Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp944762rwb; Thu, 10 Nov 2022 09:11:46 -0800 (PST) X-Google-Smtp-Source: AMsMyM6S2FdUdeLNAf0lt0PmNhEu/v8nH8ULDxEs0UvtuNxgr2ikpVo6srwqxLpsWHASC+InYLdZ X-Received: by 2002:a17:90a:356:b0:213:566c:376e with SMTP id 22-20020a17090a035600b00213566c376emr1550946pjf.96.1668100306399; Thu, 10 Nov 2022 09:11:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668100306; cv=none; d=google.com; s=arc-20160816; b=OPVonUOEirVRqIG2UPBREgUmOg9bB0gdUOJBqgm1i+lrlgsIgo+y8gytnNTYdEkEOl +B/cCR+Xkrf+2r4SQj8bDXiJA0DYNfGM9jik7rzHF1Gs+7m4R3Vej3ekyd0tyVAzppzM l04x4Rcv000sE18aO0R5GjKy+cqsloPzLdGvTP3tY78zqhyElCmJGnn+OUhUFB3JRR5L /kyWhf53PSb5J9kEJrZ4UJcU7MhnhbWI0i/vHkR1QeK/mhqyKzc2ZVcQVChXjNvTmtL+ TUa7J06SjF92UXAvyWjuQdoslJ2YBLNupoHLAGZWk2QZIPAXJZo/2lHRd1Ae/PbHlkcJ d7eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=Tpp7Gwy/r5e/+H+feiypkA92ize6X+nNHLC4UW2XS1E=; b=kcH/dBqBNbOeIDVD4z7gzLAVCbTlrBS//HkGVsQS4yWcMSqJEcf2YeI3L5EW3mwpEd iI56bSV87KHLuE+O7Hp4YYWLasEVJALupgEoNrd+D2VGwQNTS3h+fnOYsOkohDquHYj5 D3vEG2cyOs8wZv60ucR2spudwaJeCUS8QambFRgo2Im8D0DLkzmOO2ROhNmHIgZ30j2H lHIaTiDue5yLjbd2Va3hgF0zE07sZRGnbS6oJ6exdY8va0gsQsDYd6eG/js3KrGpkPSz PBy4sCLf0c+tVR+gCKB2WAZhlMTnNj2CoUfpJM0tdZeuFapmFKlgZfYv8HB2R0oRe3Jd ghZw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=eSZp5a4Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nv8-20020a17090b1b4800b0020038eb8b5asi135787pjb.21.2022.11.10.09.11.26; Thu, 10 Nov 2022 09:11:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=eSZp5a4Q; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230457AbiKJPRZ (ORCPT + 92 others); Thu, 10 Nov 2022 10:17:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229533AbiKJPRW (ORCPT ); Thu, 10 Nov 2022 10:17:22 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B45C61E3E6 for ; Thu, 10 Nov 2022 07:16:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668093382; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Tpp7Gwy/r5e/+H+feiypkA92ize6X+nNHLC4UW2XS1E=; b=eSZp5a4Q6zsSOyKkFYubOCRQSvj22QDG0kt+JNhgKqXM4F+Iem2eMe2C7BnC8vTE5/hZKQ MHEs1iEZ2wPjvAsvwOfY4LNAbS7D7jxf6ZMQc8GeiWJXUjJXffKuMXc5QvCGUlP6WstKrb f/qkEn9An/f+7KRI+e5yCokmAIaIiZI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-138-h28TWhiMOxGbow6m0MWXzQ-1; Thu, 10 Nov 2022 10:16:18 -0500 X-MC-Unique: h28TWhiMOxGbow6m0MWXzQ-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DEBA73C0F446; Thu, 10 Nov 2022 15:16:17 +0000 (UTC) Received: from fedora (unknown [10.22.8.196]) by smtp.corp.redhat.com (Postfix) with SMTP id F1282112131B; Thu, 10 Nov 2022 15:16:12 +0000 (UTC) Date: Thu, 10 Nov 2022 12:16:11 -0300 From: Wander Lairson Costa To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet , "H . Peter Anvin" , Greg Kroah-Hartman , "Kirill A . Shutemov" , Tony Luck , Kai Huang , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: Re: [PATCH v17 1/3] x86/tdx: Add a wrapper to get TDREPORT from the TDX Module Message-ID: <20221110151611.shrdumi2t5a3obns@fedora> References: <20221104032355.227814-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20221104032355.227814-2-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221104032355.227814-2-sathyanarayanan.kuppuswamy@linux.intel.com> X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Nov 03, 2022 at 08:23:53PM -0700, Kuppuswamy Sathyanarayanan wrote: > To support TDX