_blob *b)); +struct tsm_blob *tsm_blob_get(struct tsm_blob *b); +void tsm_blob_put(struct tsm_blob *b); + +/** + * struct tdisp_interface_id - TDISP INTERFACE_ID Definition + * + * @function_id: Identifies the function of the device hosting the TDI + * 15:0: @rid: Requester ID + * 23:16: @rseg: Requester Segment (Reserved if Requester Segment Valid is Clear) + * 24: @rseg_valid: Requester Segment Valid + * 31:25 – Reserved + * 8B - Reserved + */ +struct tdisp_interface_id { + union { + struct { + u32 function_id; + u8 reserved[8]; + }; + struct { + u16 rid; + u8 rseg; + u8 rseg_valid:1; + }; + }; +} __packed; + +/* + * Measurement block as defined in SPDM DSP0274. + */ +struct spdm_measurement_block_header { + u8 index; + u8 spec; /* MeasurementSpecification */ + u16 size; +} __packed; + +struct dmtf_measurement_block_header { + u8 type; /* DMTFSpecMeasurementValueType */ + u16 size; /* DMTFSpecMeasurementValueSize */ +} __packed; + +struct dmtf_measurement_block_device_mode { + u32 opmode_cap; /* OperationalModeCapabilties */ + u32 opmode_sta; /* OperationalModeState */ + u32 devmode_cap; /* DeviceModeCapabilties */ + u32 devmode_sta; /* DeviceModeState */ +} __packed; + +struct spdm_certchain_block_header { + u16 length; + u16 reserved; +} __packed; + +/* + * TDI Report Structure as defined in TDISP. + */ +struct tdi_report_header { + union { + u16 interface_info; + struct { + u16 no_fw_update:1; /* fw updates not permitted in CONFIG_LOCKED or RUN */ + u16 dma_no_pasid:1; /* TDI generates DMA requests without PASID */ + u16 dma_pasid:1; /* TDI generates DMA requests with PASID */ + u16 ats:1; /* ATS supported and enabled for the TDI */ + u16 prs:1; /* PRS supported and enabled for the TDI */ + u16 reserved1:11; + }; + }; + u16 reserved2; + u16 msi_x_message_control; + u16 lnr_control; + u32 tph_control; + u32 mmio_range_count; +} __packed; + +/* + * Each MMIO Range of the TDI is reported with the MMIO reporting offset added. + * Base and size in units of 4K pages + */ +struct tdi_report_mmio_range { + u64 first_page; /* First 4K page with offset added */ + u32 num; /* Number of 4K pages in this range */ + union { + u32 range_attributes; + struct { + u32 msix_table:1; + u32 msix_pba:1; + u32 is_non_tee_mem:1; + u32 is_mem_attr_updatable:1; + u32 reserved:12; + u32 range_id:16; + }; + }; +} __packed; + +struct tdi_report_footer { + u32 device_specific_info_len; + u8 device_specific_info[]; +} __packed; + +#define TDI_REPORT_HDR(rep) ((struct tdi_report_header *) ((rep)->data)) +#define TDI_REPORT_MR_NUM(rep) (TDI_REPORT_HDR(rep)->mmio_range_count) +#define TDI_REPORT_MR_OFF(rep) ((struct tdi_report_mmio_range *) (TDI_REPORT_HDR(rep) + 1)) +#define TDI_REPORT_MR(rep, rangeid) TDI_REPORT_MR_OFF(rep)[rangeid] +#define TDI_REPORT_FTR(rep) ((struct tdi_report_footer *) &TDI_REPORT_MR((rep), \ + TDI_REPORT_MR_NUM(rep))) + +/* Physical device descriptor responsible for IDE/TDISP setup */ +struct tsm_dev { + struct kref kref; + const struct attribute_group *ag; + struct pci_dev *pdev; /* Physical PCI function #0 */ + struct tsm_spdm spdm; + struct mutex spdm_mutex; + + u8 tc_mask; + u8 cert_slot; + u8 connected; + struct { + u8 enabled:1; + u8 enable:1; + u8 def:1; + u8 dev_ide_cfg:1; + u8 dev_tee_limited:1; + u8 rootport_ide_cfg:1; + u8 rootport_tee_limited:1; + u8 id; + } selective_ide[256]; + bool ide_pre; + + struct tsm_blob *meas; + struct tsm_blob *certs; + + void *data; /* Platform specific data */ +}; + +/* PCI function for passing through, can be the same as tsm_dev::pdev */ +struct tsm_tdi { + const struct attribute_group *ag; + struct pci_dev *pdev; + struct tsm_dev *tdev; + + u8 rseg; + u8 rseg_valid; + bool validated; + + struct tsm_blob *report; + + void *data; /* Platform specific data */ + + u64 vmid; + u32 asid; + u16 guest_rid; /* BDFn of PCI Fn in the VM */ +}; + +struct tsm_dev_status { + u8 ctx_state; + u8 tc_mask; + u8 certs_slot; + u16 device_id; + u16 segment_id; + u8 no_fw_update; + u16 ide_stream_id[8]; +}; + +enum tsm_spdm_algos { + TSM_TDI_SPDM_ALGOS_DHE_SECP256R1, + TSM_TDI_SPDM_ALGOS_DHE_SECP384R1, + TSM_TDI_SPDM_ALGOS_AEAD_AES_128_GCM, + TSM_TDI_SPDM_ALGOS_AEAD_AES_256_GCM, + TSM_TDI_SPDM_ALGOS_ASYM_TPM_ALG_RSASSA_3072, + TSM_TDI_SPDM_ALGOS_ASYM_TPM_ALG_ECDSA_ECC_NIST_P256, + TSM_TDI_SPDM_ALGOS_ASYM_TPM_ALG_ECDSA_ECC_NIST_P384, + TSM_TDI_SPDM_ALGOS_HASH_TPM_ALG_SHA_256, + TSM_TDI_SPDM_ALGOS_HASH_TPM_ALG_SHA_384, + TSM_TDI_SPDM_ALGOS_KEY_SCHED_SPDM_KEY_SCHEDULE, +}; + +enum tsm_tdisp_state { + TDISP_STATE_UNAVAIL, + TDISP_STATE_CONFIG_UNLOCKED, + TDISP_STATE_CONFIG_LOCKED, + TDISP_STATE_RUN, + TDISP_STATE_ERROR, +}; + +struct tsm_tdi_status { + bool valid; + u8 meas_digest_fresh:1; + u8 meas_digest_valid:1; + u8 all_request_redirect:1; + u8 bind_p2p:1; + u8 lock_msix:1; + u8 no_fw_update:1; + u16 cache_line_size; + u64 spdm_algos; /* Bitmask of tsm_spdm_algos */ + u8 certs_digest[48]; + u8 meas_digest[48]; + u8 interface_report_digest[48]; + + /* HV only */ + struct tdisp_interface_id id; + u8 guest_report_id[16]; + enum tsm_tdisp_state state; +}; + +struct tsm_ops { + /* HV hooks */ + int (*dev_connect)(struct tsm_dev *tdev, void *private_data); + int (*dev_reclaim)(struct tsm_dev *tdev, void *private_data); + int (*dev_status)(struct tsm_dev *tdev, void *private_data, struct tsm_dev_status *s); + int (*ide_refresh)(struct tsm_dev *tdev, void *private_data); + int (*tdi_bind)(struct tsm_tdi *tdi, u32 bdfn, u64 vmid, u32 asid, void *private_data); + int (*tdi_reclaim)(struct tsm_tdi *tdi, void *private_data); + + int (*guest_request)(struct tsm_tdi *tdi, u32 guest_rid, u64 vmid, void *req_data, + enum tsm_tdisp_state *state, void *private_data); + + /* VM hooks */ + int (*tdi_validate)(struct tsm_tdi *tdi, bool invalidate, void *private_data); + + /* HV and VM hooks */ + int (*tdi_status)(struct tsm_tdi *tdi, void *private_data, struct tsm_tdi_status *ts); +}; + +void tsm_set_ops(struct tsm_ops *ops, void *private_data); +struct tsm_tdi *tsm_tdi_get(struct device *dev); +int tsm_tdi_bind(struct tsm_tdi *tdi, u32 guest_rid, u64 vmid, u32 asid); +void tsm_tdi_unbind(struct tsm_tdi *tdi); +int tsm_guest_request(struct tsm_tdi *tdi, enum tsm_tdisp_state *state, void *req_data); +struct tsm_tdi *tsm_tdi_find(u32 guest_rid, u64 vmid); + +int pci_dev_tdi_validate(struct pci_dev *pdev); +ssize_t tsm_report_gen(struct tsm_blob *report, char *b, size_t len); + +#endif /* LINUX_TSM_H */ diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c new file mode 100644 index 000000000000..e90455a0267f --- /dev/null +++ b/drivers/virt/coco/tsm.c @@ -0,0 +1,1336 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include +#include +#include +#include +#include +#include + +#define DRIVER_VERSION "0.1" +#define DRIVER_AUTHOR "aik@amd.com" +#define DRIVER_DESC "TSM TDISP driver" + +static struct { + struct tsm_ops *ops; + void *private_data; + + uint tc_mask; + uint cert_slot; + bool physfn; +} tsm; + +module_param_named(tc_mask, tsm.tc_mask, uint, 0644); +MODULE_PARM_DESC(tc_mask, "Mask of traffic classes enabled in the device"); + +module_param_named(cert_slot, tsm.cert_slot, uint, 0644); +MODULE_PARM_DESC(cert_slot, "Slot number of the certificate requested for constructing the SPDM session"); + +module_param_named(physfn, tsm.physfn, bool, 0644); +MODULE_PARM_DESC(physfn, "Allow TDI on SR IOV of a physical function"); + +struct tsm_blob *tsm_blob_new(void *data, size_t len, void (*release)(struct tsm_blob *b)) +{ + struct tsm_blob *b; + + if (!len || !data) + return NULL; + + b = kzalloc(sizeof(*b) + len, GFP_KERNEL); + if (!b) + return NULL; + + b->data = (void *)b + sizeof(*b); + b->len = len; + b->release = release; + memcpy(b->data, data, len); + kref_init(&b->kref); + + return b; +} +EXPORT_SYMBOL_GPL(tsm_blob_new); + +static void tsm_blob_release(struct kref *kref) +{ + struct tsm_blob *b = container_of(kref, struct tsm_blob, kref); + + b->release(b); + kfree(b); +} + +struct tsm_blob *tsm_blob_get(struct tsm_blob *b) +{ + if (!b) + return NULL; + + if (!kref_get_unless_zero(&b->kref)) + return NULL; + + return b; +} +EXPORT_SYMBOL_GPL(tsm_blob_get); + +void tsm_blob_put(struct tsm_blob *b) +{ + if (!b) + return; + + kref_put(&b->kref, tsm_blob_release); +} +EXPORT_SYMBOL_GPL(tsm_blob_put); + +static struct tsm_dev *tsm_dev_get(struct device *dev) +{ + struct tsm_tdi *tdi = dev->tdi; + + if (!tdi || !tdi->tdev || !kref_get_unless_zero(&tdi->tdev->kref)) + return NULL; + + return tdi->tdev; +} + +static void tsm_dev_free(struct kref *kref); +static void tsm_dev_put(struct tsm_dev *tdev) +{ + kref_put(&tdev->kref, tsm_dev_free); +} + +struct tsm_tdi *tsm_tdi_get(struct device *dev) +{ + struct tsm_tdi *tdi = dev->tdi; + + return tdi; +} +EXPORT_SYMBOL_GPL(tsm_tdi_get); + +static int spdm_forward(struct tsm_spdm *spdm, u8 type) +{ + struct pci_doe_mb *doe_mb; + int rc; + + if (type == PCI_DOE_PROTOCOL_SECURED_CMA_SPDM) + doe_mb = spdm->doe_mb_secured; + else if (type == PCI_DOE_PROTOCOL_CMA_SPDM) + doe_mb = spdm->doe_mb; + else + return -EINVAL; + + if (!doe_mb) + return -EFAULT; + + rc = pci_doe(doe_mb, PCI_VENDOR_ID_PCI_SIG, type, + spdm->req, spdm->req_len, spdm->rsp, spdm->rsp_len); + if (rc >= 0) + spdm->rsp_len = rc; + + return rc; +} + +/* + * Enables IDE between the RC and the device. + * TEE Limited, IDE Cfg space and other bits are hardcoded + * as this is a sketch. + */ +static int tsm_set_sel_ide(struct tsm_dev *tdev) +{ + struct pci_dev *rootport; + bool printed = false; + unsigned int i; + int ret = 0; + + rootport = tdev->pdev->bus->self; + for (i = 0; i < ARRAY_SIZE(tdev->selective_ide); ++i) { + if (!tdev->selective_ide[i].enable) + continue; + + if (!printed) { + pci_info(rootport, "Configuring IDE with %s\n", + pci_name(tdev->pdev)); + printed = true; + } + WARN_ON_ONCE(tdev->selective_ide[i].enabled); + + ret = pci_ide_set_sel_rid_assoc(tdev->pdev, i, true, 0, 0, 0xFFFF); + if (ret) + pci_warn(tdev->pdev, + "Failed configuring SelectiveIDE#%d rid1 with %d\n", + i, ret); + ret = pci_ide_set_sel_addr_assoc(tdev->pdev, i, 0/* RID# */, true, + 0, 0xFFFFFFFFFFF00000ULL); + if (ret) + pci_warn(tdev->pdev, + "Failed configuring SelectiveIDE#%d RID#0 with %d\n", + i, ret); + + ret = pci_ide_set_sel(tdev->pdev, i, + tdev->selective_ide[i].id, + tdev->selective_ide[i].enable, + tdev->selective_ide[i].def, + tdev->selective_ide[i].dev_tee_limited, + tdev->selective_ide[i].dev_ide_cfg); + if (ret) { + pci_warn(tdev->pdev, + "Failed configuring SelectiveIDE#%d with %d\n", + i, ret); + break; + } + + ret = pci_ide_set_sel_rid_assoc(rootport, i, true, 0, 0, 0xFFFF); + if (ret) + pci_warn(rootport, + "Failed configuring SelectiveIDE#%d rid1 with %d\n", + i, ret); + + ret = pci_ide_set_sel(rootport, i, + tdev->selective_ide[i].id, + tdev->selective_ide[i].enable, + tdev->selective_ide[i].def, + tdev->selective_ide[i].rootport_tee_limited, + tdev->selective_ide[i].rootport_ide_cfg); + if (ret) + pci_warn(rootport, + "Failed configuring SelectiveIDE#%d with %d\n", + i, ret); + + tdev->selective_ide[i].enabled = 1; + } + + return ret; +} + +static void tsm_unset_sel_ide(struct tsm_dev *tdev) +{ + struct pci_dev *rootport = tdev->pdev->bus->self; + bool printed = false; + + for (unsigned int i = 0; i < ARRAY_SIZE(tdev->selective_ide); ++i) { + if (!tdev->selective_ide[i].enabled) + continue; + + if (!printed) { + pci_info(rootport, "Deconfiguring IDE with %s\n", pci_name(tdev->pdev)); + printed = true; + } + + pci_ide_set_sel(rootport, i, 0, 0, 0, false, false); + pci_ide_set_sel(tdev->pdev, i, 0, 0, 0, false, false); + tdev->selective_ide[i].enabled = 0; + } +} + +static int tsm_dev_connect(struct tsm_dev *tdev, void *private_data, unsigned int val) +{ + int ret; + + if (WARN_ON(!tsm.ops->dev_connect)) + return -EPERM; + + tdev->ide_pre = val == 2; + if (tdev->ide_pre) + tsm_set_sel_ide(tdev); + + mutex_lock(&tdev->spdm_mutex); + while (1) { + ret = tsm.ops->dev_connect(tdev, tsm.private_data); + if (ret <= 0) + break; + + ret = spdm_forward(&tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdev->spdm_mutex); + + if (!tdev->ide_pre) + ret = tsm_set_sel_ide(tdev); + + tdev->connected = (ret == 0); + + return ret; +} + +static int tsm_dev_reclaim(struct tsm_dev *tdev, void *private_data) +{ + struct pci_dev *pdev = NULL; + int ret; + + if (WARN_ON(!tsm.ops->dev_reclaim)) + return -EPERM; + + /* Do not disconnect with active TDIs */ + for_each_pci_dev(pdev) { + struct tsm_tdi *tdi = tsm_tdi_get(&pdev->dev); + + if (tdi && tdi->tdev == tdev && tdi->data) + return -EBUSY; + } + + if (!tdev->ide_pre) + tsm_unset_sel_ide(tdev); + + mutex_lock(&tdev->spdm_mutex); + while (1) { + ret = tsm.ops->dev_reclaim(tdev, private_data); + if (ret <= 0) + break; + + ret = spdm_forward(&tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdev->spdm_mutex); + + if (tdev->ide_pre) + tsm_unset_sel_ide(tdev); + + if (!ret) + tdev->connected = false; + + return ret; +} + +static int tsm_dev_status(struct tsm_dev *tdev, void *private_data, struct tsm_dev_status *s) +{ + if (WARN_ON(!tsm.ops->dev_status)) + return -EPERM; + + return tsm.ops->dev_status(tdev, private_data, s); +} + +static int tsm_ide_refresh(struct tsm_dev *tdev, void *private_data) +{ + int ret; + + if (!tsm.ops->ide_refresh) + return -EPERM; + + mutex_lock(&tdev->spdm_mutex); + while (1) { + ret = tsm.ops->ide_refresh(tdev, private_data); + if (ret <= 0) + break; + + ret = spdm_forward(&tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdev->spdm_mutex); + + return ret; +} + +static void tsm_tdi_reclaim(struct tsm_tdi *tdi, void *private_data) +{ + int ret; + + if (WARN_ON(!tsm.ops->tdi_reclaim)) + return; + + mutex_lock(&tdi->tdev->spdm_mutex); + while (1) { + ret = tsm.ops->tdi_reclaim(tdi, private_data); + if (ret <= 0) + break; + + ret = spdm_forward(&tdi->tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdi->tdev->spdm_mutex); +} + +static int tsm_tdi_validate(struct tsm_tdi *tdi, bool invalidate, void *private_data) +{ + int ret; + + if (!tdi || !tsm.ops->tdi_validate) + return -EPERM; + + ret = tsm.ops->tdi_validate(tdi, invalidate, private_data); + if (ret) { + pci_err(tdi->pdev, "Validation failed, ret=%d", ret); + tdi->pdev->dev.tdi_enabled = false; + } + + return ret; +} + +/* In case BUS_NOTIFY_PCI_BUS_MASTER is no good, a driver can call pci_dev_tdi_validate() */ +int pci_dev_tdi_validate(struct pci_dev *pdev) +{ + struct tsm_tdi *tdi = tsm_tdi_get(&pdev->dev); + + return tsm_tdi_validate(tdi, false, tsm.private_data); +} +EXPORT_SYMBOL_GPL(pci_dev_tdi_validate); + +static int tsm_tdi_status(struct tsm_tdi *tdi, void *private_data, struct tsm_tdi_status *ts) +{ + struct tsm_tdi_status tstmp = { 0 }; + int ret; + + if (WARN_ON(!tsm.ops->tdi_status)) + return -EPERM; + + mutex_lock(&tdi->tdev->spdm_mutex); + while (1) { + ret = tsm.ops->tdi_status(tdi, private_data, &tstmp); + if (ret <= 0) + break; + + ret = spdm_forward(&tdi->tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdi->tdev->spdm_mutex); + + *ts = tstmp; + + return ret; +} + +static ssize_t tsm_cert_slot_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t ret = count; + unsigned long val; + + if (kstrtoul(buf, 0, &val) < 0) + ret = -EINVAL; + else + tdev->cert_slot = val; + + tsm_dev_put(tdev); + + return ret; +} + +static ssize_t tsm_cert_slot_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t ret = sysfs_emit(buf, "%u\n", tdev->cert_slot); + + tsm_dev_put(tdev); + return ret; +} + +static DEVICE_ATTR_RW(tsm_cert_slot); + +static ssize_t tsm_tc_mask_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t ret = count; + unsigned long val; + + if (kstrtoul(buf, 0, &val) < 0) + ret = -EINVAL; + else + tdev->tc_mask = val; + tsm_dev_put(tdev); + + return ret; +} + +static ssize_t tsm_tc_mask_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t ret = sysfs_emit(buf, "%#x\n", tdev->tc_mask); + + tsm_dev_put(tdev); + return ret; +} + +static DEVICE_ATTR_RW(tsm_tc_mask); + +static ssize_t tsm_dev_connect_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + unsigned long val; + ssize_t ret = -EIO; + + if (kstrtoul(buf, 0, &val) < 0) + ret = -EINVAL; + else if (val && !tdev->connected) + ret = tsm_dev_connect(tdev, tsm.private_data, val); + else if (!val && tdev->connected) + ret = tsm_dev_reclaim(tdev, tsm.private_data); + + if (!ret) + ret = count; + + tsm_dev_put(tdev); + + return ret; +} + +static ssize_t tsm_dev_connect_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t ret = sysfs_emit(buf, "%u\n", tdev->connected); + + tsm_dev_put(tdev); + return ret; +} + +static DEVICE_ATTR_RW(tsm_dev_connect); + +static ssize_t tsm_sel_stream_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + unsigned int ide_dev = false, tee_dev = true, ide_rp = true, tee_rp = false; + unsigned int sel_index, id, def, en; + struct tsm_dev *tdev; + + if (sscanf(buf, "%u %u %u %u %u %u %u %u", &sel_index, &id, &def, &en, + &ide_dev, &tee_dev, &ide_rp, &tee_rp) != 8) { + if (sscanf(buf, "%u %u %u %u", &sel_index, &id, &def, &en) != 4) + return -EINVAL; + } + + if (sel_index >= ARRAY_SIZE(tdev->selective_ide) || id > 0x100) + return -EINVAL; + + tdev = tsm_dev_get(dev); + if (en) { + tdev->selective_ide[sel_index].id = id; + tdev->selective_ide[sel_index].def = def; + tdev->selective_ide[sel_index].enable = 1; + tdev->selective_ide[sel_index].enabled = 0; + tdev->selective_ide[sel_index].dev_ide_cfg = ide_dev; + tdev->selective_ide[sel_index].dev_tee_limited = tee_dev; + tdev->selective_ide[sel_index].rootport_ide_cfg = ide_rp; + tdev->selective_ide[sel_index].rootport_tee_limited = tee_rp; + } else { + memset(&tdev->selective_ide[sel_index], 0, sizeof(tdev->selective_ide[0])); + } + + tsm_dev_put(tdev); + return count; +} + +static ssize_t tsm_sel_stream_show(struct device *dev, struct device_attribute *attr, + char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + struct pci_dev *rootport = tdev->pdev->bus->self; + unsigned int i; + char *buf1; + ssize_t ret = 0, sz = PAGE_SIZE; + + buf1 = kmalloc(sz, GFP_KERNEL); + if (!buf1) + return -ENOMEM; + + buf1[0] = 0; + for (i = 0; i < ARRAY_SIZE(tdev->selective_ide); ++i) { + if (!tdev->selective_ide[i].enable) + continue; + + ret += snprintf(buf1 + ret, sz - ret - 1, "%u: %d%s", + i, + tdev->selective_ide[i].id, + tdev->selective_ide[i].def ? " DEF" : ""); + if (tdev->selective_ide[i].enabled) { + u32 devst = 0, rcst = 0; + + pci_ide_get_sel_sta(tdev->pdev, i, &devst); + pci_ide_get_sel_sta(rootport, i, &rcst); + ret += snprintf(buf1 + ret, sz - ret - 1, + " %x%s %s%s<-> %x%s %s%s rootport:%s", + devst, + PCI_IDE_SEL_STS_STATUS(devst) == 2 ? "=SECURE" : "", + tdev->selective_ide[i].dev_ide_cfg ? "IDECfg " : "", + tdev->selective_ide[i].dev_tee_limited ? "TeeLim " : "", + rcst, + PCI_IDE_SEL_STS_STATUS(rcst) == 2 ? "=SECURE" : "", + tdev->selective_ide[i].rootport_ide_cfg ? "IDECfg " : "", + tdev->selective_ide[i].rootport_tee_limited ? "TeeLim " : "", + pci_name(rootport) + ); + } + ret += snprintf(buf1 + ret, sz - ret - 1, "\n"); + } + tsm_dev_put(tdev); + + ret = sysfs_emit(buf, buf1); + kfree(buf1); + + return ret; +} + +static DEVICE_ATTR_RW(tsm_sel_stream); + +static ssize_t tsm_ide_refresh_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + int ret; + + ret = tsm_ide_refresh(tdev, tsm.private_data); + tsm_dev_put(tdev); + if (ret) + return ret; + + return count; +} + +static DEVICE_ATTR_WO(tsm_ide_refresh); + +static ssize_t blob_show(struct tsm_blob *blob, char *buf) +{ + unsigned int n, m; + + if (!blob) + return sysfs_emit(buf, "none\n"); + + n = snprintf(buf, PAGE_SIZE, "%lu %u\n", blob->len, + kref_read(&blob->kref)); + m = hex_dump_to_buffer(blob->data, blob->len, 32, 1, + buf + n, PAGE_SIZE - n, false); + n += min(PAGE_SIZE - n, m); + n += snprintf(buf + n, PAGE_SIZE - n, "...\n"); + return n; +} + +static ssize_t tsm_certs_gen(struct tsm_blob *certs, char *buf, size_t len) +{ + struct spdm_certchain_block_header *h; + unsigned int n = 0, m, i, off, o2; + u8 *p; + + for (i = 0, off = 0; off < certs->len; ++i) { + h = (struct spdm_certchain_block_header *) ((u8 *)certs->data + off); + if (WARN_ON_ONCE(h->length > certs->len - off)) + return 0; + + n += snprintf(buf + n, len - n, "[%d] len=%d:\n", i, h->length); + + for (o2 = 0, p = (u8 *)&h[1]; o2 < h->length; o2 += 32) { + m = hex_dump_to_buffer(p + o2, h->length - o2, 32, 1, + buf + n, len - n, true); + n += min(len - n, m); + n += snprintf(buf + n, len - n, "\n"); + } + + off += h->length; /* Includes the header */ + } + + return n; +} + +static ssize_t tsm_certs_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t n = 0; + + if (!tdev->certs) { + n = sysfs_emit(buf, "none\n"); + } else { + n = tsm_certs_gen(tdev->certs, buf, PAGE_SIZE); + if (!n) + n = blob_show(tdev->certs, buf); + } + + tsm_dev_put(tdev); + return n; +} + +static DEVICE_ATTR_RO(tsm_certs); + +static ssize_t tsm_meas_gen(struct tsm_blob *meas, char *buf, size_t len) +{ + static const char * const whats[] = { + "ImmuROM", "MutFW", "HWCfg", "FWCfg", + "MeasMft", "DevDbg", "MutFWVer", "MutFWVerSec" + }; + struct dmtf_measurement_block_device_mode *dm; + struct spdm_measurement_block_header *mb; + struct dmtf_measurement_block_header *h; + unsigned int n = 0, m, off, what; + bool dmtf; + + for (off = 0; off < meas->len; ) { + mb = (struct spdm_measurement_block_header *)(((u8 *) meas->data) + off); + dmtf = mb->spec & 1; + + n += snprintf(buf + n, len - n, "#%d (%d) ", mb->index, mb->size); + if (dmtf) { + h = (void *) &mb[1]; + + if (WARN_ON_ONCE(mb->size != (sizeof(*h) + h->size))) + return -EINVAL; + + what = h->type & 0x7F; + n += snprintf(buf + n, len - n, "%x=[%s %s]: ", + h->type, + h->type & 0x80 ? "digest" : "raw", + what < ARRAY_SIZE(whats) ? whats[what] : "reserved"); + + if (what == 5) { + dm = (struct dmtf_measurement_block_device_mode *) &h[1]; + n += snprintf(buf + n, len - n, " %x %x %x %x", + dm->opmode_cap, dm->opmode_sta, + dm->devmode_cap, dm->devmode_sta); + } else { + m = hex_dump_to_buffer(&h[1], h->size, 32, 1, + buf + n, len - n, false); + n += min(PAGE_SIZE - n, m); + } + } else { + n += snprintf(buf + n, len - n, "spec=%x: ", mb->spec); + m = hex_dump_to_buffer(&mb[1], min(len - off, mb->size), + 32, 1, buf + n, len - n, false); + n += min(PAGE_SIZE - n, m); + } + + off += sizeof(*mb) + mb->size; + n += snprintf(buf + n, PAGE_SIZE - n, "...\n"); + } + + return n; +} + +static ssize_t tsm_meas_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + ssize_t n = 0; + + if (!tdev->meas) { + n = sysfs_emit(buf, "none\n"); + } else { + if (!n) + n = tsm_meas_gen(tdev->meas, buf, PAGE_SIZE); + if (!n) + n = blob_show(tdev->meas, buf); + } + + tsm_dev_put(tdev); + return n; +} + +static DEVICE_ATTR_RO(tsm_meas); + +static ssize_t tsm_dev_status_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_dev *tdev = tsm_dev_get(dev); + struct tsm_dev_status s = { 0 }; + int ret = tsm_dev_status(tdev, tsm.private_data, &s); + ssize_t ret1; + + ret1 = sysfs_emit(buf, "ret=%d\n" + "ctx_state=%x\n" + "tc_mask=%x\n" + "certs_slot=%x\n" + "device_id=%x\n" + "segment_id=%x\n" + "no_fw_update=%x\n", + ret, + s.ctx_state, + s.tc_mask, + s.certs_slot, + s.device_id, + s.segment_id, + s.no_fw_update); + + tsm_dev_put(tdev); + return ret1; +} + +static DEVICE_ATTR_RO(tsm_dev_status); + +static struct attribute *host_dev_attrs[] = { + &dev_attr_tsm_cert_slot.attr, + &dev_attr_tsm_tc_mask.attr, + &dev_attr_tsm_dev_connect.attr, + &dev_attr_tsm_sel_stream.attr, + &dev_attr_tsm_ide_refresh.attr, + &dev_attr_tsm_certs.attr, + &dev_attr_tsm_meas.attr, + &dev_attr_tsm_dev_status.attr, + NULL, +}; +static const struct attribute_group host_dev_group = { + .attrs = host_dev_attrs, +}; + +static struct attribute *guest_dev_attrs[] = { + &dev_attr_tsm_certs.attr, + &dev_attr_tsm_meas.attr, + NULL, +}; +static const struct attribute_group guest_dev_group = { + .attrs = guest_dev_attrs, +}; + +static ssize_t tsm_tdi_bind_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + + if (!tdi->vmid) + return sysfs_emit(buf, "not bound\n"); + + return sysfs_emit(buf, "VM=%#llx ASID=%d BDFn=%x:%x.%d\n", + tdi->vmid, tdi->asid, + PCI_BUS_NUM(tdi->guest_rid), PCI_SLOT(tdi->guest_rid), + PCI_FUNC(tdi->guest_rid)); +} + +static DEVICE_ATTR_RO(tsm_tdi_bind); + +static ssize_t tsm_tdi_validate_store(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + unsigned long val; + ssize_t ret; + + if (kstrtoul(buf, 0, &val) < 0) + return -EINVAL; + + if (val) { + ret = tsm_tdi_validate(tdi, false, tsm.private_data); + if (ret) + return ret; + } else { + tsm_tdi_validate(tdi, true, tsm.private_data); + } + + tdi->validated = val; + + return count; +} + +static ssize_t tsm_tdi_validate_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + + return sysfs_emit(buf, "%u\n", tdi->validated); +} + +static DEVICE_ATTR_RW(tsm_tdi_validate); + +ssize_t tsm_report_gen(struct tsm_blob *report, char *buf, size_t len) +{ + struct tdi_report_header *h = TDI_REPORT_HDR(report); + struct tdi_report_mmio_range *mr = TDI_REPORT_MR_OFF(report); + struct tdi_report_footer *f = TDI_REPORT_FTR(report); + unsigned int n, m, i; + + n = snprintf(buf, len, + "no_fw_update=%u\ndma_no_pasid=%u\ndma_pasid=%u\nats=%u\nprs=%u\n", + h->no_fw_update, h->dma_no_pasid, h->dma_pasid, h->ats, h->prs); + n += snprintf(buf + n, len - n, + "msi_x_message_control=%#04x\nlnr_control=%#04x\n", + h->msi_x_message_control, h->lnr_control); + n += snprintf(buf + n, len - n, "tph_control=%#08x\n", h->tph_control); + + for (i = 0; i < h->mmio_range_count; ++i) { + n += snprintf(buf + n, len - n, + "[%i] #%u %#016llx +%#lx MSIX%c PBA%c NonTEE%c Upd%c\n", + i, mr[i].range_id, mr[i].first_page << PAGE_SHIFT, + (unsigned long) mr[i].num << PAGE_SHIFT, + mr[i].msix_table ? '+':'-', + mr[i].msix_pba ? '+':'-', + mr[i].is_non_tee_mem ? '+':'-', + mr[i].is_mem_attr_updatable ? '+':'-'); + if (mr[i].reserved) + n += snprintf(buf + n, len - n, + "[%i] WARN: reserved=%#x\n", i, mr[i].range_attributes); + } + + if (f->device_specific_info_len) { + unsigned int num = report->len - ((u8 *)f->device_specific_info - (u8 *)h); + + num = min(num, f->device_specific_info_len); + n += snprintf(buf + n, len - n, "DevSp len=%d%s", + f->device_specific_info_len, num ? ": " : ""); + m = hex_dump_to_buffer(f->device_specific_info, num, 32, 1, + buf + n, len - n, false); + n += min(len - n, m); + n += snprintf(buf + n, len - n, m ? "\n" : "...\n"); + } + + return n; +} +EXPORT_SYMBOL_GPL(tsm_report_gen); + +static ssize_t tsm_report_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + ssize_t n = 0; + + if (!tdi->report) { + n = sysfs_emit(buf, "none\n"); + } else { + if (!n) + n = tsm_report_gen(tdi->report, buf, PAGE_SIZE); + if (!n) + n = blob_show(tdi->report, buf); + } + + return n; +} + +static DEVICE_ATTR_RO(tsm_report); + +static char *spdm_algos_to_str(u64 algos, char *buf, size_t len) +{ + size_t n = 0; + + buf[0] = 0; +#define __ALGO(x) do { \ + if ((n < len) && (algos & (1ULL << (TSM_TDI_SPDM_ALGOS_##x)))) \ + n += snprintf(buf + n, len - n, #x" "); \ + } while (0) + + __ALGO(DHE_SECP256R1); + __ALGO(DHE_SECP384R1); + __ALGO(AEAD_AES_128_GCM); + __ALGO(AEAD_AES_256_GCM); + __ALGO(ASYM_TPM_ALG_RSASSA_3072); + __ALGO(ASYM_TPM_ALG_ECDSA_ECC_NIST_P256); + __ALGO(ASYM_TPM_ALG_ECDSA_ECC_NIST_P384); + __ALGO(HASH_TPM_ALG_SHA_256); + __ALGO(HASH_TPM_ALG_SHA_384); + __ALGO(KEY_SCHED_SPDM_KEY_SCHEDULE); +#undef __ALGO + return buf; +} + +static const char *tdisp_state_to_str(enum tsm_tdisp_state state) +{ + switch (state) { +#define __ST(x) case TDISP_STATE_##x: return #x + case TDISP_STATE_UNAVAIL: return "TDISP state unavailable"; + __ST(CONFIG_UNLOCKED); + __ST(CONFIG_LOCKED); + __ST(RUN); + __ST(ERROR); +#undef __ST + default: return "unknown"; + } +} + +static ssize_t tsm_tdi_status_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + struct tsm_tdi_status ts = { 0 }; + char algos[256] = ""; + unsigned int n, m; + int ret; + + ret = tsm_tdi_status(tdi, tsm.private_data, &ts); + if (ret < 0) + return sysfs_emit(buf, "ret=%d\n\n", ret); + + if (!ts.valid) + return sysfs_emit(buf, "ret=%d\nstate=%d:%s\n", + ret, ts.state, tdisp_state_to_str(ts.state)); + + n = snprintf(buf, PAGE_SIZE, + "ret=%d\n" + "state=%d:%s\n" + "meas_digest_fresh=%x\n" + "meas_digest_valid=%x\n" + "all_request_redirect=%x\n" + "bind_p2p=%x\n" + "lock_msix=%x\n" + "no_fw_update=%x\n" + "cache_line_size=%d\n" + "algos=%#llx:%s\n" + , + ret, + ts.state, tdisp_state_to_str(ts.state), + ts.meas_digest_fresh, + ts.meas_digest_valid, + ts.all_request_redirect, + ts.bind_p2p, + ts.lock_msix, + ts.no_fw_update, + ts.cache_line_size, + ts.spdm_algos, spdm_algos_to_str(ts.spdm_algos, algos, sizeof(algos) - 1)); + + n += snprintf(buf + n, PAGE_SIZE - n, "Certs digest: "); + m = hex_dump_to_buffer(ts.certs_digest, sizeof(ts.certs_digest), 32, 1, + buf + n, PAGE_SIZE - n, false); + n += min(PAGE_SIZE - n, m); + n += snprintf(buf + n, PAGE_SIZE - n, "...\nMeasurements digest: "); + m = hex_dump_to_buffer(ts.meas_digest, sizeof(ts.meas_digest), 32, 1, + buf + n, PAGE_SIZE - n, false); + n += min(PAGE_SIZE - n, m); + n += snprintf(buf + n, PAGE_SIZE - n, "...\nInterface report digest: "); + m = hex_dump_to_buffer(ts.interface_report_digest, sizeof(ts.interface_report_digest), + 32, 1, buf + n, PAGE_SIZE - n, false); + n += min(PAGE_SIZE - n, m); + n += snprintf(buf + n, PAGE_SIZE - n, "...