Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp1280895pxb; Wed, 2 Feb 2022 00:56:05 -0800 (PST) X-Google-Smtp-Source: ABdhPJxtn5YkSX+i5wh1RsP+lmy4avF2snuVmWPqhc5zxu09Wrsgp7BFfja71RYBn5/kunwaDhfg X-Received: by 2002:a05:6a00:1682:: with SMTP id k2mr28815753pfc.69.1643792165490; Wed, 02 Feb 2022 00:56:05 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1643792165; cv=none; d=google.com; s=arc-20160816; b=RyVpU8I48lF1FSCBQQF6rOt5xYwZKsCeZPzya8lpZ6dbxpJgTFhIEmJ4rmE4uPOHDj Y756Z8Lk7zJ932xJTISXaPdj/bA7vYmnf9xYMM0shzSLf9FFL8yBqExC+SPFrMCfYOY0 DjoaGGI9bElNLWeDNxwCMgmKjYjO6ePdhodc7dK/FWgOmAfibuCQL4VMm9YCgzYjHeYB /Y2BxBC1nlLLeAP8KVZLRaHrF14NBrMbqs2GdrvYELHgVmK8B6pOhKAV5YbVDuZk5x7/ gsHKfQaUzoSOn/KvvtkdwukNbYhTJMNs/4EU7mIgAqwyedrOY4R61uwfazBv6o4No70U XCtw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=5ziGDzhe4hiIJbW+habtGmGnhoT35aHsGESQviCaQ+w=; b=U2mQ2LPdPQvvWc8qx5essqmjkF1zeksL+3t2c5jykIyBdKLYH0vROzynFcjMp0XNpM QD5Y8brdLe4Kd+DiK4gD8ZxVPanM9tDhNbNpcg7NPNG8sH2ec0vEQwe4viuQNvemjowq oup/HrCO8hL6DmBIeYrbW1saCk3nXuWmo9ZLv5b5hAEkwf0mImH+daFNZ5fBxgTiYFux BvYBJJCTu+1gm8eDF4HtzOSxGPJQj5Das8QXOVb1MXFDmcTLBp8Fu+UQZE80jLH59zaU jlFN21IJb64X/WZKcOUKqO+RIv7E+rwnJYHt6cQ9kjzrAP90J6nNDJfpKWSS8dJ3Xq7A 72yQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ULRhHEwf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q144si19126724pgq.59.2022.02.02.00.55.53; Wed, 02 Feb 2022 00:56:05 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=ULRhHEwf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240565AbiBAUoP (ORCPT + 99 others); Tue, 1 Feb 2022 15:44:15 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240353AbiBAUoM (ORCPT ); Tue, 1 Feb 2022 15:44:12 -0500 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1492C061401 for ; Tue, 1 Feb 2022 12:44:11 -0800 (PST) Received: by mail-lf1-x12b.google.com with SMTP id a28so36305310lfl.7 for ; Tue, 01 Feb 2022 12:44:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=5ziGDzhe4hiIJbW+habtGmGnhoT35aHsGESQviCaQ+w=; b=ULRhHEwfC7PGE+4k1GDiGsO/d2FjnY+Oi4trs0eFA5DaXt/oV+RNNnSbpgrhC6aKbZ XJ6govUz89erjGyfE7+7SVOskPe5PMFEu/tDTSBXkiTwqX3Zic6jNWZWMbOeawCw2SYc 3NKbkGph8POLHTfNE0Y0Zmdw1M0ofWjVr3GPyNPUu1T7FgK+hyJmjRNzjDWi0kuY3VCi zobUuDbb3xQKyd9QYUUaM62NkosplK0FoeqV5eeE1wW0dN+fOJVn2J2VozPi6apyaCqZ uZBBb+B+pvdCOU/34ZCAt49cKTUpwt4YM3jOVBzXb6mr3YgQnqRUeQyhAPyv849wVQ/i NJ7g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=5ziGDzhe4hiIJbW+habtGmGnhoT35aHsGESQviCaQ+w=; b=o6ZWRcQWyx0Xae+yk67FJeME1QQsu2pEAz3V3Li7X8qQUJHqUdchUdAzcZOu0yncV5 vXf4p1P6T+rZg4Cuppqdsb5JiZkdiarvuMzvve52E5IQFMZRGwHAbifHZTCrzWg3nSOe cmamiFzX0dYOYozkNS8ETEUlYh9a7UJaVFTkfkHgSeZO1MmXrO8YhousX2AY1XCoIu2S vMNOPP40lPiY9gz3FXZ9Fk4gNGqIADStnPBQekalypoWbLWqaBLWWSoxi0RtXPSdwdO6 kzsUmItpgXiVrxhRyhFMgW3QiYIHqxRidcBppBDHQZFKgAL6ENJCN+K27VN5TpwBpoma Cg2Q== X-Gm-Message-State: AOAM530rdS6uDJer21/InwziHAqyYEQHwjCtnev76azE4LiAePRu8fjh gta0tdisD+lqCR1YtUOroQeWGnq5siVaW9BpZE3qTgWQklcYBTVP X-Received: by 2002:a05:6512:1520:: with SMTP id bq32mr19454952lfb.644.1643748249618; Tue, 01 Feb 2022 12:44:09 -0800 (PST) MIME-Version: 1.0 References: <20220128171804.569796-1-brijesh.singh@amd.com> <20220128171804.569796-44-brijesh.singh@amd.com> In-Reply-To: <20220128171804.569796-44-brijesh.singh@amd.com> From: Peter Gonda Date: Tue, 1 Feb 2022 13:43:57 -0700 Message-ID: Subject: Re: [PATCH v9 43/43] virt: sevguest: Add support to get extended report To: Brijesh Singh Cc: "the arch/x86 maintainers" , LKML , kvm list , linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Borislav Petkov , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , brijesh.ksingh@gmail.com, Tony Luck , Marc Orr , Sathyanarayanan Kuppuswamy Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 28, 2022 at 10:19 AM Brijesh Singh wrote: > > Version 2 of GHCB specification defines Non-Automatic-Exit(NAE) to get > the extended guest report. It is similar to