attestation, the TDX guest driver exposes an IOCTL > interface to allow userspace to get the TDREPORT from the TDX module > via TDG.MR.TDREPORT TDCALL. > > In order to get the TDREPORT in the TDX guest driver, instead of using > a low level function like __tdx_module_call(), add a > tdx_mcall_get_report() wrapper function to handle it. > > This is a preparatory patch for adding attestation support. > > Signed-off-by: Kuppuswamy Sathyanarayanan > --- > > Changes since v16 > * Added invalid operand error code support. > * Removed subtype param in tdx_mcall_get_report(). > > Changes since v15: > * None > > Changes since v14: > * Instead of exporting __tdx_module_call(), added a new wrapper. > * Rebased on top of v6.1-rc1 > > arch/x86/coco/tdx/tdx.c | 38 ++++++++++++++++++++++++++++++++++++++ > arch/x86/include/asm/tdx.h | 2 ++ > 2 files changed, 40 insertions(+) > > diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c > index 928dcf7a20d9..17cf2e9d5849 100644 > --- a/arch/x86/coco/tdx/tdx.c > +++ b/arch/x86/coco/tdx/tdx.c > @@ -5,6 +5,8 @@ > #define pr_fmt(fmt) "tdx: " fmt > > #include > +#include > +#include > #include > #include > #include > @@ -15,6 +17,7 @@ > /* TDX module Call Leaf IDs */ > #define TDX_GET_INFO 1 > #define TDX_GET_VEINFO 3 > +#define TDX_GET_REPORT 4 > #define TDX_ACCEPT_PAGE 6 > > /* TDX hypercall Leaf IDs */ > @@ -34,6 +37,10 @@ > #define VE_GET_PORT_NUM(e) ((e) >> 16) > #define VE_IS_IO_STRING(e) ((e) & BIT(4)) > > +/* TDX Module call error codes */ > +#define TDCALL_RETURN_CODE(a) ((a) >> 32) > +#define TDCALL_INVALID_OPERAND 0xc0000100 > + > /* > * Wrapper for standard use of __tdx_hypercall with no output aside from > * return code. > @@ -98,6 +105,37 @@ static inline void tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, > panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); > } > > +/** > + * tdx_mcall_get_report() - Wrapper for TDG.MR.REPORT TDCALL. > + * @reportdata: Address of the input buffer which contains > + * user-defined REPORTDATA to be included into > + * TDREPORT. > + * @tdreport: Address of the output buffer to store TDREPORT. > + * > + * Generate TDREPORT using "TDG.MR.REPORT" TDCALL. Refer to section > + * titled "TDG.MR.REPORT leaf" in the TDX Module 1.0 specification > + * for detailed information. It is used in the TDX guest driver > + * module to get the TDREPORT. > + * > + * Return 0 on success, -EINVAL for invalid operands, or -EIO on > + * other TDCALL failures. > + */ > +int tdx_mcall_get_report(u8 *reportdata, u8 *tdreport) > +{ > + u64 ret; > + > + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), > + virt_to_phys(reportdata), 0, 0, NULL); > + if (ret) { > + if (TDCALL_RETURN_CODE(ret) == TDCALL_INVALID_OPERAND) > + return -EINVAL; > + return -EIO; > + } > + > + return 0; > +} > +EXPORT_SYMBOL_GPL(tdx_mcall_get_report); > + > static u64 get_cc_mask(void) > { > struct tdx_module_output out; > diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h > index 020c81a7c729..eef9c0b7880e 100644 > --- a/arch/x86/include/asm/tdx.h > +++ b/arch/x86/include/asm/tdx.h > @@ -67,6 +67,8 @@ void tdx_safe_halt(void); > > bool tdx_early_handle_ve(struct pt_regs *regs); > > +int tdx_mcall_get_report(u8 *reportdata, u8 *tdreport); > + > #else > > static inline void tdx_early_init(void) { }; > -- > 2.34.1 > > Acked-by: Wander Lairson Costa