\n"); + + return n; +} + +static DEVICE_ATTR_RO(tsm_tdi_status); + +static struct attribute *host_tdi_attrs[] = { + &dev_attr_tsm_tdi_bind.attr, + &dev_attr_tsm_report.attr, + &dev_attr_tsm_tdi_status.attr, + NULL, +}; + +static const struct attribute_group host_tdi_group = { + .attrs = host_tdi_attrs, +}; + +static struct attribute *guest_tdi_attrs[] = { + &dev_attr_tsm_tdi_validate.attr, + &dev_attr_tsm_report.attr, + &dev_attr_tsm_tdi_status.attr, + NULL, +}; + +static const struct attribute_group guest_tdi_group = { + .attrs = guest_tdi_attrs, +}; + +static int tsm_tdi_init(struct tsm_dev *tdev, struct pci_dev *pdev) +{ + struct tsm_tdi *tdi; + int ret = 0; + + dev_info(&pdev->dev, "Initializing tdi\n"); + if (!tdev) + return -ENODEV; + + tdi = kzalloc(sizeof(*tdi), GFP_KERNEL); + if (!tdi) + return -ENOMEM; + + /* tsm_dev_get() requires pdev->dev.tdi which is set later */ + if (!kref_get_unless_zero(&tdev->kref)) { + ret = -EPERM; + goto free_exit; + } + + if (tsm.ops->dev_connect) + tdi->ag = &host_tdi_group; + else + tdi->ag = &guest_tdi_group; + + ret = sysfs_create_link(&pdev->dev.kobj, &tdev->pdev->dev.kobj, "tsm_dev"); + if (ret) + goto free_exit; + + ret = device_add_group(&pdev->dev, tdi->ag); + if (ret) + goto sysfs_unlink_exit; + + tdi->tdev = tdev; + tdi->pdev = pci_dev_get(pdev); + + pdev->dev.tdi_enabled = !pdev->is_physfn || tsm.physfn; + pdev->dev.tdi = tdi; + pci_info(pdev, "TDI enabled=%d\n", pdev->dev.tdi_enabled); + + return 0; + +sysfs_unlink_exit: + sysfs_remove_link(&pdev->dev.kobj, "tsm_dev"); +free_exit: + kfree(tdi); + + return ret; +} + +static void tsm_tdi_free(struct tsm_tdi *tdi) +{ + tsm_dev_put(tdi->tdev); + + pci_dev_put(tdi->pdev); + + device_remove_group(&tdi->pdev->dev, tdi->ag); + sysfs_remove_link(&tdi->pdev->dev.kobj, "tsm_dev"); + tdi->pdev->dev.tdi = NULL; + tdi->pdev->dev.tdi_enabled = false; + kfree(tdi); +} + +static int tsm_dev_init(struct pci_dev *pdev, struct tsm_dev **ptdev) +{ + struct tsm_dev *tdev; + int ret = 0; + + dev_info(&pdev->dev, "Initializing tdev\n"); + tdev = kzalloc(sizeof(*tdev), GFP_KERNEL); + if (!tdev) + return -ENOMEM; + + kref_init(&tdev->kref); + tdev->tc_mask = tsm.tc_mask; + tdev->cert_slot = tsm.cert_slot; + tdev->pdev = pci_dev_get(pdev); + mutex_init(&tdev->spdm_mutex); + + if (tsm.ops->dev_connect) + tdev->ag = &host_dev_group; + else + tdev->ag = &guest_dev_group; + + ret = device_add_group(&pdev->dev, tdev->ag); + if (ret) + goto free_exit; + + if (tsm.ops->dev_connect) { + ret = -EPERM; + tdev->pdev = pci_dev_get(pdev); + tdev->spdm.doe_mb = pci_find_doe_mailbox(tdev->pdev, + PCI_VENDOR_ID_PCI_SIG, + PCI_DOE_PROTOCOL_CMA_SPDM); + if (!tdev->spdm.doe_mb) + goto pci_dev_put_exit; + + tdev->spdm.doe_mb_secured = pci_find_doe_mailbox(tdev->pdev, + PCI_VENDOR_ID_PCI_SIG, + PCI_DOE_PROTOCOL_SECURED_CMA_SPDM); + if (!tdev->spdm.doe_mb_secured) + goto pci_dev_put_exit; + } + + *ptdev = tdev; + return 0; + +pci_dev_put_exit: + pci_dev_put(pdev); +free_exit: + kfree(tdev); + + return ret; +} + +static void tsm_dev_free(struct kref *kref) +{ + struct tsm_dev *tdev = container_of(kref, struct tsm_dev, kref); + + device_remove_group(&tdev->pdev->dev, tdev->ag); + + if (tdev->connected) + tsm_dev_reclaim(tdev, tsm.private_data); + + dev_info(&tdev->pdev->dev, "Freeing TDEV\n"); + pci_dev_put(tdev->pdev); + kfree(tdev); +} + +static int tsm_alloc_device(struct pci_dev *pdev) +{ + int ret = 0; + + /* It is guest VM == TVM */ + if (!tsm.ops->dev_connect) { + if (pdev->devcap & PCI_EXP_DEVCAP_TEE_IO) { + struct tsm_dev *tdev = NULL; + + ret = tsm_dev_init(pdev, &tdev); + if (ret) + return ret; + + ret = tsm_tdi_init(tdev, pdev); + tsm_dev_put(tdev); + return ret; + } + return 0; + } + + if (pdev->is_physfn && (PCI_FUNC(pdev->devfn) == 0) && + (pdev->devcap & PCI_EXP_DEVCAP_TEE_IO)) { + struct tsm_dev *tdev = NULL; + + + ret = tsm_dev_init(pdev, &tdev); + if (ret) + return ret; + + ret = tsm_tdi_init(tdev, pdev); + tsm_dev_put(tdev); + return ret; + } + + if (pdev->is_virtfn) { + struct pci_dev *pf0 = pci_get_slot(pdev->physfn->bus, + pdev->physfn->devfn & ~7); + + if (pf0 && (pf0->devcap & PCI_EXP_DEVCAP_TEE_IO)) { + struct tsm_dev *tdev = tsm_dev_get(&pf0->dev); + + ret = tsm_tdi_init(tdev, pdev); + tsm_dev_put(tdev); + return ret; + } + } + + return 0; +} + +static void tsm_dev_freeice(struct device *dev) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + + if (!tdi) + return; + + tsm_tdi_free(tdi); +} + +static int tsm_pci_bus_notifier(struct notifier_block *nb, unsigned long action, void *data) +{ + switch (action) { + case BUS_NOTIFY_ADD_DEVICE: + tsm_alloc_device(to_pci_dev(data)); + break; + case BUS_NOTIFY_DEL_DEVICE: + tsm_dev_freeice(data); + break; + case BUS_NOTIFY_UNBOUND_DRIVER: + tsm_tdi_validate(tsm_tdi_get(data), true, tsm.private_data); + break; + } + + return NOTIFY_OK; +} + +static struct notifier_block tsm_pci_bus_nb = { + .notifier_call = tsm_pci_bus_notifier, +}; + +static int __init tsm_init(void) +{ + int ret = 0; + + pr_info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); + return ret; +} + +static void __exit tsm_cleanup(void) +{ +} + +void tsm_set_ops(struct tsm_ops *ops, void *private_data) +{ + struct pci_dev *pdev = NULL; + int ret; + + if (!tsm.ops && ops) { + tsm.ops = ops; + tsm.private_data = private_data; + + for_each_pci_dev(pdev) { + ret = tsm_alloc_device(pdev); + if (ret) + break; + } + bus_register_notifier(&pci_bus_type, &tsm_pci_bus_nb); + } else { + bus_unregister_notifier(&pci_bus_type, &tsm_pci_bus_nb); + for_each_pci_dev(pdev) + tsm_dev_freeice(&pdev->dev); + tsm.ops = ops; + } +} +EXPORT_SYMBOL_GPL(tsm_set_ops); + +int tsm_tdi_bind(struct tsm_tdi *tdi, u32 guest_rid, u64 vmid, u32 asid) +{ + int ret; + + if (WARN_ON(!tsm.ops->tdi_bind)) + return -EPERM; + + tdi->guest_rid = guest_rid; + tdi->vmid = vmid; + tdi->asid = asid; + + mutex_lock(&tdi->tdev->spdm_mutex); + while (1) { + ret = tsm.ops->tdi_bind(tdi, guest_rid, vmid, asid, tsm.private_data); + if (ret < 0) + break; + + if (!ret) + break; + + ret = spdm_forward(&tdi->tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdi->tdev->spdm_mutex); + + if (ret) { + tsm_tdi_unbind(tdi); + return ret; + } + + return 0; +} +EXPORT_SYMBOL_GPL(tsm_tdi_bind); + +void tsm_tdi_unbind(struct tsm_tdi *tdi) +{ + tsm_tdi_reclaim(tdi, tsm.private_data); + tdi->vmid = 0; + tdi->asid = 0; + tdi->guest_rid = 0; +} +EXPORT_SYMBOL_GPL(tsm_tdi_unbind); + +int tsm_guest_request(struct tsm_tdi *tdi, enum tsm_tdisp_state *state, void *req_data) +{ + int ret; + + if (!tsm.ops->guest_request) + return -EPERM; + + mutex_lock(&tdi->tdev->spdm_mutex); + while (1) { + ret = tsm.ops->guest_request(tdi, tdi->guest_rid, tdi->vmid, req_data, + state, tsm.private_data); + if (ret <= 0) + break; + + ret = spdm_forward(&tdi->tdev->spdm, ret); + if (ret < 0) + break; + } + mutex_unlock(&tdi->tdev->spdm_mutex); + + return ret; +} +EXPORT_SYMBOL_GPL(tsm_guest_request); + +struct tsm_tdi *tsm_tdi_find(u32 guest_rid, u64 vmid) +{ + struct pci_dev *pdev = NULL; + struct tsm_tdi *tdi; + + for_each_pci_dev(pdev) { + tdi = tsm_tdi_get(&pdev->dev); + if (!tdi) + continue; + + if (tdi->vmid == vmid && tdi->guest_rid == guest_rid) + return tdi; + } + + return NULL; +} +EXPORT_SYMBOL_GPL(tsm_tdi_find); + +module_init(tsm_init); +module_exit(tsm_cleanup); + +MODULE_VERSION(DRIVER_VERSION); +MODULE_LICENSE("GPL"); +MODULE_AUTHOR(DRIVER_AUTHOR); +MODULE_DESCRIPTION(DRIVER_DESC); diff --git a/Documentation/virt/coco/tsm.rst b/Documentation/virt/coco/tsm.rst new file mode 100644 index 000000000000..3be6e8491e42 --- /dev/null +++ b/Documentation/virt/coco/tsm.rst @@ -0,0 +1,62 @@ +.. SPDX-License-Identifier: GPL-2.0 + +What it is +========== + +This is for PCI passthrough in confidential computing (CoCo: SEV-SNP, TDX, CoVE). +Currently passing through PCI devices to a CoCo VM uses SWIOTLB to pre-shared +memory buffers. + +PCIe IDE (Integrity and Data Encryption) and TDISP (TEE Device Interface Security +Protocol) are protocols to enable encryption over PCIe link and DMA to encrypted +memory. This doc is focused to DMAing to encrypted VM, the encrypted host memory is +out of scope. + + +Protocols +========= + +PCIe r6 DOE is a mailbox protocol to read/write object from/to device. +Objects are of plain SPDM or secure SPDM type. SPDM is responsible for authenticating +devices, creating a secure link between a device and TSM. +IDE_KM manages PCIe link encryption keys, it works on top of secure SPDM. +TDISP manages a passed through PCI function state, also works on top on secure SPDM. +Additionally, PCIe defines IDE capability which provides the host OS a way +to enable streams on the PCIe link. + + +TSM module +========== + +This is common place to trigger device authentication and keys management. +It exposes certificates/measurenets/reports/status via sysfs and provides control +over the link (limited though by the TSM capabilities). +A platform is expected to register a specific set of hooks. The same module works +in host and guest OS, the set of requires platform hooks is quite different. + + +Flow +==== + +At the boot time the tsm.ko scans the PCI bus to find and setup TDISP-cabable +devices; it also listens to hotplug events. If setup was successful, tsm-prefixed +nodes will appear in sysfs. + +Then, the user enables IDE by writing to /sys/bus/pci/devices/0000:e1:00.0/tsm_dev_connect +and this is how PCIe encryption is enabled. + +To pass the device through, a modifined VMM is required. + +In the VM, the same tsm.ko loads. In addition to the host's setup, the VM wants +to receive the report and enable secure DMA or/and secure MMIO, via some VM<->HV +protocol (such as AMD GHCB). Once this is done, a VM can access validated MMIO +with the Cbit set and the device can DMA to encrypted memory. + + +References +========== + +[1] TEE Device Interface Security Protocol - TDISP - v2022-07-27 +https://members.pcisig.com/wg/PCI-SIG/document/18268?downloadRevision=21500 +[2] Security Protocol and Data Model (SPDM) +https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.2.1.pdf diff --git a/drivers/virt/coco/Kconfig b/drivers/virt/coco/Kconfig index 87d142c1f932..67a9c9daf96d 100644 --- a/drivers/virt/coco/Kconfig +++ b/drivers/virt/coco/Kconfig @@ -7,6 +7,17 @@ config TSM_REPORTS select CONFIGFS_FS tristate +config TSM + tristate "Platform support for TEE Device Interface Security Protocol (TDISP)" + default m + depends on AMD_MEM_ENCRYPT + select PCI_DOE + select PCI_IDE + help + Add a common place for user visible platform support for PCIe TDISP. + TEE Device Interface Security Protocol (TDISP) from PCI-SIG, + https://pcisig.com/tee-device-interface-security-protocol-tdisp + source "drivers/virt/coco/efi_secret/Kconfig" source "drivers/virt/coco/sev-guest/Kconfig" From patchwork Fri Aug 23 13:21:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775243 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2067.outbound.protection.outlook.com [40.107.94.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 14FAB18661A; Fri, 23 Aug 2024 13:29:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419791; cv=fail; b=JeBUluoupzU5kvL7l9d3Hi1QsA9Sp+e+zLq9IdZP3klEhVNmcBlgHFod/hjKuOOBw0ZGGb+tcatn+HuN9pVotbM/aiL49meNcch0m+GgGu2C5H+8V2G4GilBOzsarEZTVA3F7HXn2EFJzNisXipQzDEqeTyFICG/kaO45ENmJsQ= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419791; c=relaxed/simple; bh=CAXlWieY1zjmBKpKxxJEhwNSN2PPRtqtkPC/25vZYP8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=NNBFKlWRqxLXiTth2zhKNzXdRhT77nlTLSv9BWSx3waOo5siyltJuQTPkrF9OpEeMKqx7WlnONATFlYB5kemxHfu47/fta3G6PB5QI1rWKq9WEzQPlq94q7cAKx5LgkpL2CXJj67S+SWiUSLEoKDRuxbbr5tUPJICUd9Y+Ob5pk= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=nhThw7Vc; arc=fail smtp.client-ip=40.107.94.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="nhThw7Vc" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=HorBYiTO9DQLRxEO64kNR8a9pgFQY18KFOkL+U+FvO4XvQSvsiCgbWrCjBiu5pCga+rWbRyGxiUIPJFEnWHGNYIwJl8reW1V386vASrWGkCd/offL+w6dqVX89y+xZFziFlz5Ar90zxDnywBgNYRgqyLe0acz1jY6FqpRaerLq1PA1sddgVYsIbLItjS6CTSrI0jFpNqgSA1IVwKskxmeMHaeNECwqU5YP0EzOcl+1fTX4H6kAoPq8fp5u9bTNFQLLwDq4MDNXNX4txnVp4kOsG3jGynDYfY9e8RfBo7fk0MLprmUOieG+8ZF5Lq8RhyqcGr4gKf9MSw+b/8UUAwcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=snyOMY4TEGnTV+OBSBT8vsszssY97q/DhEOC5BvFc4A=; b=IjDyGZxQbOuVzrKwAifSFdZG/c4ROHpEV9uBn7qDnwhfX+CKEXwxPNdOhrVSqMSJOgtP/P+Qe6ggZKoIgjwiGaRWoNWO4z0O1JLyA6AwhOXuJGynYg42b+7LjKxVZlnNzrsop0x4BggH3AKvuIuJoY4Vnz8ee+GV1zYGHiUGeWZOmQOg0nFhVui1eVPvuW9Fomdta3ASFcr0v4PcPWtuDKsUvTnRw9sx6ry54ilOqC9tj1Dal2IeQ4CoQ9mbjXbvoAL0B6rjRQzT0RJ+2lBYSvo264OwW/x6DH6Ch32OU92kIBFPZPMWb7unDwvAnJQckE8qY2HEawIzlRvIg1uVUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=snyOMY4TEGnTV+OBSBT8vsszssY97q/DhEOC5BvFc4A=; b=nhThw7Vc7Pcw9rza2V0ypRvECwM/cwbspdxoXP95RSCVJZmXASkOyIN6uzhP+bzgHlrfrJr3LP61v/5NNx3fa3xsJC7ocee5GczQ4NCGxq8WwRW4e3f3dA/waBdgREFIZfKPb8/76B9G9tPwRXIV2IVw/MZ2c7Dr2KwB6CNSehw= Received: from DM6PR21CA0015.namprd21.prod.outlook.com (2603:10b6:5:174::25) by CH3PR12MB9220.namprd12.prod.outlook.com (2603:10b6:610:198::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.16; Fri, 23 Aug 2024 13:29:41 +0000 Received: from DS2PEPF0000343C.namprd02.prod.outlook.com (2603:10b6:5:174:cafe::95) by DM6PR21CA0015.outlook.office365.com (2603:10b6:5:174::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.13 via Frontend Transport; Fri, 23 Aug 2024 13:29:41 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343C.mail.protection.outlook.com (10.167.18.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:29:41 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:29:35 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 08/21] crypto/ccp: Implement SEV TIO firmware interface Date: Fri, 23 Aug 2024 23:21:22 +1000 Message-ID: <20240823132137.336874-9-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343C:EE_|CH3PR12MB9220:EE_ X-MS-Office365-Filtering-Correlation-Id: 9f9e323d-85c8-43e2-852f-08dcc377a4fa X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|82310400026|376014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?gMUVDiR2v5sCanYGj/wwp3VRrg5O1YS?= =?utf-8?q?FfDYlodImpsQCUb4xnhnoK0RQ6PQQda+5grOqCrsvxoM/ZPXmLmW8ZMlyfGDkBJ0K?= =?utf-8?q?gGySJAwaC9NYN7BcWhtWkVhG0xAuBc7jBakVRrC3ABoWHRIG3QJOJcxgQzQJ8kBjk?= =?utf-8?q?hVRFeW6DBjnUQBaak1f33oz4QPenMDyUvvamBB4LybXLs996K9dQm1GkATUCmp8TX?= =?utf-8?q?kVWN/rxbSG65dOWw4Cn/or0N1+ZuFWZlL9NZtPw6aPgzbbzX8gLME+mMVmuOVwlHo?= =?utf-8?q?I2YR28W5PRUxlu7ZBAWnsPWXAJCMFDsRTWR9eNBPj0+SfgjaTugittjYS3e9GIx8U?= =?utf-8?q?/vAwcl3HEWIACiL02+rKVHu26eZBPP1afP1vtZcQqpegA9xeWWDeQQrU7hK2PmXwM?= =?utf-8?q?z+REYSu1URfFSIao9WXYFYPaztAXiwwdy1RkzqJFqP6yFpYtC8JAKYDuce+X8IZET?= =?utf-8?q?Uy7VdHmRHnnJ3CGovv+sA3tn6WYuXL6ciWdfOaJMZ6c+g4jfdwWT49qneS5vuOcI/?= =?utf-8?q?zACI7bwntCjD4NBcb2ZjoFtKOhCMG4+ZOMPM0nrmqkD4uXMphaZX1fos63Q4KCLTW?= =?utf-8?q?vpzC/R/NaWfHYEv7E4J3udaz+ATJYqB//8wFwlhsLHf3YRJhQ+sD/DbIAFFyfrsDW?= =?utf-8?q?UjZVHF1yoV9kFhAxJpTNvdV4of++q35UAy7urNXU8f5tuRmfxyPi70EEM0oMsvYFR?= =?utf-8?q?lwO1wP1Pj7LGTDKY9PKQWuJk6XD4n2sAV9kV/HiSyGzDdSQfcc3JqKDNmH1YzE/VJ?= =?utf-8?q?/zQx/xUPmd4CvttKNvrQx+RWXZ/TcPekw0k36+94GhIOvMEL3gLvnhWMI/h071LiT?= =?utf-8?q?k1hheDzCKDddFrbMq34vbVrSqqphaL1LxhwNnF0UZJlOu5b/ZE06fsyyI4IriSTAl?= =?utf-8?q?n/KmsxhBsjFIwTCKx8k2CYVg4BM3AotUtwo8YsNChrCNSXmPP8ObjFCjdp0CcpN0z?= =?utf-8?q?ey3uznn83HWayQMUCDBlv5VkZMqIKV4lJSVZD0OIF+YDbExw0uX40DYK7z96GTerJ?= =?utf-8?q?6lXZM7jcwEI/CjPaBGWdnC4k95fwlltbjsLosH3B4TN+35N0XgK30RG19RKglaXWw?= =?utf-8?q?FI+J3tEXiW/qgMbgiRFJ+nAMvybeg/rtWCPHedBCFPIwpoq3erMxwaHlP5HQz6LXb?= =?utf-8?q?W95BEN9FydNt1fhe9bVA+TxIqVV9jt3m+ilDrItHln3fYKUhgv7CGtpbawRx0sB6v?= =?utf-8?q?O+KNsQijmp7BF66jR+leXoAkyr5bGryADlzHKmdoPHi6LAPxxLi/zrvR4oNdIzFaq?= =?utf-8?q?4Q1X+fNYu0kL8jDFgvYnN9RYf0ERlaV+b+jRkR42wHnGJYFYOHg9OLIQRyaMZf8yX?= =?utf-8?q?RnWZV+TeXRQDPqiA9UIk29rG8DJoDOvVFckI9Oeet4nvx/lw+NXsqlUN7JuRZADJ0?= =?utf-8?q?gQbKD4P/AcB?= X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:29:41.4767 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9f9e323d-85c8-43e2-852f-08dcc377a4fa X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343C.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9220 Implement SEV TIO PSP command wrappers in sev-dev-tio.c, these make SPDM calls and store the data in the SEV-TIO-specific structs. Implement tsm_ops for the hypervisor, the TSM module will call these when loaded on the host and its tsm_set_ops() is called. The HV ops are implemented in sev-dev-tsm.c. Signed-off-by: Alexey Kardashevskiy --- drivers/crypto/ccp/Makefile | 2 + arch/x86/include/asm/sev.h | 20 + drivers/crypto/ccp/sev-dev-tio.h | 105 ++ drivers/crypto/ccp/sev-dev.h | 2 + include/linux/psp-sev.h | 60 + drivers/crypto/ccp/sev-dev-tio.c | 1565 ++++++++++++++++++++ drivers/crypto/ccp/sev-dev-tsm.c | 397 +++++ drivers/crypto/ccp/sev-dev.c | 10 +- 8 files changed, 2159 insertions(+), 2 deletions(-) diff --git a/drivers/crypto/ccp/Makefile b/drivers/crypto/ccp/Makefile index 394484929dae..d9871465dd08 100644 --- a/drivers/crypto/ccp/Makefile +++ b/drivers/crypto/ccp/Makefile @@ -11,6 +11,8 @@ ccp-$(CONFIG_PCI) += sp-pci.o ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o \ sev-dev.o \ tee-dev.o \ + sev-dev-tio.o \ + sev-dev-tsm.o \ platform-access.o \ dbc.o \ hsti.o diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 79bbe2be900e..80d9aa16fe61 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -138,6 +138,14 @@ enum msg_type { SNP_MSG_ABSORB_RSP, SNP_MSG_VMRK_REQ, SNP_MSG_VMRK_RSP, + TIO_MSG_TDI_INFO_REQ = 0x81, + TIO_MSG_TDI_INFO_RSP = 0x01, + TIO_MSG_MMIO_VALIDATE_REQ = 0x82, + TIO_MSG_MMIO_VALIDATE_RSP = 0x02, + TIO_MSG_MMIO_CONFIG_REQ = 0x83, + TIO_MSG_MMIO_CONFIG_RSP = 0x03, + TIO_MSG_SDTE_WRITE_REQ = 0x84, + TIO_MSG_SDTE_WRITE_RSP = 0x04, SNP_MSG_TYPE_MAX }; @@ -171,6 +179,18 @@ struct sev_guest_platform_data { u64 secrets_gpa; }; +/* SPDM algorithms used for TDISP, used in TIO_MSG_TDI_INFO_REQ */ +#define TIO_SPDM_ALGOS_DHE_SECP256R1 0 +#define TIO_SPDM_ALGOS_DHE_SECP384R1 1 +#define TIO_SPDM_ALGOS_AEAD_AES_128_GCM (0<<8) +#define TIO_SPDM_ALGOS_AEAD_AES_256_GCM (1<<8) +#define TIO_SPDM_ALGOS_ASYM_TPM_ALG_RSASSA_3072 (0<<16) +#define TIO_SPDM_ALGOS_ASYM_TPM_ALG_ECDSA_ECC_NIST_P256 (1<<16) +#define TIO_SPDM_ALGOS_ASYM_TPM_ALG_ECDSA_ECC_NIST_P384 (2<<16) +#define TIO_SPDM_ALGOS_HASH_TPM_ALG_SHA_256 (0<<24) +#define TIO_SPDM_ALGOS_HASH_TPM_ALG_SHA_384 (1<<24) +#define TIO_SPDM_ALGOS_KEY_SCHED_SPDM_KEY_SCHEDULE (0ULL<<32) + /* * The secrets page contains 96-bytes of reserved field that can be used by * the guest OS. The guest OS uses the area to save the message sequence diff --git a/drivers/crypto/ccp/sev-dev-tio.h b/drivers/crypto/ccp/sev-dev-tio.h new file mode 100644 index 000000000000..761cc88699c4 --- /dev/null +++ b/drivers/crypto/ccp/sev-dev-tio.h @@ -0,0 +1,105 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +#ifndef __PSP_SEV_TIO_H__ +#define __PSP_SEV_TIO_H__ + +#include +#include + +#if defined(CONFIG_CRYPTO_DEV_SP_PSP) || defined(CONFIG_CRYPTO_DEV_SP_PSP_MODULE) + +int sev_tio_cmd_buffer_len(int cmd); + +struct sla_addr_t { + union { + u64 sla; + struct { + u64 page_type:1; + u64 page_size:1; + u64 reserved1:10; + u64 pfn:40; + u64 reserved2:12; + }; + }; +} __packed; + +#define SEV_TIO_MAX_COMMAND_LENGTH 128 +#define SEV_TIO_MAX_DATA_LENGTH 256 + +/* struct tsm_dev::data */ +struct tsm_dev_tio { + struct sla_addr_t dev_ctx; + struct sla_addr_t req; + struct sla_addr_t resp; + struct sla_addr_t scratch; + struct sla_addr_t output; + struct sla_buffer_hdr *reqbuf; /* vmap'ed @req for DOE */ + struct sla_buffer_hdr *respbuf; /* vmap'ed @resp for DOE */ + + int cmd; + int psp_ret; + u8 cmd_data[SEV_TIO_MAX_COMMAND_LENGTH]; + u8 data[SEV_TIO_MAX_DATA_LENGTH]; /* Data page for SPDM-aware commands returning some data */ +}; + +/* struct tsm_tdi::data */ +struct tsm_tdi_tio { + struct sla_addr_t tdi_ctx; + u64 gctx_paddr; + + u64 vmid; + u32 asid; +}; + +#define SPDM_DOBJ_ID_NONE 0 +#define SPDM_DOBJ_ID_REQ 1 +#define SPDM_DOBJ_ID_RESP 2 +#define SPDM_DOBJ_ID_CERTIFICATE 4 +#define SPDM_DOBJ_ID_MEASUREMENT 5 +#define SPDM_DOBJ_ID_REPORT 6 + +void sev_tio_cleanup(void); + +void tio_save_output(struct tsm_blob **blob, struct sla_addr_t sla, u32 dobjid); + +int sev_tio_status(void); +int sev_tio_continue(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); + +int sev_tio_dev_measurements(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); +int sev_tio_dev_certificates(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); +int sev_tio_dev_create(struct tsm_dev_tio *dev_data, u16 device_id, u16 root_port_id, + u8 segment_id); +int sev_tio_dev_connect(struct tsm_dev_tio *dev_data, u8 tc_mask, u8 cert_slot, + struct tsm_spdm *spdm); +int sev_tio_dev_disconnect(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); +int sev_tio_dev_reclaim(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); +int sev_tio_dev_status(struct tsm_dev_tio *dev_data, struct tsm_dev_status *status); +int sev_tio_ide_refresh(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm); + +int sev_tio_tdi_create(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, u16 dev_id, + u8 rseg, u8 rseg_valid); +void sev_tio_tdi_reclaim(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data); +int sev_tio_guest_request(void *data, u32 guest_rid, u64 gctx_paddr, + struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm); + +int sev_tio_tdi_bind(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + __u32 guest_rid, u64 gctx_paddr, struct tsm_spdm *spdm); +int sev_tio_tdi_unbind(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm); +int sev_tio_tdi_report(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + u64 gctx_paddr, struct tsm_spdm *spdm); + +int sev_tio_asid_fence_clear(u16 device_id, u8 segment_id, u64 gctx_paddr, int *psp_ret); +int sev_tio_asid_fence_status(struct tsm_dev_tio *dev_data, u16 device_id, u8 segment_id, + u32 asid, bool *fenced); + +int sev_tio_tdi_info(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_tdi_status *ts); +int sev_tio_tdi_status(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm); +int sev_tio_tdi_status_fin(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + enum tsm_tdisp_state *state); + +#endif /* CONFIG_CRYPTO_DEV_SP_PSP */ + +#endif /* __PSP_SEV_TIO_H__ */ diff --git a/drivers/crypto/ccp/sev-dev.h b/drivers/crypto/ccp/sev-dev.h index 59842157e9d1..a74698a1e433 100644 --- a/drivers/crypto/ccp/sev-dev.h +++ b/drivers/crypto/ccp/sev-dev.h @@ -67,4 +67,6 @@ void sev_pci_exit(void); bool sev_version_greater_or_equal(u8 maj, u8 min); +void sev_tsm_set_ops(bool set); + #endif /* __SEV_DEV_H */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index 1d63044f66be..adf40e0316dc 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -12,6 +12,7 @@ #ifndef __PSP_SEV_H__ #define __PSP_SEV_H__ +#include #include #define SEV_FW_BLOB_MAX_SIZE 0x4000 /* 16KB */ @@ -109,6 +110,27 @@ enum sev_cmd { SEV_CMD_SNP_VLEK_LOAD = 0x0CD, SEV_CMD_SNP_FEATURE_INFO = 0x0CE, + /* SEV-TIO commands */ + SEV_CMD_TIO_STATUS = 0x0D0, + SEV_CMD_TIO_INIT = 0x0D1, + SEV_CMD_TIO_DEV_CREATE = 0x0D2, + SEV_CMD_TIO_DEV_RECLAIM = 0x0D3, + SEV_CMD_TIO_DEV_CONNECT = 0x0D4, + SEV_CMD_TIO_DEV_DISCONNECT = 0x0D5, + SEV_CMD_TIO_DEV_STATUS = 0x0D6, + SEV_CMD_TIO_DEV_MEASUREMENTS = 0x0D7, + SEV_CMD_TIO_DEV_CERTIFICATES = 0x0D8, + SEV_CMD_TIO_TDI_CREATE = 0x0DA, + SEV_CMD_TIO_TDI_RECLAIM = 0x0DB, + SEV_CMD_TIO_TDI_BIND = 0x0DC, + SEV_CMD_TIO_TDI_UNBIND = 0x0DD, + SEV_CMD_TIO_TDI_REPORT = 0x0DE, + SEV_CMD_TIO_TDI_STATUS = 0x0DF, + SEV_CMD_TIO_GUEST_REQUEST = 0x0E0, + SEV_CMD_TIO_ASID_FENCE_CLEAR = 0x0E1, + SEV_CMD_TIO_ASID_FENCE_STATUS = 0x0E2, + SEV_CMD_TIO_TDI_INFO = 0x0E3, + SEV_CMD_TIO_ROLL_KEY = 0x0E4, SEV_CMD_MAX, }; @@ -147,6 +169,7 @@ struct sev_data_init_ex { } __packed; #define SEV_INIT_FLAGS_SEV_ES 0x01 +#define SEV_INIT_FLAGS_SEV_TIO_EN BIT(2) /** * struct sev_data_pek_csr - PEK_CSR command parameters @@ -752,6 +775,11 @@ struct sev_data_snp_guest_request { u64 res_paddr; /* In */ } __packed; +struct tio_guest_request { + struct sev_data_snp_guest_request data; + int fw_err; +}; + /** * struct sev_data_snp_init_ex - SNP_INIT_EX structure * @@ -1007,4 +1035,36 @@ static inline void snp_free_firmware_page(void *addr) { } #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ +/* + * TIO_GUEST_REQUEST's TIO_MSG_MMIO_VALIDATE_REQ + * encoding for MMIO in RDX: + * + * ........ ....GGGG GGGGGGGG GGGGGGGG GGGGGGGG GGGGGGGG GGGGOOOO OOOO.rrr + * Where: + * G - guest physical address + * O - order of 4K pages + * r - range id == BAR + */ +#define MMIO_VALIDATE_GPA(r) ((r) & 0x000FFFFFFFFFF000ULL) +#define MMIO_VALIDATE_LEN(r) (1ULL << (12 + (((r) >> 4) & 0xFF))) +#define MMIO_VALIDATE_RANGEID(r) ((r) & 0x7) +#define MMIO_VALIDATE_RESERVED(r) ((r) & 0xFFF0000000000008ULL) + +/* Optional Certificates/measurements/report data from TIO_GUEST_REQUEST */ +struct tio_blob_table_entry { + guid_t guid; + u32 offset; + u32 length; +}; + +/* Measurement’s blob: 5caa80c6-12ef-401a-b364-ec59a93abe3f */ +#define TIO_GUID_MEASUREMENTS \ + GUID_INIT(0x5caa80c6, 0x12ef, 0x401a, 0xb3, 0x64, 0xec, 0x59, 0xa9, 0x3a, 0xbe, 0x3f) +/* Certificates blob: 078ccb75-2644-49e8-afe7-5686c5cf72f1 */ +#define TIO_GUID_CERTIFICATES \ + GUID_INIT(0x078ccb75, 0x2644, 0x49e8, 0xaf, 0xe7, 0x56, 0x86, 0xc5, 0xcf, 0x72, 0xf1) +/* Attestation report: 70dc5b0e-0cc0-4cd5-97bb-ff0ba25bf320 */ +#define TIO_GUID_REPORT \ + GUID_INIT(0x70dc5b0e, 0x0cc0, 0x4cd5, 0x97, 0xbb, 0xff, 0x0b, 0xa2, 0x5b, 0xf3, 0x20) + #endif /* __PSP_SEV_H__ */ diff --git a/drivers/crypto/ccp/sev-dev-tio.c b/drivers/crypto/ccp/sev-dev-tio.c new file mode 100644 index 000000000000..42741b17c747 --- /dev/null +++ b/drivers/crypto/ccp/sev-dev-tio.c @@ -0,0 +1,1565 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Interface to PSP for CCP/SEV-TIO/SNP-VM + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include + +#include "psp-dev.h" +#include "sev-dev.h" +#include "sev-dev-tio.h" + +#define SLA_PAGE_TYPE_DATA 0 +#define SLA_PAGE_TYPE_SCATTER 1 +#define SLA_PAGE_SIZE_4K 0 +#define SLA_PAGE_SIZE_2M 1 +#define SLA_SZ(s) ((s).page_size == SLA_PAGE_SIZE_2M ? SZ_2M : SZ_4K) +#define SLA_SCATTER_LEN(s) (SLA_SZ(s) / sizeof(struct sla_addr_t)) +#define SLA_EOL ((struct sla_addr_t) { .pfn = 0xFFFFFFFFFFUL }) +#define SLA_NULL ((struct sla_addr_t) { 0 }) +#define IS_SLA_NULL(s) ((s).sla == SLA_NULL.sla) +#define IS_SLA_EOL(s) ((s).sla == SLA_EOL.sla) + +/* the BUFFER Structure */ +struct sla_buffer_hdr { + u32 capacity_sz; + u32 payload_sz; /* The size of BUFFER_PAYLOAD in bytes. Must be multiple of 32B */ + union { + u32 flags; + struct { + u32 encryption:1; + }; + }; + u32 reserved1; + u8 iv[16]; /* IV used for the encryption of this buffer */ + u8 authtag[16]; /* Authentication tag for this buffer */ + u8 reserved2[16]; +} __packed; + +struct spdm_dobj_hdr { + u32 id; /* Data object type identifier */ + u32 length; /* Length of the data object, INCLUDING THIS HEADER. Must be a multiple of 32B */ + union { + u16 ver; /* Version of the data object structure */ + struct { + u8 minor; + u8 major; + } version; + }; +} __packed; + +enum spdm_data_type_t { + DOBJ_DATA_TYPE_SPDM = 0x1, + DOBJ_DATA_TYPE_SECURE_SPDM = 0x2, +}; + +struct spdm_dobj_hdr_req { + struct spdm_dobj_hdr hdr; /* hdr.id == SPDM_DOBJ_ID_REQ */ + u8 data_type; /* spdm_data_type_t */ + u8 reserved2[5]; +} __packed; + +struct spdm_dobj_hdr_resp { + struct spdm_dobj_hdr hdr; /* hdr.id == SPDM_DOBJ_ID_RESP */ + u8 data_type; /* spdm_data_type_t */ + u8 reserved2[5]; +} __packed; + +struct spdm_dobj_hdr_cert { + struct spdm_dobj_hdr hdr; /* hdr.id == SPDM_DOBJ_ID_CERTIFICATE */ + u8 reserved1[6]; + u16 device_id; + u8 segment_id; + u8 type; /* 1h: SPDM certificate. 0h, 2h–FFh: Reserved. */ + u8 reserved2[12]; +} __packed; + +struct spdm_dobj_hdr_meas { + struct spdm_dobj_hdr hdr; /* hdr.id == SPDM_DOBJ_ID_MEASUREMENT */ + u8 reserved1[6]; + u16 device_id; + u8 segment_id; + u8 type; /* 1h: SPDM measurement. 0h, 2h–FFh: Reserved. */ + u8 reserved2[12]; +} __packed; + +struct spdm_dobj_hdr_report { + struct spdm_dobj_hdr hdr; /* hdr.id == SPDM_DOBJ_ID_REPORT */ + u8 reserved1[6]; + u16 device_id; + u8 segment_id; + u8 type; /* 1h: TDISP interface report. 0h, 2h–FFh: Reserved */ + u8 reserved2[12]; +} __packed; + +/* Used in all SPDM-aware TIO commands */ +struct spdm_ctrl { + struct sla_addr_t req; + struct sla_addr_t resp; + struct sla_addr_t scratch; + struct sla_addr_t output; +} __packed; + +static size_t sla_dobj_id_to_size(u8 id) +{ + size_t n; + + BUILD_BUG_ON(sizeof(struct spdm_dobj_hdr_resp) != 0x10); + switch (id) { + case SPDM_DOBJ_ID_REQ: + n = sizeof(struct spdm_dobj_hdr_req); + break; + case SPDM_DOBJ_ID_RESP: + n = sizeof(struct spdm_dobj_hdr_resp); + break; + case SPDM_DOBJ_ID_CERTIFICATE: + n = sizeof(struct spdm_dobj_hdr_cert); + break; + case SPDM_DOBJ_ID_MEASUREMENT: + n = sizeof(struct spdm_dobj_hdr_meas); + break; + case SPDM_DOBJ_ID_REPORT: + n = sizeof(struct spdm_dobj_hdr_report); + break; + default: + WARN_ON(1); + n = 0; + break; + } + + return n; +} + +#define SPDM_DOBJ_HDR_SIZE(hdr) sla_dobj_id_to_size((hdr)->id) +#define SPDM_DOBJ_DATA(hdr) ((u8 *)(hdr) + SPDM_DOBJ_HDR_SIZE(hdr)) +#define SPDM_DOBJ_LEN(hdr) ((hdr)->length - SPDM_DOBJ_HDR_SIZE(hdr)) + +#define sla_to_dobj_resp_hdr(buf) ((struct spdm_dobj_hdr_resp *) \ + sla_to_dobj_hdr_check((buf), SPDM_DOBJ_ID_RESP)) +#define sla_to_dobj_req_hdr(buf) ((struct spdm_dobj_hdr_req *) \ + sla_to_dobj_hdr_check((buf), SPDM_DOBJ_ID_REQ)) + +static struct spdm_dobj_hdr *sla_to_dobj_hdr(struct sla_buffer_hdr *buf) +{ + if (!buf) + return NULL; + + return (struct spdm_dobj_hdr *) &buf[1]; +} + +static struct spdm_dobj_hdr *sla_to_dobj_hdr_check(struct sla_buffer_hdr *buf, u32 check_dobjid) +{ + struct spdm_dobj_hdr *hdr = sla_to_dobj_hdr(buf); + + if (hdr && hdr->id == check_dobjid) + return hdr; + + pr_err("! ERROR: expected %d, found %d\n", check_dobjid, hdr->id); + return NULL; +} + +static void *sla_to_data(struct sla_buffer_hdr *buf, u32 dobjid) +{ + struct spdm_dobj_hdr *hdr = sla_to_dobj_hdr(buf); + + if (WARN_ON_ONCE(dobjid != SPDM_DOBJ_ID_REQ && dobjid != SPDM_DOBJ_ID_RESP)) + return NULL; + + if (!hdr) + return NULL; + + return (u8 *) hdr + sla_dobj_id_to_size(dobjid); +} + +/** + * struct sev_tio_status - TIO_STATUS command's info_paddr buffer + * + * @length: Length of this structure in bytes. + * @tio_init_done: Indicates TIO_INIT has been invoked + * @tio_en: Indicates that SNP_INIT_EX initialized the RMP for SEV-TIO. + * @spdm_req_size_min: Minimum SPDM request buffer size in bytes. + * @spdm_req_size_max: Maximum SPDM request buffer size in bytes. + * @spdm_scratch_size_min: Minimum SPDM scratch buffer size in bytes. + * @spdm_scratch_size_max: Maximum SPDM scratch buffer size in bytes. + * @spdm_out_size_min: Minimum SPDM output buffer size in bytes + * @spdm_out_size_max: Maximum for the SPDM output buffer size in bytes. + * @spdm_rsp_size_min: Minimum SPDM response buffer size in bytes. + * @spdm_rsp_size_max: Maximum SPDM response buffer size in bytes. + * @devctx_size: Size of a device context buffer in bytes. + * @tdictx_size: Size of a TDI context buffer in bytes. + */ +struct sev_tio_status { + u32 length; + union { + u32 flags; + struct { + u32 tio_en:1; + u32 tio_init_done:1; + }; + }; + u32 spdm_req_size_min; + u32 spdm_req_size_max; + u32 spdm_scratch_size_min; + u32 spdm_scratch_size_max; + u32 spdm_out_size_min; + u32 spdm_out_size_max; + u32 spdm_rsp_size_min; + u32 spdm_rsp_size_max; + u32 devctx_size; + u32 tdictx_size; +}; + +/** + * struct sev_data_tio_status - SEV_CMD_TIO_STATUS command + * + * @length: Length of this command buffer in bytes + * @status_paddr: SPA of the TIO_STATUS structure + */ +struct sev_data_tio_status { + u32 length; + u32 reserved; + u64 status_paddr; +} __packed; + +/* TIO_INIT */ +struct sev_data_tio_init { + u32 length; + u32 reserved[3]; +} __packed; + +static struct sev_tio_status *tio_status; + +void sev_tio_cleanup(void) +{ + kfree(tio_status); + tio_status = NULL; +} + +/** + * struct sev_data_tio_dev_create - TIO_DEV_CREATE command + * + * @length: Length in bytes of this command buffer. + * @dev_ctx_sla: A scatter list address pointing to a buffer to be used as a device context buffer. + * @device_id: The PCIe Routing Identifier of the device to connect to. + * @root_port_id: FiXME: The PCIe Routing Identifier of the root port of the device. + * @segment_id: The PCIe Segment Identifier of the device to connect to. + */ +struct sev_data_tio_dev_create { + u32 length; + u32 reserved1; + struct sla_addr_t dev_ctx_sla; + u16 device_id; + u16 root_port_id; + u8 segment_id; + u8 reserved2[11]; +} __packed; + +/** + * struct sev_data_tio_dev_connect - TIO_DEV_CONNECT + * + * @length: Length in bytes of this command buffer. + * @spdm_ctrl: SPDM control structure defined in Section 5.1. + * @device_id: The PCIe Routing Identifier of the device to connect to. + * @root_port_id: The PCIe Routing Identifier of the root port of the device. + * @segment_id: The PCIe Segment Identifier of the device to connect to. + * @dev_ctx_sla: Scatter list address of the device context buffer. + * @tc_mask: Bitmask of the traffic classes to initialize for SEV-TIO usage. + * Setting the kth bit of the TC_MASK to 1 indicates that the traffic + * class k will be initialized. + * @cert_slot: Slot number of the certificate requested for constructing the SPDM session. + * @ide_stream_id: IDE stream IDs to be associated with this device. + * Valid only if corresponding bit in TC_MASK is set. + */ +struct sev_data_tio_dev_connect { + u32 length; + u32 reserved1; + struct spdm_ctrl spdm_ctrl; + u8 reserved2[8]; + struct sla_addr_t dev_ctx_sla; + u8 tc_mask; + u8 cert_slot; + u8 reserved3[6]; + u8 ide_stream_id[8]; + u8 reserved4[8]; +} __packed; + +/** + * struct sev_data_tio_dev_disconnect - TIO_DEV_DISCONNECT + * + * @length: Length in bytes of this command buffer. + * @force: Force device disconnect without SPDM traffic. + * @spdm_ctrl: SPDM control structure defined in Section 5.1. + * @dev_ctx_sla: Scatter list address of the device context buffer. + */ +struct sev_data_tio_dev_disconnect { + u32 length; + union { + u32 flags; + struct { + u32 force:1; + }; + }; + struct spdm_ctrl spdm_ctrl; + struct sla_addr_t dev_ctx_sla; +} __packed; + +/** + * struct sev_data_tio_dev_meas - TIO_DEV_MEASUREMENTS + * + * @length: Length in bytes of this command buffer + * @raw_bitstream: 0: Requests the digest form of the attestation report + * 1: Requests the raw bitstream form of the attestation report + * @spdm_ctrl: SPDM control structure defined in Section 5.1. + * @dev_ctx_sla: Scatter list address of the device context buffer. + */ +struct sev_data_tio_dev_meas { + u32 length; + union { + u32 flags; + struct { + u32 raw_bitstream:1; + }; + }; + struct spdm_ctrl spdm_ctrl; + struct sla_addr_t dev_ctx_sla; +} __packed; + +/** + * struct sev_data_tio_dev_certs - TIO_DEV_CERTIFICATES + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure defined in Section 5.1. + * @dev_ctx_sla: Scatter list address of the device context buffer. + */ +struct sev_data_tio_dev_certs { + u32 length; + u32 reserved; + struct spdm_ctrl spdm_ctrl; + struct sla_addr_t dev_ctx_sla; +} __packed; + +/** + * struct sev_data_tio_dev_reclaim - TIO_DEV_RECLAIM command + * + * @length: Length in bytes of this command buffer + * @dev_ctx_paddr: SPA of page donated by hypervisor + */ +struct sev_data_tio_dev_reclaim { + u32 length; + u32 reserved; + struct sla_addr_t dev_ctx_sla; +} __packed; + +/** + * struct sev_tio_dev_status - sev_data_tio_dev_status::status_paddr of + * TIO_DEV_STATUS command + * + */ +struct sev_tio_dev_status { + u32 length; + u8 ctx_state; + u8 reserved1; + union { + u8 p1; + struct { + u8 request_pending:1; + u8 request_pending_tdi:1; + }; + }; + u8 certs_slot; + u16 device_id; + u8 segment_id; + u8 tc_mask; + u16 request_pending_command; + u16 reserved2; + struct tdisp_interface_id request_pending_interface_id; + union { + u8 p2; + struct { + u8 meas_digest_valid:1; + u8 no_fw_update:1; + }; + }; + u8 reserved3[3]; + u16 ide_stream_id[8]; + u8 reserved4[8]; + u8 certs_digest[48]; + u8 meas_digest[48]; +} __packed; + +/** + * struct sev_data_tio_dev_status - TIO_DEV_STATUS command + * + * @length: Length in bytes of this command buffer + * @dev_ctx_paddr: SPA of a device context page + * @status_length: Length in bytes of the sev_tio_dev_status buffer + * @status_paddr: SPA of the status buffer. See Table 16 + */ +struct sev_data_tio_dev_status { + u32 length; /* In */ + u32 reserved; + struct sla_addr_t dev_ctx_paddr; /* In */ + u32 status_length; /* In */ + u64 status_paddr; /* In */ +} __packed; + +/** + * struct sev_data_tio_tdi_create - TIO_TDI_CREATE command + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure + * @dev_ctx_paddr: SPA of a device context page + * @tdi_ctx_paddr: SPA of page donated by hypervisor + * @interface_id: Interface ID of the TDI as defined by TDISP (host PCIID) + */ +struct sev_data_tio_tdi_create { + u32 length; /* In */ + u32 reserved; + struct sla_addr_t dev_ctx_sla; /* In */ + struct sla_addr_t tdi_ctx_sla; /* In */ + struct tdisp_interface_id interface_id; /* In */ + u8 reserved2[12]; +} __packed; + +struct sev_data_tio_tdi_reclaim { + u32 length; /* In */ + u32 reserved; + struct sla_addr_t dev_ctx_sla; /* In */ + struct sla_addr_t tdi_ctx_sla; /* In */ + u64 reserved2; +} __packed; + +/* + * struct sev_data_tio_tdi_bind - TIO_TDI_BIND command + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure defined in Chapter 2. + * @tdi_ctx_paddr: SPA of page donated by hypervisor + * @guest_ctx_paddr: SPA of guest context page + * @flags: + * 4 ALL_REQUEST_REDIRECT Requires ATS translated requests to route through + * the root complex. Must be 1. + * 3 BIND_P2P Enables direct P2P. Must be 0 + * 2 LOCK_MSIX Lock the MSI-X table and PBA. + * 1 CACHE_LINE_SIZE Indicates the cache line size. 0 indicates 64B. 1 indicates 128B. + * Must be 0. + * 0 NO_FW_UPDATE Indicates that no firmware updates are allowed while the interface + * is locked. + * @mmio_reporting_offset: Offset added to the MMIO range addresses in the interface + * report. + * @guest_interface_id: Hypervisor provided identifier used by the guest to identify + * the TDI in guest messages + */ +struct sev_data_tio_tdi_bind { + u32 length; /* In */ + u32 reserved; + struct spdm_ctrl spdm_ctrl; /* In */ + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u64 gctx_paddr; + u16 guest_device_id; + union { + u16 flags; + /* These are TDISP's LOCK_INTERFACE_REQUEST flags */ + struct { + u16 no_fw_update:1; + u16 reservedf1:1; + u16 lock_msix:1; + u16 bind_p2p:1; + u16 all_request_redirect:1; + }; + } tdisp_lock_if; + u16 reserved2; +} __packed; + +/* + * struct sev_data_tio_tdi_unbind - TIO_TDI_UNBIND command + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure defined in Chapter 2. + * @tdi_ctx_paddr: SPA of page donated by hypervisor + */ +struct sev_data_tio_tdi_unbind { + u32 length; /* In */ + u32 reserved; + struct spdm_ctrl spdm_ctrl; /* In */ + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u64 gctx_paddr; /* In */ +} __packed; + +/* + * struct sev_data_tio_tdi_report - TIO_TDI_REPORT command + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure defined in Chapter 2. + * @dev_ctx_sla: Scatter list address of the device context buffer + * @tdi_ctx_paddr: Scatter list address of a TDI context buffer + * @guest_ctx_paddr: System physical address of a guest context page + */ +struct sev_data_tio_tdi_report { + u32 length; + u32 reserved; + struct spdm_ctrl spdm_ctrl; + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u64 gctx_paddr; +} __packed; + +struct sev_data_tio_asid_fence_clear { + u32 length; /* In */ + u32 reserved1; + u64 gctx_paddr; /* In */ + u16 device_id; + u8 segment_id; + u8 reserved[13]; +} __packed; + +struct sev_data_tio_asid_fence_status { + u32 length; /* In */ + u32 asid; /* In */ + u64 status_pa; + u16 device_id; + u8 segment_id; + u8 reserved[13]; +} __packed; + +/** + * struct sev_data_tio_guest_request - TIO_GUEST_REQUEST command + * + * @length: Length in bytes of this command buffer + * @spdm_ctrl: SPDM control structure defined in Chapter 2. + * @gctx_paddr: system physical address of guest context page + * @tdi_ctx_paddr: SPA of page donated by hypervisor + * @req_paddr: system physical address of request page + * @res_paddr: system physical address of response page + */ +struct sev_data_tio_guest_request { + u32 length; /* In */ + u32 reserved; + struct spdm_ctrl spdm_ctrl; /* In */ + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u64 gctx_paddr; + u64 req_paddr; /* In */ + u64 res_paddr; /* In */ +} __packed; + +struct sev_data_tio_roll_key { + u32 length; /* In */ + u32 reserved; + struct spdm_ctrl spdm_ctrl; /* In */ + struct sla_addr_t dev_ctx_sla; /* In */ +} __packed; + +static struct sla_buffer_hdr *sla_buffer_map(struct sla_addr_t sla) +{ + struct sla_buffer_hdr *buf; + + BUILD_BUG_ON(sizeof(struct sla_buffer_hdr) != 0x40); + if (IS_SLA_NULL(sla)) + return NULL; + + if (sla.page_type == SLA_PAGE_TYPE_SCATTER) { + struct sla_addr_t *scatter = __va(sla.pfn << PAGE_SHIFT); + unsigned int i, npages = 0; + struct page **pp; + + for (i = 0; i < SLA_SCATTER_LEN(sla); ++i) { + if (WARN_ON_ONCE(SLA_SZ(scatter[i]) > SZ_4K)) + return NULL; + + if (WARN_ON_ONCE(scatter[i].page_type == SLA_PAGE_TYPE_SCATTER)) + return NULL; + + if (IS_SLA_EOL(scatter[i])) { + npages = i; + break; + } + } + if (WARN_ON_ONCE(!npages)) + return NULL; + + pp = kmalloc_array(npages, sizeof(pp[0]), GFP_KERNEL); + if (!pp) + return NULL; + + for (i = 0; i < npages; ++i) + pp[i] = pfn_to_page(scatter[i].pfn); + + buf = vm_map_ram(pp, npages, 0); + kfree(pp); + } else { + struct page *pg = pfn_to_page(sla.pfn); + + buf = vm_map_ram(&pg, 1, 0); + } + + return buf; +} + +static void sla_buffer_unmap(struct sla_addr_t sla, struct sla_buffer_hdr *buf) +{ + if (!buf) + return; + + if (sla.page_type == SLA_PAGE_TYPE_SCATTER) { + struct sla_addr_t *scatter = __va(sla.pfn << PAGE_SHIFT); + unsigned int i, npages = 0; + + for (i = 0; i < SLA_SCATTER_LEN(sla); ++i) { + if (IS_SLA_EOL(scatter[i])) { + npages = i; + break; + } + } + if (!npages) + return; + + vm_unmap_ram(buf, npages); + } else { + vm_unmap_ram(buf, 1); + } +} + +static void dobj_response_init(struct sla_buffer_hdr *buf) +{ + struct spdm_dobj_hdr *dobj = sla_to_dobj_hdr(buf); + + dobj->id = SPDM_DOBJ_ID_RESP; + dobj->version.major = 0x1; + dobj->version.minor = 0; + dobj->length = 0; + buf->payload_sz = sla_dobj_id_to_size(dobj->id) + dobj->length; +} + +static void sla_free(struct sla_addr_t sla, size_t len, bool firmware_state) +{ + unsigned int npages = PAGE_ALIGN(len) >> PAGE_SHIFT; + struct sla_addr_t *scatter = NULL; + int ret = 0, i; + + if (IS_SLA_NULL(sla)) + return; + + if (firmware_state) { + if (sla.page_type == SLA_PAGE_TYPE_SCATTER) { + scatter = __va(sla.pfn << PAGE_SHIFT); + + for (i = 0; i < npages; ++i) { + if (IS_SLA_EOL(scatter[i])) + break; + + ret = snp_reclaim_pages(scatter[i].pfn << PAGE_SHIFT, 1, false); + if (ret) + break; + } + } else { + pr_err("Reclaiming %llx\n", (u64)sla.pfn << PAGE_SHIFT); + ret = snp_reclaim_pages(sla.pfn << PAGE_SHIFT, 1, false); + } + } + + if (WARN_ON(ret)) + return; + + if (scatter) { + for (i = 0; i < npages; ++i) { + if (IS_SLA_EOL(scatter[i])) + break; + free_page((unsigned long)__va(scatter[i].pfn << PAGE_SHIFT)); + } + } + + free_page((unsigned long)__va(sla.pfn << PAGE_SHIFT)); +} + +static struct sla_addr_t sla_alloc(size_t len, bool firmware_state) +{ + unsigned long i, npages = PAGE_ALIGN(len) >> PAGE_SHIFT; + struct sla_addr_t *scatter = NULL; + struct sla_addr_t ret = SLA_NULL; + struct sla_buffer_hdr *buf; + struct page *pg; + + if (npages == 0) + return ret; + + if (WARN_ON_ONCE(npages > ((PAGE_SIZE / sizeof(struct sla_addr_t)) + 1))) + return ret; + + BUILD_BUG_ON(PAGE_SIZE < SZ_4K); + + if (npages > 1) { + pg = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!pg) + return SLA_NULL; + + ret.pfn = page_to_pfn(pg); + ret.page_size = SLA_PAGE_SIZE_4K; + ret.page_type = SLA_PAGE_TYPE_SCATTER; + + scatter = page_to_virt(pg); + for (i = 0; i < npages; ++i) { + pg = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!pg) + goto no_reclaim_exit; + + scatter[i].pfn = page_to_pfn(pg); + scatter[i].page_type = SLA_PAGE_TYPE_DATA; + scatter[i].page_size = SLA_PAGE_SIZE_4K; + } + scatter[i] = SLA_EOL; + } else { + pg = alloc_page(GFP_KERNEL | __GFP_ZERO); + if (!pg) + return SLA_NULL; + + ret.pfn = page_to_pfn(pg); + ret.page_size = SLA_PAGE_SIZE_4K; + ret.page_type = SLA_PAGE_TYPE_DATA; + } + + buf = sla_buffer_map(ret); + if (!buf) + goto no_reclaim_exit; + + buf->capacity_sz = (npages << PAGE_SHIFT); + sla_buffer_unmap(ret, buf); + + if (firmware_state) { + if (scatter) { + for (i = 0; i < npages; ++i) { + if (rmp_make_private(scatter[i].pfn, 0, PG_LEVEL_4K, 0, true)) + goto free_exit; + } + } else { + if (rmp_make_private(ret.pfn, 0, PG_LEVEL_4K, 0, true)) + goto no_reclaim_exit; + } + } + + return ret; + +no_reclaim_exit: + firmware_state = false; +free_exit: + sla_free(ret, len, firmware_state); + return SLA_NULL; +} + +static void tio_blob_release(struct tsm_blob *b) +{ + memset(b->data, 0, b->len); +} + +void tio_save_output(struct tsm_blob **blob, struct sla_addr_t sla, u32 check_dobjid) +{ + struct sla_buffer_hdr *buf; + struct spdm_dobj_hdr *hdr; + + tsm_blob_put(*blob); + *blob = NULL; + + buf = sla_buffer_map(sla); + if (!buf) + return; + + hdr = sla_to_dobj_hdr_check(buf, check_dobjid); + if (hdr) + *blob = tsm_blob_new(SPDM_DOBJ_DATA(hdr), hdr->length, tio_blob_release); + + sla_buffer_unmap(sla, buf); +} + +static int sev_tio_do_cmd(int cmd, void *data, size_t data_len, int *psp_ret, + struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + int rc; + + *psp_ret = 0; + rc = sev_do_cmd(cmd, data, psp_ret); + + if (WARN_ON(!spdm && !rc && *psp_ret == SEV_RET_SPDM_REQUEST)) + return -EIO; + + if (spdm && (rc == 0 || rc == -EIO) && *psp_ret == SEV_RET_SPDM_REQUEST) { + struct spdm_dobj_hdr_resp *resp_hdr; + struct spdm_dobj_hdr_req *req_hdr; + + if (!dev_data->cmd) { + if (WARN_ON_ONCE(!data_len || (data_len != *(u32 *) data))) + return -EINVAL; + if (WARN_ON(data_len > sizeof(dev_data->cmd_data))) + return -EFAULT; + memcpy(dev_data->cmd_data, data, data_len); + memset(&dev_data->cmd_data[data_len], 0xFF, + sizeof(dev_data->cmd_data) - data_len); + dev_data->cmd = cmd; + } + + req_hdr = sla_to_dobj_req_hdr(dev_data->reqbuf); + resp_hdr = sla_to_dobj_resp_hdr(dev_data->respbuf); + switch (req_hdr->data_type) { + case DOBJ_DATA_TYPE_SPDM: + rc = PCI_DOE_PROTOCOL_CMA_SPDM; + break; + case DOBJ_DATA_TYPE_SECURE_SPDM: + rc = PCI_DOE_PROTOCOL_SECURED_CMA_SPDM; + break; + default: + rc = -EINVAL; + return rc; + } + resp_hdr->data_type = req_hdr->data_type; + spdm->req_len = req_hdr->hdr.length; + spdm->rsp_len = tio_status->spdm_req_size_max - + (sla_dobj_id_to_size(SPDM_DOBJ_ID_RESP) + sizeof(struct sla_buffer_hdr)); + } else if (dev_data && dev_data->cmd) { + /* For either error or success just stop the bouncing */ + memset(dev_data->cmd_data, 0, sizeof(dev_data->cmd_data)); + dev_data->cmd = 0; + } + + return rc; +} + +int sev_tio_continue(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct spdm_dobj_hdr_resp *resp_hdr; + int ret; + + if (!dev_data || !dev_data->cmd) + return -EINVAL; + + resp_hdr = sla_to_dobj_resp_hdr(dev_data->respbuf); + resp_hdr->hdr.length = ALIGN(sla_dobj_id_to_size(SPDM_DOBJ_ID_RESP) + spdm->rsp_len, 32); + dev_data->respbuf->payload_sz = resp_hdr->hdr.length; + + ret = sev_tio_do_cmd(dev_data->cmd, dev_data->cmd_data, 0, &dev_data->psp_ret, + dev_data, spdm); + + return ret; +} + +static int spdm_ctrl_init(struct tsm_spdm *spdm, struct spdm_ctrl *ctrl, + struct tsm_dev_tio *dev_data) +{ + ctrl->req = dev_data->req; + ctrl->resp = dev_data->resp; + ctrl->scratch = dev_data->scratch; + ctrl->output = dev_data->output; + + spdm->req = sla_to_data(dev_data->reqbuf, SPDM_DOBJ_ID_REQ); + spdm->rsp = sla_to_data(dev_data->respbuf, SPDM_DOBJ_ID_RESP); + if (!spdm->req || !spdm->rsp) + return -EFAULT; + + return 0; +} + +static void spdm_ctrl_free(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + size_t len = tio_status->spdm_req_size_max - + (sla_dobj_id_to_size(SPDM_DOBJ_ID_RESP) + + sizeof(struct sla_buffer_hdr)); + + sla_buffer_unmap(dev_data->resp, dev_data->respbuf); + sla_buffer_unmap(dev_data->req, dev_data->reqbuf); + spdm->rsp = NULL; + spdm->req = NULL; + sla_free(dev_data->req, len, true); + sla_free(dev_data->resp, len, false); + sla_free(dev_data->scratch, tio_status->spdm_scratch_size_max, true); + + dev_data->req.sla = 0; + dev_data->resp.sla = 0; + dev_data->scratch.sla = 0; + dev_data->respbuf = NULL; + dev_data->reqbuf = NULL; + sla_free(dev_data->output, tio_status->spdm_out_size_max, true); +} + +static int spdm_ctrl_alloc(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + int ret; + + dev_data->req = sla_alloc(tio_status->spdm_req_size_max, true); + dev_data->resp = sla_alloc(tio_status->spdm_req_size_max, false); + dev_data->scratch = sla_alloc(tio_status->spdm_scratch_size_max, true); + dev_data->output = sla_alloc(tio_status->spdm_out_size_max, true); + + if (IS_SLA_NULL(dev_data->req) || IS_SLA_NULL(dev_data->resp) || + IS_SLA_NULL(dev_data->scratch) || IS_SLA_NULL(dev_data->dev_ctx)) { + ret = -ENOMEM; + goto free_spdm_exit; + } + + dev_data->reqbuf = sla_buffer_map(dev_data->req); + dev_data->respbuf = sla_buffer_map(dev_data->resp); + if (!dev_data->reqbuf || !dev_data->respbuf) { + ret = -EFAULT; + goto free_spdm_exit; + } + + dobj_response_init(dev_data->respbuf); + + return 0; + +free_spdm_exit: + spdm_ctrl_free(dev_data, spdm); + return ret; +} + +int sev_tio_status(void) +{ + struct sev_data_tio_status data_status = { + .length = sizeof(data_status), + }; + int ret = 0, psp_ret = 0; + + if (!sev_version_greater_or_equal(1, 55)) + return -EPERM; + + WARN_ON(tio_status); + + tio_status = kzalloc(sizeof(*tio_status), GFP_KERNEL); + // "8-byte aligned, and does not cross a page boundary" + // BUG_ON(tio_status & ~PAGE_MASK > PAGE_SIZE - sizeof(*tio_status)); + + if (!tio_status) + return -ENOMEM; + + tio_status->length = sizeof(*tio_status); + data_status.status_paddr = __psp_pa(tio_status); + + ret = sev_do_cmd(SEV_CMD_TIO_STATUS, &data_status, &psp_ret); + if (ret) + goto free_exit; + + if (tio_status->flags & 0xFFFFFF00) { + ret = -EFAULT; + goto free_exit; + } + + if (!tio_status->tio_en && !tio_status->tio_init_done) { + ret = -ENOENT; + goto free_exit; + } + + if (tio_status->tio_en && !tio_status->tio_init_done) { + struct sev_data_tio_init ti = { .length = sizeof(ti) }; + + ret = sev_do_cmd(SEV_CMD_TIO_INIT, &ti, &psp_ret); + if (ret) + goto free_exit; + + ret = sev_do_cmd(SEV_CMD_TIO_STATUS, &data_status, &psp_ret); + if (ret) + goto free_exit; + } + + pr_notice("SEV-TIO status: EN=%d INIT_DONE=%d rq=%d..%d rs=%d..%d scr=%d..%d out=%d..%d dev=%d tdi=%d\n", + tio_status->tio_en, tio_status->tio_init_done, + tio_status->spdm_req_size_min, tio_status->spdm_req_size_max, + tio_status->spdm_rsp_size_min, tio_status->spdm_rsp_size_max, + tio_status->spdm_scratch_size_min, tio_status->spdm_scratch_size_max, + tio_status->spdm_out_size_min, tio_status->spdm_out_size_max, + tio_status->devctx_size, tio_status->tdictx_size); + + return 0; + +free_exit: + pr_err("Failed to enable SEV-TIO: ret=%d en=%d initdone=%d SEV=%d\n", + ret, tio_status->tio_en, tio_status->tio_init_done, + boot_cpu_has(X86_FEATURE_SEV)); + pr_err("Check BIOS for: SMEE, SEV Control, SEV-ES ASID Space Limit=99,\n" + "SNP Memory (RMP Table) Coverage, RMP Coverage for 64Bit MMIO Ranges\n" + "SEV-SNP Support, SEV-TIO Support, PCIE IDE Capability\n"); + if (cc_platform_has(CC_ATTR_MEM_ENCRYPT)) + pr_err("mem_encrypt=on is currently broken\n"); + + kfree(tio_status); + return ret; +} + +int sev_tio_dev_create(struct tsm_dev_tio *dev_data, u16 device_id, + u16 root_port_id, u8 segment_id) +{ + struct sev_data_tio_dev_create create = { + .length = sizeof(create), + .device_id = device_id, + .root_port_id = root_port_id, + .segment_id = segment_id, + }; + + dev_data->dev_ctx = sla_alloc(tio_status->devctx_size, true); + if (IS_SLA_NULL(dev_data->dev_ctx)) + return -ENOMEM; + + create.dev_ctx_sla = dev_data->dev_ctx; + return sev_tio_do_cmd(SEV_CMD_TIO_DEV_CREATE, &create, sizeof(create), + &dev_data->psp_ret, dev_data, NULL); +} + +int sev_tio_dev_reclaim(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct sev_data_tio_dev_reclaim r = { + .length = sizeof(r), + .dev_ctx_sla = dev_data->dev_ctx, + }; + int ret; + + if (IS_SLA_NULL(dev_data->dev_ctx)) + return 0; + + ret = sev_do_cmd(SEV_CMD_TIO_DEV_RECLAIM, &r, &dev_data->psp_ret); + + sla_free(dev_data->dev_ctx, tio_status->devctx_size, true); + dev_data->dev_ctx = SLA_NULL; + + spdm_ctrl_free(dev_data, spdm); + + return ret; +} + +int sev_tio_dev_connect(struct tsm_dev_tio *dev_data, u8 tc_mask, u8 cert_slot, + struct tsm_spdm *spdm) +{ + struct sev_data_tio_dev_connect connect = { + .length = sizeof(connect), + .tc_mask = tc_mask, + .cert_slot = cert_slot, + .dev_ctx_sla = dev_data->dev_ctx, + .ide_stream_id = { 0 }, + }; + int ret; + + if (WARN_ON(IS_SLA_NULL(dev_data->dev_ctx))) + return -EFAULT; + if (!(tc_mask & 1)) + return -EINVAL; + + ret = spdm_ctrl_alloc(dev_data, spdm); + if (ret) + return ret; + ret = spdm_ctrl_init(spdm, &connect.spdm_ctrl, dev_data); + if (ret) + return ret; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_DEV_CONNECT, &connect, sizeof(connect), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_dev_disconnect(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct sev_data_tio_dev_disconnect dc = { + .length = sizeof(dc), + .dev_ctx_sla = dev_data->dev_ctx, + }; + int ret; + + if (WARN_ON_ONCE(IS_SLA_NULL(dev_data->dev_ctx))) + return -EFAULT; + + ret = spdm_ctrl_init(spdm, &dc.spdm_ctrl, dev_data); + if (ret) + return ret; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_DEV_DISCONNECT, &dc, sizeof(dc), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_dev_measurements(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct sev_data_tio_dev_meas meas = { + .length = sizeof(meas), + .raw_bitstream = 1, + }; + int ret; + + if (WARN_ON(IS_SLA_NULL(dev_data->dev_ctx))) + return -EFAULT; + + spdm_ctrl_init(spdm, &meas.spdm_ctrl, dev_data); + meas.dev_ctx_sla = dev_data->dev_ctx; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_DEV_MEASUREMENTS, &meas, sizeof(meas), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_dev_certificates(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct sev_data_tio_dev_certs c = { + .length = sizeof(c), + }; + int ret; + + if (WARN_ON(IS_SLA_NULL(dev_data->dev_ctx))) + return -EFAULT; + + spdm_ctrl_init(spdm, &c.spdm_ctrl, dev_data); + c.dev_ctx_sla = dev_data->dev_ctx; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_DEV_CERTIFICATES, &c, sizeof(c), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_dev_status(struct tsm_dev_tio *dev_data, struct tsm_dev_status *s) +{ + struct sev_tio_dev_status *status = (struct sev_tio_dev_status *) dev_data->data; + struct sev_data_tio_dev_status data_status = { + .length = sizeof(data_status), + .dev_ctx_paddr = dev_data->dev_ctx, + .status_length = sizeof(*status), + .status_paddr = __psp_pa(status), + }; + int ret; + + if (!dev_data) + return -ENODEV; + + if (IS_SLA_NULL(dev_data->dev_ctx)) + return -ENXIO; + + memset(status, 0, sizeof(*status)); + + ret = sev_do_cmd(SEV_CMD_TIO_DEV_STATUS, &data_status, &dev_data->psp_ret); + if (ret) + return ret; + + s->ctx_state = status->ctx_state; + s->device_id = status->device_id; + s->tc_mask = status->tc_mask; + memcpy(s->ide_stream_id, status->ide_stream_id, sizeof(status->ide_stream_id)); + s->certs_slot = status->certs_slot; + s->no_fw_update = status->no_fw_update; + + return 0; +} + +int sev_tio_ide_refresh(struct tsm_dev_tio *dev_data, struct tsm_spdm *spdm) +{ + struct sev_data_tio_roll_key rk = { + .length = sizeof(rk), + .dev_ctx_sla = dev_data->dev_ctx, + }; + int ret; + + if (WARN_ON(IS_SLA_NULL(dev_data->dev_ctx))) + return -EFAULT; + + ret = spdm_ctrl_init(spdm, &rk.spdm_ctrl, dev_data); + if (ret) + return ret; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_ROLL_KEY, &rk, sizeof(rk), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_tdi_create(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, u16 dev_id, + u8 rseg, u8 rseg_valid) +{ + struct sev_data_tio_tdi_create c = { + .length = sizeof(c), + }; + int ret; + + if (!dev_data || !tdi_data) /* Device is not "connected" */ + return -EPERM; + + if (WARN_ON_ONCE(IS_SLA_NULL(dev_data->dev_ctx) || !IS_SLA_NULL(tdi_data->tdi_ctx))) + return -EFAULT; + + tdi_data->tdi_ctx = sla_alloc(tio_status->tdictx_size, true); + if (IS_SLA_NULL(tdi_data->tdi_ctx)) + return -ENOMEM; + + c.dev_ctx_sla = dev_data->dev_ctx; + c.tdi_ctx_sla = tdi_data->tdi_ctx; + c.interface_id.rid = dev_id; + c.interface_id.rseg = rseg; + c.interface_id.rseg_valid = rseg_valid; + + ret = sev_do_cmd(SEV_CMD_TIO_TDI_CREATE, &c, &dev_data->psp_ret); + if (ret) + goto free_exit; + + return 0; + +free_exit: + sla_free(tdi_data->tdi_ctx, tio_status->tdictx_size, true); + tdi_data->tdi_ctx = SLA_NULL; + return ret; +} + +void sev_tio_tdi_reclaim(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data) +{ + struct sev_data_tio_tdi_reclaim r = { + .length = sizeof(r), + }; + + if (WARN_ON(!dev_data || !tdi_data)) + return; + if (IS_SLA_NULL(dev_data->dev_ctx) || IS_SLA_NULL(tdi_data->tdi_ctx)) + return; + + r.dev_ctx_sla = dev_data->dev_ctx; + r.tdi_ctx_sla = tdi_data->tdi_ctx; + + sev_do_cmd(SEV_CMD_TIO_TDI_RECLAIM, &r, &dev_data->psp_ret); + + sla_free(tdi_data->tdi_ctx, tio_status->tdictx_size, true); + tdi_data->tdi_ctx = SLA_NULL; +} + +int sev_tio_tdi_bind(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + __u32 guest_rid, u64 gctx_paddr, struct tsm_spdm *spdm) +{ + struct sev_data_tio_tdi_bind b = { + .length = sizeof(b), + }; + int ret; + + if (WARN_ON_ONCE(IS_SLA_NULL(dev_data->dev_ctx) || IS_SLA_NULL(tdi_data->tdi_ctx))) + return -EFAULT; + + spdm_ctrl_init(spdm, &b.spdm_ctrl, dev_data); + b.dev_ctx_sla = dev_data->dev_ctx; + b.tdi_ctx_sla = tdi_data->tdi_ctx; + b.guest_device_id = guest_rid; + b.gctx_paddr = gctx_paddr; + + tdi_data->gctx_paddr = gctx_paddr; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_TDI_BIND, &b, sizeof(b), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_tdi_unbind(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm) +{ + struct sev_data_tio_tdi_unbind ub = { + .length = sizeof(ub), + }; + int ret; + + if (WARN_ON(!tdi_data || !dev_data)) + return 0; + + if (WARN_ON(!tdi_data->gctx_paddr)) + return -EFAULT; + + spdm_ctrl_init(spdm, &ub.spdm_ctrl, dev_data); + ub.dev_ctx_sla = dev_data->dev_ctx; + ub.tdi_ctx_sla = tdi_data->tdi_ctx; + ub.gctx_paddr = tdi_data->gctx_paddr; + + ret = sev_tio_do_cmd(SEV_CMD_TIO_TDI_UNBIND, &ub, sizeof(ub), + &dev_data->psp_ret, dev_data, spdm); + return ret; +} + +int sev_tio_tdi_report(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + u64 gctx_paddr, struct tsm_spdm *spdm) +{ + struct sev_data_tio_tdi_report r = { + .length = sizeof(r), + .dev_ctx_sla = dev_data->dev_ctx, + .tdi_ctx_sla = tdi_data->tdi_ctx, + .gctx_paddr = gctx_paddr, + }; + int ret; + + if (WARN_ON_ONCE(IS_SLA_NULL(dev_data->dev_ctx) || IS_SLA_NULL(tdi_data->tdi_ctx))) + return -EFAULT; + + spdm_ctrl_init(spdm, &r.spdm_ctrl, dev_data); + + ret = sev_tio_do_cmd(SEV_CMD_TIO_TDI_REPORT, &r, sizeof(r), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +int sev_tio_asid_fence_clear(u16 device_id, u8 segment_id, u64 gctx_paddr, int *psp_ret) +{ + struct sev_data_tio_asid_fence_clear c = { + .length = sizeof(c), + .gctx_paddr = gctx_paddr, + .device_id = device_id, + .segment_id = segment_id, + }; + int ret; + + ret = sev_do_cmd(SEV_CMD_TIO_ASID_FENCE_CLEAR, &c, psp_ret); + + return ret; +} + +int sev_tio_asid_fence_status(struct tsm_dev_tio *dev_data, u16 device_id, u8 segment_id, + u32 asid, bool *fenced) +{ + u64 *status = (u64 *) dev_data->data; + struct sev_data_tio_asid_fence_status s = { + .length = sizeof(s), + .asid = asid, + .status_pa = __psp_pa(status), + .device_id = device_id, + .segment_id = segment_id, + }; + int ret; + + *status = 0; + + ret = sev_do_cmd(SEV_CMD_TIO_ASID_FENCE_STATUS, &s, &dev_data->psp_ret); + + if (ret == SEV_RET_SUCCESS) { + switch (*status) { + case 0: + *fenced = false; + break; + case 1: + *fenced = true; + break; + default: + pr_err("%04x:%x:%x.%d: undefined fence state %#llx\n", + segment_id, PCI_BUS_NUM(device_id), + PCI_SLOT(device_id), PCI_FUNC(device_id), *status); + *fenced = true; + break; + } + } + + return ret; +} + +int sev_tio_guest_request(void *data, u32 guest_rid, u64 gctx_paddr, + struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm) +{ + struct tio_guest_request *tgr = data; + struct sev_data_tio_guest_request gr = { + .length = sizeof(gr), + .dev_ctx_sla = dev_data->dev_ctx, + .tdi_ctx_sla = tdi_data->tdi_ctx, + .gctx_paddr = tgr->data.gctx_paddr, + .req_paddr = tgr->data.req_paddr, + .res_paddr = tgr->data.res_paddr, + }; + int ret; + + if (WARN_ON(!tdi_data || !dev_data)) + return -EINVAL; + + spdm_ctrl_init(spdm, &gr.spdm_ctrl, dev_data); + + ret = sev_tio_do_cmd(SEV_CMD_TIO_GUEST_REQUEST, &gr, sizeof(gr), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +struct sev_tio_tdi_info_data { + u32 length; + struct tdisp_interface_id interface_id; + union { + u32 p1; + struct { + u32 meas_digest_valid:1; + u32 meas_digest_fresh:1; + }; + }; + union { + u32 p2; + struct { + u32 no_fw_update:1; + u32 cache_line_size:1; + u32 lock_msix:1; + u32 bind_p2p:1; + u32 all_request_redirect:1; + }; + }; + u64 spdm_algos; + u8 certs_digest[48]; + u8 meas_digest[48]; + u8 interface_report_digest[48]; + u8 guest_report_id[16]; +} __packed; + +struct sev_data_tio_tdi_info { + u32 length; + u32 reserved1; + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u32 status_length; + u32 reserved2; + u64 status_paddr; +} __packed; + +int sev_tio_tdi_info(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_tdi_status *ts) +{ + struct sev_tio_tdi_info_data *data = (struct sev_tio_tdi_info_data *) dev_data->data; + struct sev_data_tio_tdi_info info = { + .length = sizeof(info), + .dev_ctx_sla = dev_data->dev_ctx, + .tdi_ctx_sla = tdi_data->tdi_ctx, + .status_length = sizeof(*data), + .status_paddr = __psp_pa(data), + }; + int ret; + + if (IS_SLA_NULL(dev_data->dev_ctx) || IS_SLA_NULL(tdi_data->tdi_ctx)) + return -ENXIO; + + memset(data, 0, sizeof(*data)); + + ret = sev_do_cmd(SEV_CMD_TIO_TDI_INFO, &info, &dev_data->psp_ret); + if (ret) + return ret; + + ts->id = data->interface_id; + ts->meas_digest_valid = data->meas_digest_valid; + ts->meas_digest_fresh = data->meas_digest_fresh; + ts->no_fw_update = data->no_fw_update; + ts->cache_line_size = data->cache_line_size == 0 ? 