the SNP_GET_REPORT ioctl. > The main difference is related to the additional data that will be > returned. The additional data returned is a certificate blob that can > be used by the SNP guest user. The certificate blob layout is defined > in the GHCB specification. The driver simply treats the blob as a opaque > data and copies it to userspace. > > Signed-off-by: Brijesh Singh > --- > Documentation/virt/coco/sevguest.rst | 23 +++++++ > drivers/virt/coco/sevguest/sevguest.c | 89 +++++++++++++++++++++++++++ > include/uapi/linux/sev-guest.h | 13 ++++ > 3 files changed, 125 insertions(+) > > diff --git a/Documentation/virt/coco/sevguest.rst b/Documentation/virt/coco/sevguest.rst > index aafc9bce9aef..b9fe20e92d06 100644 > --- a/Documentation/virt/coco/sevguest.rst > +++ b/Documentation/virt/coco/sevguest.rst > @@ -90,6 +90,29 @@ on the various fields passed in the key derivation request. > On success, the snp_derived_key_resp.data contains the derived key value. See > the SEV-SNP specification for further details. > > + > +2.3 SNP_GET_EXT_REPORT > +---------------------- > +:Technology: sev-snp > +:Type: guest ioctl > +:Parameters (in/out): struct snp_ext_report_req > +:Returns (out): struct snp_report_resp on success, -negative on error > + > +The SNP_GET_EXT_REPORT ioctl is similar to the SNP_GET_REPORT. The difference is > +related to the additional certificate data that is returned with the report. > +The certificate data returned is being provided by the hypervisor through the > +SNP_SET_EXT_CONFIG. > + > +The ioctl uses the SNP_GUEST_REQUEST (MSG_REPORT_REQ) command provided by the SEV-SNP > +firmware to get the attestation report. > + > +On success, the snp_ext_report_resp.data will contain the attestation report > +and snp_ext_report_req.certs_address will contain the certificate blob. If the > +length of the blob is smaller than expected then snp_ext_report_req.certs_len will > +be updated with the expected value. > + > +See GHCB specification for further detail on how to parse the certificate blob. > + > Reference > --------- > > diff --git a/drivers/virt/coco/sevguest/sevguest.c b/drivers/virt/coco/sevguest/sevguest.c > index 4369e55df9a6..a53854353944 100644 > --- a/drivers/virt/coco/sevguest/sevguest.c > +++ b/drivers/virt/coco/sevguest/sevguest.c > @@ -41,6 +41,7 @@ struct snp_guest_dev { > struct device *dev; > struct miscdevice misc; > > + void *certs_data; > struct snp_guest_crypto *crypto; > struct snp_guest_msg *request, *response; > struct snp_secrets_page_layout *layout; > @@ -434,6 +435,84 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque > return rc; > } > > +static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) > +{ > + struct snp_guest_crypto *crypto = snp_dev->crypto; > + struct snp_ext_report_req req = {0}; > + struct snp_report_resp *resp; > + int ret, npages = 0, resp_len; > + > + if (!arg->req_data || !arg->resp_data) > + return -EINVAL; > + > + /* Copy the request payload from userspace */ > + if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) > + return -EFAULT; > + > + if (req.certs_len) { > + if (req.certs_len > SEV_FW_BLOB_MAX_SIZE || > + !IS_ALIGNED(req.certs_len, PAGE_SIZE)) > + return -EINVAL; > + } > + > + if (req.certs_address && req.certs_len) { > + if (!access_ok(req.certs_address, req.certs_len)) > + return -EFAULT; > + > + /* > + * Initialize the intermediate buffer with all zero's. This buffer zeros > + * is used in the guest request message to get the certs blob from > + * the host. If host does not supply any certs in it, then copy > + * zeros to indicate that certificate data was not provided. > + */ > + memset(snp_dev->certs_data, 0, req.certs_len); > + > + npages = req.certs_len >> PAGE_SHIFT; > + } > + > + /* > + * The intermediate response buffer is used while decrypting the > + * response payload. Make sure that it has enough