64 : 128; + ts->lock_msix = data->lock_msix; + ts->bind_p2p = data->bind_p2p; + ts->all_request_redirect = data->all_request_redirect; + +#define __ALGO(x, n, y) \ + ((((x) & (0xFFUL << (n))) == TIO_SPDM_ALGOS_##y) ? \ + (1ULL << TSM_TDI_SPDM_ALGOS_##y) : 0) + ts->spdm_algos = + __ALGO(data->spdm_algos, 0, DHE_SECP256R1) | + __ALGO(data->spdm_algos, 0, DHE_SECP384R1) | + __ALGO(data->spdm_algos, 8, AEAD_AES_128_GCM) | + __ALGO(data->spdm_algos, 8, AEAD_AES_256_GCM) | + __ALGO(data->spdm_algos, 16, ASYM_TPM_ALG_RSASSA_3072) | + __ALGO(data->spdm_algos, 16, ASYM_TPM_ALG_ECDSA_ECC_NIST_P256) | + __ALGO(data->spdm_algos, 16, ASYM_TPM_ALG_ECDSA_ECC_NIST_P384) | + __ALGO(data->spdm_algos, 24, HASH_TPM_ALG_SHA_256) | + __ALGO(data->spdm_algos, 24, HASH_TPM_ALG_SHA_384) | + __ALGO(data->spdm_algos, 32, KEY_SCHED_SPDM_KEY_SCHEDULE); +#undef __ALGO + memcpy(ts->certs_digest, data->certs_digest, sizeof(ts->certs_digest)); + memcpy(ts->meas_digest, data->meas_digest, sizeof(ts->meas_digest)); + memcpy(ts->interface_report_digest, data->interface_report_digest, + sizeof(ts->interface_report_digest)); + memcpy(ts->guest_report_id, data->guest_report_id, sizeof(ts->guest_report_id)); + ts->valid = true; + + return 0; +} + +struct sev_tio_tdi_status_data { + u32 length; + u8 tdisp_state; + u8 reserved1[3]; +} __packed; + +struct sev_data_tio_tdi_status { + u32 length; + u32 reserved1; + struct spdm_ctrl spdm_ctrl; + struct sla_addr_t dev_ctx_sla; + struct sla_addr_t tdi_ctx_sla; + u64 status_paddr; +} __packed; + +int sev_tio_tdi_status(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + struct tsm_spdm *spdm) +{ + struct sev_tio_tdi_status_data *data = (struct sev_tio_tdi_status_data *) dev_data->data; + struct sev_data_tio_tdi_status status = { + .length = sizeof(status), + .dev_ctx_sla = dev_data->dev_ctx, + .tdi_ctx_sla = tdi_data->tdi_ctx, + }; + int ret; + + if (IS_SLA_NULL(dev_data->dev_ctx) || IS_SLA_NULL(tdi_data->tdi_ctx)) + return -ENXIO; + + memset(data, 0, sizeof(*data)); + + spdm_ctrl_init(spdm, &status.spdm_ctrl, dev_data); + status.status_paddr = __psp_pa(data); + + ret = sev_tio_do_cmd(SEV_CMD_TIO_TDI_STATUS, &status, sizeof(status), + &dev_data->psp_ret, dev_data, spdm); + + return ret; +} + +#define TIO_TDISP_STATE_CONFIG_UNLOCKED 0 +#define TIO_TDISP_STATE_CONFIG_LOCKED 1 +#define TIO_TDISP_STATE_RUN 2 +#define TIO_TDISP_STATE_ERROR 3 + +int sev_tio_tdi_status_fin(struct tsm_dev_tio *dev_data, struct tsm_tdi_tio *tdi_data, + enum tsm_tdisp_state *state) +{ + struct sev_tio_tdi_status_data *data = (struct sev_tio_tdi_status_data *) dev_data->data; + + switch (data->tdisp_state) { +#define __TDISP_STATE(y) case TIO_TDISP_STATE_##y: *state = TDISP_STATE_##y; break + __TDISP_STATE(CONFIG_UNLOCKED); + __TDISP_STATE(CONFIG_LOCKED); + __TDISP_STATE(RUN); + __TDISP_STATE(ERROR); +#undef __TDISP_STATE + } + memset(dev_data->data, 0, sizeof(dev_data->data)); + + return 0; +} + +int sev_tio_cmd_buffer_len(int cmd) +{ + switch (cmd) { + case SEV_CMD_TIO_STATUS: return sizeof(struct sev_data_tio_status); + case SEV_CMD_TIO_INIT: return sizeof(struct sev_data_tio_init); + case SEV_CMD_TIO_DEV_CREATE: return sizeof(struct sev_data_tio_dev_create); + case SEV_CMD_TIO_DEV_RECLAIM: return sizeof(struct sev_data_tio_dev_reclaim); + case SEV_CMD_TIO_DEV_CONNECT: return sizeof(struct sev_data_tio_dev_connect); + case SEV_CMD_TIO_DEV_DISCONNECT: return sizeof(struct sev_data_tio_dev_disconnect); + case SEV_CMD_TIO_DEV_STATUS: return sizeof(struct sev_data_tio_dev_status); + case SEV_CMD_TIO_DEV_MEASUREMENTS: return sizeof(struct sev_data_tio_dev_meas); + case SEV_CMD_TIO_DEV_CERTIFICATES: return sizeof(struct sev_data_tio_dev_certs); + case SEV_CMD_TIO_TDI_CREATE: return sizeof(struct sev_data_tio_tdi_create); + case SEV_CMD_TIO_TDI_RECLAIM: return sizeof(struct sev_data_tio_tdi_reclaim); + case SEV_CMD_TIO_TDI_BIND: return sizeof(struct sev_data_tio_tdi_bind); + case SEV_CMD_TIO_TDI_UNBIND: return sizeof(struct sev_data_tio_tdi_unbind); + case SEV_CMD_TIO_TDI_REPORT: return sizeof(struct sev_data_tio_tdi_report); + case SEV_CMD_TIO_TDI_STATUS: return sizeof(struct sev_data_tio_tdi_status); + case SEV_CMD_TIO_GUEST_REQUEST: return sizeof(struct sev_data_tio_guest_request); + case SEV_CMD_TIO_ASID_FENCE_CLEAR: return sizeof(struct sev_data_tio_asid_fence_clear); + case SEV_CMD_TIO_ASID_FENCE_STATUS: return sizeof(struct sev_data_tio_asid_fence_status); + case SEV_CMD_TIO_TDI_INFO: return sizeof(struct sev_data_tio_tdi_info); + case SEV_CMD_TIO_ROLL_KEY: return sizeof(struct sev_data_tio_roll_key); + default: return 0; + } +} diff --git a/drivers/crypto/ccp/sev-dev-tsm.c b/drivers/crypto/ccp/sev-dev-tsm.c new file mode 100644 index 000000000000..a11dea482d4b --- /dev/null +++ b/drivers/crypto/ccp/sev-dev-tsm.c @@ -0,0 +1,397 @@ +// SPDX-License-Identifier: GPL-2.0-only + +// Interface to CCP/SEV-TIO for generic PCIe TDISP module + +#include +#include +#include + +#include +#include + +#include "psp-dev.h" +#include "sev-dev.h" +#include "sev-dev-tio.h" + +static int mkret(int ret, struct tsm_dev_tio *dev_data) +{ + if (ret) + return ret; + + if (dev_data->psp_ret == SEV_RET_SUCCESS) + return 0; + + pr_err("PSP returned an error %d\n", dev_data->psp_ret); + return -EINVAL; +} + +static int dev_connect(struct tsm_dev *tdev, void *private_data) +{ + u16 device_id = pci_dev_id(tdev->pdev); + u16 root_port_id = 0; // FIXME: this is NOT PCI id, need to figure out how to calculate this + u8 segment_id = tdev->pdev->bus ? pci_domain_nr(tdev->pdev->bus) : 0; + struct tsm_dev_tio *dev_data = tdev->data; + int ret; + + if (!dev_data) { + dev_data = kzalloc(sizeof(*dev_data), GFP_KERNEL); + if (!dev_data) + return -ENOMEM; + + ret = sev_tio_dev_create(dev_data, device_id, root_port_id, segment_id); + if (ret) + goto free_exit; + + tdev->data = dev_data; + } + + if (dev_data->cmd == 0) { + ret = sev_tio_dev_connect(dev_data, tdev->tc_mask, tdev->cert_slot, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret > 0) + return ret; + if (ret < 0) + goto free_exit; + + tio_save_output(&tdev->certs, dev_data->output, SPDM_DOBJ_ID_CERTIFICATE); + } + + if (dev_data->cmd == SEV_CMD_TIO_DEV_CONNECT) { + ret = sev_tio_continue(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdev->certs, dev_data->output, SPDM_DOBJ_ID_CERTIFICATE); + } + + if (dev_data->cmd == 0) { + ret = sev_tio_dev_measurements(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdev->meas, dev_data->output, SPDM_DOBJ_ID_MEASUREMENT); + } + + if (dev_data->cmd == SEV_CMD_TIO_DEV_MEASUREMENTS) { + ret = sev_tio_continue(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdev->meas, dev_data->output, SPDM_DOBJ_ID_MEASUREMENT); + } + + if (dev_data->cmd == 0) { + ret = sev_tio_dev_certificates(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdev->certs, dev_data->output, SPDM_DOBJ_ID_CERTIFICATE); + } + + if (dev_data->cmd == SEV_CMD_TIO_DEV_CERTIFICATES) { + ret = sev_tio_continue(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdev->certs, dev_data->output, SPDM_DOBJ_ID_CERTIFICATE); + } + + return 0; + +free_exit: + sev_tio_dev_reclaim(dev_data, &tdev->spdm); + kfree(dev_data); + + return ret; +} + +static int dev_reclaim(struct tsm_dev *tdev, void *private_data) +{ + struct tsm_dev_tio *dev_data = tdev->data; + int ret; + + if (!dev_data) + return -ENODEV; + + if (dev_data->cmd == 0) { + ret = sev_tio_dev_disconnect(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + } else if (dev_data->cmd == SEV_CMD_TIO_DEV_DISCONNECT) { + ret = sev_tio_continue(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + } else { + dev_err(&tdev->pdev->dev, "Wrong state, cmd 0x%x in flight\n", + dev_data->cmd); + } + + ret = sev_tio_dev_reclaim(dev_data, &tdev->spdm); + ret = mkret(ret, dev_data); + + tsm_blob_put(tdev->meas); + tdev->meas = NULL; + tsm_blob_put(tdev->certs); + tdev->certs = NULL; + kfree(tdev->data); + tdev->data = NULL; + + return ret; +} + +static int dev_status(struct tsm_dev *tdev, void *private_data, struct tsm_dev_status *s) +{ + struct tsm_dev_tio *dev_data = tdev->data; + int ret; + + if (!dev_data) + return -ENODEV; + + ret = sev_tio_dev_status(dev_data, s); + ret = mkret(ret, dev_data); + if (!ret) + WARN_ON(s->device_id != pci_dev_id(tdev->pdev)); + + return ret; +} + +static int ide_refresh(struct tsm_dev *tdev, void *private_data) +{ + struct tsm_dev_tio *dev_data = tdev->data; + int ret; + + if (!dev_data) + return -ENODEV; + + ret = sev_tio_ide_refresh(dev_data, &tdev->spdm); + + return ret; +} + +static int tdi_reclaim(struct tsm_tdi *tdi, void *private_data) +{ + struct tsm_dev_tio *dev_data; + int ret; + + if (!tdi->data) + return -ENODEV; + + dev_data = tdi->tdev->data; + if (tdi->vmid) { + if (dev_data->cmd == 0) { + ret = sev_tio_tdi_unbind(tdi->tdev->data, tdi->data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + } else if (dev_data->cmd == SEV_CMD_TIO_TDI_UNBIND) { + ret = sev_tio_continue(dev_data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + } + } + + /* Reclaim TDI if DEV is connected */ + if (tdi->tdev->data) { + struct tsm_tdi_tio *tdi_data = tdi->data; + struct tsm_dev *tdev = tdi->tdev; + struct pci_dev *rootport = tdev->pdev->bus->self; + u8 segment_id = pci_domain_nr(rootport->bus); + u16 device_id = pci_dev_id(rootport); + bool fenced = false; + + sev_tio_tdi_reclaim(tdi->tdev->data, tdi->data); + + if (!sev_tio_asid_fence_status(dev_data, device_id, segment_id, + tdi_data->asid, &fenced)) { + if (fenced) { + ret = sev_tio_asid_fence_clear(device_id, segment_id, + tdi_data->vmid, &dev_data->psp_ret); + pci_notice(rootport, "Unfenced VM=%llx ASID=%d ret=%d %d", + tdi_data->vmid, tdi_data->asid, ret, + dev_data->psp_ret); + } + } + + tsm_blob_put(tdi->report); + tdi->report = NULL; + } + + kfree(tdi->data); + tdi->data = NULL; + + return 0; +} + +static int tdi_create(struct tsm_tdi *tdi) +{ + struct tsm_tdi_tio *tdi_data = tdi->data; + int ret; + + if (tdi_data) + return -EBUSY; + + tdi_data = kzalloc(sizeof(*tdi_data), GFP_KERNEL); + if (!tdi_data) + return -ENOMEM; + + ret = sev_tio_tdi_create(tdi->tdev->data, tdi_data, pci_dev_id(tdi->pdev), + tdi->rseg, tdi->rseg_valid); + if (ret) + kfree(tdi_data); + else + tdi->data = tdi_data; + + return ret; +} + +static int tdi_bind(struct tsm_tdi *tdi, u32 bdfn, u64 vmid, u32 asid, void *private_data) +{ + struct tsm_dev_tio *dev_data = tdi->tdev->data; + struct tsm_tdi_tio *tdi_data; + + int ret; + + if (!tdi->data) { + ret = tdi_create(tdi); + if (ret) + return ret; + } + + if (dev_data->cmd == 0) { + ret = sev_tio_tdi_bind(dev_data, tdi->data, bdfn, vmid, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdi->report, dev_data->output, SPDM_DOBJ_ID_REPORT); + } + + if (dev_data->cmd == SEV_CMD_TIO_TDI_BIND) { + ret = sev_tio_continue(dev_data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + tio_save_output(&tdi->report, dev_data->output, SPDM_DOBJ_ID_REPORT); + } + + tdi_data = tdi->data; + tdi_data->vmid = vmid; + tdi_data->asid = asid; + + return 0; +} + +static int guest_request(struct tsm_tdi *tdi, u32 guest_rid, u64 kvmid, void *req_data, + enum tsm_tdisp_state *state, void *private_data) +{ + struct tsm_dev_tio *dev_data = tdi->tdev->data; + struct tio_guest_request *req = req_data; + int ret; + + if (!tdi->data) + return -EFAULT; + + if (dev_data->cmd == 0) { + ret = sev_tio_guest_request(&req->data, guest_rid, kvmid, + dev_data, tdi->data, &tdi->tdev->spdm); + req->fw_err = dev_data->psp_ret; + ret = mkret(ret, dev_data); + if (ret > 0) + return ret; + } else if (dev_data->cmd == SEV_CMD_TIO_GUEST_REQUEST) { + ret = sev_tio_continue(dev_data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret > 0) + return ret; + } + + if (dev_data->cmd == 0 && state) { + ret = sev_tio_tdi_status(tdi->tdev->data, tdi->data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret > 0) + return ret; + } else if (dev_data->cmd == SEV_CMD_TIO_TDI_STATUS) { + ret = sev_tio_continue(dev_data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret > 0) + return ret; + + ret = sev_tio_tdi_status_fin(tdi->tdev->data, tdi->data, state); + } + + return ret; +} + +static int tdi_status(struct tsm_tdi *tdi, void *private_data, struct tsm_tdi_status *ts) +{ + struct tsm_dev_tio *dev_data = tdi->tdev->data; + int ret; + + if (!tdi->data) + return -ENODEV; + +#if 0 /* Not implemented yet */ + if (dev_data->cmd == 0) { + ret = sev_tio_tdi_info(tdi->tdev->data, tdi->data, ts); + ret = mkret(ret, dev_data); + if (ret) + return ret; + } +#endif + + if (dev_data->cmd == 0) { + ret = sev_tio_tdi_status(tdi->tdev->data, tdi->data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + ret = sev_tio_tdi_status_fin(tdi->tdev->data, tdi->data, &ts->state); + } else if (dev_data->cmd == SEV_CMD_TIO_TDI_STATUS) { + ret = sev_tio_continue(dev_data, &tdi->tdev->spdm); + ret = mkret(ret, dev_data); + if (ret) + return ret; + + ret = sev_tio_tdi_status_fin(tdi->tdev->data, tdi->data, &ts->state); + } else { + pci_err(tdi->pdev, "Wrong state, cmd 0x%x in flight\n", + dev_data->cmd); + } + + return ret; +} + +struct tsm_ops sev_tsm_ops = { + .dev_connect = dev_connect, + .dev_reclaim = dev_reclaim, + .dev_status = dev_status, + .ide_refresh = ide_refresh, + .tdi_bind = tdi_bind, + .tdi_reclaim = tdi_reclaim, + .guest_request = guest_request, + .tdi_status = tdi_status, +}; + +void sev_tsm_set_ops(bool set) +{ + if (set) { + int ret = sev_tio_status(); + + if (ret) + pr_warn("SEV-TIO STATUS failed with %d\n", ret); + else + tsm_set_ops(&sev_tsm_ops, NULL); + } else { + tsm_set_ops(NULL, NULL); + sev_tio_cleanup(); + } +} diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index a49fe54b8dd8..ce6f327304e0 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -36,6 +36,7 @@ #include "psp-dev.h" #include "sev-dev.h" +#include "sev-dev-tio.h" #define DEVICE_NAME "sev" #define SEV_FW_FILE "amd/sev.fw" @@ -224,7 +225,7 @@ static int sev_cmd_buffer_len(int cmd) case SEV_CMD_SNP_CONFIG: return sizeof(struct sev_user_data_snp_config); case SEV_CMD_SNP_COMMIT: return sizeof(struct sev_data_snp_commit); case SEV_CMD_SNP_FEATURE_INFO: return sizeof(struct sev_data_snp_feature_info); - default: return 0; + default: return sev_tio_cmd_buffer_len(cmd); } return 0; @@ -1033,7 +1034,7 @@ static int __sev_init_ex_locked(int *error) */ data.tmr_address = __pa(sev_es_tmr); - data.flags |= SEV_INIT_FLAGS_SEV_ES; + data.flags |= SEV_INIT_FLAGS_SEV_ES | SEV_INIT_FLAGS_SEV_TIO_EN; data.tmr_len = sev_es_tmr_size; } @@ -2493,6 +2494,10 @@ void sev_pci_init(void) atomic_notifier_chain_register(&panic_notifier_list, &snp_panic_notifier); + + if (cpu_feature_enabled(X86_FEATURE_SEV_SNP)) + sev_tsm_set_ops(true); + return; err: @@ -2506,6 +2511,7 @@ void sev_pci_exit(void) if (!sev) return; + sev_tsm_set_ops(false); sev_firmware_shutdown(sev); atomic_notifier_chain_unregister(&panic_notifier_list, From patchwork Fri Aug 23 13:21:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775244 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2065.outbound.protection.outlook.com [40.107.92.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E1BF6187847; Fri, 23 Aug 2024 13:30:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.65 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419811; cv=fail; b=HN39sxkZiLYUvby3L3jIjWpMi34aeiF4ZikUwi7rN1nr5wRAHnSQJVm/u8cr+1Cos7xug2xRPxJmHvUCw6fWEBTdzoxOy+R9a8ngqvSRgIzEo7POgPuw38Qv4h3f3aQi5OHkUropu/rOHFHyG4hY9nXX6cut7/USzmfsWzbuBY8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419811; c=relaxed/simple; bh=R9ioR8B9BB4/17qbtkx6tm9ky9BaeuRMTsZa68jRNM8=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=JAKB7Zp6AiGM+uX392oWGnrKylL2E4esEIgT6tAlyHTB/zeAF4HF6G10X6v9oJTEGOy8iI51ftgQ1uevq4BdETCFgzJfVwkKqRVGMUkZFrvMifF/ZB/25nZh72woLkY48SpcsPYm/AzTzNZSmRd5gzihJ0DaQ3FEz57vX2Ha+Ck= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=G6fgrBKI; arc=fail smtp.client-ip=40.107.92.65 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="G6fgrBKI" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=JsQ07gISv6g0br3K/8sW3KgG+cDB/eRwgj1DUwwvIW+MEgnCPYi5BOeasb/mOp1KPT9y17XN89oVLyYPidw/4iDdHSApaN+76NWOHbcS4oog2pn5T3q0xKFo9z9brlxOxE7uCcM8/4ijrs6fuT1kEbwzN8f1F7y12J3T39EE37PXYXmvu2/DcWAt/2D+psji9TqXHdJI6e34T12atk7zlwsvMnHt65CdJeV8sIxJPUbeyHj0Ts5wpsm/izatpwiRNcr6bujPoUEBVu9TMVbTe9M2DOo4bUxoqpPZ8hS/UIuktd9EMq8DEa4oGgokMmKElLekNSR3/j2xunlDXYtKmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=VwePOi7dgaaTP2pqDE08YWPYG7lzNHkBQXyMGa3Pphw=; b=b5/GJfEja31ulHnTWte+9HsG6bfSotLbWKU4U1ZpFpCmD8Ajv5xSToFfQgN1ktUGbnbK/tF8AqaaYib6UdRXSOyhQ0UVVUjSHoIq4/BoDOXZKDQu6iZVRT6ild+Up4dIU8ITi7lWzFlFtiuhrTRP/gG0HvBRQYRfCV8IRaOQJPx07GXImM7ZwWSJzGta0/Zzle0/2a14kG0pQuJq09TjTgh3fgH0K6bLrv9A0pN+KsO0G9BytrYMnetpJKyGtC9P4B+C1B9wEXXBD6geDllLLhor6JaQQKHgn9LEgAlstGw3CRZWbp9NN1Qhaubxv21pBr02RyIshXSFx10w/vX4wg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VwePOi7dgaaTP2pqDE08YWPYG7lzNHkBQXyMGa3Pphw=; b=G6fgrBKIzCc437ZHydzTfe7XHpK021LAAyBJMr8Piu0n9k2695KDFmTKchEoRZcx6Y6pMSBDvJ0fxo57UWdp/wQ0Z4wFsUsoPzJTb33GnczcZcD74FJe5CJuWJkjeLXzuTnCkXp9yt1I/zeEXxp+RWXK6NC1lnQHmEe5QXMPgrM= Received: from CH0PR04CA0086.namprd04.prod.outlook.com (2603:10b6:610:74::31) by CH3PR12MB8353.namprd12.prod.outlook.com (2603:10b6:610:12c::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.25; Fri, 23 Aug 2024 13:30:01 +0000 Received: from DS2PEPF00003439.namprd02.prod.outlook.com (2603:10b6:610:74:cafe::6d) by CH0PR04CA0086.outlook.office365.com (2603:10b6:610:74::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:29:58 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF00003439.mail.protection.outlook.com (10.167.18.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:29:58 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:29:53 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 09/21] kvm: Export kvm_vm_set_mem_attributes Date: Fri, 23 Aug 2024 23:21:23 +1000 Message-ID: <20240823132137.336874-10-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF00003439:EE_|CH3PR12MB8353:EE_ X-MS-Office365-Filtering-Correlation-Id: c5d70f11-ec2b-4cb2-3afe-08dcc377af3d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: aye2s71+eKKWmX7p1ooVoM2ObEQ4ofjfOFyivT/iyWoABRGpmn62Y+v5xJUXkyfaoynvhR48Uu3nlv+w6sBHJtZhxVkHdZa7ndy0U1qZp4bgUNzd2vsoTO/rw9PMqwt3aToWqMlAc5viyv9wowyEXY7AedfnbH2lR2DDSa6JBRwgmC+LcDU8HN7F94uzaAfW+c7IFalge90YZ8IlYXfXBvzJV54XHNv6rQ7vJe7qgUGVBMYxiS7H3+cFhr53tiXO+3Bqarx4x6V9YpcgaKrJ9qsYXpRQkp9cm+hYq+hwZcF5THqCrrOCMlbc5AcRdOEoy1PtCQmLnVOKhO0drFyFyRTgU/woAdb3y6bajq1aCuoo4TP7IJlTZYFeQihtTqqxVz8jDk6qSsqYx5iz8LdCHW4YuQCAka+bib+1nH69uBYtU/HdlbCpoKyRpY6Wb21DHWbZpc/ZowcUfutDc6aZWDPl49rIxGHjhdFdNtLWlYyLP9mnwaNhh4GLIVpfScUFIZfgh8Jva/7fu8W1Glw1VyPgG51WQQfAR9sEsLi/pnUTm1HMCOXl40B6Y2INWfruBgw2rFPViw7Sof/AStD2m3C/LctZCTxYTyuXagCF8Tuo1FG/28e5DRTFY0RVu3XazD3PJoXvTS1vZ8ab52D6QawBi28JJQUSDcESh7mvMyAxjUV69aPC9L1qMpzO+/aeP0im0ScdDOsXCi/LyOBXIytfFbX7vCMdjK/g7egkMnNnbW9vqx8uZUsyHwlkWrRt2Mg3B8Sy5AVI7KmouES5HBfexogPRGp9I+puvByORG5IPyfqgF0Jo42y+4YifhAg8bNU+7FQzO5+IZRU5zUmvaT/HgLUGQr1Yyct6CNScj2hqXszSalNnBnHTZlfbDAmSZYSdcRyrg7As4tibab4QHJ+ujgmpbGOssA1bnmKzxvsvs2BQsKYoB5m+knc2tYraF0gADvwUYtkWtvm718LYf2faYYJqvpOueHnyMNRE1dN9L4pAAhwgXjaehTDjt0e8MrcEXqLxDDjvSgvJMskH0s60FY5AOy3ijFGJXPwwmawgUAG7p2rw9ODL8Hn6AyMJhjpnNg1TQ71Xyd0yZ4i3kjgvA3VGAhWgWv/IyK7xbIRj4+y/BsD7tuVPdyvjVFWM9mR6K92FraVPF5Hi1yT0Hgx4fktNv+bJaDJo++qwvOqEgMQJUkI3yxg+A4i0hekaLgsvAaCRQo8lH7THf63TUYaiBeiZTPzCXts2u81aSPWPmci/TfXVVRsALFnQv9gKSib7G3lHi0HI76hbEdCrC28265NcfKSJHct++rEEPRboM9eDvC7wjK/pwYjnfulqja95wjIvGuycAPXRoXc4Q1Ja4IyYJy/n/lGQegg/0QTFWUmWJJ8n3e2AJxLsniDAGEBb7zA3fyx64ClSGZQh3Ws+UD6SOo2Mb73TYdPPgSlcvcct1NcH297+BBFj8e9 X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:29:58.7224 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: c5d70f11-ec2b-4cb2-3afe-08dcc377af3d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF00003439.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8353 SEV TIO can enable the private flag in an MMIO region in runtime when validating MMIO upon the guest's request, this requires updating the KVM memory attributes information. Export helper to do so. Signed-off-by: Alexey Kardashevskiy --- include/linux/kvm_host.h | 2 ++ virt/kvm/kvm_main.c | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index 7ca32dbde575..d004d96c2ace 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2429,6 +2429,8 @@ bool kvm_arch_pre_set_memory_attributes(struct kvm *kvm, bool kvm_arch_post_set_memory_attributes(struct kvm *kvm, struct kvm_gfn_range *range); +int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, + unsigned long attributes); static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) { return IS_ENABLED(CONFIG_KVM_PRIVATE_MEM) && diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c index 975b287474a8..53a993607651 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -2508,7 +2508,7 @@ static bool kvm_pre_set_memory_attributes(struct kvm *kvm, } /* Set @attributes for the gfn range [@start, @end). */ -static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, +int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, unsigned long attributes) { struct kvm_mmu_notifier_range pre_set_range = { @@ -2564,6 +2564,8 @@ static int kvm_vm_set_mem_attributes(struct kvm *kvm, gfn_t start, gfn_t end, return r; } +EXPORT_SYMBOL_GPL(kvm_vm_set_mem_attributes); + static int kvm_vm_ioctl_set_mem_attributes(struct kvm *kvm, struct kvm_memory_attributes *attrs) { From patchwork Fri Aug 23 13:21:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775245 Received: from NAM11-CO1-obe.outbound.protection.outlook.com (mail-co1nam11on2043.outbound.protection.outlook.com [40.107.220.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C9B318661A; Fri, 23 Aug 2024 13:30:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.220.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419824; cv=fail; b=ZxegYBC5POpx40WB8io/BxYnCojQCIIuvWu7SjXWxNHKS1KJo4EwIexiL7G2UXNgkwrpxlRxpMo3FhC++GBoeUOC/8N7yUAFBxbYkCklM6hwvw40F2J2nmZCVeBEFIUGQa4nVYpQ4vJkjWHtqRLUgjyEtwl1Vbm+5e6t1/4gM+E= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419824; c=relaxed/simple; bh=GLa4TFQSHAD0dZCNVkZl8XmNtgtkwsISfeth/JQ6hF4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=FW5M1CwyXf7hWkT1dgDEeM7GmJkF+311ud86HHx+YLkVZRwfdTjc9pJT3Qr/UtivzRujjZmTH/bDTu56WI+cRPZMcA1Ra2BEr0jYvKqpIqi3X/4g9EYvz9SNFvHKax3/F3aLNxWPHaIlrIy+g1c3PW1fgSOPNTujbzAbgluv7qs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=5fstYTf2; arc=fail smtp.client-ip=40.107.220.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="5fstYTf2" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=xAwsB8eAqHvoY6vVU6NuBroVmrivmT+jElc8mmAOa8cggTf8UjOxf4K2lQe+WrXNeFPeTfMZZwDwYjikJTyxkNahZtbSd35LNYaMglLKVJLFb5DlDIf+h3XiOFe/8xwnDuzJiJG4LJvjpSyiiNttbow/h3813kFB4EMptNW41y4TE/y/ykKpBZXr4y/y8sTwsdUi8pHkM43Qa1ymbuy2c+kbjtX9s8UfEc6n2Ke9A0IuoOMYuUvgZlpYEpEMLRqu12aKpqzKpvseWUxgYXThCw0jhYvjLQepov7KfAbyyI3Cc+a7D741fHx86QHpzLCxTG9agV+yTcC8qE7/2wcavw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CFJA1027OWp/wJaSI238LSJRcJGP/frH5jlMKXz/P9k=; b=QoZXX2pvKPuEPK4ZSrT2W5ko1+NeBfpwAnHMONjxnAfKnjl8kgy/awDvTckG+ov0Ey5+YWtTqqlLmRfEQsLcPpkt08zLKGx3ZY3iANJtEOrxhjPRNJL3Y4IJ/WQxpxWj+Z10RD4EbWywLG9DMyB1V417Atwft4SRMWGbVCuJQdEcZ/8mJ/n6jOY7MFd+KL5v3ps8hO5O9Ci7qVx0YZd2GKKIr04lQDzBcya6UXtOx0hhCtn+AwvnaH8UuTT0N+bPpl8u7++CYLrQcy16Lu3n5fYbsdDdoIrb9vIpqXkWqICjaX77rR4dztgFgv4w5G7M+ftubcHf4DRSze0Je5QzCw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CFJA1027OWp/wJaSI238LSJRcJGP/frH5jlMKXz/P9k=; b=5fstYTf2H/uNfy85LFSO/pBcWZNIPmOOugflRJPL53uN8gvntoKYRoTlktKMFZYHSa/wFskECa9DVO7nuRVvFuzEAMidPc0sYX1OHxWGsGIrqt4biWe/Ol/puZhIxm9HZBPn69Nl06+Al7lgXUeGM+ca/ZMStH8iS2RMp2t9d/0= Received: from DM6PR13CA0009.namprd13.prod.outlook.com (2603:10b6:5:bc::22) by IA0PR12MB7530.namprd12.prod.outlook.com (2603:10b6:208:440::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.19; Fri, 23 Aug 2024 13:30:16 +0000 Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:5:bc:cafe::98) by DM6PR13CA0009.outlook.office365.com (2603:10b6:5:bc::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7849.22 via Frontend Transport; Fri, 23 Aug 2024 13:30:16 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:30:16 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:30:11 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 10/21] vfio: Export helper to get vfio_device from fd Date: Fri, 23 Aug 2024 23:21:24 +1000 Message-ID: <20240823132137.336874-11-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|IA0PR12MB7530:EE_ X-MS-Office365-Filtering-Correlation-Id: 513908b2-9096-4a94-1c59-08dcc377b9e4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|1800799024|376014|82310400026; X-Microsoft-Antispam-Message-Info: y2piiAtQOTrAvIZ1KWznvvMo3EOAuqfZKTmX68gH3872HJUXYwb/4FpeeyWPpAvYBVEO+8tdNmpqUYADPeAmfIKD1IfUAmCV79lDtjnrrtQUBohggtdZ+y9Sm/8IJTEoo2u7Sy1VeFbkkGGki/DQHZQbFhpw6kwCrzCVtvE5wXekH2Wz4flUbgvHWLpLa8jhYi+sDPerq72H45hjgu50KPPpRsnH5usHQVmTnB+ii70YxlTnyySr3NKeorfKG3Y0sXPqUcn10nk45EaphxSfCpVFVSESa71cjDVEqe4eWDaygXPmghYldv5lROZaDK05LebQFrNf4NY9AKBI3XK8PLKYoCGO30MdhV/Vvr5/YkKVRfhxDehwGSPvNmM/tC1Xa/3QSzfOaJfbgFVs4r8PYSo6oUtv/z75vJsFNZIAopKcIPo3tKdEQZrRl7sqW82odepLQ3nEgB5ACh7AVRD/239mR5yTWz3omTTrLi8eZF+sJUKaMBZBHwngtdYgw1dOs6Bc1hOMs8YXfrdCClp7AzIs/ZC7nUtpU+0bTF6qpZkKLTaX8ta4p/qW8wUX3403Lg8yMSI/4cuTw2QvPMW/EQPGNSj/CXh87YfbBbqEDJSG8eWadByj4v/DU1JemxMdxIYBSl2G6M3AmmGUpnYfQMCPraJZNEMqbK5w4zePZBEsCEigRoZ+Cm+jium0IN38dbzQvxasGGBLius5I5bumDwilnmElps+1NDud+Eubx82iFuRGI71fSP3w2YLn33p49pymd9f2yfxjdS0N20JHLPO7+8cvFvN4Y4XC21KoRXfJlKYPzAk1L3Gaz4l0cdmoiIyXemRUks2Hs1drfBLUND+K24HX7pruqgecjyfiRxdfKc93y1f/TtomUixCqkW9u1QVfOnH1qe6WjCyVULBlkMAW/uwxs5sDanjFofgBo6qgG8LdF5ESb2jrx8XFDbcZYbYlgyEGsQg5aVyqcnhOj+HN9JAHpocuK+pdXK2k/10zmHHcRiDQzZKc92YsssH5nWg8O0WIW24fiHRQe3uGuz8cI+L+c4lWDjqUtyrHzpQ6ay5wYVkZT+8I7ZWjCLmzom8sMItp2pKc+eoqE6ReS4C5wyOZeh9hLbhicvyh+FP22NJQBninftBbIKYuHS1uZvQO/gf37VZ54H4e/+F3RdgNuLFdfFV+ub/iFxA9nPX9aGbAZ791tn5Ntm7XTlKwIw2wQwrcI5VYm7y69Hx7Dvbq53ae0013dG8i4m2ftqlMIJNjfz71W5jchWG0R3AfxvThaicRnNfGhMk457pDHORbB9ccl3tOXgErgLuFzc3CPb9l9DOeNNgIwAvWc6II2Sw7LuQupxSlWrQsUb5oGi411c+qAJpeGD6WowWFbpdU9ZdBxx447KsvviujfuKYPDMLW0N39TqaXbsXODODbKiX6dGeBwymYF1cIGCxHVE0vk8De8XZGLxYgzEUDv X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(1800799024)(376014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:30:16.6089 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 513908b2-9096-4a94-1c59-08dcc377b9e4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA0PR12MB7530 The SEV TIO Bind operation is going to be handled in the KVM and requires the BDFn of the device being bound, and the only supplied information is VFIO device fd. Add helper to convert vfio devfd to a device. Note that vfio_put_device() is already public (it is "static inline" wrapper for put_device()). Signed-off-by: Alexey Kardashevskiy --- include/linux/vfio.h | 1 + drivers/vfio/vfio_main.c | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/include/linux/vfio.h b/include/linux/vfio.h index 000a6cab2d31..91fd376ad13e 100644 --- a/include/linux/vfio.h +++ b/include/linux/vfio.h @@ -293,6 +293,7 @@ int vfio_mig_get_next_state(struct vfio_device *device, void vfio_combine_iova_ranges(struct rb_root_cached *root, u32 cur_nodes, u32 req_nodes); +struct vfio_device *vfio_file_device(struct file *file); /* * External user API diff --git a/drivers/vfio/vfio_main.c b/drivers/vfio/vfio_main.c index a5a62d9d963f..5aa804ff918b 100644 --- a/drivers/vfio/vfio_main.c +++ b/drivers/vfio/vfio_main.c @@ -1447,6 +1447,19 @@ void vfio_file_set_kvm(struct file *file, struct kvm *kvm) } EXPORT_SYMBOL_GPL(vfio_file_set_kvm); +struct vfio_device *vfio_file_device(struct file *filep) +{ + struct vfio_device_file *df = filep->private_data; + + if (filep->f_op != &vfio_device_fops) + return NULL; + + get_device(&df->device->device); + + return df->device; +} +EXPORT_SYMBOL_GPL(vfio_file_device); + /* * Sub-module support */ From patchwork Fri Aug 23 13:21:25 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775246 Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2043.outbound.protection.outlook.com [40.107.101.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD989185949; Fri, 23 Aug 2024 13:30:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.101.43 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419841; cv=fail; b=THij8Oq5B6gpZgsD2AluT9+mZ5OI0tpwknW83OJMsHtUiNAuA8LrUOpai24HWpYr52H0j9UBLSisxPXhKJ7Blk6wGZ+v6U5FWoPmXd5OdzvsPVFHOvWd7r/fXPkwSC0VVoMlmfB7zeQhQ3OPBedjQ8Q7hVXBYBvKerUBIzAIsu4= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419841; c=relaxed/simple; bh=cocLMsMWaRNgSdr+uQduvVjEnrlMIiHHDWVFAN/UJCI=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=R1txIpMIKgu7SKf/BEMPjaJAzCMFrpeBcbkK/ZFm4A3yzNefShcDIMe2NzAIxsn8djKTtV7o076k1wbebjBy2cre0kfcWJEiAIm1ll/EUCswTEI3tOJ4+CaeQ1E80fxjEaAnUsw7ZblVXzuEDX844Z65QfXPzmq2AmGRk6yk2xM= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=xpEUZJSt; arc=fail smtp.client-ip=40.107.101.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="xpEUZJSt" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=Jw0MhiN52LuAp6ejinUv029puQa6QQQgXi9KoX+dtEzjCso9gdyx9Oozhoo0HxrXSGqeOdzztuT+svMdQY0oxYO/zXUxPEjU98DEmXhgwcCFWgM9HAz7aQkKQqHrKBQPADT1fnymoenibCNFPA35QPFAFr6bi27uQ2FVKn6vyLLmLjlyI4/7LW584d9ooWUJ9UysCyFamKj2yBVoG2VwC2rWEwhSLZQMz6YMTFqm4kr/mMhA4Kn2tC+k8w/u9HSzGPT+IWB8+iSMabcQA52lhEVs6TshR3vJZhnMbLwWTZRtyrQzheFophpAVqQH+uGalNpHvo+PzEbbREwtCjQvIQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jp3W9Ms+8s69jLkLidccRUN6d27jBOKK6hXWgOq51EU=; b=ornoXJjFxg9kU5cAkZunqBZY4iOhEwyrSbALQdaYuBwznMKFcKzRwJQmhILfKUTH33jsxrDFjJEeynh+rNeCUbXAl9AdA9SiS+o+X4lI0wdvjVB9QftFusfKuuZhu2M69txy3cptIDkyMOWPq1B2PYQdGx2zl3rVT11D1wnA3vy3SSIBd85aeUk8r7zA5N6U+YioHv5deCis4FOoNJMYbHrdMI1uugLtxboV2jY0g10uD7IL/h6bIq8/5YXykJPRrXR1TCbH/J52w83JRktge3MRvcmSVPn4SjnV/aTW5UCk2yU/Vy9gu/9gIMUtJI7IpsmZ+mz7hRsc8750J7F0aA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jp3W9Ms+8s69jLkLidccRUN6d27jBOKK6hXWgOq51EU=; b=xpEUZJStF4WnQmM6+lsvBtfmIcRaQBBX/OZjA9X69REeeP5IRGNDT+nXEVJ3Cq24uRSX5VK5ZLi3PjhzhQwyJmpLud3FI7IUmQwsyAV64ZxzGDtbh0SLv/XXCFT1X4sRpTWRbCp29zIBY3kacwS+MgSng0zfqpg+AvkC7dgSHlc= Received: from SJ0PR03CA0009.namprd03.prod.outlook.com (2603:10b6:a03:33a::14) by DS0PR12MB7629.namprd12.prod.outlook.com (2603:10b6:8:13e::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:30:34 +0000 Received: from DS2PEPF0000343F.namprd02.prod.outlook.com (2603:10b6:a03:33a:cafe::26) by SJ0PR03CA0009.outlook.office365.com (2603:10b6:a03:33a::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21 via Frontend Transport; Fri, 23 Aug 2024 13:30:34 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343F.mail.protection.outlook.com (10.167.18.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:30:34 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:30:28 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 11/21] KVM: SEV: Add TIO VMGEXIT and bind TDI Date: Fri, 23 Aug 2024 23:21:25 +1000 Message-ID: <20240823132137.336874-12-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343F:EE_|DS0PR12MB7629:EE_ X-MS-Office365-Filtering-Correlation-Id: 7be304de-c390-4682-fde3-08dcc377c46d X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: k2EfKnV4sd3jTrRYYA8p5lL1MOP+ZjcZhRDIy8Swh8DURixWboy70+O5pO7M4H2HBwNLXZYwZSA3yBgarDz1jUoEC0kNJf+KJANkCe1TviVUpg9lSCLjp/yhlcxkd9y6SNZspkmkAFkGfx9DHvGWpgVe943sFMooLvwcDQQvv6H6/1bUxeXkyGTJEWHhUOATxvvglBrRODsrZnFAK1mqW4lQgGa6KhcjlyJNIuRgnHmBQFPXY4tyjOAACIVedESqLevOsMqh+zqSgv7KbkTbqmHvdq585HjBPAgWq2FcJ/SDjITZZxYF/VPFpcnynlfYNRpWd4YYoA5HkqWMTOJn94TOpYUbuLyuxcrG9tcTx4oFaB2hV7kCRgQIIsXDZ3+wd6kKO8ei4E8tik7MItfZWkhlfl7xw6Oj2KWg81GMWLOOWMXpXpjTgbfrBf4zuXw26hy0MQj0+7kZEikD+qgDDh2VP8FpKi7q/bXUzmBmljUFfnraFUBbiAVq6odJdjb7utMDLPkwe/FOaXF0U0+pQqgKfKzzsegQIGI8rU6Hmpaw4s27Mq90lGB+c1xm26S43Hc83Mhvllx73M5Whsk6vSgX8I/8LhXRIpW1cQtprfFVEhIgbq7ys80O3HTLmDZzzO0yXRAckma2qB4ODtGBvWVtEfvT2jAzPbUeftOiOUmp4jhAdg+FEillbvv7Pv+HWa9Fa45kR4ixb7mviCgLLvoC5I99Z834NFpDo/UZ3s59w0uiVX4oVpP96JyLbjTi66csT6yGDgjAcQMRUgQ9Nud1wzJyIF1YpFAU6Zufy7TwOceJnkvZ3Zd8W1IAsI30z4rI965RcKC5jYfvYNKB+nbehjaXXGXKP/rzV8EzWKK+/aY6fhbw0d+pTnlBZwZlE/I+GD4X8/LxOnu8t+WpIflDcZgpEdHx1DGQvo9b6RVxbu+wwEgzKJOy2zrRxIh0lYzG83XflONlzF2AjrfJ/HcnY7sakT3YqEi/s3Kmew/3dpT54Kno61TRhPszqeHXmkSoM9n5BFYlSEq8YDz9vfW/fMsFovRkNnNfxXymc3UHpsLh3NgLo3SzrL5Z2fCrHdFSdKadTRFUN6kLYzKxSmR7/stDM+f6t+1JfaQrwLEQlJ1KzsggzPK4aZ0FIjeJD4MU+5zHYC3SZxw1q01jWJF7JGWoaEtpNWXi0gaLVF52LQ0E7IU1YStNNECCgHstrKBNZYN7G+d5eVKhdJrgcbjp+jRGdHxWKlqn4lK+8RS4g8RpaJk+8UIo/LWIKM+c2SZrDkRMM1QPcgrAccHdVaxYmU/0nfkmUOLy100mH9/dTGiTyAVYU8/Z8jPaEXkHCHr459bylz5u7caZdizTKBO3NU9WPsT9ZruR1PRahA1TsBiyxXZAe1WvPFgFpcVbXV1ruUgbYKEFjj48VIDD23K/xiQXaI7o1LavMJtLfvRz1RE4jaX6gbIje8r1hiAJ X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:30:34.2897 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7be304de-c390-4682-fde3-08dcc377c46d X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343F.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7629 The SEV TIO spec defines a new TIO_GUEST_MESSAGE message to provide a secure communication channel between a SNP VM and the PSP. The defined messages provide way to read TDI info and do secure MMIO/DMA setup. On top of this, GHCB defines an extension to return certificates/ measurements/report and TDI run status to the VM. The TIO_GUEST_MESSAGE handler also checks if a specific TDI bound to the VM and exits the KVM to allow the userspace to bind it. Skip adjust_direct_map() in rmpupdate() for now as it fails on MMIO. Signed-off-by: Alexey Kardashevskiy --- arch/x86/include/asm/kvm-x86-ops.h | 2 + arch/x86/include/asm/kvm_host.h | 2 + arch/x86/include/asm/sev.h | 1 + arch/x86/include/uapi/asm/svm.h | 2 + arch/x86/kvm/svm/svm.h | 2 + include/linux/kvm_host.h | 2 + include/uapi/linux/kvm.h | 29 +++ arch/x86/kvm/svm/sev.c | 217 ++++++++++++++++++++ arch/x86/kvm/svm/svm.c | 3 + arch/x86/kvm/x86.c | 12 ++ arch/x86/virt/svm/sev.c | 23 ++- virt/kvm/vfio.c | 139 +++++++++++++ arch/x86/kvm/Kconfig | 1 + 13 files changed, 431 insertions(+), 4 deletions(-) diff --git a/arch/x86/include/asm/kvm-x86-ops.h b/arch/x86/include/asm/kvm-x86-ops.h index 68ad4f923664..80e8176a4ea0 100644 --- a/arch/x86/include/asm/kvm-x86-ops.h +++ b/arch/x86/include/asm/kvm-x86-ops.h @@ -139,6 +139,8 @@ KVM_X86_OP_OPTIONAL(alloc_apic_backing_page) KVM_X86_OP_OPTIONAL_RET0(gmem_prepare) KVM_X86_OP_OPTIONAL_RET0(private_max_mapping_level) KVM_X86_OP_OPTIONAL(gmem_invalidate) +KVM_X86_OP_OPTIONAL(tsm_bind) +KVM_X86_OP_OPTIONAL(tsm_unbind) #undef KVM_X86_OP #undef KVM_X86_OP_OPTIONAL diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h index 4a68cb3eba78..80bdac4e47ac 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h @@ -1830,6 +1830,8 @@ struct kvm_x86_ops { int (*gmem_prepare)(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order); void (*gmem_invalidate)(kvm_pfn_t start, kvm_pfn_t end); int (*private_max_mapping_level)(struct kvm *kvm, kvm_pfn_t pfn); + int (*tsm_bind)(struct kvm *kvm, struct device *dev, u32 guest_rid); + void (*tsm_unbind)(struct kvm *kvm, struct device *dev); }; struct kvm_x86_nested_ops { diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 80d9aa16fe61..8edd7bccabf2 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -464,6 +464,7 @@ int snp_lookup_rmpentry(u64 pfn, bool *assigned, int *level); void snp_dump_hva_rmpentry(unsigned long address); int psmash(u64 pfn); int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); +int rmp_make_private_mmio(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable); int rmp_make_shared(u64 pfn, enum pg_level level); void snp_leak_pages(u64 pfn, unsigned int npages); void kdump_sev_callback(void); diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h index 1814b413fd57..ac90a69e6327 100644 --- a/arch/x86/include/uapi/asm/svm.h +++ b/arch/x86/include/uapi/asm/svm.h @@ -116,6 +116,7 @@ #define SVM_VMGEXIT_AP_CREATE 1 #define SVM_VMGEXIT_AP_DESTROY 2 #define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018 +#define SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST 0x80000020 #define SVM_VMGEXIT_HV_FEATURES 0x8000fffd #define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \ @@ -237,6 +238,7 @@ { SVM_VMGEXIT_GUEST_REQUEST, "vmgexit_guest_request" }, \ { SVM_VMGEXIT_EXT_GUEST_REQUEST, "vmgexit_ext_guest_request" }, \ { SVM_VMGEXIT_AP_CREATION, "vmgexit_ap_creation" }, \ + { SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST, "vmgexit_sev_tio_guest_request" }, \ { SVM_VMGEXIT_HV_FEATURES, "vmgexit_hypervisor_feature" }, \ { SVM_EXIT_ERR, "invalid_guest_state" } diff --git a/arch/x86/kvm/svm/svm.h b/arch/x86/kvm/svm/svm.h index 76107c7d0595..d04d583c1741 100644 --- a/arch/x86/kvm/svm/svm.h +++ b/arch/x86/kvm/svm/svm.h @@ -749,6 +749,8 @@ void sev_snp_init_protected_guest_state(struct kvm_vcpu *vcpu); int sev_gmem_prepare(struct kvm *kvm, kvm_pfn_t pfn, gfn_t gfn, int max_order); void sev_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end); int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn); +int sev_tsm_bind(struct kvm *kvm, struct device *dev, u32 guest_rid); +void sev_tsm_unbind(struct kvm *kvm, struct device *dev); #else static inline struct page *snp_safe_alloc_page_node(int node, gfp_t gfp) { diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index d004d96c2ace..fdb331b3e0d3 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -2497,5 +2497,7 @@ void kvm_arch_gmem_invalidate(kvm_pfn_t start, kvm_pfn_t end); long kvm_arch_vcpu_pre_fault_memory(struct kvm_vcpu *vcpu, struct kvm_pre_fault_memory *range); #endif +int kvm_arch_tsm_bind(struct kvm *kvm, struct device *dev, u32 guest_rid); +void kvm_arch_tsm_unbind(struct kvm *kvm, struct device *dev); #endif diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h index 637efc055145..37f76bbdfa9b 100644 --- a/include/uapi/linux/kvm.h +++ b/include/uapi/linux/kvm.h @@ -135,6 +135,17 @@ struct kvm_xen_exit { } u; }; +struct kvm_user_vmgexit { +#define KVM_USER_VMGEXIT_TIO_REQ 4 + __u32 type; /* KVM_USER_VMGEXIT_* type */ + union { + struct { + __u32 guest_rid; + __u32 ret; + } tio_req; + }; +} __packed; + #define KVM_S390_GET_SKEYS_NONE 1 #define KVM_S390_SKEYS_MAX 1048576 @@ -178,6 +189,7 @@ struct kvm_xen_exit { #define KVM_EXIT_NOTIFY 37 #define KVM_EXIT_LOONGARCH_IOCSR 38 #define KVM_EXIT_MEMORY_FAULT 39 +#define KVM_EXIT_VMGEXIT 40 /* For KVM_EXIT_INTERNAL_ERROR */ /* Emulate instruction failed. */ @@ -446,6 +458,7 @@ struct kvm_run { __u64 gpa; __u64 size; } memory_fault; + struct kvm_user_vmgexit vmgexit; /* Fix the size of the union. */ char padding[256]; }; @@ -1166,6 +1179,22 @@ struct kvm_vfio_spapr_tce { __s32 tablefd; }; +#define KVM_DEV_VFIO_DEVICE 2 +#define KVM_DEV_VFIO_DEVICE_TDI_BIND 1 +#define KVM_DEV_VFIO_DEVICE_TDI_UNBIND 2 + +/* + * struct kvm_vfio_tsm_bind + * + * @guest_rid: Hypervisor provided identifier used by the guest to identify + * the TDI in guest messages + * @devfd: a fd of VFIO device + */ +struct kvm_vfio_tsm_bind { + __u32 guest_rid; + __s32 devfd; +} __packed; + /* * KVM_CREATE_VCPU receives as a parameter the vcpu slot, and returns * a vcpu fd. diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 9badf4fa7e1d..e36b93b9cc2b 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -20,6 +20,8 @@ #include #include #include +#include +#include #include #include @@ -3413,6 +3415,8 @@ static int sev_es_validate_vmgexit(struct vcpu_svm *svm) control->exit_info_1 == control->exit_info_2) goto vmgexit_err; break; + case SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST: + break; default: reason = GHCB_ERR_INVALID_EVENT; goto vmgexit_err; @@ -4128,6 +4132,182 @@ static int snp_handle_ext_guest_req(struct vcpu_svm *svm, gpa_t req_gpa, gpa_t r return 1; /* resume guest */ } +static int tio_make_mmio_private(struct vcpu_svm *svm, struct pci_dev *pdev, + phys_addr_t mmio_gpa, phys_addr_t mmio_size, + unsigned int rangeid) +{ + int ret = 0; + + if (!mmio_gpa || !mmio_size || mmio_size != pci_resource_len(pdev, rangeid)) { + pci_err(pdev, "Invalid MMIO #%d gpa=%llx..%llx\n", + rangeid, mmio_gpa, mmio_gpa + mmio_size); + return SEV_RET_INVALID_PARAM; + } + + /* Could as well exit to the userspace and ioctl(KVM_MEMORY_ATTRIBUTE_PRIVATE) */ + ret = kvm_vm_set_mem_attributes(svm->vcpu.kvm, mmio_gpa >> PAGE_SHIFT, + (mmio_gpa + mmio_size) >> PAGE_SHIFT, + KVM_MEMORY_ATTRIBUTE_PRIVATE); + if (ret) + pci_err(pdev, "Failed to mark MMIO #%d gpa=%llx..%llx as private, ret=%d\n", + rangeid, mmio_gpa, mmio_gpa + mmio_size, ret); + else + pci_notice(pdev, "Marked MMIO#%d gpa=%llx..%llx as private\n", + rangeid, mmio_gpa, mmio_gpa + mmio_size); + + for (phys_addr_t off = 0; off < mmio_size; off += PAGE_SIZE) { + ret = rmp_make_private_mmio((pci_resource_start(pdev, rangeid) + off) >> PAGE_SHIFT, + (mmio_gpa + off), PG_LEVEL_4K, svm->asid, + false/*Immutable*/); + if (ret) + pci_err(pdev, "Failed to map TIO #%d %pR +%llx %llx -> gpa=%llx ret=%d\n", + rangeid, pci_resource_n(pdev, rangeid), off, mmio_size, + mmio_gpa + off, ret); + } + + return SEV_RET_SUCCESS; +} + +static int snp_complete_sev_tio_guest_request(struct kvm_vcpu *vcpu, struct tsm_tdi *tdi) +{ + struct vcpu_svm *svm = to_svm(vcpu); + struct vmcb_control_area *control = &svm->vmcb->control; + struct kvm *kvm = vcpu->kvm; + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + enum tsm_tdisp_state state = TDISP_STATE_UNAVAIL; + unsigned long exitcode = 0, data_npages; + struct tio_guest_request tioreq = { 0 }; + struct snp_guest_msg_hdr *req_hdr; + gpa_t req_gpa, resp_gpa; + struct fd sevfd; + u64 data_gpa; + int ret; + + if (!sev_snp_guest(kvm)) + return -EINVAL; + + mutex_lock(&sev->guest_req_mutex); + + req_gpa = control->exit_info_1; + resp_gpa = control->exit_info_2; + + ret = kvm_read_guest(kvm, req_gpa, sev->guest_req_buf, PAGE_SIZE); + if (ret) + goto out_unlock; + + tioreq.data.gctx_paddr = __psp_pa(sev->snp_context); + tioreq.data.req_paddr = __psp_pa(sev->guest_req_buf); + tioreq.data.res_paddr = __psp_pa(sev->guest_resp_buf); + + sevfd = fdget(sev->fd); + if (!sevfd.file) + goto out_unlock; + + req_hdr = sev->guest_req_buf; + if (req_hdr->msg_type == TIO_MSG_MMIO_VALIDATE_REQ) { + const u64 raw_gpa = vcpu->arch.regs[VCPU_REGS_RDX]; + + ret = tio_make_mmio_private(svm, tdi->pdev, + MMIO_VALIDATE_GPA(raw_gpa), + MMIO_VALIDATE_LEN(raw_gpa), + MMIO_VALIDATE_RANGEID(raw_gpa)); + if (ret != SEV_RET_SUCCESS) + goto put_unlock; + } + + ret = tsm_guest_request(tdi, + (req_hdr->msg_type == TIO_MSG_TDI_INFO_REQ) ? &state : NULL, + &tioreq); + if (ret) + goto put_unlock; + + struct tio_blob_table_entry t[4] = { + { .guid = TIO_GUID_MEASUREMENTS, + .offset = sizeof(t), + .length = tdi->tdev->meas ? tdi->tdev->meas->len : 0 }, + { .guid = TIO_GUID_CERTIFICATES, + .offset = sizeof(t) + t[0].length, + .length = tdi->tdev->certs ? tdi->tdev->certs->len : 0 }, + { .guid = TIO_GUID_REPORT, + .offset = sizeof(t) + t[0].length + t[1].length, + .length = tdi->report ? tdi->report->len : 0 }, + { .guid.b = { 0 } } + }; + void *tp[4] = { + tdi->tdev->meas ? tdi->tdev->meas->data : NULL, + tdi->tdev->certs ? tdi->tdev->certs->data : NULL, + tdi->report ? tdi->report->data : NULL + }; + + data_gpa = vcpu->arch.regs[VCPU_REGS_RAX]; + data_npages = vcpu->arch.regs[VCPU_REGS_RBX]; + vcpu->arch.regs[VCPU_REGS_RBX] = PAGE_ALIGN(t[0].length + t[1].length + + t[2].length + sizeof(t)) >> PAGE_SHIFT; + if (data_gpa && ((data_npages << PAGE_SHIFT) >= vcpu->arch.regs[VCPU_REGS_RBX])) { + if (kvm_write_guest(kvm, data_gpa + 0, &t, sizeof(t)) || + kvm_write_guest(kvm, data_gpa + t[0].offset, tp[0], t[0].length) || + kvm_write_guest(kvm, data_gpa + t[1].offset, tp[1], t[1].length) || + kvm_write_guest(kvm, data_gpa + t[2].offset, tp[2], t[2].length)) + exitcode = SEV_RET_INVALID_ADDRESS; + } + + if (req_hdr->msg_type == TIO_MSG_TDI_INFO_REQ) + vcpu->arch.regs[VCPU_REGS_RDX] = state; + + ret = kvm_write_guest(kvm, resp_gpa, sev->guest_resp_buf, PAGE_SIZE); + if (ret) + goto put_unlock; + + ret = 1; /* Resume guest */ + + ghcb_set_sw_exit_info_2(svm->sev_es.ghcb, SNP_GUEST_ERR(0, tioreq.fw_err)); + +put_unlock: + fdput(sevfd); +out_unlock: + mutex_unlock(&sev->guest_req_mutex); + + return ret; +} + +static int snp_try_complete_sev_tio_guest_request(struct kvm_vcpu *vcpu) +{ + struct kvm_sev_info *sev = &to_kvm_svm(vcpu->kvm)->sev_info; + u32 guest_rid = vcpu->arch.regs[VCPU_REGS_RCX]; + struct tsm_tdi *tdi = tsm_tdi_find(guest_rid, (u64) __psp_pa(sev->snp_context)); + + if (!tdi) { + pr_err("TDI is not bound to %x:%02x.%d\n", + PCI_BUS_NUM(guest_rid), PCI_SLOT(guest_rid), PCI_FUNC(guest_rid)); + return 1; /* Resume guest */ + } + + return snp_complete_sev_tio_guest_request(vcpu, tdi); +} + +static int snp_sev_tio_guest_request(struct kvm_vcpu *vcpu) +{ + u32 guest_rid = vcpu->arch.regs[VCPU_REGS_RCX]; + struct kvm *kvm = vcpu->kvm; + struct kvm_sev_info *sev; + struct tsm_tdi *tdi; + + if (!sev_snp_guest(kvm)) + return SEV_RET_INVALID_GUEST; + + sev = &to_kvm_svm(kvm)->sev_info; + tdi = tsm_tdi_find(guest_rid, (u64) __psp_pa(sev->snp_context)); + if (!tdi) { + vcpu->run->exit_reason = KVM_EXIT_VMGEXIT; + vcpu->run->vmgexit.type = KVM_USER_VMGEXIT_TIO_REQ; + vcpu->run->vmgexit.tio_req.guest_rid = guest_rid; + vcpu->arch.complete_userspace_io = snp_try_complete_sev_tio_guest_request; + return 0; /* Exit KVM */ + } + + return snp_complete_sev_tio_guest_request(vcpu, tdi); +} + static int sev_handle_vmgexit_msr_protocol(struct vcpu_svm *svm) { struct vmcb_control_area *control = &svm->vmcb->control; @@ -4408,6 +4588,9 @@ int sev_handle_vmgexit(struct kvm_vcpu *vcpu) case SVM_VMGEXIT_EXT_GUEST_REQUEST: ret = snp_handle_ext_guest_req(svm, control->exit_info_1, control->exit_info_2); break; + case SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST: + ret = snp_sev_tio_guest_request(vcpu); + break; case SVM_VMGEXIT_UNSUPPORTED_EVENT: vcpu_unimpl(vcpu, "vmgexit: unsupported event - exit_info_1=%#llx, exit_info_2=%#llx\n", @@ -5000,3 +5183,37 @@ int sev_private_max_mapping_level(struct kvm *kvm, kvm_pfn_t pfn) return level; } + +int sev_tsm_bind(struct kvm *kvm, struct device *dev, u32 guest_rid) +{ + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; + struct tsm_tdi *tdi = tsm_tdi_get(dev); + struct fd sevfd; + int ret; + + if (!tdi) + return -ENODEV; + + sevfd = fdget(sev->fd); + if (!sevfd.file) + return -EPERM; + + dev_info(dev, "Binding guest=%x:%02x.%d\n", + PCI_BUS_NUM(guest_rid), PCI_SLOT(guest_rid), PCI_FUNC(guest_rid)); + ret = tsm_tdi_bind(tdi, guest_rid, (u64) __psp_pa(sev->snp_context), sev->asid); + fdput(sevfd); + + return ret; +} + +void sev_tsm_unbind(struct kvm *kvm, struct device *dev) +{ + struct tsm_tdi *tdi = tsm_tdi_get(dev); + + if (!tdi) + return; + + dev_notice(dev, "Unbinding guest=%x:%02x.%d\n", + PCI_BUS_NUM(tdi->guest_rid), PCI_SLOT(tdi->guest_rid), PCI_FUNC(tdi->guest_rid)); + tsm_tdi_unbind(tdi); +} diff --git a/arch/x86/kvm/svm/svm.c b/arch/x86/kvm/svm/svm.c index d6f252555ab3..ab6e41eed697 100644 --- a/arch/x86/kvm/svm/svm.c +++ b/arch/x86/kvm/svm/svm.c @@ -5093,6 +5093,9 @@ static struct kvm_x86_ops svm_x86_ops __initdata = { .vm_copy_enc_context_from = sev_vm_copy_enc_context_from, .vm_move_enc_context_from = sev_vm_move_enc_context_from, + + .tsm_bind = sev_tsm_bind, + .tsm_unbind = sev_tsm_unbind, #endif .check_emulate_instruction = svm_check_emulate_instruction, diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c index 70219e406987..97261cffa9ad 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c @@ -14055,3 +14055,15 @@ static void __exit kvm_x86_exit(void) WARN_ON_ONCE(static_branch_unlikely(&kvm_has_noapic_vcpu)); } module_exit(kvm_x86_exit); + +int kvm_arch_tsm_bind(struct kvm *kvm, struct device *dev, u32 guest_rid) +{ + return static_call(kvm_x86_tsm_bind)(kvm, dev, guest_rid); +} +EXPORT_SYMBOL_GPL(kvm_arch_tsm_bind); + +void kvm_arch_tsm_unbind(struct kvm *kvm, struct device *dev) +{ + static_call(kvm_x86_tsm_unbind)(kvm, dev); +} +EXPORT_SYMBOL_GPL(kvm_arch_tsm_unbind); diff --git a/arch/x86/virt/svm/sev.c b/arch/x86/virt/svm/sev.c index 44e7609c9bd6..91f5729dfcad 100644 --- a/arch/x86/virt/svm/sev.c +++ b/arch/x86/virt/svm/sev.c @@ -945,7 +945,7 @@ static int adjust_direct_map(u64 pfn, int rmp_level) * The optimal solution would be range locking to avoid locking disjoint * regions unnecessarily but there's no support for that yet. */ -static int rmpupdate(u64 pfn, struct rmp_state *state) +static int rmpupdate(u64 pfn, struct rmp_state *state, bool mmio) { unsigned long paddr = pfn << PAGE_SHIFT; int ret, level; @@ -955,7 +955,7 @@ static int rmpupdate(u64 pfn, struct rmp_state *state) level = RMP_TO_PG_LEVEL(state->pagesize); - if (adjust_direct_map(pfn, level)) + if (!mmio && adjust_direct_map(pfn, level)) return -EFAULT; do { @@ -989,10 +989,25 @@ int rmp_make_private(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immut state.gpa = gpa; state.pagesize = PG_LEVEL_TO_RMP(level); - return rmpupdate(pfn, &state); + return rmpupdate(pfn, &state, false); } EXPORT_SYMBOL_GPL(rmp_make_private); +int rmp_make_private_mmio(u64 pfn, u64 gpa, enum pg_level level, u32 asid, bool immutable) +{ + struct rmp_state state; + + memset(&state, 0, sizeof(state)); + state.assigned = 1; + state.asid = asid; + state.immutable = immutable; + state.gpa = gpa; + state.pagesize = PG_LEVEL_TO_RMP(level); + + return rmpupdate(pfn, &state, true); +} +EXPORT_SYMBOL_GPL(rmp_make_private_mmio); + /* Transition a page to hypervisor-owned/shared state in the RMP table. */ int rmp_make_shared(u64 pfn, enum pg_level level) { @@ -1001,7 +1016,7 @@ int rmp_make_shared(u64 pfn, enum pg_level level) memset(&state, 0, sizeof(state)); state.pagesize = PG_LEVEL_TO_RMP(level); - return rmpupdate(pfn, &state); + return rmpupdate(pfn, &state, false); } EXPORT_SYMBOL_GPL(rmp_make_shared); diff --git a/virt/kvm/vfio.c b/virt/kvm/vfio.c index 76b7f6085dcd..a4e9db212adc 100644 --- a/virt/kvm/vfio.c +++ b/virt/kvm/vfio.c @@ -15,6 +15,7 @@ #include #include #include +#include #include "vfio.h" #ifdef CONFIG_SPAPR_TCE_IOMMU @@ -29,8 +30,14 @@ struct kvm_vfio_file { #endif }; +struct kvm_vfio_tdi { + struct list_head node; + struct vfio_device *vdev; +}; + struct kvm_vfio { struct list_head file_list; + struct list_head tdi_list; struct mutex lock; bool noncoherent; }; @@ -80,6 +87,22 @@ static bool kvm_vfio_file_is_valid(struct file *file) return ret; } +static struct vfio_device *kvm_vfio_file_device(struct file *file) +{ + struct vfio_device *(*fn)(struct file *file); + struct vfio_device *ret; + + fn = symbol_get(vfio_file_device); + if (!fn) + return NULL; + + ret = fn(file); + + symbol_put(vfio_file_device); + + return ret; +} + #ifdef CONFIG_SPAPR_TCE_IOMMU static struct iommu_group *kvm_vfio_file_iommu_group(struct file *file) { @@ -297,6 +320,103 @@ static int kvm_vfio_set_file(struct kvm_device *dev, long attr, return -ENXIO; } +static int kvm_dev_tsm_bind(struct kvm_device *dev, void __user *arg) +{ + struct kvm_vfio *kv = dev->private; + struct kvm_vfio_tsm_bind tb; + struct kvm_vfio_tdi *ktdi; + struct vfio_device *vdev; + struct fd fdev; + int ret; + + if (copy_from_user(&tb, arg, sizeof(tb))) + return -EFAULT; + + ktdi = kzalloc(sizeof(*ktdi), GFP_KERNEL_ACCOUNT); + if (!ktdi) + return -ENOMEM; + + fdev = fdget(tb.devfd); + if (!fdev.file) + return -EBADF; + + ret = -ENOENT; + + mutex_lock(&kv->lock); + + vdev = kvm_vfio_file_device(fdev.file); + if (vdev) { + ret = kvm_arch_tsm_bind(dev->kvm, vdev->dev, tb.guest_rid); + if (!ret) { + ktdi->vdev = vdev; + list_add_tail(&ktdi->node, &kv->tdi_list); + } else { + vfio_put_device(vdev); + } + } + + fdput(fdev); + mutex_unlock(&kv->lock); + if (ret) + kfree(ktdi); + + return ret; +} + +static int kvm_dev_tsm_unbind(struct kvm_device *dev, void __user *arg) +{ + struct kvm_vfio *kv = dev->private; + struct kvm_vfio_tsm_bind tb; + struct kvm_vfio_tdi *ktdi; + struct vfio_device *vdev; + struct fd fdev; + int ret; + + if (copy_from_user(&tb, arg, sizeof(tb))) + return -EFAULT; + + fdev = fdget(tb.devfd); + if (!fdev.file) + return -EBADF; + + ret = -ENOENT; + + mutex_lock(&kv->lock); + + vdev = kvm_vfio_file_device(fdev.file); + if (vdev) { + list_for_each_entry(ktdi, &kv->tdi_list, node) { + if (ktdi->vdev != vdev) + continue; + + kvm_arch_tsm_unbind(dev->kvm, vdev->dev); + list_del(&ktdi->node); + kfree(ktdi); + vfio_put_device(vdev); + ret = 0; + break; + } + vfio_put_device(vdev); + } + + fdput(fdev); + mutex_unlock(&kv->lock); + return ret; +} + +static int kvm_vfio_set_device(struct kvm_device *dev, long attr, + void __user *arg) +{ + switch (attr) { + case KVM_DEV_VFIO_DEVICE_TDI_BIND: + return kvm_dev_tsm_bind(dev, arg); + case KVM_DEV_VFIO_DEVICE_TDI_UNBIND: + return kvm_dev_tsm_unbind(dev, arg); + } + + return -ENXIO; +} + static int kvm_vfio_set_attr(struct kvm_device *dev, struct kvm_device_attr *attr) { @@ -304,6 +424,9 @@ static int kvm_vfio_set_attr(struct kvm_device *dev, case KVM_DEV_VFIO_FILE: return kvm_vfio_set_file(dev, attr->attr, u64_to_user_ptr(attr->addr)); + case KVM_DEV_VFIO_DEVICE: + return kvm_vfio_set_device(dev, attr->attr, + u64_to_user_ptr(attr->addr)); } return -ENXIO; @@ -323,6 +446,13 @@ static int kvm_vfio_has_attr(struct kvm_device *dev, return 0; } + break; + case KVM_DEV_VFIO_DEVICE: + switch (attr->attr) { + case KVM_DEV_VFIO_DEVICE_TDI_BIND: + case KVM_DEV_VFIO_DEVICE_TDI_UNBIND: + return 0; + } break; } @@ -332,8 +462,16 @@ static int kvm_vfio_has_attr(struct kvm_device *dev, static void kvm_vfio_release(struct kvm_device *dev) { struct kvm_vfio *kv = dev->private; + struct kvm_vfio_tdi *ktdi, *tmp2; struct kvm_vfio_file *kvf, *tmp; + list_for_each_entry_safe(ktdi, tmp2, &kv->tdi_list, node) { + kvm_arch_tsm_unbind(dev->kvm, ktdi->vdev->dev); + list_del(&ktdi->node); + vfio_put_device(ktdi->vdev); + kfree(ktdi); + } + list_for_each_entry_safe(kvf, tmp, &kv->file_list, node) { #ifdef CONFIG_SPAPR_TCE_IOMMU kvm_spapr_tce_release_vfio_group(dev->kvm, kvf); @@ -379,6 +517,7 @@ static int kvm_vfio_create(struct kvm_device *dev, u32 type) INIT_LIST_HEAD(&kv->file_list); mutex_init(&kv->lock); + INIT_LIST_HEAD(&kv->tdi_list); dev->private = kv; diff --git a/arch/x86/kvm/Kconfig b/arch/x86/kvm/Kconfig index 472a1537b7a9..5e07a1fddb67 100644 --- a/arch/x86/kvm/Kconfig +++ b/arch/x86/kvm/Kconfig @@ -143,6 +143,7 @@ config KVM_AMD_SEV select KVM_GENERIC_PRIVATE_MEM select HAVE_KVM_ARCH_GMEM_PREPARE select HAVE_KVM_ARCH_GMEM_INVALIDATE + select KVM_VFIO help Provides support for launching Encrypted VMs (SEV) and Encrypted VMs with Encrypted State (SEV-ES) on AMD processors. From patchwork Fri Aug 23 13:21:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775247 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2067.outbound.protection.outlook.com [40.107.243.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EBABB185E7B; Fri, 23 Aug 2024 13:30:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419860; cv=fail; b=tpuSRyXFpMQc40atQEcFqKYySMM7Xf52c+QQxCSzgd5lpRSdZJadJH3Fh69/3oSmRd72ElB61KYpm1D/RRiNMgQ+7trnNLvRFfiK+EGjtJ2CVPzKVXydPoDP925FyBPFt4QFMKt9bXl93trp+icIq1xyumC2gHu3TaZi9ocpv20= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419860; c=relaxed/simple; bh=1PdVvqTTQiawto8WRPUw4+MVMTiaBL3dtz7IyHNMjWs=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=D9NoGVXQpVMZz+6uaRn35Vihu5C+PVrIS8LRPWw3LHADqi44HnM/ct+kqa8/yvDUEp0NWiJVqlnRWIVVZj3QE4ff3yWdX0KcdGMtb6+BzmO20exC4oG4jMZpXCi/fvyKAa1I41I0dSeySVz7WUnSnlXg3NJkvqXdnh0euhzLve4= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=pm90g5FT; arc=fail smtp.client-ip=40.107.243.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="pm90g5FT" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=v4CM8LG8omuYyBu0UJZW9oyZLVE9ndGsgJTkOskWdAuWHrMxx/jjeiAr0CHMkkxqBhdLDjSlIiV3k2NvwI4KhcvUUK8+sNfrtYAr9Z7iKiWL6eupdjVuLD2XGTf+1gqmeFrHh2VA8rDp+FFDlTneIEpy5b/ip2F/JOsOG94A6wPOVzNIyvCNSZ0djt5JQLgg1NBzvaX0N8CXR8eli9dp9aOwR21gnncXjmS4yFl9fyho/W6seKOHjI33MV4bwBzKes543TvJwYeCKhicc/UNnhK9kSFDNj78AOB7CnMZd3OJvlzKuaqVv1vzo3FJ9gD9Gd5tYVgsFVtiJPj9RQ5+SA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=751M99Ode88aicLdMFZcQLcGHZcQ8RoMhlZwSfgzg7g=; b=RDIt2eV9vmG6NrrFfsdGiosfQNoaguT3gKfIbXYqyekafXwbGMpngsVvbU5iDBMlCu6sMrQQwCHQMuzilhiNUSACLmvAZAPzwYIMPnPhFdCrYBpce6g/+bnIgKfnz1XBpwZCVXa5K2y6dUzWueFl+CXurq1uSjkAGBrs6HE9iqBie9yotHOT+W1epIJP8VOXZzbRwCDgQuIWgHBY/9evVSSSIv45F1HTnMlHuCYu4H7E4YoZUsgVsU8n/PXaOG3CFXVt08PP9bE/nZXDdaJtlKY9qdeBcmTx1vsqHNSUzqNiekN2OHsYSTpJ6cHbx6uAJSYZPWN5BlmPa5TfiTXjDA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=751M99Ode88aicLdMFZcQLcGHZcQ8RoMhlZwSfgzg7g=; b=pm90g5FT2eZcKAPEvMrCmQ3938CyPyHV7qILjYAJ4wtu5lsiQ6kOMFjGTjl2cn6JbtUSckUGrmB8ND3H3fns15qLlbE1JNt6Y+9ln5WTR/bZ04R6heisdS8+ZTH0A1MoyWX+IoT+YNTcyNAxWzRId7TQ2SboDXsb5KuuaJJAwzs= Received: from DM6PR13CA0028.namprd13.prod.outlook.com (2603:10b6:5:bc::41) by CH3PR12MB9026.namprd12.prod.outlook.com (2603:10b6:610:125::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.25; Fri, 23 Aug 2024 13:30:53 +0000 Received: from DS2PEPF0000343D.namprd02.prod.outlook.com (2603:10b6:5:bc:cafe::fa) by DM6PR13CA0028.outlook.office365.com (2603:10b6:5:bc::41) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.23 via Frontend Transport; Fri, 23 Aug 2024 13:30:52 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by DS2PEPF0000343D.mail.protection.outlook.com (10.167.18.40) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:30:52 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:30:46 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 12/21] KVM: IOMMUFD: MEMFD: Map private pages Date: Fri, 23 Aug 2024 23:21:26 +1000 Message-ID: <20240823132137.336874-13-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS2PEPF0000343D:EE_|CH3PR12MB9026:EE_ X-MS-Office365-Filtering-Correlation-Id: b6d15ce0-f018-4ae4-f3b6-08dcc377cf69 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|36860700013|82310400026|1800799024; X-Microsoft-Antispam-Message-Info: VUypz3XUQHluMCuYeJYYurKBWQkfFAB4Z4MdBVY8ZldKs9GLrVgj4Uy/C2ktRyQUiHb/ak08knUKx83zmaUNtQvn/4JSy7qXDSzkae2yjcu7Pj9tZGGKNVIchjZtxgZ81wDDKOMzeXz0CF5s6QBJTpqeNtTiTJaFPM9GD+9T+8gbkrXN+9ekdv3mKYPpgn4ys5+eCreDkvEW14FtpDpBVLo3f3solPKVRBt4G9hywIwB/PUySbxO/wEx0HqTCZKZl6OcqD+igSy3tDaACCdjIJmhMaypB+S4/nn8tyeqFKcjDRXVsQ3/ucl9FziaSSMMzXZe3FJiPsLE5HGoRhgmnoYj1hXrQkcD/91WV9Zz/apil2+aui9Mqv3PFN+TYd90kkb2q1pAV86Dr/xirTYaRLU//DgGc7iMYtiGUj5h9Y93uuRFsYzscK2wsmr0ebjWi7bwGvJZJLyjh/iGNvXFkopxzfHNjik3+LvFi3/cWXqzLs7k7N1QLxf2kBViOzrS5zk40yvrWIxM118Cm5tZijbkRDbgqCWty3b9mggtFnazJgSRMb7nxFNf9YV2MYDBw5wVR606h/ynIBttoct7qjsn8+1Zsg39OD5xhk2Uv2UfLURJrDWzXijWr2yOQ/3taSAQ5nMuFcV3/9cI1+luVo71qwa/LPOCJWjMuXMroj1KXzQm8LwPs21VemDtwvVeS2HU5Ud9mzB/JVBpZBbXhqG0QOgHxAw2k7zyMa1BHsY8GZbsK4OxLJqU05Fq3CSvxcqnjzQagHBx6EoarQB7TCgVLFT+/iGij9ygSpJQlGf8tPg/qzL+e2gvOiyIVAWtNMr2zqy3E7FyteMzr/EBr3TBU61c2rIuUFdUa10S2FXqGgjsbqV7JxhVYdAYa2v7dnhWiGJzXiz9kZoz3qHxvqTsvW5kXaS/n/9jUen6NHnRpHxRbwHybMo3WF/bajq/5YBdFz31PmYr/3U2k1RkEw/AazA+GH7SeAVbKuq/LhyHKTqqYZdNP/fHrmL4CxOHcRtuX9e4QKb4DQWYIH0wZhNtNnq1Y+o35pGoflXiPaASQBKYSqaE8TG3CtvCTzHh844rnYlOL7D5icU6mcmWn1WF/0MbHS0Oya208WgXTXonegxZi0IAxCs8lfvFVHJFujs9pbMpGVvYFmH5/xgZOGJdEAqgjOweA861U5eBA9NfbEJtJVwsp1+IqqlXRITAuOHb2wgDfq5c0VZB/Mb+S2Dmz0/OU7dcWVCJt5WKiJDrwkm7QayvrbfWrwpUWQ5+BKW5DhsYjhM2LlvFBvLjkCWato3B5DVL/BE50p2zGq3Mfuo4AnIjJw43CRtTszh/2RUu9FHp+MC7whEwAoMduOKuUA5dT5EznU864GlroOfxPESEf1L5XZ94JVWsSP6lybP/xzbmNkELP0IkUgitXn0Sp8IIFq06A9DPGENCDR2ZEoH0pvwBsmypFFd/9vGK X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(82310400026)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:30:52.7025 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b6d15ce0-f018-4ae4-f3b6-08dcc377cf69 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: DS2PEPF0000343D.namprd02.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB9026 IOMMUFD calls get_user_pages() for every mapping which will allocate shared memory instead of using private memory managed by the KVM and MEMFD. Add support for IOMMUFD fd to the VFIO KVM device's KVM_DEV_VFIO_FILE API similar to already existing VFIO device and VFIO group fds. This addition registers the KVM in IOMMUFD with a callback to get a pfn for guest private memory for mapping it later in the IOMMU. No callback for free as it is generic folio_put() for now. The aforementioned callback uses uptr to calculate the offset into the KVM memory slot and find private backing pfn, copies kvm_gmem_get_pfn() pretty much. This relies on private pages to be pinned beforehand. Signed-off-by: Alexey Kardashevskiy --- drivers/iommu/iommufd/io_pagetable.h | 3 + drivers/iommu/iommufd/iommufd_private.h | 4 + include/linux/iommufd.h | 6 ++ include/linux/kvm_host.h | 66 ++++++++++++++ drivers/iommu/iommufd/io_pagetable.c | 2 + drivers/iommu/iommufd/main.c | 21 +++++ drivers/iommu/iommufd/pages.c | 94 +++++++++++++++++--- virt/kvm/guest_memfd.c | 40 +++++++++ virt/kvm/vfio.c | 58 ++++++++++-- 9 files changed, 275 insertions(+), 19 deletions(-) diff --git a/drivers/iommu/iommufd/io_pagetable.h b/drivers/iommu/iommufd/io_pagetable.h index 0ec3509b7e33..fc9239fc94c0 100644 --- a/drivers/iommu/iommufd/io_pagetable.h +++ b/drivers/iommu/iommufd/io_pagetable.h @@ -204,6 +204,9 @@ struct iopt_pages { struct rb_root_cached access_itree; /* Of iopt_area::pages_node */ struct rb_root_cached domains_itree; + + struct kvm *kvm; + gmem_pin_t gmem_pin; }; struct iopt_pages *iopt_alloc_pages(void __user *uptr, unsigned long length, diff --git a/drivers/iommu/iommufd/iommufd_private.h b/drivers/iommu/iommufd/iommufd_private.h index 92efe30a8f0d..bd5573ddcd9c 100644 --- a/drivers/iommu/iommufd/iommufd_private.h +++ b/drivers/iommu/iommufd/iommufd_private.h @@ -10,6 +10,7 @@ #include #include #include +#include #include #include "../iommu-priv.h" @@ -28,6 +29,9 @@ struct iommufd_ctx { /* Compatibility with VFIO no iommu */ u8 no_iommu_mode; struct iommufd_ioas *vfio_ioas; + + struct kvm *kvm; + gmem_pin_t gmem_pin; }; /* diff --git a/include/linux/iommufd.h b/include/linux/iommufd.h index ffc3a949f837..a990f604c044 100644 --- a/include/linux/iommufd.h +++ b/include/linux/iommufd.h @@ -9,6 +9,7 @@ #include #include #include +#include struct device; struct iommufd_device; @@ -57,6 +58,11 @@ void iommufd_ctx_get(struct iommufd_ctx *ictx); #if IS_ENABLED(CONFIG_IOMMUFD) struct iommufd_ctx *iommufd_ctx_from_file(struct file *file); struct iommufd_ctx *iommufd_ctx_from_fd(int fd); +bool iommufd_file_is_valid(struct file *file); +typedef int (*gmem_pin_t)(struct kvm *kvm, void __user *uptr, gfn_t *gfn, + kvm_pfn_t *pfn, int *max_order); +void iommufd_file_set_kvm(struct file *file, struct kvm *kvm, + gmem_pin_t gmem_pin); void iommufd_ctx_put(struct iommufd_ctx *ictx); bool iommufd_ctx_has_group(struct iommufd_ctx *ictx, struct iommu_group *group); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h index fdb331b3e0d3..a09a346ba3ca 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h @@ -1297,6 +1297,7 @@ int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); +struct kvm_memory_slot *uptr_to_memslot(struct kvm *kvm, void __user *uptr); bool kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); bool kvm_vcpu_is_visible_gfn(struct kvm_vcpu *vcpu, gfn_t gfn); unsigned long kvm_host_page_size(struct kvm_vcpu *vcpu, gfn_t gfn); @@ -1713,6 +1714,22 @@ try_get_memslot(struct kvm_memory_slot *slot, gfn_t gfn) return NULL; } +static inline struct kvm_memory_slot * +try_get_memslot_uptr(struct kvm_memory_slot *slot, void __user *uptr) +{ + unsigned long base_upn; + unsigned long upn = (unsigned long) uptr >> PAGE_SHIFT; + + if (!slot) + return NULL; + + base_upn = slot->userspace_addr >> PAGE_SHIFT; + if (upn >= base_upn && upn < base_upn + slot->npages) + return slot; + else + return NULL; +} + /* * Returns a pointer to the memslot that contains gfn. Otherwise returns NULL. * @@ -1741,6 +1758,22 @@ search_memslots(struct kvm_memslots *slots, gfn_t gfn, bool approx) return approx ? slot : NULL; } +static inline struct kvm_memory_slot * +search_memslots_uptr(struct kvm_memslots *slots, void __user *uptr) +{ + unsigned long upn = (unsigned long) uptr >> PAGE_SHIFT; + struct kvm_memslot_iter iter; + + kvm_for_each_memslot_in_gfn_range(&iter, slots, 0, 512ULL * SZ_1T) { + struct kvm_memory_slot *slot = iter.slot; + unsigned long base_upn = slot->userspace_addr >> PAGE_SHIFT; + + if (upn >= base_upn && upn < base_upn + slot->npages) + return slot; + } + return NULL; +} + static inline struct kvm_memory_slot * ____gfn_to_memslot(struct kvm_memslots *slots, gfn_t gfn, bool approx) { @@ -1760,6 +1793,25 @@ ____gfn_to_memslot(struct kvm_memslots *slots, gfn_t gfn, bool approx) return NULL; } +static inline struct kvm_memory_slot * +____uptr_to_memslot(struct kvm_memslots *slots, void __user *uptr) +{ + struct kvm_memory_slot *slot; + + slot = (struct kvm_memory_slot *)atomic_long_read(&slots->last_used_slot); + slot = try_get_memslot_uptr(slot, uptr); + if (slot) + return slot; + + slot = search_memslots_uptr(slots, uptr); + if (slot) { + atomic_long_set(&slots->last_used_slot, (unsigned long)slot); + return slot; + } + + return NULL; +} + /* * __gfn_to_memslot() and its descendants are here to allow arch code to inline * the lookups in hot paths. gfn_to_memslot() itself isn't here as an inline @@ -1771,6 +1823,12 @@ __gfn_to_memslot(struct kvm_memslots *slots, gfn_t gfn) return ____gfn_to_memslot(slots, gfn, false); } +static inline struct kvm_memory_slot * +__uptr_to_memslot(struct kvm_memslots *slots, void __user *uptr) +{ + return ____uptr_to_memslot(slots, uptr); +} + static inline unsigned long __gfn_to_hva_memslot(const struct kvm_memory_slot *slot, gfn_t gfn) { @@ -2446,6 +2504,8 @@ static inline bool kvm_mem_is_private(struct kvm *kvm, gfn_t gfn) #ifdef CONFIG_KVM_PRIVATE_MEM int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, gfn_t gfn, kvm_pfn_t *pfn, int *max_order); +int kvm_gmem_uptr_to_pfn(struct kvm *kvm, void __user *uptr, gfn_t *gfn, + kvm_pfn_t *pfn, int *max_order); #else static inline int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, gfn_t gfn, @@ -2454,6 +2514,12 @@ static inline int kvm_gmem_get_pfn(struct kvm *kvm, KVM_BUG_ON(1, kvm); return -EIO; } +static inline int kvm_gmem_uptr_to_pfn(struct kvm *kvm, void __user *uptr, gfn_t *gfn, + kvm_pfn_t *pfn, int *max_order) +{ + KVM_BUG_ON(1, kvm); + return -EIO; +} #endif /* CONFIG_KVM_PRIVATE_MEM */ #ifdef CONFIG_HAVE_KVM_ARCH_GMEM_PREPARE diff --git a/drivers/iommu/iommufd/io_pagetable.c b/drivers/iommu/iommufd/io_pagetable.c index 05fd9d3abf1b..aa7584d4a2b8 100644 --- a/drivers/iommu/iommufd/io_pagetable.c +++ b/drivers/iommu/iommufd/io_pagetable.c @@ -412,6 +412,8 @@ int iopt_map_user_pages(struct iommufd_ctx *ictx, struct io_pagetable *iopt, elm.pages->account_mode = IOPT_PAGES_ACCOUNT_MM; elm.start_byte = uptr - elm.pages->uptr; elm.length = length; + elm.pages->kvm = ictx->kvm; + elm.pages->gmem_pin = ictx->gmem_pin; list_add(&elm.next, &pages_list); rc = iopt_map_pages(iopt, &pages_list, length, iova, iommu_prot, flags); diff --git a/drivers/iommu/iommufd/main.c b/drivers/iommu/iommufd/main.c index 83bbd7c5d160..b6039f7c1cce 100644 --- a/drivers/iommu/iommufd/main.c +++ b/drivers/iommu/iommufd/main.c @@ -17,6 +17,7 @@ #include #include #include +#include #include "io_pagetable.h" #include "iommufd_private.h" @@ -488,6 +489,26 @@ struct iommufd_ctx *iommufd_ctx_from_fd(int fd) } EXPORT_SYMBOL_NS_GPL(iommufd_ctx_from_fd, IOMMUFD); +bool iommufd_file_is_valid(struct file *file) +{ + return file->f_op == &iommufd_fops; +} +EXPORT_SYMBOL_NS_GPL(iommufd_file_is_valid, IOMMUFD); + +void iommufd_file_set_kvm(struct file *file, struct kvm *kvm, gmem_pin_t gmem_pin) +{ + struct iommufd_ctx *ictx = iommufd_ctx_from_file(file); + + if (WARN_ON(!ictx)) + return; + + ictx->kvm = kvm; + ictx->gmem_pin = gmem_pin; + + iommufd_ctx_put(ictx); +} +EXPORT_SYMBOL_NS_GPL(iommufd_file_set_kvm, IOMMUFD); + /** * iommufd_ctx_put - Put back a reference * @ictx: Context to put back diff --git a/drivers/iommu/iommufd/pages.c b/drivers/iommu/iommufd/pages.c index 117f644a0c5b..d85b6969d9ea 100644 --- a/drivers/iommu/iommufd/pages.c +++ b/drivers/iommu/iommufd/pages.c @@ -52,6 +52,8 @@ #include #include #include +#include +#include #include "io_pagetable.h" #include "double_span.h" @@ -622,6 +624,33 @@ static void batch_from_pages(struct pfn_batch *batch, struct page **pages, break; } +static void memfd_unpin_user_page_range_dirty_lock(struct page *page, + unsigned long npages, + bool make_dirty) +{ + unsigned long i, nr; + + for (i = 0; i < npages; i += nr) { + struct page *next = nth_page(page, i); + struct folio *folio = page_folio(next); + + if (folio_test_large(folio)) + nr = min_t(unsigned int, npages - i, + folio_nr_pages(folio) - + folio_page_idx(folio, next)); + else + nr = 1; + + if (make_dirty && !folio_test_dirty(folio)) { + // FIXME: do we need this? private memory does not swap + folio_lock(folio); + folio_mark_dirty(folio); + folio_unlock(folio); + } + folio_put(folio); + } +} + static void batch_unpin(struct pfn_batch *batch, struct iopt_pages *pages, unsigned int first_page_off, size_t npages) { @@ -638,9 +667,14 @@ static void batch_unpin(struct pfn_batch *batch, struct iopt_pages *pages, size_t to_unpin = min_t(size_t, npages, batch->npfns[cur] - first_page_off); - unpin_user_page_range_dirty_lock( - pfn_to_page(batch->pfns[cur] + first_page_off), - to_unpin, pages->writable); + if (pages->kvm) + memfd_unpin_user_page_range_dirty_lock( + pfn_to_page(batch->pfns[cur] + first_page_off), + to_unpin, pages->writable); + else + unpin_user_page_range_dirty_lock( + pfn_to_page(batch->pfns[cur] + first_page_off), + to_unpin, pages->writable); iopt_pages_sub_npinned(pages, to_unpin); cur++; first_page_off = 0; @@ -777,17 +811,51 @@ static int pfn_reader_user_pin(struct pfn_reader_user *user, return -EFAULT; uptr = (uintptr_t)(pages->uptr + start_index * PAGE_SIZE); - if (!remote_mm) - rc = pin_user_pages_fast(uptr, npages, user->gup_flags, - user->upages); - else { - if (!user->locked) { - mmap_read_lock(pages->source_mm); - user->locked = 1; + + if (pages->kvm) { + if (WARN_ON(!pages->gmem_pin)) + return -EFAULT; + + rc = 0; + for (unsigned long i = 0; i < npages; ++i, uptr += PAGE_SIZE) { + gfn_t gfn = 0; + kvm_pfn_t pfn = 0; + int max_order = 0, rc1; + + rc1 = pages->gmem_pin(pages->kvm, (void *) uptr, + &gfn, &pfn, &max_order); + if (rc1 == -EINVAL && i == 0) { + pr_err_once("Must be vfio mmio at gfn=%llx pfn=%llx, skipping\n", + gfn, pfn); + goto the_usual; + } + + if (rc1) { + pr_err("%s: %d %ld %lx -> %lx\n", __func__, + rc1, i, (unsigned long) uptr, (unsigned long) pfn); + rc = rc1; + break; + } + + user->upages[i] = pfn_to_page(pfn); + } + + if (!rc) + rc = npages; + } else { +the_usual: + if (!remote_mm) { + rc = pin_user_pages_fast(uptr, npages, user->gup_flags, + user->upages); + } else { + if (!user->locked) { + mmap_read_lock(pages->source_mm); + user->locked = 1; + } + rc = pin_user_pages_remote(pages->source_mm, uptr, npages, + user->gup_flags, user->upages, + &user->locked); } - rc = pin_user_pages_remote(pages->source_mm, uptr, npages, - user->gup_flags, user->upages, - &user->locked); } if (rc <= 0) { if (WARN_ON(!rc)) diff --git a/virt/kvm/guest_memfd.c b/virt/kvm/guest_memfd.c index e930014b4bdc..07ff561208fd 100644 --- a/virt/kvm/guest_memfd.c +++ b/virt/kvm/guest_memfd.c @@ -659,6 +659,46 @@ __kvm_gmem_get_pfn(struct file *file, struct kvm_memory_slot *slot, return folio; } +int kvm_gmem_uptr_to_pfn(struct kvm *kvm, void __user *uptr, gfn_t *gfn, + kvm_pfn_t *pfn, int *max_order) +{ + struct kvm_memory_slot *slot = __uptr_to_memslot(kvm_memslots(kvm), + uptr); + bool is_prepared = false; + unsigned long upn_off; + struct folio *folio; + struct file *file; + int r; + + if (!slot) + return -EFAULT; + + file = kvm_gmem_get_file(slot); + if (!file) + return -EFAULT; + + upn_off = ((unsigned long) uptr - slot->userspace_addr) >> PAGE_SHIFT; + *gfn = slot->base_gfn + upn_off; + + folio = __kvm_gmem_get_pfn(file, slot, *gfn, pfn, &is_prepared, max_order, true); + if (IS_ERR(folio)) { + r = PTR_ERR(folio); + goto out; + } + + if (!is_prepared) + r = kvm_gmem_prepare_folio(kvm, slot, *gfn, folio); + + folio_unlock(folio); + if (r < 0) + folio_put(folio); + +out: + fput(file); + return r; +} +EXPORT_SYMBOL_GPL(kvm_gmem_uptr_to_pfn); + int kvm_gmem_get_pfn(struct kvm *kvm, struct kvm_memory_slot *slot, gfn_t gfn, kvm_pfn_t *pfn, int *max_order) { diff --git a/virt/kvm/vfio.c b/virt/kvm/vfio.c index a4e9db212adc..7c1d859a58e8 100644 --- a/virt/kvm/vfio.c +++ b/virt/kvm/vfio.