space to cover the > + * authtag. > + */ > + resp_len = sizeof(resp->data) + crypto->a_len; > + resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); > + if (!resp) > + return -ENOMEM; Can we pull this duplicated code from get_report() into a helper? > + > + snp_dev->input.data_npages = npages; > + ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version, > + SNP_MSG_REPORT_REQ, &req.data, > + sizeof(req.data), resp->data, resp_len, &arg->fw_err); > + > + /* If certs length is invalid then copy the returned length */ > + if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) { > + req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; > + > + if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) > + ret = -EFAULT; > + } > + > + if (ret) > + goto e_free; > + > + /* Copy the certificate data blob to userspace */ > + if (req.certs_address && req.certs_len && > + copy_to_user((void __user *)req.certs_address, snp_dev->certs_data, > + req.certs_len)) { > + ret = -EFAULT; > + goto e_free; > + } > + > + /* Copy the response payload to userspace */ > + if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) > + ret = -EFAULT; > + > +e_free: > + kfree(resp); > + return ret; > +} > + > static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) > { > struct snp_guest_dev *snp_dev = to_snp_dev(file); > @@ -466,6 +545,9 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long > case SNP_GET_DERIVED_KEY: > ret = get_derived_key(snp_dev, &input); > break; > + case SNP_GET_EXT_REPORT: > + ret = get_ext_report(snp_dev, &input); > + break; > default: > break; > } > @@ -594,6 +676,10 @@ static int __init snp_guest_probe(struct platform_device *pdev) > if (!snp_dev->response) > goto e_fail; > > + snp_dev->certs_data = alloc_shared_pages(SEV_FW_BLOB_MAX_SIZE); > + if (!snp_dev->certs_data) > + goto e_fail; > + > ret = -EIO; > snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); > if (!snp_dev->crypto) > @@ -607,6 +693,7 @@ static int __init snp_guest_probe(struct platform_device *pdev) > /* initial the input address for guest request */ > snp_dev->input.req_gpa = __pa(snp_dev->request); > snp_dev->input.resp_gpa = __pa(snp_dev->response); > + snp_dev->input.data_gpa = __pa(snp_dev->certs_data); > > ret = misc_register(misc); > if (ret) > @@ -617,6 +704,7 @@ static int __init snp_guest_probe(struct platform_device *pdev) > > e_fail: > iounmap(layout); > + free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); > free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); > free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); > > @@ -629,6 +717,7 @@ static int __exit snp_guest_remove(struct platform_device *pdev) > > free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); > free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); > + free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); > deinit_crypto(snp_dev->crypto); > misc_deregister(&snp_dev->misc); > > diff --git a/include/uapi/linux/sev-guest.h b/include/uapi/linux/sev-guest.h > index bcd00a6d4501..0a47b6627c78 100644 > --- a/include/uapi/linux/sev-guest.h > +++ b/include/uapi/linux/sev-guest.h > @@ -56,6 +56,16 @@ struct snp_guest_request_ioctl { > __u64 fw_err; > }; > > +struct snp_ext_report_req { > + struct snp_report_req data; > + > + /* where to copy the certificate blob */ > + __u64 certs_address; > + > + /* length of the certificate blob */ > + __u32 certs_len; > +}; > + > #define SNP_GUEST_REQ_IOC_TYPE 'S' > > /* Get SNP attestation report */ > @@ -64,4 +74,7 @@ struct snp_guest_request_ioctl { > /* Get a derived key from the root */ > #define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl) > > +/* Get SNP extended report as defined in the GHCB specification version 2. */ > +#define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl) > + > #endif /* __UAPI_LINUX_SEV_GUEST_H_ */ > -- > 2.25.1 >