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "vfio.h" #ifdef CONFIG_SPAPR_TCE_IOMMU @@ -25,6 +26,7 @@ struct kvm_vfio_file { struct list_head node; struct file *file; + bool is_iommufd; #ifdef CONFIG_SPAPR_TCE_IOMMU struct iommu_group *iommu_group; #endif @@ -87,6 +89,36 @@ static bool kvm_vfio_file_is_valid(struct file *file) return ret; } +static bool kvm_iommufd_file_is_valid(struct file *file) +{ + bool (*fn)(struct file *file); + bool ret; + + fn = symbol_get(iommufd_file_is_valid); + if (!fn) + return false; + + ret = fn(file); + + symbol_put(iommufd_file_is_valid); + + return ret; +} + +static void kvm_iommufd_file_set_kvm(struct file *file, struct kvm *kvm, + gmem_pin_t gmem_pin) +{ + void (*fn)(struct file *file, struct kvm *kvm, gmem_pin_t gmem_pin); + + fn = symbol_get(iommufd_file_set_kvm); + if (!fn) + return; + + fn(file, kvm, gmem_pin); + + symbol_put(iommufd_file_set_kvm); +} + static struct vfio_device *kvm_vfio_file_device(struct file *file) { struct vfio_device *(*fn)(struct file *file); @@ -167,7 +199,7 @@ static int kvm_vfio_file_add(struct kvm_device *dev, unsigned int fd) { struct kvm_vfio *kv = dev->private; struct kvm_vfio_file *kvf; - struct file *filp; + struct file *filp = NULL; int ret = 0; filp = fget(fd); @@ -175,7 +207,7 @@ static int kvm_vfio_file_add(struct kvm_device *dev, unsigned int fd) return -EBADF; /* Ensure the FD is a vfio FD. */ - if (!kvm_vfio_file_is_valid(filp)) { + if (!kvm_vfio_file_is_valid(filp) && !kvm_iommufd_file_is_valid(filp)) { ret = -EINVAL; goto out_fput; } @@ -196,11 +228,18 @@ static int kvm_vfio_file_add(struct kvm_device *dev, unsigned int fd) } kvf->file = get_file(filp); + list_add_tail(&kvf->node, &kv->file_list); kvm_arch_start_assignment(dev->kvm); - kvm_vfio_file_set_kvm(kvf->file, dev->kvm); - kvm_vfio_update_coherency(dev); + kvf->is_iommufd = kvm_iommufd_file_is_valid(filp); + + if (kvf->is_iommufd) { + kvm_iommufd_file_set_kvm(kvf->file, dev->kvm, kvm_gmem_uptr_to_pfn); + } else { + kvm_vfio_file_set_kvm(kvf->file, dev->kvm); + kvm_vfio_update_coherency(dev); + } out_unlock: mutex_unlock(&kv->lock); @@ -233,7 +272,11 @@ static int kvm_vfio_file_del(struct kvm_device *dev, unsigned int fd) #ifdef CONFIG_SPAPR_TCE_IOMMU kvm_spapr_tce_release_vfio_group(dev->kvm, kvf); #endif - kvm_vfio_file_set_kvm(kvf->file, NULL); + if (kvf->is_iommufd) + kvm_iommufd_file_set_kvm(kvf->file, NULL, NULL); + else + kvm_vfio_file_set_kvm(kvf->file, NULL); + fput(kvf->file); kfree(kvf); ret = 0; @@ -476,7 +519,10 @@ static void kvm_vfio_release(struct kvm_device *dev) #ifdef CONFIG_SPAPR_TCE_IOMMU kvm_spapr_tce_release_vfio_group(dev->kvm, kvf); #endif - kvm_vfio_file_set_kvm(kvf->file, NULL); + if (kvf->is_iommufd) + kvm_iommufd_file_set_kvm(kvf->file, NULL, NULL); + else + kvm_vfio_file_set_kvm(kvf->file, NULL); fput(kvf->file); list_del(&kvf->node); kfree(kvf); From patchwork Fri Aug 23 13:21:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775248 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2078.outbound.protection.outlook.com [40.107.92.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A3B7A18661A; Fri, 23 Aug 2024 13:31:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.78 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419876; cv=fail; b=MQWTYFyITDV6Q7vrAy4qYNt4VaaaPnR7+0ZQVVXiu/TLVyu9t81QDceKjrVuaxar0MHGDHYBzIhVOL1+koPNnFCc5oTZcestqmA+MrSijkV+w+jjmIqd3SdtUKtBdITfasFdj7zpQuBUyXkd6KgMOgrwEwpCaI/XdyFP/D7R+K8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419876; c=relaxed/simple; bh=L6pd26/9c5ODDOY9aJZ0s+HK9y1ZBYz6bPFlCbUXDT4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=IquR4hR0bC92AwloICRGjYiN0mSIpxkGLRlJmbGBaBmtrt1UiUXvykW4QDZ2CiRRgCxrxfWDmxWKA5t6SeGbfXGEedDbxpYmaQwH5lwwLAketvNGnWlAuYo5LilDqWk3wd8EI568oA/kX1XBGoF7k3TacSxrcSC2cR9W40yVops= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=B03MGVNP; arc=fail smtp.client-ip=40.107.92.78 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="B03MGVNP" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QfH+xHr/Mcgi6Ehrl0ciuwiMjIDhqFRNHcyRZynawZV88+FY64jLTGC92lPB9ZWcFXb2/3Iy4NuTu7GYZ4PDODp4PX6kupZTWVIfQbnPvQyROKffZGF0P1prnLU0ByKka+pY6c9GjUVo1hAINNl07afVTaJiETQJL/vi55TeAsvg2v1QP4o8vUkJOsuvq3WVn8xfFwY0OKaq+Jpbt5lHUzhFT45ozywRur196D/VtahVzxe7sxmdUY/hqWAn7LnF1c3/ZXqALHCEaEkxPI67O6al9qne4tjp4OzLZJy9h5DLJgpIL47CTuRcJU9kVq/Oqjd1yGGXRPH/3xHuy5tyAQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KHDV/OEuyy1j1v1UJzuiCPuYoYMTBdR78IoDRdsVYTo=; b=PMp5pBPvsEGjnle3Jv74NKVvlwWXxcpZuhqMnksdrkx7rx/y9MFWL+8lnixCdY4Iopn2LymXvsn/EbLnEX+WvZURazsJUtEEPFn9ySHcdPGwFDxCn3JFicCP57lOl0USFvoEk6qSox3JQjhOqe9/dwcUXAlxpG2kv6XgvNYUC9mBdfs1SWDyG4X34DpvEIyjuS2D0dWBzV8OIOPlrOK3oTbo+hBk3IpqTI9vC62k2SzzgP+oqxLwRdH+dqan+HZfimm3OjFQ2qZDTHhTwpLLm7g1k86M2S57iWu+kRnbXPlhltoXhz1uraR73SjOAwft8uo81HqP0GlPSF2xqWuKXw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KHDV/OEuyy1j1v1UJzuiCPuYoYMTBdR78IoDRdsVYTo=; b=B03MGVNPVx7hwqGPW5fLfus81ClX6E3ar4whOwlTa67u7MVkFnPtmOi+wXvkxUKUo1h3pxLrnZzWJp7OhYqP9K24JUxToPw3Q0v02scdP7JF3PXUoy57+gNOgZdu387yayexIGzXrFLa4yYTipg0fmoUi/zYut1Fixd9wsoickw= Received: from PH7PR02CA0027.namprd02.prod.outlook.com (2603:10b6:510:33d::16) by DS0PR12MB7534.namprd12.prod.outlook.com (2603:10b6:8:139::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21; Fri, 23 Aug 2024 13:31:11 +0000 Received: from CY4PEPF0000EE31.namprd05.prod.outlook.com (2603:10b6:510:33d:cafe::e7) by PH7PR02CA0027.outlook.office365.com (2603:10b6:510:33d::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:31:10 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE31.mail.protection.outlook.com (10.167.242.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:31:10 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:31:04 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 13/21] KVM: X86: Handle private MMIO as shared Date: Fri, 23 Aug 2024 23:21:27 +1000 Message-ID: <20240823132137.336874-14-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE31:EE_|DS0PR12MB7534:EE_ X-MS-Office365-Filtering-Correlation-Id: 819b8ffa-7789-4a69-6c58-08dcc377d9bf X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|36860700013|82310400026|1800799024|376014; X-Microsoft-Antispam-Message-Info: qPVdSoQlMba8XHmoAHr43s7qV+qM6CshJwGDkfUmVEOmXkFXcU+AvcRV2qzIBWwNiJM2C8udTywwy3+W9uB4A/HuRZ4D/sJxWiGNC/gtl1GewqkuF256NFmddnzO7j9uSuasWxQ/lO/kKUSAfaJAdT7wjSNhH3/rp+pfRwym5GoEEr8vbMWG4Wg7hOauka5AXcGqH9U2OeRzt7t4G+Vrmba1A5UpsnW1NduyYbmOzHomKNHGd+yGSkz+lIKhnI9k2axyMIn54c/yqQ1H9zJ1pCPzPZndIg0WTb8n1MVlF+zXdsT73rx16fUxlkai9VAGCVXIJjXzctZIefSUpG4WHVgAy0AIUWAW+PPATYqBIi3SGK7+0Pdh2pVEwP+oyCYnmYAJQwe6Ap0FOR2LChp8qMFJ0fBLIa8UCAJYK7A7irOyUegFgm4igoWfmyUIugKbwLgVkfD4P83gQs8ybGZp60Vddzyow0Mqz+Xfe188wJJfkZmiM0jNzUeM/REDmx9rXX88nMm3O0KHvF65hydVk+gie4Fw8tHdabYsXxXW+tiWZMbJMipmqofasCcfj5dRINVN4AHivTqQKE0DA70m2zF4xMEePXCn04VBDlfCNFaZQIYpOCK+P2FSZxpRgsMGyE5///EGHDjcmp9TXKxlIxvJppANwHoPNFPOL7SsN7Gr767jJLbhj4QNjrnA2eZkbosB3zrXuil577pfUF2ZPbZezWHjrKS/7GdkeYUTW+yVvrr0LQ3/JT9Ryd8npnUbrxth6DyXMCD035+B7S8aT16QaI7t4Jz4ytSQ1DZnSmMkhcwAIiHDyNCkDW6foAlOOB07NqBc2/eBK9++UaRWfEuCG4iL+gmT0CxpfFn+vVtPYfHKFo+FwY9sZ1J8E4bBwIvsBw2qvvMKolZMD2YHaFX+6+K1J6HZZkX5sa5zlQL0EsrNKm0sD6AcwRdVoGxr6j7ykE0M1kjH4S1wTznGREJxvTzQVbBzMUYOU2kJiNfU9uCTlTjIiwZ7W3J6sqh8wTr09zpyj9iz5yrmENxgkileYFxfgnS+I2voNxIIv2zSVstpZvjvgGXMT7x885BS5DkFLb49+teF/kfl5Gh+gcqoq9UpkwRpEmzdyfsX7BF7gCk1CD6ZA8v4L/lGGLa8AkSsF/cgJm8CrNfoCts5MMJneGdrIIUqvcr2TKNZVSGBncr1ulpvwWmu1Ot6oBssVz9H8f1IH2QY7EektiPDzNmthOvwsKxl0+yshrQnn4Aldsf8I9ycQz83V9ZKnLv5lVgl3+irgQp0nWisinZ9++DJRn8rown2k9/Jb0SGaNl+3gQzxj2NPCtOC3aGVmmWPdiFj4ndgnHe33FqA21BXrBHyY+L3TmlTz5mmFU36Zl37Hj640kMCza1q930v09eZMFkrnKFi7GdfwqOrdx5ojpP5yJJ6FWyoZ98dkN/pLOSeusHVjxOw9z5IYfanrFa X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(36860700013)(82310400026)(1800799024)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:31:10.0243 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 819b8ffa-7789-4a69-6c58-08dcc377d9bf X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE31.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7534 Currently private MMIO nested page faults are not expected so when such fault occurs, KVM tries moving the faulted page from private to shared which is not going to work as private MMIO is not backed by memfd. Handle private MMIO as shared: skip page state change and memfd page state tracking. The MMIO KVM memory slot is still marked as shared as the guest can access it as private or shared so marking the MMIO slot as private is not going to help. Signed-off-by: Alexey Kardashevskiy --- arch/x86/kvm/mmu/mmu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/arch/x86/kvm/mmu/mmu.c b/arch/x86/kvm/mmu/mmu.c index 928cf84778b0..e74f5c3d0821 100644 --- a/arch/x86/kvm/mmu/mmu.c +++ b/arch/x86/kvm/mmu/mmu.c @@ -4366,7 +4366,11 @@ static int __kvm_faultin_pfn(struct kvm_vcpu *vcpu, struct kvm_page_fault *fault { bool async; - if (fault->is_private) + if (fault->slot && fault->is_private && !kvm_slot_can_be_private(fault->slot) && + (vcpu->kvm->arch.vm_type == KVM_X86_SNP_VM)) + pr_warn("%s: private SEV TIO MMIO fault for fault->gfn=%llx\n", + __func__, fault->gfn); + else if (fault->is_private) return kvm_faultin_pfn_private(vcpu, fault); async = false; From patchwork Fri Aug 23 13:21:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775249 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2041.outbound.protection.outlook.com [40.107.243.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 05B4B185B5C; Fri, 23 Aug 2024 13:31:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419895; cv=fail; b=dbSIT3Ya+OnTphclLEjoSFacix+zS1zlosvB/WRv7rJBm742tc8wxpOwA/W9qc+deKdaO2ajUF/pvOU6vkBY2xNHo906c1Xy//jAFb/D4w7UjCKkirwBbiXcjTQK/KIltA7PIzUDHw3PErqHMJjmIEMQ/DLxrJHHWnh5eWCJIiY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419895; c=relaxed/simple; bh=DVYmquRXc6haxg2hb1v/Ott/JyEZRTVcz9NOFh04jOw=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=c/ZIOpBYH3UgT+7FZTaTR1pdrRUTUFLzvSDoXKHOPFXQKXAWdRynGVkxDAKqSA/OyhBamRxrkPlUeKmlqqTJ/f12WCWkDuw5IDsdDOdTbEJ4DRwdrEp27W1lmvSZahNmTc3F718XZbTbi7szlpLoQ5+XCrvz51iEL6F+4eVRZLw= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=jWWRrfWy; arc=fail smtp.client-ip=40.107.243.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="jWWRrfWy" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LYWIbeMjQvqBKkt8ifKv6EGwXyD43juZjfEYumII+1oKhGCOLkznt12CQMY/fc8+lZxdnXXkfG+2Mr0he0uJ7h2Bi+JmojIw4ISCjSzwRGjYZllrZuXI2HYtcm992QueTf4O/An7Beib8t7kufMutWcZCGSnRJaVcpiyy4jwl3gv7Lh+wRVXU0Rore6H6EEyOFwIbhwL1bcFyNDdYwKCqSyG7KeIMgBlR3JbduHEen9Q0+uCIaTFZV+HMJwBZ5lU9VhoY0o4ofscQ880ugPUVLfWGVN5T7hCs1JthDl9w2gTMAi+EohP0qQAJi00LRhbJ/EPl9rG2p9oYYTORBqVcw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CfHbBvzcZsUbH+nIjbRE2CVUfaXe64pBFGG/FShb17w=; b=XcUxAT7IS4F5noxNY9weMvJzNkI+oc/u6jZqkRmm7OAiqrKM++RyfE7+HNYinfriN8nU1lNRA8CJ3a3heXzaBF0QRB7qBJNtDRyvcM00tzM0Qnw5IXcYA4OtKkItlRf3dCPtljuCu5DP38zOLLEkYfrFIzDb3Lchir2o1mEYUhLRA8FH9SVzbSrtC8JkzwiO2JUAPErBcZoBpjdUcyxddgygtkMgp+wy+ePG5Zr9V8+FLgDgMPTgzkeWCXVD93Kna/puawFiKDPasK7vqdb0vOWCEAIXpbFFN8PaWjEqAE+BZELyhKO1Gx/K7pX+xHQzuOoN9ePJCJgzEtq3ZcVB0w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CfHbBvzcZsUbH+nIjbRE2CVUfaXe64pBFGG/FShb17w=; b=jWWRrfWyVbAYkRER0R7y09UL/+gaLOrvjyxiuLdLqGSzQyIr8dlpgWPfyUhhSR0E6qLAgv7Y2ExsKu77Kh8UBceRavjx38HT7jsll+zOc4k4E92og03bs4GknY/KNLsu21bRlQzjtu7aRQPGELJhmuGHgJS5BoKdtRc+6YHi2b8= Received: from PH7PR02CA0026.namprd02.prod.outlook.com (2603:10b6:510:33d::35) by DS0PR12MB7559.namprd12.prod.outlook.com (2603:10b6:8:134::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:31:28 +0000 Received: from CY4PEPF0000EE31.namprd05.prod.outlook.com (2603:10b6:510:33d:cafe::ea) by PH7PR02CA0026.outlook.office365.com (2603:10b6:510:33d::35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21 via Frontend Transport; Fri, 23 Aug 2024 13:31:27 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE31.mail.protection.outlook.com (10.167.242.37) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:31:27 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:31:22 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 14/21] RFC: iommu/iommufd/amd: Add IOMMU_HWPT_TRUSTED flag, tweak DTE's DomainID, IOTLB Date: Fri, 23 Aug 2024 23:21:28 +1000 Message-ID: <20240823132137.336874-15-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE31:EE_|DS0PR12MB7559:EE_ X-MS-Office365-Filtering-Correlation-Id: b45b41d5-374e-468a-3f58-08dcc377e418 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|36860700013|82310400026|376014; X-Microsoft-Antispam-Message-Info: rz6bnsvP6o4dX4/Q1T9roFohV98RQGpmWs1FXSgAF+pevXEM7UBYeAHKJEZMZAVzMSmshkncSOWMsJ2+7dOhK38s5dzvRNtnzSoja0h9Fn12qiJuaUcUsnSwGzrSkvw3OqG3pxbEbsnbt/fvLH8diSmYWBNb5YARWm8yL6L/TKCw0a1ygRfFb+ncz5Yi9WE20fWOb9z/ra0QGMI8zlUFi9hiDT0TWYUOHyXZE9cXV18ZBG0iruAdxlZmfPJBxbieSvy41nyFgtIv7KMxxPNaxqVMsn4JHD+5bnBvuObS706klUpsXPgSwf1I+fkfwMNnMVGjhlcA1EuYHJM9WI32nZzdzePbxps/7caqqTjegXagvaZXobL2ZrpB+gemmAO1ae07fwZrjhO2uCT/KeEV7wdtqLxo7uhy/T2GZughE95s1H6VWe1IKEtvEjZpulztTdaw3ygva0FioZyiGpKMwk4BlBguCJvrcTsLdDi+vhyG3aeXNyubXV4173XfR4r0raUcAg2ziZnuUiM/UQ0wQ+f5A0H3YedD6BGtbG/R5Dn1BLnjSEIDzhStGW8f9QfJQFIuz13II5EhJCke0S8kOWzbjk03GgfZi8t2LHlkzC4VOy9scq+lbNOaT8sFiZOJGnizLh4hPh/IFXkIjpQp+riY7Qs4Q6JzyM9aMjrr5EOYfBdcGGrewFXRrXZ61KpkubhqvmURXKAu/TvvYuWuWYs1wprvwtlszOjAWavK/Pm2w2iWZ9GfHV2YNGNxGI+iB0cSmnqN6tdAqBJoicQ8jIn3bgWdkvPe/5Nvfv1KMKZPCZX9bj6B7TS4eUiszmbnSQKH2fQVGcM2JLcI3e0DIsSk5BUXk4cBi3VtrLJ7sEySIWOACEfLUfOc8m7OLuxIN8uBLY6x4s25HfTRa3iW6gbdA3b1hTTFtn08JlhkQ9NgRB57tllDMCHY+SxnRhweiHzfdGaOxa12aaCs0RY3dP1rQPk66cWtyAY97CclVPhq9wSvi6vPZZDptx52J7KZjK9LPyL8i960ys01FfFJ2AaKHbCc0PVFw3Gv+23Y6dzoNK5Crnv6bGc1TO9p9LrHAR8MOzzDOSh2yyAnwij5DhQ/xECfNpU2nsHAtDFMcbB/1obaGPqGb4VDPkogXy3kNAu1DnwXRJG6D7THRYW+P30lQ+L5hP2xOdpoLdqhjMzEzlvytsjPKdZ26J+bKStmxDxAyZxCJ52mJ6Xl+xOeJaT3vuRNMoV05/RzM+qRyeA8dZ7jZ7OFlFCeeJ0AUtkd88B63Gf2vW9r9wFkj4AUSAD88q1S5EYMmWiVhWuYKcLOcdVvZsTeGoW0LcBZ4AEbLlrLH8+bkoBA5/1TBBeIDr/2XqFTCjJzpH918fgAHVQYdhYb4KT4zN8biieWjWF8TXhoxfm/BA+QvzaRTClhX/fNMd3jbrMy4fzyAH5/elops8tIrS1zcKj033eEvCgF X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(36860700013)(82310400026)(376014);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:31:27.3836 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: b45b41d5-374e-468a-3f58-08dcc377e418 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE31.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR12MB7559 AMD IOMMUs use a device table where one entry (DTE) describes IOMMU setup per a PCI BDFn. DMA accesses via these DTEs are always unencrypted. In order to allow DMA to/from private memory, AMD IOMMUs use another memory structure called "secure device table" which entries (sDTEs) are similar to DTE and contain configuration for private DMA operations. The sDTE table is in the private memory and is managed by the PSP on behalf of a SNP VM. So the host OS does not have access to it and does not need to manage it. However if sDTE is enabled, some fields of a DTE are now marked as reserved in a DTE and managed by an sDTE instead (such as DomainID), other fields need to stay in sync (IR/IW). Mark IOMMU HW page table with a flag saying that the memory is backed by KVM (effectively MEMFD). Skip setting the DomainID in DTE. Enable IOTLB enable (bit 96) to match what the PSP writes to sDTE. Signed-off-by: Alexey Kardashevskiy --- drivers/iommu/amd/amd_iommu_types.h | 2 ++ include/uapi/linux/iommufd.h | 1 + drivers/iommu/amd/iommu.c | 20 ++++++++++++++++++-- drivers/iommu/iommufd/hw_pagetable.c | 4 ++++ 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/iommu/amd/amd_iommu_types.h b/drivers/iommu/amd/amd_iommu_types.h index 2b76b5dedc1d..cf435c1f2839 100644 --- a/drivers/iommu/amd/amd_iommu_types.h +++ b/drivers/iommu/amd/amd_iommu_types.h @@ -588,6 +588,8 @@ struct protection_domain { struct mmu_notifier mn; /* mmu notifier for the SVA domain */ struct list_head dev_data_list; /* List of pdom_dev_data */ + + u32 flags; }; /* diff --git a/include/uapi/linux/iommufd.h b/include/uapi/linux/iommufd.h index 4dde745cfb7e..c5536686b0b1 100644 --- a/include/uapi/linux/iommufd.h +++ b/include/uapi/linux/iommufd.h @@ -364,6 +364,7 @@ enum iommufd_hwpt_alloc_flags { IOMMU_HWPT_ALLOC_NEST_PARENT = 1 << 0, IOMMU_HWPT_ALLOC_DIRTY_TRACKING = 1 << 1, IOMMU_HWPT_FAULT_ID_VALID = 1 << 2, + IOMMU_HWPT_TRUSTED = 1 << 3, }; /** diff --git a/drivers/iommu/amd/iommu.c b/drivers/iommu/amd/iommu.c index b19e8c0f48fa..e2f8fb79ee53 100644 --- a/drivers/iommu/amd/iommu.c +++ b/drivers/iommu/amd/iommu.c @@ -1930,7 +1930,20 @@ static void set_dte_entry(struct amd_iommu *iommu, } flags &= ~DEV_DOMID_MASK; - flags |= domid; + + if (dev_data->dev->tdi_enabled && (domain->flags & IOMMU_HWPT_TRUSTED)) { + /* + * Do hack for VFIO with TSM enabled. + * This runs when VFIO is being bound to a device and before TDI is bound. + * Ideally TSM should change DTE only when TDI is bound. + * Probably better test for (domain->domain.type & __IOMMU_DOMAIN_DMA_API) + */ + dev_info(dev_data->dev, "Skip DomainID=%x and set bit96\n", domid); + flags |= 1ULL << (96 - 64); + } else { + //dev_info(dev_data->dev, "Not skip DomainID=%x and not set bit96\n", domid); + flags |= domid; + } old_domid = dev_table[devid].data[1] & DEV_DOMID_MASK; dev_table[devid].data[1] = flags; @@ -2413,6 +2426,8 @@ static struct iommu_domain *do_iommu_domain_alloc(unsigned int type, if (dirty_tracking) domain->domain.dirty_ops = &amd_dirty_ops; + + domain->flags = flags; } return &domain->domain; @@ -2437,7 +2452,8 @@ amd_iommu_domain_alloc_user(struct device *dev, u32 flags, { unsigned int type = IOMMU_DOMAIN_UNMANAGED; - if ((flags & ~IOMMU_HWPT_ALLOC_DIRTY_TRACKING) || parent || user_data) + if ((flags & ~(IOMMU_HWPT_ALLOC_DIRTY_TRACKING | IOMMU_HWPT_TRUSTED)) || + parent || user_data) return ERR_PTR(-EOPNOTSUPP); return do_iommu_domain_alloc(type, dev, flags); diff --git a/drivers/iommu/iommufd/hw_pagetable.c b/drivers/iommu/iommufd/hw_pagetable.c index aefde4443671..23ae95fc95ee 100644 --- a/drivers/iommu/iommufd/hw_pagetable.c +++ b/drivers/iommu/iommufd/hw_pagetable.c @@ -136,6 +136,10 @@ iommufd_hwpt_paging_alloc(struct iommufd_ctx *ictx, struct iommufd_ioas *ioas, hwpt_paging->nest_parent = flags & IOMMU_HWPT_ALLOC_NEST_PARENT; if (ops->domain_alloc_user) { + if (ictx->kvm) { + pr_info("Trusted domain"); + flags |= IOMMU_HWPT_TRUSTED; + } hwpt->domain = ops->domain_alloc_user(idev->dev, flags, NULL, user_data); if (IS_ERR(hwpt->domain)) { From patchwork Fri Aug 23 13:21:29 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775250 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2044.outbound.protection.outlook.com [40.107.243.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 15A50188584; Fri, 23 Aug 2024 13:31:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.243.44 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419912; cv=fail; b=eC0f3zEPwzsg/UlJJrcxMbzIS3h3EePDSM9S0q+qvCJkb7VOziRwbvPuUm/6TVxnSWW1fH0nCZMH9RrBxXCuxAlf+wML8n+17dqNlIM/fCgXQbAEpHMsV7usOVpBKt489g1IZBUyzlQ95D42gJrHbNwcZQWsGKYU6Vy/qfUpZ4Y= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419912; c=relaxed/simple; bh=7GzMks0EYKrLv+VixKNXp/5E2wJy9qmganXkUUhZdk4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=olzh7J1fHI5TVHXrdSyF9WXoyAKF9bV7uq52DuYyvlyAL7RwKdnvGomeWScS9arIWinVSjdA8hjSBVDdI/zkBsvKzQ0BdTahJkE5k6igsnTARu6GtJJbFDTNA90N7stKVedWgHCPfwg6WItPP5k/G1cwnBBZSDvYgjKLbWw77w8= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=p1p5BCvz; arc=fail smtp.client-ip=40.107.243.44 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="p1p5BCvz" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=fXzvmTXXla09gYQG99tcVBOvJg8j2fc1gBTwOLulTr0kvboo0So4d0GSpoYvlvR92K1ZIZ9/C5/GDQDrVWpONKf2TkMbODi74zTZdDzXPxsy+3Fydrv4hvRFGXyCQ1MeiTEf4lNSSva68lyvkWGoW3cMMApkwgydizHciAqV8I9XbdWjcULyy17MWebdyujl0GNVnLYcLbxol6KNVhYgcOHQ6pOaaGx3f2HTn1/vK49yMTzMApWmUAPUktxMywkhM5fjMtvRxSt+wEoJWoFq0CeRrrcEqL/6LRl+nll4ekTymX/wcseyYnJ4HnOuHG6c04DOuFrHg/nYaQcsNP856Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=+1xPQ3U96dvoS7pmq/ZA66j9P+pMgBy4tVEZt9dP+ew=; b=Xw1Ux0er/o26eGrf4TjXcHtG7qCf0vBQ3BxD15sl7jBniFufxAJQzT3cmPUaxUjlFZg28dWaJp96vGTCpbjGfDOxN2Wl/UpvXh9CXIJoCV6vd1iCmdkuh5NSZKioVZqDT3eRArQSeUI+SwWNawh8tAT8PkNbbwJHvP1jYvcP1DdfxUX0Mz3xMfv8t2RTT1oG3b7RqU/M1GOA2xpE2tbSK19DA7P47hIeoc01ll2vzr6oQ6WR/PCL0rARDiDOAQ9uLEAuZRUJkqsQRgS5k/Mh/IGzuPbxAPZXFvrK+U+OtbQkbAo4c2TNIqN6X94R2Yg2VPdosNB1WhazkQAU9ls4pQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+1xPQ3U96dvoS7pmq/ZA66j9P+pMgBy4tVEZt9dP+ew=; b=p1p5BCvztzGDLDD4MYQRBJEnlhtqAFu2yyo9wbR8vfto5OUoSsVLOVVnBbguYbHDXX/gtqGkXejAWk0xGYxb4KdxMB5DUSt2fV3GBu5bRm+slzv6ywehmUF0mJaCQ40ddZ3dLocemYRxspM2sVlkkWZm73O8mcd7sgDiARSKva8= Received: from PH8P222CA0012.NAMP222.PROD.OUTLOOK.COM (2603:10b6:510:2d7::25) by CH3PR12MB7547.namprd12.prod.outlook.com (2603:10b6:610:147::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21; Fri, 23 Aug 2024 13:31:46 +0000 Received: from CY4PEPF0000EE37.namprd05.prod.outlook.com (2603:10b6:510:2d7:cafe::30) by PH8P222CA0012.outlook.office365.com (2603:10b6:510:2d7::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:31:45 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE37.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:31:45 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:31:39 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 15/21] coco/sev-guest: Allow multiple source files in the driver Date: Fri, 23 Aug 2024 23:21:29 +1000 Message-ID: <20240823132137.336874-16-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE37:EE_|CH3PR12MB7547:EE_ X-MS-Office365-Filtering-Correlation-Id: e4a62538-00f2-4bce-5a7e-08dcc377eef4 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: 1qk/NSFIokSl7ZRhlxMrP9a3OkcVSb3YAZzIsPlvgPbzO2KGQihTQ33mfFyc57So+4sAGZt2/1KNcctGMb3GKb9wwckBwgfZMCV2DjL8T6bwaDMPjF1gFTSabf6Kc5uF6FDSxUuDIIeJac5ItYgfVBMbSpoEhjKfb9piZ5oIl0cmp4P4uU4N9RQvcU/P9BZklILrgJQfHnJqHEglDJuYhSI9JIJQTI10YGpcKc4X0NkkjKqlSy8qFLS20NrFGI/rBOIkYU2NudpiQFfaof1teU+rG5cSDJGILOWgoEAll8f9nQB6IyPxrYQB+EAlseIAyDEvlOMNa8OmEiTuc9tF4W8jzEH33VdZckjGmlB8E0SX/u9gusglPjHXotmShVkkjt9kLvEdiOP204wSZ2QFKxUuK3H0+2bTWWq2qHDmoPhx0E0lkRks/bbN+wAtVLrd5+IrQ+8Ui7peCSipvF16BFn1RLPZA/dqqaCiLwgQYu9VgNfJST/miYffR3q/WZTOI1+NlAUYqaEt0DL9abAmReLiJiXFDNlTjxjILQAoaHdWKC2tzFIR6zoO0Q0pJLkEQOspFT9G195bkpsu6h/HZS+tAaYql56JcJjSfq9Q7DAicWwmazK98zHD4IL7szYzKnhB90Xz7S3y6zWlKQbJRn5MWQg7LWkuCVXVA4CD8n2YtsdexmvmeJ5W+9sM05l0k2C1dxX2SMrpocsl3slMKrOXtEaF5eLWjznKSmtRo9mHUIwyDGxp5TcZ+TJ2ky2ie/UfUQoYp8NgrJ8Ts1h57q0YUgRJUo7S6R/LobFUMlfDSHbMJBL52QTRyritatsYUoJ4YJQCqq+O3Ocu8i3I+INUp5mWhDasaCQnZVuHF80UB4U1FQXRQUVqAgLxNClx8hZKwLNxrjkdw4iAz6oHSb9ajnXo2vOu7XQUbx4hLiHr80zJn5q1JxP//I2yUa4jnhAuozw6zyvQzofj6eIYNRDA99YxcvKUw01F984AhKiZnDKlgJ/m0841xZ1+RvngEUR9Wuwe4Zjc9Un9DgFbqHyvEmTMD74xmLU2hi5bU8dVxGQSGPcsKBcsIRPNo+CHMyfUUN6sBCMamcNjpJpXmT+EvG0OEd7AyNONf8zuUlmF8l+QFItZ1cw7diNc35imJVJy+OLjr/CQUxflTocyPI5UruVZA4QnGlVuATVtLO9RxLLc16ipeSuYhPiY9nKRNrzq/M97wilz+xnb/QNPpUwkoLA/Xz5oIbDgMPa0Zt8MlHQkoRDDesERXhJ7XDffPNd68kVBP8VDHIPNfRAoxg3inquRvwQD0IjI27H3V7Hv+wcDOlIsy9qFGpWn5UZ9FrVn8BTHklCtMwQv5zH6nr16+Mg2TidFPyOWLekKZWMCvvlDM72iryqc4D24nimuMZ6+HvIS3gcgfiGgIfptygoPJmoVxD4ekYoO0Cr9Ecwerirn/qRII0hwZK5oDfec X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:31:45.5564 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e4a62538-00f2-4bce-5a7e-08dcc377eef4 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE37.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB7547 No behavioural change expected. Signed-off-by: Alexey Kardashevskiy --- drivers/virt/coco/sev-guest/Makefile | 1 + drivers/virt/coco/sev-guest/{sev-guest.c => sev_guest.c} | 0 2 files changed, 1 insertion(+) diff --git a/drivers/virt/coco/sev-guest/Makefile b/drivers/virt/coco/sev-guest/Makefile index 63d67c27723a..2d7dffed7b2f 100644 --- a/drivers/virt/coco/sev-guest/Makefile +++ b/drivers/virt/coco/sev-guest/Makefile @@ -1,2 +1,3 @@ # SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_SEV_GUEST) += sev-guest.o +sev-guest-y += sev_guest.o diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev_guest.c similarity index 100% rename from drivers/virt/coco/sev-guest/sev-guest.c rename to drivers/virt/coco/sev-guest/sev_guest.c From patchwork Fri Aug 23 13:21:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775251 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2041.outbound.protection.outlook.com [40.107.94.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 710E518661E; Fri, 23 Aug 2024 13:32:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419930; cv=fail; b=WPwvT2dOou1iaYApW2aAy2YAlsxcwWB3pI9v4SirNQhzQJofVSSvxp56FUWQ71DeJQFVtCPX3LObKdlULADf+byxIBxp99VuS6RtaprVb+BIajD4xRBjHfAMuFWLCeIPhugvJ7lKdAXumi+l2yfCb9QFubYeq17aLywdekxIh6k= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419930; c=relaxed/simple; bh=gpFgV2h2RZZkmp5vz8NZkgLisTzYr3SiwrtT5CC5iLc=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=WFwZ4U+xrCHF1cPd1PtbRBVQHTNEpaXt7cuEukSAUR9RD7zPzL7p6bEeBOItldFziEfX3IB4zApGXcRLTRBsxVsi1kN2u/fWDYhnk+KqtZ7qC7A/EBtj0BW0rojUEWgf6xI4cZXGN8280ckqgCXFR4b2vcvXey+J7/54ZuTI8Z0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=wU8tEivf; arc=fail smtp.client-ip=40.107.94.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="wU8tEivf" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=BqB374F+jjvmkVfIACeLoU1siToCb1F5D2kxoj3oHcSY6plBEk61y3+/RXPP4wOkVtq7JEjzNG6aQf27So6wuX95dOrurfUyrn2XLXWnHAoR6KgmTPESp/A+avS9dFgkxfTCYDWXuzJiupi/02Ro7sK3rByDkGvAOeCkXtqrQ/tEKugkagqBBclZ1LinSMIUB387b52Lj6I5YqDV0GWyLAXbV1tGd72dCZz67rtABCyQdIQGkSV04uc2JpxIQxZOP9AxYPxZPMNmwC5zxaLCjR5DdDMtCHAzm5oaFWyfg1ZFSdm5GXLK4FzLIwTKpVHv6I56Ptnr21Y3M26xH2zCIw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xm5saKQT8jzFU7WuGTEk01UPQZ7xHjgNXipj6LFIXY8=; b=KIC5xen9mZPtpFf3RfTz8mhy7re3sQ8pFumFgVc/Q450GbU3nVkZDl8XOQSJFiT8baDDK5h9D7JoULmD2OP8kUnyw0d9YnyxhB0InHy5ouGSOAo4B/uaNTld4MF5Yu52VByHnNAfhdYyOFbEDOMjE15WG15gYyJeSjDw6Q8Hx7I9GNz0h6RZUu380PkvqIiHvr/8yjUagRx5hK5LH/80AGfXNRbI9lMIUhuE/CY3oFIcT0PpslFAYR1nI/Qkk0uiMOyOcmsa0kYllNRXi0OK6gOvC2Mv3JGSPIMGJOGgPVWJWG1CuQ2wODC9Y2ZpiGDfgoaY4oYsuFcHZRO3OTZrcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xm5saKQT8jzFU7WuGTEk01UPQZ7xHjgNXipj6LFIXY8=; b=wU8tEivfCMLRjeR4R0u8lYtcD/GFWLafwKzj3HOuIckn8EHen9BC2we15XBEPyzVPczG/WOX3OLKgmKCAVuKhUT0fB99jeGlQ190lxDjAOwn1z2ICsnRxMN9QwCcftri+MQ+XASudQ0Pg4QR4Z22to81l2E3riKJ03p8CB1Fyts= Received: from PH7P220CA0003.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:326::25) by PH8PR12MB6747.namprd12.prod.outlook.com (2603:10b6:510:1c3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.18; Fri, 23 Aug 2024 13:32:04 +0000 Received: from CY4PEPF0000EE30.namprd05.prod.outlook.com (2603:10b6:510:326:cafe::8e) by PH7P220CA0003.outlook.office365.com (2603:10b6:510:326::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:32:04 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE30.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:32:03 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:31:57 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 16/21] coco/sev-guest: Make SEV-to-PSP request helpers public Date: Fri, 23 Aug 2024 23:21:30 +1000 Message-ID: <20240823132137.336874-17-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE30:EE_|PH8PR12MB6747:EE_ X-MS-Office365-Filtering-Correlation-Id: a6eea877-7511-4e31-caec-08dcc377f9c9 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|376014|36860700013|82310400026; X-Microsoft-Antispam-Message-Info: y2SCZCKU8DMq8rzkw451w1oMC3U4hNDrzgzrCiKlpLd7LFIEu7iyM2SDFlo2IP+2Re76P0ppd/hslXpNiIl/Lgo/PY8DqaNBMfBVRJ0aZBgjfPevm/a43tDRsebj0VAJf0Mz7tn9MgYg+I2jqYR5oefXZXruLrCwLv9G3DYX3Rj3beqPdHFTybjZ8BcReEGGiWUHSx27UyvfTBPW4XFuL6XuXQd56ZuGV1ibjQ0HlgZx2sFXyFxcX+zFWLGboNzyKEezx8tJzcog59daGXCF0ZZdJMrksgxqjteTeKDfZcDoHYaGcdMni3s8JscVprSweo0eqNCwmhKSdYOzAiKj7FJkFVjPli6cAnej1HDbGsEplKOd25r7YR49HAZekaifYJpnJNTAmqUn8qm7+p4RULcFz2s7c9NjCMP+cPBT1KwtRrb/29tspGg7hILpL1kHDgomKklrR34cT38m8V2RQLiodkY8LjojXPDPEo3Na8nm+DIvCd6tzg2s3wD54UePHT1K3qrEzPhGr64/am9Csb2Sz/+bNOHLKVnC7V8eeCbf3ZoOqMRVDWkxueHa+4AuMYdmuIRH2Z26e7wThaFrxUumrAs5Joug0FiMe3TNVue37/S6BH9xw17Pb8KalTJuKkjHWRDdbgGj24MMK9WHGoy2jyqmxq7/FLOMg56A2jmawdJwZwwZXdzChJ/kpK+8BG/58e3eWhGq6wKtinsXgmIG23QEY27TC6IDgYTwcdLeUf+w7JdTtnsJXkivpcilTEd62QNVHVgZ/9xxd07hfyD/SGm2EtzLzXuJTthcFjZ09SzROZIi6lOFxTSCVFDr+oicI6nUyOeyHz8hmbQ9FLZuvaaJ9FZSfesPUxHbnx//BS02eMeSJHTSmm9H8nnT6VV33B2IEHdCyH3vjkLoC3C/cEf/pBCe8OES91R5bA6Uec6uAYB/mhC/3WuxzseePw6ijX2DWOsdYdWPhX3W6elPOoNYFy/vKhsGOhb10mhcyfCCoyLsoWQSV5HkR8bfGoFBXRFi26LbbF7pY0XsCXgcHqVA6Ds1zpqE/4VKusZ/ueU8HMZtMrw2rbYd8gCD+vMlCXcS4iyIbCAFkgDp1bxg8BKfdZBFKHVW214d4/cUbyE1qylpD/yNIpKhMKWMTgDEF7Mds3hxt5zcBnZ1+ZfD7E7CtWn/1zM1cyQ4WJZPN/VTk+0oLcjOwWnNEmvo8pYIgpAGlQCdHGMtSSkODh4kGajTSo8AXLZNqDhByZHzIfrqgCZOVPz4NFF8tP5lktWGUGeNwsfCcamcbjFEVlABRtN/wYMRGWHTZNeP93lvQg5cpvdBYXUgFjHoV5GZHDpJS72TC47sIyy4Lin2J2rvb8w/6ZLPsFgM87W6Uw+chXlvPRvz7VUC422c6jMmxxXMbLD+1BxQ5tEaaGfoh36ZYwwdsOTSq1bejIIuejCK+q48GErHBxY3c6GiuI/T X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(376014)(36860700013)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:32:03.7793 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: a6eea877-7511-4e31-caec-08dcc377f9c9 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE30.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR12MB6747 SEV TIO is going to a separate file, these helpers will be reused. No functional change intended. Signed-off-by: Alexey Kardashevskiy --- drivers/virt/coco/sev-guest/sev-guest.h | 54 ++++++++++++++++++++ drivers/virt/coco/sev-guest/sev_guest.c | 42 +++------------ 2 files changed, 60 insertions(+), 36 deletions(-) diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h new file mode 100644 index 000000000000..765f42ff55aa --- /dev/null +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -0,0 +1,54 @@ +/* SPDX-License-Identifier: GPL-2.0-only */ +/* + * Copyright (C) 2024 Advanced Micro Devices, Inc. + */ + +#ifndef __VIRT_SEVGUEST_H__ +#define __VIRT_SEVGUEST_H__ + +#include +#include + +struct snp_guest_crypto { + struct crypto_aead *tfm; + u8 *iv, *authtag; + int iv_len, a_len; +}; + +struct snp_guest_dev { + struct device *dev; + struct miscdevice misc; + + void *certs_data; + struct snp_guest_crypto *crypto; + /* request and response are in unencrypted memory */ + struct snp_guest_msg *request, *response; + + /* + * Avoid information leakage by double-buffering shared messages + * in fields that are in regular encrypted memory. + */ + struct snp_guest_msg secret_request, secret_response; + + struct snp_secrets_page *secrets; + struct snp_req_data input; + union { + struct snp_report_req report; + struct snp_derived_key_req derived_key; + struct snp_ext_report_req ext_report; + } req; + u32 *os_area_msg_seqno; + u8 *vmpck; +}; + +extern struct mutex snp_cmd_mutex; + +int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, + struct snp_guest_request_ioctl *rio, u8 type, + void *req_buf, size_t req_sz, void *resp_buf, + u32 resp_sz); + +void *alloc_shared_pages(struct device *dev, size_t sz); +void free_shared_pages(void *buf, size_t sz); + +#endif /* __VIRT_SEVGUEST_H__ */ diff --git a/drivers/virt/coco/sev-guest/sev_guest.c b/drivers/virt/coco/sev-guest/sev_guest.c index ecc6176633be..d04d270f359e 100644 --- a/drivers/virt/coco/sev-guest/sev_guest.c +++ b/drivers/virt/coco/sev-guest/sev_guest.c @@ -30,6 +30,8 @@ #include #include +#include "sev-guest.h" + #define DEVICE_NAME "sev-guest" #define AAD_LEN 48 #define MSG_HDR_VER 1 @@ -39,38 +41,6 @@ #define SVSM_MAX_RETRIES 3 -struct snp_guest_crypto { - struct crypto_aead *tfm; - u8 *iv, *authtag; - int iv_len, a_len; -}; - -struct snp_guest_dev { - struct device *dev; - struct miscdevice misc; - - void *certs_data; - struct snp_guest_crypto *crypto; - /* request and response are in unencrypted memory */ - struct snp_guest_msg *request, *response; - - /* - * Avoid information leakage by double-buffering shared messages - * in fields that are in regular encrypted memory. - */ - struct snp_guest_msg secret_request, secret_response; - - struct snp_secrets_page *secrets; - struct snp_req_data input; - union { - struct snp_report_req report; - struct snp_derived_key_req derived_key; - struct snp_ext_report_req ext_report; - } req; - u32 *os_area_msg_seqno; - u8 *vmpck; -}; - /* * The VMPCK ID represents the key used by the SNP guest to communicate with the * SEV firmware in the AMD Secure Processor (ASP, aka PSP). By default, the key @@ -83,7 +53,7 @@ module_param(vmpck_id, int, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); /* Mutex to serialize the shared buffer access and command handling. */ -static DEFINE_MUTEX(snp_cmd_mutex); +DEFINE_MUTEX(snp_cmd_mutex); static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) { @@ -435,7 +405,7 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, return rc; } -static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, +int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, struct snp_guest_request_ioctl *rio, u8 type, void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz) @@ -709,7 +679,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long return ret; } -static void free_shared_pages(void *buf, size_t sz) +void free_shared_pages(void *buf, size_t sz) { unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; int ret; @@ -726,7 +696,7 @@ static void free_shared_pages(void *buf, size_t sz) __free_pages(virt_to_page(buf), get_order(sz)); } -static void *alloc_shared_pages(struct device *dev, size_t sz) +void *alloc_shared_pages(struct device *dev, size_t sz) { unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; struct page *page; From patchwork Fri Aug 23 13:21:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775252 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2086.outbound.protection.outlook.com [40.107.94.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4966D188019; Fri, 23 Aug 2024 13:32:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.94.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419949; cv=fail; b=HcT5zgQefSSyXAjKo6HoTcEAZ9TXRLgnqT7qN3eJw2TXI5bhaV1g9LH5SMlDCYzV0mjWlL+8ll5W8c2eUovvcIiTs+z4Lo2WGFiI5V1jKP7te2Ej6nxz9k/PMPlQqjeUQGjVuCVmyAuUA0a7ovnbjp3hXVpg1SBXscf+11xYOaU= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419949; c=relaxed/simple; bh=2sSNnNiqrPK9u1bC+fx+PtkJGEtNQBTDs1bPprCle3M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=qbTF0AuBHNq9W+4nbfu57I/nxgm/6E/95tn0iI0GjlUuLK4+PfUOZ9nZa4vwgKk/WwkpYBaAgWoDG7Y+UHNwJ4rO3GffEdS5HPsmuWUmidshBI/040v1JFcDB0utph88qqwW/mnlGrWlToa/T9aaa3dQv4u8zH4r+a8CZd0UtRs= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=p7mqwdbv; arc=fail smtp.client-ip=40.107.94.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="p7mqwdbv" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=WGJZ5FMPHRo8EGPBU/mpBlrHaBNv8JlvNzq1YI72GZYE/HdCCJsn1TlUDqP7oxnGp3MIpczKuKcEC+mLSCnQr4SCqxhQ92VscN5w0JFPPa9IKpJPLARh8xUIZa5a7gmuFaMLopDSke8zcUd1qg3Tr2AQsmkYdCQrBxCiAYjjFFysItj2p8CV1AWviaH814Da4C3VCZpamRRGYyax1C067WLv0WBPr74VUfldpzzhFn34AWfAsmrHEMRKWtNWiogHgPKL+jMg9yP5Z7zezLlZSs898pLzlC/wFs3ERaxZ2GMDMNJlnqus/9JQeAsPX9ygvgPIIzFN0GciSMHXlEmqrw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XsIusbNi933NMJt5Rj3XHKhmTlQroQCHYhChkcWKWRU=; b=dZ49Bthy+8u3NEyxT7IQ6TpMkS5CsgKCFOYUn0Iz7MO+XqkzH4RmgmgmetA7jNifoQgMhPOaxKcXj9J2fcA2GWUM0jm/qtRCXYcmkDFegDnywV/t29KFhg/5cwlaYwpDsWTU+CEg5HVC3NZ0W6lt4EsHMect4OZiOhch5MAXoL/c9F0ZsaEFyIcGRxZQjS8x03EG+hB0yrY6XPO70U/bTEOMAsfZXxGLOCDH99331vSnLTnWkIvXlJD2ufzVDmcCAEfNgV90GrckxY8pzukzKcZsPiz2JF7TIZj4lKcooIsVBr81nsG0D3bVK6MlDl/TAxkgHccCcGglzjll0WTxCQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XsIusbNi933NMJt5Rj3XHKhmTlQroQCHYhChkcWKWRU=; b=p7mqwdbvEAY4BakJ2CXTxOyJS6jGO3SQvu/qd0S1/Q/saITZFWZsxrfXyNROlREBhDKtuRGrxjLxWtIgo/nk3vuYytys+QyKmehX2pCYfUECGHF4VePSyog8+5nNz9f5t/knD0XW7aJVz0uLldD3IpYiuwTKSEDw/G0ANf1VVJU= Received: from PH7PR10CA0012.namprd10.prod.outlook.com (2603:10b6:510:23d::26) by SJ1PR12MB6195.namprd12.prod.outlook.com (2603:10b6:a03:457::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21; Fri, 23 Aug 2024 13:32:21 +0000 Received: from CY4PEPF0000EE37.namprd05.prod.outlook.com (2603:10b6:510:23d:cafe::ec) by PH7PR10CA0012.outlook.office365.com (2603:10b6:510:23d::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:32:21 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE37.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:32:20 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:32:15 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 17/21] coco/sev-guest: Implement the guest side of things Date: Fri, 23 Aug 2024 23:21:31 +1000 Message-ID: <20240823132137.336874-18-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE37:EE_|SJ1PR12MB6195:EE_ X-MS-Office365-Filtering-Correlation-Id: 26d496f9-a68d-4fce-fad6-08dcc3780402 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|376014|1800799024; X-Microsoft-Antispam-Message-Info: M89j1Qy/WN3GIXysA0FdYLmpWPoCbwz9giDCFUNcyDrqMrbJC8nuBDQYMzILxMEUUQRyyuqNhPqZWdEnEnRKvCOMS/KrdRq0UYmBVRIHwvLoucU2pAADPG7BYgBwDnIE6sJG9KdFxO6/PJClrRDLG84JXqf09S7GFsuyaZyH1KDFlDKBGSVmAHKnfQKh/6uqxgYFwkzu/R5JsKiyFQD0p1O0yVliGS6kwWLs4V4QlSiYw8JiXOSoBn0HEWSN6qNemErjC+zyUdHx82huE8wvUI8orDtgt8fynLE7h8zkH7ym9l6eyguXjgU6MZgSq7vC1441ucgVqg1AAFOp3NptQ/lcYAN0P1svh0Q7RW0UdEExEDx68lXfQuOVrr7j55xggeVWyUgttdJfJ5e6QQwk5b/4F8TLfTtlv18TaVseW9/a6EPjXnRjMFiAtaAH3oWBL0lKn0FlHYSH5b+IXPMbp/TLwJU2wJezfUXhOVbesrofQi7VkWgnvnEfI2zYt2FHSnPwaD8RxD0jTdevmGd/dpWtfftmy3hatVX7xrsbTnIv4seGUODF4Ozwxgdapr4o4XjBh2bv2ffv+tS99MgZQyVoyVkAbHVNMcNijT8OJBSDkxAwWAXzb8e8lZyixem5piPGqKHdDeAk2F17CqVXU9tPhRqwv4/dOXB/aza4npo5Ie/361HAnt2zIMri7wVBz9c5AmVk25G37YFn+Pqx3jkCOnCBVpFApWmgA9I8Fdgi+dKb12D4U68OKhZgHk8x07F68bYrDARBCn3/iG2NSCBzeph9UYIToEd3pItqTAQKERImWOJBx4RfCbhJ71uviCQkFfxibqEiDXB/n4jrxM4JLC7Tdy8HdMXL4lAARVvRYDakYRzQHpx+AQtDV9PlB8apuQaDMfKZxu5jMBQmWbrl7KL5OQlRQ7fshoiNjZwRRx+aZf4ZcpRQj8QMiEFKtAZpHzhFLHc+16KkKR+Mi+vQMoeBf+z3urfJx9ltYauLpb7CT8y2/OeisrSCR5xatw5T+if9bqdC2p8H2IpnnTdDUb+7AsqLOAfPCzQswbHDkq0Q38s/G6lzqOZH5HjiKHfjIf246eBIc/TctaNp7FdsnLn3Y0Zq2l/B5EhBMLj6pNfWeQ3cQ/kg+clHHfaGaZHP1XMLAJ+sC17T3xLH3xnLnXQn5vktTYQyzWxFH2zuMe0m+2qFjAhNoIa29kqSFa4Zy6nAvmGa8eZOjDw5IkjNn+TSAzQ3DleNjq4wF3Fgowfx2f2SNyTHAPW3Nm0qDxXKUbYNN80WiEdDIwDbgnLno7BLTgBJtxY3TVHM0xeGf2vasFfu+Y+1jeWAalgCC3NVkq4IoEZZA12lQ3mcH1T50LO5AduBNSefDtBDwq8v62J8gbuKyPPuu/jxNwmsjJQOpJjFG48qlhEeuDp7YwMX0zOAygiI8moFjXTKO4qsN0ijNwysEuI/MClv1Hcn X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:32:20.9313 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 26d496f9-a68d-4fce-fad6-08dcc3780402 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE37.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6195 Define tsm_ops for the guest and forward the ops calls to the HV via SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST. Do the attestation report examination and enable MMIO. Signed-off-by: Alexey Kardashevskiy --- drivers/virt/coco/sev-guest/Makefile | 2 +- arch/x86/include/asm/sev.h | 2 + drivers/virt/coco/sev-guest/sev-guest.h | 2 + include/linux/psp-sev.h | 22 + arch/x86/coco/sev/core.c | 11 + drivers/virt/coco/sev-guest/sev_guest.c | 16 +- drivers/virt/coco/sev-guest/sev_guest_tio.c | 513 ++++++++++++++++++++ 7 files changed, 566 insertions(+), 2 deletions(-) diff --git a/drivers/virt/coco/sev-guest/Makefile b/drivers/virt/coco/sev-guest/Makefile index 2d7dffed7b2f..34ea9fab698b 100644 --- a/drivers/virt/coco/sev-guest/Makefile +++ b/drivers/virt/coco/sev-guest/Makefile @@ -1,3 +1,3 @@ # SPDX-License-Identifier: GPL-2.0-only obj-$(CONFIG_SEV_GUEST) += sev-guest.o -sev-guest-y += sev_guest.o +sev-guest-y += sev_guest.o sev_guest_tio.o diff --git a/arch/x86/include/asm/sev.h b/arch/x86/include/asm/sev.h index 8edd7bccabf2..431c12bbd337 100644 --- a/arch/x86/include/asm/sev.h +++ b/arch/x86/include/asm/sev.h @@ -117,6 +117,8 @@ struct snp_req_data { unsigned long resp_gpa; unsigned long data_gpa; unsigned int data_npages; + unsigned int guest_rid; + unsigned long param; }; #define MAX_AUTHTAG_LEN 32 diff --git a/drivers/virt/coco/sev-guest/sev-guest.h b/drivers/virt/coco/sev-guest/sev-guest.h index 765f42ff55aa..d1254148c83b 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.h +++ b/drivers/virt/coco/sev-guest/sev-guest.h @@ -51,4 +51,6 @@ int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, void *alloc_shared_pages(struct device *dev, size_t sz); void free_shared_pages(void *buf, size_t sz); +void sev_guest_tsm_set_ops(bool set, struct snp_guest_dev *snp_dev); + #endif /* __VIRT_SEVGUEST_H__ */ diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index adf40e0316dc..bff7396d18de 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -1050,6 +1050,9 @@ static inline void snp_free_firmware_page(void *addr) { } #define MMIO_VALIDATE_RANGEID(r) ((r) & 0x7) #define MMIO_VALIDATE_RESERVED(r) ((r) & 0xFFF0000000000008ULL) +#define MMIO_MK_VALIDATE(start, size, range_id) \ + (MMIO_VALIDATE_GPA(start) | (get_order(size >> 12) << 4) | ((range_id) & 0xFF)) + /* Optional Certificates/measurements/report data from TIO_GUEST_REQUEST */ struct tio_blob_table_entry { guid_t guid; @@ -1067,4 +1070,23 @@ struct tio_blob_table_entry { #define TIO_GUID_REPORT \ GUID_INIT(0x70dc5b0e, 0x0cc0, 0x4cd5, 0x97, 0xbb, 0xff, 0x0b, 0xa2, 0x5b, 0xf3, 0x20) +/* + * Status codes from TIO_MSG_MMIO_VALIDATE_REQ + */ +enum mmio_validate_status { + MMIO_VALIDATE_SUCCESS = 0, + MMIO_VALIDATE_INVALID_TDI = 1, + MMIO_VALIDATE_TDI_UNBOUND = 2, + MMIO_VALIDATE_NOT_ASSIGNED = 3, /* At least one page is not assigned to the guest */ + MMIO_VALIDATE_NOT_UNIFORM = 4, /* The Validated bit is not uniformly set for + the MMIO subrange */ + MMIO_VALIDATE_NOT_IMMUTABLE = 5,/* At least one page does not have immutable bit set + when validated bit is clear */ + MMIO_VALIDATE_NOT_MAPPED = 6, /* At least one page is not mapped to the expected GPA */ + MMIO_VALIDATE_NOT_REPORTED = 7, /* The provided MMIO range ID is not reported in + the interface report */ + MMIO_VALIDATE_OUT_OF_RANGE = 8, /* The subrange is out the MMIO range in + the interface report */ +}; + #endif /* __PSP_SEV_H__ */ diff --git a/arch/x86/coco/sev/core.c b/arch/x86/coco/sev/core.c index de1df0cb45da..d05a97421ffc 100644 --- a/arch/x86/coco/sev/core.c +++ b/arch/x86/coco/sev/core.c @@ -2468,6 +2468,11 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn if (exit_code == SVM_VMGEXIT_EXT_GUEST_REQUEST) { ghcb_set_rax(ghcb, input->data_gpa); ghcb_set_rbx(ghcb, input->data_npages); + } else if (exit_code == SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST) { + ghcb_set_rax(ghcb, input->data_gpa); + ghcb_set_rbx(ghcb, input->data_npages); + ghcb_set_rcx(ghcb, input->guest_rid); + ghcb_set_rdx(ghcb, input->param); } ret = sev_es_ghcb_hv_call(ghcb, &ctxt, exit_code, input->req_gpa, input->resp_gpa); @@ -2477,6 +2482,8 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn rio->exitinfo2 = ghcb->save.sw_exit_info_2; switch (rio->exitinfo2) { case 0: + if (exit_code == SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST) + input->param = ghcb_get_rdx(ghcb); break; case SNP_GUEST_VMM_ERR(SNP_GUEST_VMM_ERR_BUSY): @@ -2489,6 +2496,10 @@ int snp_issue_guest_request(u64 exit_code, struct snp_req_data *input, struct sn input->data_npages = ghcb_get_rbx(ghcb); ret = -ENOSPC; break; + } else if (exit_code == SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST) { + input->data_npages = ghcb_get_rbx(ghcb); + ret = -ENOSPC; + break; } fallthrough; default: diff --git a/drivers/virt/coco/sev-guest/sev_guest.c b/drivers/virt/coco/sev-guest/sev_guest.c index d04d270f359e..571faade5690 100644 --- a/drivers/virt/coco/sev-guest/sev_guest.c +++ b/drivers/virt/coco/sev-guest/sev_guest.c @@ -52,6 +52,10 @@ static int vmpck_id = -1; module_param(vmpck_id, int, 0444); MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); +static bool tsm_enable = true; +module_param(tsm_enable, bool, 0644); +MODULE_PARM_DESC(tsm_enable, "Enable SEV TIO"); + /* Mutex to serialize the shared buffer access and command handling. */ DEFINE_MUTEX(snp_cmd_mutex); @@ -277,7 +281,8 @@ static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, return -EBADMSG; /* Verify response message type and version number. */ - if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || + if ((resp_hdr->msg_type != (req_hdr->msg_type + 1) && + (resp_hdr->msg_type != (req_hdr->msg_type - 0x80))) || resp_hdr->msg_version != req_hdr->msg_version) return -EBADMSG; @@ -337,6 +342,10 @@ static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio); switch (rc) { case -ENOSPC: + if (exit_code == SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST) { + pr_warn("SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST => -ENOSPC"); + break; + } /* * If the extended guest request fails due to having too * small of a certificate data buffer, retry the same @@ -1142,6 +1151,9 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (ret) goto e_free_cert_data; + if (tsm_enable) + sev_guest_tsm_set_ops(true, snp_dev); + dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); return 0; @@ -1160,6 +1172,8 @@ static void __exit sev_guest_remove(struct platform_device *pdev) { struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); + if (tsm_enable) + sev_guest_tsm_set_ops(false, snp_dev); free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); diff --git a/drivers/virt/coco/sev-guest/sev_guest_tio.c b/drivers/virt/coco/sev-guest/sev_guest_tio.c new file mode 100644 index 000000000000..33a082e7f039 --- /dev/null +++ b/drivers/virt/coco/sev-guest/sev_guest_tio.c @@ -0,0 +1,513 @@ +// SPDX-License-Identifier: GPL-2.0-only + +#include +#include +#include + +#include +#include + +#include "sev-guest.h" + +#define TIO_MESSAGE_VERSION 1 + +ulong tsm_vtom = 0x7fffffff; +module_param(tsm_vtom, ulong, 0644); +MODULE_PARM_DESC(tsm_vtom, "SEV TIO vTOM value"); + +static void tio_guest_blob_free(struct tsm_blob *b) +{ + memset(b->data, 0, b->len); +} + +static int handle_tio_guest_request(struct snp_guest_dev *snp_dev, u8 type, + void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, + u64 *pt_pa, u64 *npages, u64 *bdfn, u64 *param, u64 *fw_err) +{ + struct snp_guest_request_ioctl rio = { + .msg_version = TIO_MESSAGE_VERSION, + .exitinfo2 = 0, + }; + int ret; + + snp_dev->input.data_gpa = 0; + snp_dev->input.data_npages = 0; + snp_dev->input.guest_rid = 0; + snp_dev->input.param = 0; + + if (pt_pa && npages) { + snp_dev->input.data_gpa = *pt_pa; + snp_dev->input.data_npages = *npages; + } + if (bdfn) + snp_dev->input.guest_rid = *bdfn; + if (param) + snp_dev->input.param = *param; + + mutex_lock(&snp_cmd_mutex); + ret = handle_guest_request(snp_dev, SVM_VMGEXIT_SEV_TIO_GUEST_REQUEST, + &rio, type, req_buf, req_sz, resp_buf, resp_sz); + mutex_unlock(&snp_cmd_mutex); + + if (param) + *param = snp_dev->input.param; + + *fw_err = rio.exitinfo2; + + return ret; +} + +static int guest_request_tio_certs(struct snp_guest_dev *snp_dev, u8 type, + void *req_buf, size_t req_sz, void *resp_buf, u32 resp_sz, + u64 bdfn, enum tsm_tdisp_state *state, + struct tsm_blob **certs, struct tsm_blob **meas, + struct tsm_blob **report, u64 *fw_err) +{ + u64 certs_size = SZ_32K, c1 = 0, pt_pa, param = 0; + struct tio_blob_table_entry *pt; + int rc; + + pt = alloc_shared_pages(snp_dev->dev, certs_size); + if (!pt) + return -ENOMEM; + + pt_pa = __pa(pt); + c1 = certs_size; + rc = handle_tio_guest_request(snp_dev, type, req_buf, req_sz, resp_buf, resp_sz, + &pt_pa, &c1, &bdfn, state ? ¶m : NULL, fw_err); + + if (c1 > SZ_32K) { + free_shared_pages(pt, certs_size); + certs_size = c1; + pt = alloc_shared_pages(snp_dev->dev, certs_size); + if (!pt) + return -ENOMEM; + + pt_pa = __pa(pt); + rc = handle_tio_guest_request(snp_dev, type, req_buf, req_sz, resp_buf, resp_sz, + &pt_pa, &c1, &bdfn, state ? ¶m : NULL, fw_err); + } + + if (rc) + return rc; + + tsm_blob_put(*meas); + tsm_blob_put(*certs); + tsm_blob_put(*report); + *meas = NULL; + *certs = NULL; + *report = NULL; + + for (unsigned int i = 0; i < 3; ++i) { + u8 *ptr = ((u8 *) pt) + pt[i].offset; + size_t len = pt[i].length; + struct tsm_blob *b; + + if (guid_is_null(&pt[i].guid)) + break; + + if (!len) + continue; + + b = tsm_blob_new(ptr, len, tio_guest_blob_free); + if (!b) + break; + + if (guid_equal(&pt[i].guid, &TIO_GUID_MEASUREMENTS)) + *meas = b; + else if (guid_equal(&pt[i].guid, &TIO_GUID_CERTIFICATES)) + *certs = b; + else if (guid_equal(&pt[i].guid, &TIO_GUID_REPORT)) + *report = b; + } + free_shared_pages(pt, certs_size); + + if (state) + *state = param; + + return 0; +} + +struct tio_msg_tdi_info_req { + __u16 guest_device_id; + __u8 reserved[14]; +} __packed; + +struct tio_msg_tdi_info_rsp { + __u16 guest_device_id; + __u16 status; + __u8 reserved1[12]; + union { + u32 meas_flags; + struct { + u32 meas_digest_valid : 1; + u32 meas_digest_fresh : 1; + }; + }; + union { + u32 tdisp_lock_flags; + /* These are TDISP's LOCK_INTERFACE_REQUEST flags */ + struct { + u32 no_fw_update : 1; + u32 cache_line_size : 1; + u32 lock_msix : 1; + u32 bind_p2p : 1; + u32 all_request_redirect : 1; + }; + }; + __u64 spdm_algos; + __u8 certs_digest[48]; + __u8 meas_digest[48]; + __u8 interface_report_digest[48]; +} __packed; + +static int tio_tdi_status(struct tsm_tdi *tdi, struct snp_guest_dev *snp_dev, + struct tsm_tdi_status *ts) +{ + struct snp_guest_crypto *crypto = snp_dev->crypto; + size_t resp_len = sizeof(struct tio_msg_tdi_info_rsp) + crypto->a_len; + struct tio_msg_tdi_info_rsp *rsp = kzalloc(resp_len, GFP_KERNEL); + struct tio_msg_tdi_info_req req = { + .guest_device_id = pci_dev_id(tdi->pdev), + }; + u64 fw_err = 0; + int rc; + enum tsm_tdisp_state state = 0; + + pci_notice(tdi->pdev, "TDI info"); + if (!rsp) + return -ENOMEM; + + rc = guest_request_tio_certs(snp_dev, TIO_MSG_TDI_INFO_REQ, &req, + sizeof(req), rsp, resp_len, + pci_dev_id(tdi->pdev), &state, + &tdi->tdev->certs, &tdi->tdev->meas, + &tdi->report, &fw_err); + + ts->meas_digest_valid = rsp->meas_digest_valid; + ts->meas_digest_fresh = rsp->meas_digest_fresh; + ts->no_fw_update = rsp->no_fw_update; + ts->cache_line_size = rsp->cache_line_size == 0 ? 64 : 128; + ts->lock_msix = rsp->lock_msix; + ts->bind_p2p = rsp->bind_p2p; + ts->all_request_redirect = rsp->all_request_redirect; +#define __ALGO(x, n, y) \ + ((((x) & (0xFFUL << (n))) == TIO_SPDM_ALGOS_##y) ? \ + (1ULL << TSM_TDI_SPDM_ALGOS_##y) : 0) + ts->spdm_algos = + __ALGO(rsp->spdm_algos, 0, DHE_SECP256R1) | + __ALGO(rsp->spdm_algos, 0, DHE_SECP384R1) | + __ALGO(rsp->spdm_algos, 8, AEAD_AES_128_GCM) | + __ALGO(rsp->spdm_algos, 8, AEAD_AES_256_GCM) | + __ALGO(rsp->spdm_algos, 16, ASYM_TPM_ALG_RSASSA_3072) | + __ALGO(rsp->spdm_algos, 16, ASYM_TPM_ALG_ECDSA_ECC_NIST_P256) | + __ALGO(rsp->spdm_algos, 16, ASYM_TPM_ALG_ECDSA_ECC_NIST_P384) | + __ALGO(rsp->spdm_algos, 24, HASH_TPM_ALG_SHA_256) | + __ALGO(rsp->spdm_algos, 24, HASH_TPM_ALG_SHA_384) | + __ALGO(rsp->spdm_algos, 32, KEY_SCHED_SPDM_KEY_SCHEDULE); +#undef __ALGO + memcpy(ts->certs_digest, rsp->certs_digest, sizeof(ts->certs_digest)); + memcpy(ts->meas_digest, rsp->meas_digest, sizeof(ts->meas_digest)); + memcpy(ts->interface_report_digest, rsp->interface_report_digest, + sizeof(ts->interface_report_digest)); + + ts->valid = true; + ts->state = state; + /* The response buffer contains the sensitive data, explicitly clear it. */ + memzero_explicit(&rsp, sizeof(resp_len)); + kfree(rsp); + return rc; +} + +struct tio_msg_mmio_validate_req { + __u16 guest_device_id; /* Hypervisor provided identifier used by the guest + to identify the TDI in guest messages */ + __u16 reserved1; + __u8 reserved2[12]; + __u64 subrange_base; + __u32 subrange_page_count; + __u32 range_offset; + union { + __u16 flags; + struct { + __u16 validated:1; /* Desired value to set RMP.Validated for the range */ + /* Force validated: + * 0: If subrange does not have RMP.Validated set uniformly, fail. + * 1: If subrange does not have RMP.Validated set uniformly, force + * to requested value + */ + __u16 force_validated:1; + }; + }; + __u16 range_id; + __u8 reserved3[12]; +} __packed; + +struct tio_msg_mmio_validate_rsp { + __u16 guest_interface_id; + __u16 status; /* MMIO_VALIDATE_xxx */ + __u8 reserved1[12]; + __u64 subrange_base; + __u32 subrange_page_count; + __u32 range_offset; + union { + __u16 flags; + struct { + __u16 changed:1; /* Indicates that the Validated bit has changed + due to this operation */ + }; + }; + __u16 range_id; + __u8 reserved2[12]; +} __packed; + +static int mmio_validate_range(struct snp_guest_dev *snp_dev, struct pci_dev *pdev, + unsigned int range_id, resource_size_t start, resource_size_t size, + bool invalidate, u64 *fw_err) +{ + struct snp_guest_crypto *crypto = snp_dev->crypto; + size_t resp_len = sizeof(struct tio_msg_mmio_validate_rsp) + crypto->a_len; + struct tio_msg_mmio_validate_rsp *rsp = kzalloc(resp_len, GFP_KERNEL); + struct tio_msg_mmio_validate_req req = { + .guest_device_id = pci_dev_id(pdev), + .subrange_base = start, + .subrange_page_count = size >> PAGE_SHIFT, + .range_offset = 0, + .validated = 1, /* Desired value to set RMP.Validated for the range */ + .force_validated = 0, + .range_id = range_id, + }; + u64 bdfn = pci_dev_id(pdev); + u64 mmio_val = MMIO_MK_VALIDATE(start, size, range_id); + int rc; + + if (!rsp) + return -ENOMEM; + + if (invalidate) + memset(&req, 0, sizeof(req)); + + rc = handle_tio_guest_request(snp_dev, TIO_MSG_MMIO_VALIDATE_REQ, + &req, sizeof(req), rsp, resp_len, + NULL, NULL, &bdfn, &mmio_val, fw_err); + if (rc) + goto free_exit; + + if (rsp->status) + rc = -EBADR; + +free_exit: + /* The response buffer contains the sensitive data, explicitly clear it. */ + memzero_explicit(&rsp, sizeof(resp_len)); + kfree(rsp); + return rc; +} + +static int tio_tdi_mmio_validate(struct tsm_tdi *tdi, struct snp_guest_dev *snp_dev, + bool invalidate) +{ + struct pci_dev *pdev = tdi->pdev; + struct tdi_report_mmio_range mr; + struct resource *r; + u64 fw_err = 0; + int i = 0, rc; + + pci_notice(tdi->pdev, "MMIO validate"); + + if (WARN_ON_ONCE(!tdi->report || !tdi->report->data)) + return -EFAULT; + + for (i = 0; i < TDI_REPORT_MR_NUM(tdi->report); ++i) { + mr = TDI_REPORT_MR(tdi->report, i); + r = pci_resource_n(tdi->pdev, mr.range_id); + + if (r->end == r->start || ((r->end - r->start + 1) & ~PAGE_MASK) || !mr.num) { + pci_warn(tdi->pdev, "Skipping broken range [%d] #%d %d pages, %llx..%llx\n", + i, mr.range_id, mr.num, r->start, r->end); + continue; + } + + if (mr.is_non_tee_mem) { + pci_info(tdi->pdev, "Skipping non-TEE range [%d] #%d %d pages, %llx..%llx\n", + i, mr.range_id, mr.num, r->start, r->end); + continue; + } + + rc = mmio_validate_range(snp_dev, pdev, mr.range_id, + r->start, r->end - r->start + 1, invalidate, &fw_err); + if (rc) { + pci_err(pdev, "MMIO #%d %llx..%llx validation failed 0x%llx\n", + mr.range_id, r->start, r->end, fw_err); + continue; + } + + pci_notice(pdev, "MMIO #%d %llx..%llx validated\n", mr.range_id, r->start, r->end); + } + + return rc; +} + +struct sdte { + __u64 v : 1; + __u64 reserved : 3; + __u64 cxlio : 3; + __u64 reserved1 : 45; + __u64 ppr : 1; + __u64 reserved2 : 1; + __u64 giov : 1; + __u64 gv : 1; + __u64 glx : 2; + __u64 gcr3_tbl_rp0 : 3; + __u64 ir : 1; + __u64 iw : 1; + __u64 reserved3 : 1; + __u16 domain_id; + __u16 gcr3_tbl_rp1; + __u32 interrupt : 1; + __u32 reserved4 : 5; + __u32 ex : 1; + __u32 sd : 1; + __u32 reserved5 : 2; + __u32 sats : 1; + __u32 gcr3_tbl_rp2 : 21; + __u64 giv : 1; + __u64 gint_tbl_len : 4; + __u64 reserved6 : 1; + __u64 gint_tbl : 46; + __u64 reserved7 : 2; + __u64 gpm : 2; + __u64 reserved8 : 3; + __u64 hpt_mode : 1; + __u64 reserved9 : 4; + __u32 asid : 12; + __u32 reserved10 : 3; + __u32 viommu_en : 1; + __u32 guest_device_id : 16; + __u32 guest_id : 15; + __u32 guest_id_mbo : 1; + __u32 reserved11 : 1; + __u32 vmpl : 2; + __u32 reserved12 : 3; + __u32 attrv : 1; + __u32 reserved13 : 1; + __u32 sa : 8; + __u8 ide_stream_id[8]; + __u32 vtom_en : 1; + __u32 vtom : 31; + __u32 rp_id : 5; + __u32 reserved14 : 27; + __u8 reserved15[0x40-0x30]; +} __packed; + +struct tio_msg_sdte_write_req { + __u16 guest_device_id; + __u8 reserved[14]; + struct sdte sdte; +} __packed; + +#define SDTE_WRITE_SUCCESS 0 +#define SDTE_WRITE_INVALID_TDI 1 +#define SDTE_WRITE_TDI_NOT_BOUND 2 +#define SDTE_WRITE_RESERVED 3 + +struct tio_msg_sdte_write_rsp { + __u16 guest_device_id; + __u16 status; /* SDTE_WRITE_xxx */ + __u8 reserved[12]; +} __packed; + +static int tio_tdi_sdte_write(struct tsm_tdi *tdi, struct snp_guest_dev *snp_dev, bool invalidate) +{ + struct snp_guest_crypto *crypto = snp_dev->crypto; + size_t resp_len = sizeof(struct tio_msg_sdte_write_rsp) + crypto->a_len; + struct tio_msg_sdte_write_rsp *rsp = kzalloc(resp_len, GFP_KERNEL); + struct tio_msg_sdte_write_req req = { + .guest_device_id = pci_dev_id(tdi->pdev), + .sdte.vmpl = 0, + .sdte.vtom = tsm_vtom, + .sdte.vtom_en = 1, + .sdte.iw = 1, + .sdte.ir = 1, + .sdte.v = 1, + }; + u64 fw_err = 0; + u64 bdfn = pci_dev_id(tdi->pdev); + int rc; + + BUILD_BUG_ON(sizeof(struct sdte) * 8 != 512); + + if (invalidate) + memset(&req, 0, sizeof(req)); + + pci_notice(tdi->pdev, "SDTE write vTOM=%lx", (unsigned long) req.sdte.vtom << 21); + + if (!rsp) + return -ENOMEM; + + rc = handle_tio_guest_request(snp_dev, TIO_MSG_SDTE_WRITE_REQ, + &req, sizeof(req), rsp, resp_len, + NULL, NULL, &bdfn, NULL, &fw_err); + if (rc) { + pci_err(tdi->pdev, "SDTE write failed with 0x%llx\n", fw_err); + goto free_exit; + } + +free_exit: + /* The response buffer contains the sensitive data, explicitly clear it. */ + memzero_explicit(&rsp, sizeof(resp_len)); + kfree(rsp); + return rc; +} + +static int sev_guest_tdi_status(struct tsm_tdi *tdi, void *private_data, struct tsm_tdi_status *ts) +{ + struct snp_guest_dev *snp_dev = private_data; + + return tio_tdi_status(tdi, snp_dev, ts); +} + +static int sev_guest_tdi_validate(struct tsm_tdi *tdi, bool invalidate, void *private_data) +{ + struct snp_guest_dev *snp_dev = private_data; + struct tsm_tdi_status ts = { 0 }; + int ret; + + if (!tdi->report) { + ret = tio_tdi_status(tdi, snp_dev, &ts); + + if (ret || !tdi->report) { + pci_err(tdi->pdev, "No report available, ret=%d", ret); + if (!ret && tdi->report) + ret = -EIO; + return ret; + } + + if (ts.state != TDISP_STATE_RUN) { + pci_err(tdi->pdev, "Not in RUN state, state=%d instead", ts.state); + return -EIO; + } + } + + ret = tio_tdi_sdte_write(tdi, snp_dev, invalidate); + if (ret) + return ret; + + ret = tio_tdi_mmio_validate(tdi, snp_dev, invalidate); + if (ret) + return ret; + + return 0; +} + +struct tsm_ops sev_guest_tsm_ops = { + .tdi_validate = sev_guest_tdi_validate, + .tdi_status = sev_guest_tdi_status, +}; + +void sev_guest_tsm_set_ops(bool set, struct snp_guest_dev *snp_dev) +{ + if (set) + tsm_set_ops(&sev_guest_tsm_ops, snp_dev); + else + tsm_set_ops(NULL, NULL); +} From patchwork Fri Aug 23 13:21:32 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775253 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (mail-mw2nam12on2067.outbound.protection.outlook.com [40.107.244.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A4B9114AD3E; Fri, 23 Aug 2024 13:32:47 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.244.67 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419969; cv=fail; b=mg0OrFj9zaLIbgdh7k32owCAacaDEx6dp1i9w3ZX+OgT6PeTbEeDbv+xhFP98h04wNCrfPh+MTI4+zCytK7yhABCqsmTgKV4rLubjJtqrJT2pUQmBwf+N/yPT53YnQLoBeZAAoCfo2iLnuWcsPB4gymraLbnb+72bpJuDMLgdPY= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419969; c=relaxed/simple; bh=h5jilxNxjUAvzQbKHGFl3/s8zPKF8EiUiGDGU+FHZ78=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=poVTdKCv4t81zYcp8u9slx2vLIEaKeLPg5NShuOZjgR7nitzdtoSWHaG0vznjZyurTnB2nIEzd/M/XWopc+0uVwZhtq/bxi8XS/RRlH2b4x2av4xuqrcQtxMmT4BDeQnJ5t67kynNE8G/rUOREzDPwaCqKvDYci9jFYkgnXmvbQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=W5kh+B2d; arc=fail smtp.client-ip=40.107.244.67 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="W5kh+B2d" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=cbK44Q6NT9ute07V3GVsO01SBxkVZUjCzTviS6nA9CnWqGSL6GXmRZEZoLKmvH1sim/2lmYHdLqF5q/90xc4ZvzYIAgNDecH65868CI9uhInZkBAKBC6aE6CBwQOP844QelVm8hKALBri7JQnPDP4B4Acv8r9cfH4IgpmpUEnIZzooeaCyXrBQkhFzJzK1dt0iSRk06q0p24FSXmSkoaR5VzLKwVvdteIxRdZ1PySSnXM7wHmI2o4ZvxAK0ghdZjpb99Ohb4UngQ4v09QWPA8BwMTQDxitbZSlUyqBd1kUIaEQHvLssd+cxKtARN+oNLrRN5/Bi1GKC3wM8oY9kdRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=7FkuS+lYQMWLo5cUJPD7DM9GRRZt9XppWRCnA3f6CP0=; b=yj66peh7u7hAPYJio6lMSPz5XwSqc2g7895nT854hzoxmZzlFbuFnqQwIXSLT9cUUdXlVvB/tC2rYWFvV5LC4a1BvRAnozEEhjYwnngx6VqiAmD7iNJBem6UHzN6b+dCHEh39CxfXac5DaOO4LQdk1bDZrR1WxTX1o5zD+IV23EnhQi+80e0+DNrssc8tvYSP3ki4OdHTc0C/nAf4oL0a8MmhObXeY3f3PW0NE2LzRpc9h5XLzZU0a8V4CsP69pWutMAa4BVUi9O72M5HHlkM0VjMYe1PICMh2HFOimVM93Tw+dwDQnbqJsHAM47ww4iQsfkPGKgw2Q0ZNWkZFBnww== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=7FkuS+lYQMWLo5cUJPD7DM9GRRZt9XppWRCnA3f6CP0=; b=W5kh+B2dQAzSavHFHZRQwqmdV1xDNWr/ACpdtroKUz4GJWZhR16/dBDzMUY/kkRCDDOa19gdRfNSbJ19D1BAOBO6vVRKLD+qQgCfyaFHa1YsPSqEHueZ8VWhNGBSn+A4z49BO9chIlrwod8jQAkLYkPAcOg/YIuBEOMrVjrLVTA= Received: from PH7P220CA0017.NAMP220.PROD.OUTLOOK.COM (2603:10b6:510:326::9) by CH3PR12MB8878.namprd12.prod.outlook.com (2603:10b6:610:17e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.16; Fri, 23 Aug 2024 13:32:39 +0000 Received: from CY4PEPF0000EE30.namprd05.prod.outlook.com (2603:10b6:510:326:cafe::f8) by PH7P220CA0017.outlook.office365.com (2603:10b6:510:326::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:32:38 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE30.mail.protection.outlook.com (10.167.242.36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:32:38 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:32:33 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 18/21] RFC: pci: Add BUS_NOTIFY_PCI_BUS_MASTER event Date: Fri, 23 Aug 2024 23:21:32 +1000 Message-ID: <20240823132137.336874-19-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE30:EE_|CH3PR12MB8878:EE_ X-MS-Office365-Filtering-Correlation-Id: 7ff882ca-f67d-43ad-11a1-08dcc3780e79 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|36860700013|1800799024; X-Microsoft-Antispam-Message-Info: HZPBdeCAnN6XAd9P8uhXIn8PXHT3KdythKBdV4Rcl0PCK1Q4Wm4sBdCSFhoG9QeRF0PRqH3+pF0D0TImnuND49ebMN5pHQa2M5mm9b+kW4pKJBO14lpG/IJcxP+gsRHHcTiLecEI69JLMuogTe3q5hAaVv8Bg43C0x4sjrzEYCa93oxr6ouinMB+yP1T43czcLQnQfFE5BXcvGAPCs8HrXgRF5nFF2QzBPrLldNaB/RbGDuLPSDTVbv70wTXQ2WH+xBvbPeBeK1h9cyF3qiyuiL9ohCVGtxtENJ2Sp53GIOYncvakKLho2DlA1CW9E0Wu4HN167xbaasWJ52ohHGN0R2+sPOeTe3XMOn7sw3jtd4xmaOoRY597aWbIhLTPhMGDreJZZrsPV/NA1z4+XpA+Q/QIoDfCkcN4BknErtJfuwVvmdOVGxPz7+ZxC2Wd0qoYzhshEwtebNXCUX0KXcvbRcb51AX4QRYxcIpJ4RavAuWlMQxPrayQzwl3Zgjx7lDxk2iIvKgk8MSPgwQRV5SxN9asnSdG0mhKGb0theWPdPOPBT3yFOtwEbiIacFY60TyOQAZuRhuDcJhghWWGvt1i6T3g7k8mxkGfALFCZCIfmJk+8cWCWxevGrj1NMzuI9rZWM+aVjK/6B2oBZdaEdclfmKo9e/yhEZVm2oOWFn7Y9En37pjAy+NHmnhWSCSe++1dRjYoKwuSpY6jFY1h+5546vGnH15Yv8EhFybGVwi2S+/XmzfHJ8sJbOuIkGBXCvPi6K/UMr1n0KmzSrcYxIDvNbzJMt/ypjoAAd/5yEn7/U4WshN/vGbYu9P66Nhpq4OJdh9DP9Eryq+l0wnnu2AKopYNjvt5uy+z8SWRiq8VKS+7XPdp3cDKhSrZSBAF70IUUWrhA1UU6OeHu0T98cjos6hCGj4tOTINn2Mlu5AFJ095sRgeh1OsEV1Tjb7cWoRFTqeQjfEDgDkNDfuyOWbBUnFt9UIN+0IPIEBlCG3Rry/PLxD/NHIofFA4SHOjdAioolsMyJMQMcQrCdbKMXu/iTDp0ayumTbly1+CFfMwQS/0zX9aB+22nKlycMNK+CMlr/2LUIEaQHbSERdONV111ucijfn9VNRiMnPOkO47L4xFU2FUyJODKI273BPUE9+gUNRpAW/e8F9ni8gTwo2TJLMUzDltWZ1eyW/y4tS18NKxde7dUeMvVZHDKFIA5cvFi3ipZRxpliZZ9bwjc6W9e/kmsGGdvS2UIyTwc2cV3+cj3exMmqILvk3xbVbTfLuLPnIDH/+eKRmvQYBZyesWgH++Htw0I/W5uqJ4C19m5/nLJIOefQ4UI+VPedbFCwoCsLe6gzSITB4+p+sgfVpPjhYn4BkGP8U5Ts8hDscUrrKWWE9S5c+6FEr+Wr6qRMMERgpD5vHCOQbPLPzKu8WWR0ufmRkpjvA9mJhM2u1M7KtB9bIZgWMfuM4E65lS X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(36860700013)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:32:38.4825 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7ff882ca-f67d-43ad-11a1-08dcc3780e79 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE30.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR12MB8878 TDISP allows secure MMIO access to a validated MMIO range. The validation is done in the TSM and after that point changing the device's Memory Space enable (MSE) or Bus Master enable (BME) transitions the device into the error state. For PCI device drivers which enable MSE, then BME, and then start using the device, enabling BME is a logical point to perform the MMIO range validation in the TSM. Define new event for a bus. TSM is going to listen to it in the TVM and do the validation for TEE ranges. This does not switch MMIO to private by default though as this is for the driver to decide (at least, for now). Signed-off-by: Alexey Kardashevskiy --- include/linux/device/bus.h | 3 +++ drivers/pci/pci.c | 3 +++ drivers/virt/coco/tsm.c | 4 ++++ 3 files changed, 10 insertions(+) diff --git a/include/linux/device/bus.h b/include/linux/device/bus.h index 807831d6bf0f..314349149cd3 100644 --- a/include/linux/device/bus.h +++ b/include/linux/device/bus.h @@ -269,8 +269,11 @@ enum bus_notifier_event { BUS_NOTIFY_UNBIND_DRIVER, BUS_NOTIFY_UNBOUND_DRIVER, BUS_NOTIFY_DRIVER_NOT_BOUND, + BUS_NOTIFY_PCI_BUS_MASTER, }; +void bus_notify(struct device *dev, enum bus_notifier_event value); + struct kset *bus_get_kset(const struct bus_type *bus); struct device *bus_get_dev_root(const struct bus_type *bus); diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c index 15c0bb86ab01..b8bb322d1659 100644 --- a/drivers/pci/pci.c +++ b/drivers/pci/pci.c @@ -4271,6 +4271,9 @@ static void __pci_set_master(struct pci_dev *dev, bool enable) pci_write_config_word(dev, PCI_COMMAND, cmd); } dev->is_busmaster = enable; + + if (enable && dev->dev.tdi_enabled) + bus_notify(&dev->dev, BUS_NOTIFY_PCI_BUS_MASTER); } /** diff --git a/drivers/virt/coco/tsm.c b/drivers/virt/coco/tsm.c index e90455a0267f..b16b5d33c80f 100644 --- a/drivers/virt/coco/tsm.c +++ b/drivers/virt/coco/tsm.c @@ -1193,6 +1193,10 @@ static int tsm_pci_bus_notifier(struct notifier_block *nb, unsigned long action, case BUS_NOTIFY_DEL_DEVICE: tsm_dev_freeice(data); break; + case BUS_NOTIFY_PCI_BUS_MASTER: + /* Validating before the driver or after the driver just does not work so don't! */ + tsm_tdi_validate(tsm_tdi_get(data), false, tsm.private_data); + break; case BUS_NOTIFY_UNBOUND_DRIVER: tsm_tdi_validate(tsm_tdi_get(data), true, tsm.private_data); break; From patchwork Fri Aug 23 13:21:33 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775254 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2086.outbound.protection.outlook.com [40.107.92.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 071FA186601; Fri, 23 Aug 2024 13:33:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.92.86 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419982; cv=fail; b=N8SQR0DRFwtGlTKKWe0uwS9YnZp0qieA/GwFfc9P9lJHsTm9bZRyVdYYX/OT2rxB+EL4EKxcwcmpg3IUJeH7tk48im3/wUzZFRQBr7Q2/Q586DC/Cce53npcLHR8rNp8y4MSyJaVhpH5xb/7MyMDljEf5hj+QUxNwYY8HNj1SAc= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724419982; c=relaxed/simple; bh=Eq44PkT3ADjMRLqYUFXga48zo89H84TBBL0gnuwEo9M=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=T8iIySVsU/CJkJI4b9kX3I0c6D17xRXOKPVPH2vU4vd67qbg5z3xmV0SYRrYkI6mOHZjeRurXXN4vC7qALoiw3zx8WdfACwrsgD55sAg5q4Dx6QgT+597LuKQrBIvvpZSyjBMkvSb7JcrIwcTGGbpvEDvYyTYDjDK+XsoPCURvQ= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=RMsNzXBs; arc=fail smtp.client-ip=40.107.92.86 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="RMsNzXBs" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=FK7zHoAYpUE8QfQ9prKCAh5l9Ke12gWeN4ZawHvTtSd2ZdHUqHGzgBXPIOzER5P7r8glKB2FXCzoTkd0dH7VlJdaIzhVQqFAd8kjDS+5ZtxXLCtYa3b97t4G2m20T19I7w2HgEe5MJwY7Uhhr5dVqqJs2T238haUAd3USrYoEeKo8gGQaE1G2FTsyl0HU67gTjZFSzki2uGdWBNm2XsEddykth+CdsVTLdbSwaZVZPXZIgGLV94/vEAYQxkOLs4sXd9qgOjt1jaxOp+D7mrnWajJeOBGvjPS7ezL5yTZcW7ImeGcLEmf5zf/f5gMCP8AtIeVZ0lXThmY97efb9H4uw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Y/W368HCkdO/hjl2kvedwv1N0vOGYLmDkplLP4qKUcg=; b=ZxGOk/6045N/sLTL5NBMpIYzfay6iptos/rnI3fmjS/Zbc8i7LBKII5Z1TghpHrdyd2GmXAwG5Lmudh2orQXe115YaQQBHWe77nrnZs8rfvOdsy7H2dqlIGaDuEWZx1qBQCWOV8W6NcRCNIROHhmuArCyuQDRKa5J0leTtLhpkZtF/cpmI9X2VL1ZgtcRb3kCUxM1i7JD8NugKzdKDvOS3CXDm00GJwmKDRnRzNkwLp1ggnn7C1IGvoNbutKJIfwqQnZo0Ai3Bu7K8k7HZKJnEQZTys0+G7TW09UoOp9qjXUCAE1uJk737abucFM+FSWP6+gak46292xT3oFT2eWpg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Y/W368HCkdO/hjl2kvedwv1N0vOGYLmDkplLP4qKUcg=; b=RMsNzXBsmzZmmZeXCFCXQfOYqvzEGXWC87ajwnyx5OtLil4fV9C4bxs70YYgBlZhGcY977irhsYEnxTAyW6XJ3g1vROzB9GkbAjG5xL/hu5ozE5s4mxNLpwelA3BGrB4ug24ljlc3FluIOZLA7kETC4bFbVU2fE3/n/bd+ZNmDc= Received: from PH8PR02CA0019.namprd02.prod.outlook.com (2603:10b6:510:2d0::27) by IA1PR12MB6259.namprd12.prod.outlook.com (2603:10b6:208:3e5::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:32:56 +0000 Received: from CY4PEPF0000EE33.namprd05.prod.outlook.com (2603:10b6:510:2d0:cafe::fc) by PH8PR02CA0019.outlook.office365.com (2603:10b6:510:2d0::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:32:56 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE33.mail.protection.outlook.com (10.167.242.39) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:32:56 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:32:50 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 19/21] sev-guest: Stop changing encrypted page state for TDISP devices Date: Fri, 23 Aug 2024 23:21:33 +1000 Message-ID: <20240823132137.336874-20-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE33:EE_|IA1PR12MB6259:EE_ X-MS-Office365-Filtering-Correlation-Id: 7f63f5de-790e-432a-8e6d-08dcc37818ed X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|376014|1800799024|36860700013; X-Microsoft-Antispam-Message-Info: NdLDRN7ajAUunRlRjWySkiJ0Ebe8IzXEgA7HA30qy/sJJ7QfnT6W3dS+WK0hF+gfozIQW55G+5byPKeMPPAETPvHpYYZyN2qo4NBGeVqEynyjCqm3vOTEZ9f9jgj7qfPc9BMGbDHOeM+rmbP6q1m/LdTpzZ7GyzbtXCb1aZMtfUNfCF7BAl11NSCnQqPX+UoPPXbFCAaesO0HObdsf1c7iuoaW5PIF0r4jyvXCtZU10oGVqYkCZg4LASWaB6VoYWCZ+ANsTo6jkXXHdnCvCzUb2CnLOj0CNMxFKT6ipSE3OpA1hB1SLsmwPdNxZi/rfUKuaVoLSoQHtzjo3khIyC9wMTtObE/0IxsO1coXYMe2NNdP/L1qLmjNnLvL9/g61kGmdP71jrss0AfaDwdz4J8BQrZiPbZRJweJWkp1aw1ID3Z+OCMjtGx4vd1jsXFuAmhTKR+XVlL0T/iV9Ln1jck0l5kjBvyoZpXJ5KS2T9nsoX19nZZI9QW/2DAEndrlxOZYPqNaGoRtUjJu/HarMGoxqvhIn/CE26+V9pIYMhbXgxB4WESIzHXGK0cPJM5qnBLxPDZgWoGSfaxBU9gTNkmCxSUM0BsW9qeH1gTpMUVHQw1GbNwAwuRwV0smyc4NgudaA9s0xm4gVwBhr71F9rgRnGCwilaMELaqTVUqyAQWk0aZsQMcRHTs2QsP+oVqb1SeM5g8bmyAE7V83xHjenq6qDbfJj2YEDAp6EQfoCBg7s0uWBtmGkvEXDYEv8nQClWkEZDco9G4PwAtXvHisVC6tAe5yxDRSU0ofFSz5YA+a0Mx2CZXPgKliMG2a6XMglgRKvTaBZbaak8nbvsX1FFdQW6iOoVHDKFVf+N2BvRATfPK10RDMJ5PIdHh0mMy2fkMUSCu4VIFrUiBTTH5OJ4/vAtjsLOAbnGpidP1wS4/gbO6UfKV1qXHNZMpBpCgA5onnC/XpD1+V3vIafdOZmrw372tXa+jGT+TQQS8J0l2HNjAUaDZzBiJ4/CgqTilWlkGHM6Xuli1NXXuV274HKK+oW+cBRA8yVOyoFEhdJT1fzPHTf1pce5BJytWc/TH9JGdEq1kZ+Sj3UfuUGGgM+VwAJVKGfVOVAT52Jr/ogcSiX5mUZ4upjitSZkUy4h0uyqKYlUIW2fHe/k+jGFkkqnANWTniFQ7EaICczLmWnWOdoa29xX4D6npALV7npccbPhkumHTbwQG/cNHPOeW2LKt6EBwfJtyGgKwRJ9UVHvEzgtuDQGqclw+QyoHMcY5JbG6xOSwEdSNfEnReO1yVPU61DVA9jSaO7kkMNA6WGRTGZV+k5wtVaASCWK4lxVSGIP9LeIAjW90TmH0k7i8CFCPRPFa4NoPHV2vAAVUxpVZeLMVK92Sa8AFTOPjK15KHsPfVvG9+mEqDBjRNKwm5cz4jS30LNv12Nw3ZI230LmSULK6LnRTk3NEkKbKPuxOvd X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(376014)(1800799024)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:32:56.0387 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 7f63f5de-790e-432a-8e6d-08dcc37818ed X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE33.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR12MB6259 And "sev-guest: Disable SWIOTLB for TIO device's dma_map". And other things to make secure DMA work. Like, clear C-bit. And set GFP_DMA, which does not seem to matter though as down the stack it gets cleared anyway. CONFIG_ZONE_DMA must be off too. Signed-off-by: Alexey Kardashevskiy --- include/linux/dma-direct.h | 4 ++++ include/linux/swiotlb.h | 4 ++++ arch/x86/mm/mem_encrypt.c | 5 +++++ 3 files changed, 13 insertions(+) diff --git a/include/linux/dma-direct.h b/include/linux/dma-direct.h index edbe13d00776..f6ed954b05a2 100644 --- a/include/linux/dma-direct.h +++ b/include/linux/dma-direct.h @@ -94,6 +94,10 @@ static inline dma_addr_t phys_to_dma_unencrypted(struct device *dev, */ static inline dma_addr_t phys_to_dma(struct device *dev, phys_addr_t paddr) { + if (dev->tdi_enabled) { + dev_warn_once(dev, "(TIO) Disable SME"); + return phys_to_dma_unencrypted(dev, paddr); + } return __sme_set(phys_to_dma_unencrypted(dev, paddr)); } diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h index 3dae0f592063..61e7cff7768b 100644 --- a/include/linux/swiotlb.h +++ b/include/linux/swiotlb.h @@ -173,6 +173,10 @@ static inline bool is_swiotlb_force_bounce(struct device *dev) { struct io_tlb_mem *mem = dev->dma_io_tlb_mem; + if (dev->tdi_enabled) { + dev_warn_once(dev, "(TIO) Disable SWIOTLB"); + return false; + } return mem && mem->force_bounce; } diff --git a/arch/x86/mm/mem_encrypt.c b/arch/x86/mm/mem_encrypt.c index 0a120d85d7bb..e288e628ef88 100644 --- a/arch/x86/mm/mem_encrypt.c +++ b/arch/x86/mm/mem_encrypt.c @@ -19,6 +19,11 @@ /* Override for DMA direct allocation check - ARCH_HAS_FORCE_DMA_UNENCRYPTED */ bool force_dma_unencrypted(struct device *dev) { + if (dev->tdi_enabled) { + dev_warn_once(dev, "(TIO) Disable decryption"); + return false; + } + /* * For SEV, all DMA must be to unencrypted addresses. */ From patchwork Fri Aug 23 13:21:34 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775260 Received: from NAM04-DM6-obe.outbound.protection.outlook.com (mail-dm6nam04on2049.outbound.protection.outlook.com [40.107.102.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 42B2714AD3E; Fri, 23 Aug 2024 13:33:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.102.49 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724420000; cv=fail; b=W9P2BmLcUE1eyDk1qbj8sy+9cAQNDBNG4qlOXyfax7C1wSVKG3xuvHyrDPeHn3cYV1HbOIyQdHQ6PBeCkPETA4lGtK2KJUXmRDRJdA9/nkKR/thz7+4YBmecb+l+0gb11/9i4jcKY6Ju9bLKSeSuoWs+QopuhF/0syVWjybkeI0= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724420000; c=relaxed/simple; bh=jq/F1dvaXhFGNmq3QUaAtpjEPpiapSS4taXNwm46yd4=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=UKiaSFq2lGlVwTdcJfPKYRxeyoVj9I0lZxdQx/f9LFy+G9E+Jj1JpKfSQsef+D95kIwJUWOmyOxpONZvBccNMxAeOvEwMeeYSZYnEuUkkgTNASYNQn2WJUOhmTNI9L8HGed4Gsh5cUSIKlxGQBmoxHnZkxrJsOwLeNWqcK/SgQo= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=XuPTEi5q; arc=fail smtp.client-ip=40.107.102.49 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="XuPTEi5q" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=GjCQb0bS9ao1d8bPfzplMDlLjudgjZYIsW8AkXEtAsbab06SZMoqI99IIXhm6WJev/mdzaIL/4BjMDFeuGZXO7BPAAsPuT9zG754yYrbPWNj7drKOzPLVm9f7XzN1X96Zo/zu3hMXaKaAUO/WCePD5zRp4VmCoEGMiJozVXsbDhs1L8zjV0d2iYv234esTpaZGzr1PZPuSgEgiT8n8KsxQpScaPJUHm3s6XAUoHkCyj4SpFJnejv07vz+aIvjNTC93+dTobU2j8s6o2WXtLzqUTG0VL2Zmg+1OWVdhtAPMr2p/XDgbg0Ivv8dwOR1776pRZkF0EcxbS5AeP9pUMR1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nqYGQKfnd6GIIE7MYeKAY1B0olkO+SJadZrC8lavNKE=; b=QaYINRIHk1mxgMMMUzEYn+OsLoSDFGc8SKwQS0Wuz8oBx61HtIoyyb5elxfnCxjGBwBZvlB7Rmzio3U+f/mH+utlv1aPIsNMW3bqMTYQA4S0Ne0oe+PxtoIp7TO+Xo59zKd0NiyI52TWEgaVd2t3OKfWPS1S9v47UB7ZbrzWjfWVOP8B1nTtJMN2nFc8aPf6QlkklskC3zRpdlANmqlSZxtjrp+M1YvPWkxvSaGAaRKJhvK+bNK0ld0wvqCIZZTbCNZf4fOFri+OI6sm5REVjgkwID8ouC/lDGj0FNBaXVMakggpjNwknMoOYHXLS2b1+Gw+cMWrBAZSvWOvYRcTPw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nqYGQKfnd6GIIE7MYeKAY1B0olkO+SJadZrC8lavNKE=; b=XuPTEi5qMvxtCXtkpXhZ8HlqcWyzOk4LusBJN6QrnaPSKMURCTBublHi9UcoZfwP4ml7xW5p07pcjkAuAKQsyd0ur3qmjYkju58jUr3hzZsnqgN7scGBnqbVq8jyMoPQCgUDxfyXgXXzIzqGCBblYGA/DcC1Cbw3sNiLFjCkp5Q= Received: from DS7PR03CA0001.namprd03.prod.outlook.com (2603:10b6:5:3b8::6) by SA1PR12MB8143.namprd12.prod.outlook.com (2603:10b6:806:333::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:33:14 +0000 Received: from CY4PEPF0000EE36.namprd05.prod.outlook.com (2603:10b6:5:3b8:cafe::8a) by DS7PR03CA0001.outlook.office365.com (2603:10b6:5:3b8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7875.21 via Frontend Transport; Fri, 23 Aug 2024 13:33:13 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE36.mail.protection.outlook.com (10.167.242.42) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:33:13 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:33:08 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 20/21] pci: Allow encrypted MMIO mapping via sysfs Date: Fri, 23 Aug 2024 23:21:34 +1000 Message-ID: <20240823132137.336874-21-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE36:EE_|SA1PR12MB8143:EE_ X-MS-Office365-Filtering-Correlation-Id: 9fc864c2-037e-4a74-8435-08dcc378233b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|376014|36860700013; X-Microsoft-Antispam-Message-Info: lQqbuhGEsxWzbewOLKCk9ttJE1pCKEZLsXmg9ggQflb5u0Y8raApnwIvZjyQN+NxGaCqDz0TtwvyBd4+nDwFkhb482L26vO/T29OUswBQHXJWoSx55vypSRyFJMKsz5C839u9EAbx+IPuqFOYQga8GJYsF2toGo4leB76G28Tm3cjvwfJ4FGHxuqXSe7vr9eCPevBV5uCCf/8U93toHdK1uGVslAloYdBSZwn7ns6WmnhtfC4PBSACZtcYkKQOuVNTfPxzvt3B52+7zCzbWWTTTjR/7xYElmzR5ziW3CSoewD2fxoGtGd6ny3PjLFMnc797ZSx4NI21FVsCR+I/YD1V8h9I6IlEu6LRXq+Dr4nUV1CZnfg/A80ppEppAPKJEI9cVYM3EY/LUHiAx59KuyW1a3hAJyzQgF4j5wW89fRNRC7IJSyqIwJj539yNAfRQxiolwQEefA3AkUzuuH+ApMjPuKV9zo0eFctx0OD77KiLjanWZVyVNwpYJWsQJKFOrXXGJ8WJy+vvWpabiMdhBUM8xMu4lazejJaE/aNY3SL4zMXlu07Nx3E/2vGS0kMN2d80DCorOs4G5640QPbtWFKw5qhbNdiQevKoIa3ipgPSJBXHhyv4XNRMmxfuTnlKIqCNcSeZJzygA4IsKPiO8an62D7PHffqUxGki102gmQr3o/WaBpr2r/a2sFU+H4b65SuNX7X9KqfnlUdiPyupQuZ/bdbmSqu4B/pcwR8L9BYp5vUR+BPC0JPeN/2UbCi+VtX1jGPcVTQwNNGCVRmI8Mc9QrFo+dSSHcX8aB3QdcvUGfooTI/qQcRaZh93WnU8MUFmHiEVRIqq1SLrXRK4ik01rEcX+3LEVRTbSTrU6WkmjWbphNAY/fFDW+4rTpka8GUe555qVpFFBclp54zGslXPSroSVKkWj4OOyvNJbLobID+KAvcwyDEPyPBZHJ4n0GQrW+1K2769DGjBSSF8VKyxSd95b6d8wXryEOOlD7HgpQ9iLOwCnkAMx2JuhJVlM+ksyALqPjEAyZ9TlLx9uDdlFOa+lajXaGt3YiuGBeiYnPg8VroqyhF8ZNILYKB09YgpEiMPKSlZUC7i9q/BH9QRFFJqUcvvxqNCssbh8MvoReW3skU4wr3m9tUmrKRAeHXKvpwZjrqhIEPhxa5DsALFZZOlkLWVTt6XXh7lJtu4A9B4b/Y+q+qDRiqZRzql0x8jr4K7pDWk4KyC8RF+jxYL3wPnPo1PM+BY91Wc9ixGFdv3k7gzRVbfk+/Fnk79orfPIHwhvLxk9Np30AoiMOLB7Nkk9PDkc4dsJrLuVoNZivZ/dRV8XLiGkpoqEeefv0VRsLpMxHrngjNxwhMK9Nw5Cy7Q2Rjy32kVWTRP/9orJAzfa545iZjO8vJUumFmRrEJEgUHcg4xWEyzQCPKaoAwDNGTNUvt1Rp11cDpMVRmcLTmFq0W2ijcm2olZJT X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(376014)(36860700013);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:33:13.3581 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 9fc864c2-037e-4a74-8435-08dcc378233b X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE36.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR12MB8143 Add another resource#d_enc to allow mapping MMIO as an encrypted/private region. Unlike resourceN_wc, the node is added always as ability to map MMIO as private depends on negotiation with the TSM which happens quite late. Signed-off-by: Alexey Kardashevskiy --- include/linux/pci.h | 2 +- drivers/pci/mmap.c | 11 +++++++- drivers/pci/pci-sysfs.c | 27 +++++++++++++++----- drivers/pci/proc.c | 2 +- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/include/linux/pci.h b/include/linux/pci.h index 053b7c506818..3c44542f66df 100644 --- a/include/linux/pci.h +++ b/include/linux/pci.h @@ -2085,7 +2085,7 @@ pci_alloc_irq_vectors(struct pci_dev *dev, unsigned int min_vecs, */ int pci_mmap_resource_range(struct pci_dev *dev, int bar, struct vm_area_struct *vma, - enum pci_mmap_state mmap_state, int write_combine); + enum pci_mmap_state mmap_state, int write_combine, int enc); #ifndef arch_can_pci_mmap_wc #define arch_can_pci_mmap_wc() 0 diff --git a/drivers/pci/mmap.c b/drivers/pci/mmap.c index 8da3347a95c4..4fd522aeb767 100644 --- a/drivers/pci/mmap.c +++ b/drivers/pci/mmap.c @@ -23,7 +23,7 @@ static const struct vm_operations_struct pci_phys_vm_ops = { int pci_mmap_resource_range(struct pci_dev *pdev, int bar, struct vm_area_struct *vma, - enum pci_mmap_state mmap_state, int write_combine) + enum pci_mmap_state mmap_state, int write_combine, int enc) { unsigned long size; int ret; @@ -46,6 +46,15 @@ int pci_mmap_resource_range(struct pci_dev *pdev, int bar, vma->vm_ops = &pci_phys_vm_ops; + /* + * Calling remap_pfn_range() directly as io_remap_pfn_range() + * enforces shared mapping. + */ + if (enc) + return remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, + vma->vm_end - vma->vm_start, + vma->vm_page_prot); + return io_remap_pfn_range(vma, vma->vm_start, vma->vm_pgoff, vma->vm_end - vma->vm_start, vma->vm_page_prot); diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index bf019371ef9a..1b0eca1751c2 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -1032,7 +1032,7 @@ void pci_remove_legacy_files(struct pci_bus *b) * Use the regular PCI mapping routines to map a PCI resource into userspace. */ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, - struct vm_area_struct *vma, int write_combine) + struct vm_area_struct *vma, int write_combine, int enc) { struct pci_dev *pdev = to_pci_dev(kobj_to_dev(kobj)); int bar = (unsigned long)attr->private; @@ -1052,21 +1052,28 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, mmap_type = res->flags & IORESOURCE_MEM ? pci_mmap_mem : pci_mmap_io; - return pci_mmap_resource_range(pdev, bar, vma, mmap_type, write_combine); + return pci_mmap_resource_range(pdev, bar, vma, mmap_type, write_combine, enc); } static int pci_mmap_resource_uc(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, struct vm_area_struct *vma) { - return pci_mmap_resource(kobj, attr, vma, 0); + return pci_mmap_resource(kobj, attr, vma, 0, 0); } static int pci_mmap_resource_wc(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, struct vm_area_struct *vma) { - return pci_mmap_resource(kobj, attr, vma, 1); + return pci_mmap_resource(kobj, attr, vma, 1, 0); +} + +static int pci_mmap_resource_enc(struct file *filp, struct kobject *kobj, + struct bin_attribute *attr, + struct vm_area_struct *vma) +{ + return pci_mmap_resource(kobj, attr, vma, 0, 1); } static ssize_t pci_resource_io(struct file *filp, struct kobject *kobj, @@ -1160,7 +1167,7 @@ static void pci_remove_resource_files(struct pci_dev *pdev) } } -static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) +static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine, int enc) { /* allocate attribute structure, piggyback attribute name */ int name_len = write_combine ? 13 : 10; @@ -1178,6 +1185,9 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) if (write_combine) { sprintf(res_attr_name, "resource%d_wc", num); res_attr->mmap = pci_mmap_resource_wc; + } else if (enc) { + sprintf(res_attr_name, "resource%d_enc", num); + res_attr->mmap = pci_mmap_resource_enc; } else { sprintf(res_attr_name, "resource%d", num); if (pci_resource_flags(pdev, num) & IORESOURCE_IO) { @@ -1234,11 +1244,14 @@ static int pci_create_resource_files(struct pci_dev *pdev) if (!pci_resource_len(pdev, i)) continue; - retval = pci_create_attr(pdev, i, 0); + retval = pci_create_attr(pdev, i, 0, 0); /* for prefetchable resources, create a WC mappable file */ if (!retval && arch_can_pci_mmap_wc() && pdev->resource[i].flags & IORESOURCE_PREFETCH) - retval = pci_create_attr(pdev, i, 1); + retval = pci_create_attr(pdev, i, 1, 0); + /* Add node for private MMIO mapping */ + if (!retval) + retval = pci_create_attr(pdev, i, 0, 1); if (retval) { pci_remove_resource_files(pdev); return retval; diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c index f967709082d6..62992c8234f1 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -284,7 +284,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) /* Adjust vm_pgoff to be the offset within the resource */ vma->vm_pgoff -= start >> PAGE_SHIFT; ret = pci_mmap_resource_range(dev, i, vma, - fpriv->mmap_state, write_combine); + fpriv->mmap_state, write_combine, 0); if (ret < 0) return ret; From patchwork Fri Aug 23 13:21:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Kardashevskiy X-Patchwork-Id: 13775261 Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02on2041.outbound.protection.outlook.com [40.107.212.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5770E185920; Fri, 23 Aug 2024 13:33:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.212.41 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724420017; cv=fail; b=jOh0uQ2qObeydUlq+QtE36whtSZqmlsjcWlVLaDhnM/zqzw5nNwDJnj/fq7c4kLURaWOP+i8YaufvymksPLBe13s6/X8C1UU2EKkVq9uJup2D93bjeAfGnG49ER/dLs89DrlzyYm4wpj5BnYZz4jSOEyjddM9K8z/VcyC/mqAh8= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724420017; c=relaxed/simple; bh=cQInEfLb+YpCGMaA9/lL1qa/2qBqFLgxaefuUICWDzQ=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=AVB6Ti1qC5pmakb8sOJspAtJ6cLH2pYUlcmLET2TxSRkEsB2QgWgr9urLzWydNWEJ1qEeGQ8VXovMCLbl1yhcJRgAbfTYP9z5pbv4HX7oWXid3atda+NY7yLjM2jShsQyFmwSRrS3S7qT9d/U3zFRiKfNdqJShXOqV/oz+7ageU= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com; spf=fail smtp.mailfrom=amd.com; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b=ITsEUhh3; arc=fail smtp.client-ip=40.107.212.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=amd.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=amd.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=amd.com header.i=@amd.com header.b="ITsEUhh3" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EbJ3cYNn5BNf5OIRmqFhWJ+O8g/6+k1DEk97RQq3H9JsSZONzM79nENnWCitmkc8ClNknDxLL4WFQQDv8V3jA8cjvTjMN70Ns8IBq7zRgIfhco6iTZlJXe63XU2uQ6SGtXj6/MrLvqjeZ9cW+sAeUrBGu/S8rci5FocepurnTqTOtzW0f3phQFSMpDTbqhkdXf1x7RYj2Q+aXye4bKnTy6ABQ//Tl41Z/LUP3g0xIJTswn9StQFhHP2fVMpBqR/oGxLAmpQXnaeVS+xmuHJysmqUVrCRQhI4wAwv/1Hn9EqmFjqs+sw+9MkhdMQF7yvdY3n4QHpo3SF30uX3eDRzkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4t3kGZG9vXAAI3X+GM/4KY5BbP775kCOx+yOmL5/QbI=; b=xev29ZPTwXRiHvaZUSoHkQrRcxbx2zOn86IQGhRIJtqYdHt6vV1bDwlHV+FhblZpRrvqS6fbJXxx0DSrNrdo5HEZGXwPJEeXuet8FiOxiBDfhHGs6RUbkNqIuixclLRMd1gXFXI9Z/ymDk1Esc4ZpskQuqKlW74rh3ZiFAMs6gbWxb0vSp5tFX7J5/Ep15VmQ4zk3Vrp0giWnHqz3gIcXrU6Rpvk+nLyqeac7z1OhNBHXRbKOInoqrXEBzsZmqXFpWV3FZ5uwxS1+tCZGm0Ml0KjxgoD+2vLt9J0ewMIZmA3KLR1l69UkmcUF/Axy7LcGDpX2cafJq1MegujClazwQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 165.204.84.17) smtp.rcpttodomain=vger.kernel.org smtp.mailfrom=amd.com; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=amd.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amd.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4t3kGZG9vXAAI3X+GM/4KY5BbP775kCOx+yOmL5/QbI=; b=ITsEUhh3KN9HqK1PNHC2VusRaJus3E5PLko3KGjK3yneEsdjPA45B9rH81ENroHuaE0V/eWwvguCyzhk0Rjj70ZpPWT2jLoTfbFt5MWtnG2cBXe00tbzMxcYIQfGSryu8c061deoWVAhaZtcxmt28XEoMbV/FdNZdoxZ8297P8I= Received: from PH7PR10CA0006.namprd10.prod.outlook.com (2603:10b6:510:23d::25) by PH7PR12MB5901.namprd12.prod.outlook.com (2603:10b6:510:1d5::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19; Fri, 23 Aug 2024 13:33:32 +0000 Received: from CY4PEPF0000EE37.namprd05.prod.outlook.com (2603:10b6:510:23d:cafe::91) by PH7PR10CA0006.outlook.office365.com (2603:10b6:510:23d::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7897.19 via Frontend Transport; Fri, 23 Aug 2024 13:33:32 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 165.204.84.17) smtp.mailfrom=amd.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=amd.com; Received-SPF: Pass (protection.outlook.com: domain of amd.com designates 165.204.84.17 as permitted sender) receiver=protection.outlook.com; client-ip=165.204.84.17; helo=SATLEXMB04.amd.com; pr=C Received: from SATLEXMB04.amd.com (165.204.84.17) by CY4PEPF0000EE37.mail.protection.outlook.com (10.167.242.43) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.7897.11 via Frontend Transport; Fri, 23 Aug 2024 13:33:31 +0000 Received: from aiemdee.2.ozlabs.ru (10.180.168.240) by SATLEXMB04.amd.com (10.181.40.145) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Fri, 23 Aug 2024 08:33:25 -0500 From: Alexey Kardashevskiy To: CC: , , , Suravee Suthikulpanit , Alex Williamson , Dan Williams , , , , , Santosh Shukla , Tom Lendacky , Michael Roth , "Alexander Graf" , Nikunj A Dadhania , Vasant Hegde , Lukas Wunner , Alexey Kardashevskiy Subject: [RFC PATCH 21/21] pci: Define pci_iomap_range_encrypted Date: Fri, 23 Aug 2024 23:21:35 +1000 Message-ID: <20240823132137.336874-22-aik@amd.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240823132137.336874-1-aik@amd.com> References: <20240823132137.336874-1-aik@amd.com> Precedence: bulk X-Mailing-List: kvm@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: SATLEXMB03.amd.com (10.181.40.144) To SATLEXMB04.amd.com (10.181.40.145) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY4PEPF0000EE37:EE_|PH7PR12MB5901:EE_ X-MS-Office365-Filtering-Correlation-Id: 42e32eb1-6997-4d38-5189-08dcc3782df5 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|82310400026|36860700013|376014|1800799024; X-Microsoft-Antispam-Message-Info: Dhlz3GlVofy7STNa8XIb5cur/jAnm6CXKDtHv38GIr/CAlYmQrY9l/hJZrrX3ANgQst8LLRQ1y44i9SNZ+2UKl2gXd3aGo4DJG+BW14f0wTwYJCSd6/N5bvpr38e2U6e9FWeYJln6JcBRE54f1+ENFLec/3+egBlf0CEagwN1Kpdjy6cjSGc2jtnrl36wSddNIB8vAEQBvfiph8puqSe4Av/FuTp8wCR3F1/86mCvpcXJ7+vhjwaUXlsJCpGnbjAA7S9RFU3QjrBb52KBF8JCAlq5bDgoUeuLq4YbKP89b3Q8euf/5MgH6KRY7l11bUU/hS88iV44J/Wh5F+ykx1v46cNXJc0e/kTLOlECcI+8TxAqDNsEEa916V6BKREt04ypo9I+Qk8HeZfHPmM8jVYCVrpifqFdmjF3w6do21xnPJYoa4jncYgXOWeMyb80h/h4tcGF4E5gtnKC1QzsglydEAjtMaRPKaVg/VKnSvJZUygoJQ3ujZWUnaGvE4ysp+QOvZSVhF2/7vp6OioLwv8ruBcX/NrHa5aB4/3NYzQXLutGelcY6BO+bz1TDLPsvrLerLGdGdGeYb/m452rL1l0xudYOiRpvELq7zlJFrYJAISODWNMbWEHwXXb7a/aBOewb7vn/DSk0pa6+jJ/cC9bDxnc+rqdywQZVK+sOCf85Qt7twJpR7vRahiliub7lWPgsqqFEt+EZGACXBHopvEuUp4I4xiFaMKGAgkHY0chP/5muvU/jWsM7jxPuTzB04QKQuMK1AacYuojukm61BY8KpKq4oJFYTrPeF4/FbTzc4vSuhjfXekbkP+a7Ne9SNf4EdR9nCWqrQ1wGJa5vJ5KXZ9uuli2K+WU4Omcr8qhhTQJIjuzPIE660zLWtOVl5crKZuB/029LuQL62sAPPKamf+Fs/QbuGEwW2FZfSTdNkUcCtn8os78TJ2Rxw7/80P6VXyH+LXWbgvqWzGbCNOb2DyK3fnGKg9kn0xdbtwqJNf4Orsy762+7nPrjdXj9ZFLpE7c5HACpRYrUdvPBfhrb7xbtYfNg7rHrqDBWNQN2+c9c8J8LzRkILKupORIMtuFpkLc7fVUr2aljoLpi8rMGY3YKntiDWIr3BCGFoVL9cdoN6sKLnm4imm8STRzuUA1E1U956eSa/SFeTwj2z9jXln/Xp92GmCyvf5g0wldsnUmnIi4RXJdHbmATNNA0gYnbzHzNx3KkZN/lt4MmIaYbd3UQRgYkbdkq/sR/Idrq1hNb9o0ebH+E+ozRdityOEKdUqICa1nCVLZyyRHCznlZ8fXuyDjl6CcNy40zkQqJdPndrmm1OoX5om3d+tBy/rgBa1/6xH7aMl+c3t3bDqMTd0cmInxFntqxOht2s6Z3gL2OR/F+UOWjMVrtFL5m1BHgW4zDmWzk4Tu5c/sPLwgwZz8KPJY+oaw2fEFiOv7lVoFXOa8Pwu6MUfC+2fCWK X-Forefront-Antispam-Report: CIP:165.204.84.17;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:SATLEXMB04.amd.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(82310400026)(36860700013)(376014)(1800799024);DIR:OUT;SFP:1101; X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Aug 2024 13:33:31.3061 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 42e32eb1-6997-4d38-5189-08dcc3782df5 X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=3dd8961f-e488-4e60-8e11-a82d994e183d;Ip=[165.204.84.17];Helo=[SATLEXMB04.amd.com] X-MS-Exchange-CrossTenant-AuthSource: CY4PEPF0000EE37.namprd05.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR12MB5901 So far PCI BARs could not be mapped as encrypted so there was no need in API supporting encrypted mappings. TDISP is adding such support so add pci_iomap_range_encrypted() to allow PCI drivers do the encrypted mapping when needed. Signed-off-by: Alexey Kardashevskiy --- include/asm-generic/pci_iomap.h | 4 ++++ drivers/pci/iomap.c | 24 ++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/include/asm-generic/pci_iomap.h b/include/asm-generic/pci_iomap.h index 8fbb0a55545d..d7b922c5ab86 100644 --- a/include/asm-generic/pci_iomap.h +++ b/include/asm-generic/pci_iomap.h @@ -15,6 +15,10 @@ extern void __iomem *pci_iomap_wc(struct pci_dev *dev, int bar, unsigned long ma extern void __iomem *pci_iomap_range(struct pci_dev *dev, int bar, unsigned long offset, unsigned long maxlen); +extern void __iomem *pci_iomap_range_encrypted(struct pci_dev *dev, + int bar, + unsigned long offset, + unsigned long maxlen); extern void __iomem *pci_iomap_wc_range(struct pci_dev *dev, int bar, unsigned long offset, unsigned long maxlen); diff --git a/drivers/pci/iomap.c b/drivers/pci/iomap.c index a715a4803c95..2bf8ef4f672b 100644 --- a/drivers/pci/iomap.c +++ b/drivers/pci/iomap.c @@ -52,6 +52,30 @@ void __iomem *pci_iomap_range(struct pci_dev *dev, } EXPORT_SYMBOL(pci_iomap_range); +void __iomem *pci_iomap_range_encrypted(struct pci_dev *dev, + int bar, + unsigned long offset, + unsigned long maxlen) +{ + resource_size_t start = pci_resource_start(dev, bar); + resource_size_t len = pci_resource_len(dev, bar); + unsigned long flags = pci_resource_flags(dev, bar); + + if (len <= offset || !start) + return NULL; + len -= offset; + start += offset; + if (maxlen && len > maxlen) + len = maxlen; + if (flags & IORESOURCE_IO) + return NULL; + if (flags & IORESOURCE_MEM) + return ioremap_encrypted(start, len); + /* What? */ + return NULL; +} +EXPORT_SYMBOL(pci_iomap_range_encrypted); + /** * pci_iomap_wc_range - create a virtual WC mapping cookie for a PCI BAR * @dev: PCI device that owns the BAR