linux/drivers/crypto/ccp/sev-dev.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * AMD Secure Encrypted Virtualization (SEV) interface
   4 *
   5 * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
   6 *
   7 * Author: Brijesh Singh <brijesh.singh@amd.com>
   8 */
   9
  10#include <linux/module.h>
  11#include <linux/kernel.h>
  12#include <linux/kthread.h>
  13#include <linux/sched.h>
  14#include <linux/interrupt.h>
  15#include <linux/spinlock.h>
  16#include <linux/spinlock_types.h>
  17#include <linux/types.h>
  18#include <linux/mutex.h>
  19#include <linux/delay.h>
  20#include <linux/hw_random.h>
  21#include <linux/ccp.h>
  22#include <linux/firmware.h>
  23#include <linux/gfp.h>
  24#include <linux/cpufeature.h>
  25
  26#include <asm/smp.h>
  27
  28#include "psp-dev.h"
  29#include "sev-dev.h"
  30
  31#define DEVICE_NAME             "sev"
  32#define SEV_FW_FILE             "amd/sev.fw"
  33#define SEV_FW_NAME_SIZE        64
  34
  35static DEFINE_MUTEX(sev_cmd_mutex);
  36static struct sev_misc_dev *misc_dev;
  37
  38static int psp_cmd_timeout = 100;
  39module_param(psp_cmd_timeout, int, 0644);
  40MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
  41
  42static int psp_probe_timeout = 5;
  43module_param(psp_probe_timeout, int, 0644);
  44MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
  45
  46MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */
  47MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */
  48MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */
  49
  50static bool psp_dead;
  51static int psp_timeout;
  52
  53/* Trusted Memory Region (TMR):
  54 *   The TMR is a 1MB area that must be 1MB aligned.  Use the page allocator
  55 *   to allocate the memory, which will return aligned memory for the specified
  56 *   allocation order.
  57 */
  58#define SEV_ES_TMR_SIZE         (1024 * 1024)
  59static void *sev_es_tmr;
  60
  61static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
  62{
  63        struct sev_device *sev = psp_master->sev_data;
  64
  65        if (sev->api_major > maj)
  66                return true;
  67
  68        if (sev->api_major == maj && sev->api_minor >= min)
  69                return true;
  70
  71        return false;
  72}
  73
  74static void sev_irq_handler(int irq, void *data, unsigned int status)
  75{
  76        struct sev_device *sev = data;
  77        int reg;
  78
  79        /* Check if it is command completion: */
  80        if (!(status & SEV_CMD_COMPLETE))
  81                return;
  82
  83        /* Check if it is SEV command completion: */
  84        reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
  85        if (reg & PSP_CMDRESP_RESP) {
  86                sev->int_rcvd = 1;
  87                wake_up(&sev->int_queue);
  88        }
  89}
  90
  91static int sev_wait_cmd_ioc(struct sev_device *sev,
  92                            unsigned int *reg, unsigned int timeout)
  93{
  94        int ret;
  95
  96        ret = wait_event_timeout(sev->int_queue,
  97                        sev->int_rcvd, timeout * HZ);
  98        if (!ret)
  99                return -ETIMEDOUT;
 100
 101        *reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
 102
 103        return 0;
 104}
 105
 106static int sev_cmd_buffer_len(int cmd)
 107{
 108        switch (cmd) {
 109        case SEV_CMD_INIT:                      return sizeof(struct sev_data_init);
 110        case SEV_CMD_PLATFORM_STATUS:           return sizeof(struct sev_user_data_status);
 111        case SEV_CMD_PEK_CSR:                   return sizeof(struct sev_data_pek_csr);
 112        case SEV_CMD_PEK_CERT_IMPORT:           return sizeof(struct sev_data_pek_cert_import);
 113        case SEV_CMD_PDH_CERT_EXPORT:           return sizeof(struct sev_data_pdh_cert_export);
 114        case SEV_CMD_LAUNCH_START:              return sizeof(struct sev_data_launch_start);
 115        case SEV_CMD_LAUNCH_UPDATE_DATA:        return sizeof(struct sev_data_launch_update_data);
 116        case SEV_CMD_LAUNCH_UPDATE_VMSA:        return sizeof(struct sev_data_launch_update_vmsa);
 117        case SEV_CMD_LAUNCH_FINISH:             return sizeof(struct sev_data_launch_finish);
 118        case SEV_CMD_LAUNCH_MEASURE:            return sizeof(struct sev_data_launch_measure);
 119        case SEV_CMD_ACTIVATE:                  return sizeof(struct sev_data_activate);
 120        case SEV_CMD_DEACTIVATE:                return sizeof(struct sev_data_deactivate);
 121        case SEV_CMD_DECOMMISSION:              return sizeof(struct sev_data_decommission);
 122        case SEV_CMD_GUEST_STATUS:              return sizeof(struct sev_data_guest_status);
 123        case SEV_CMD_DBG_DECRYPT:               return sizeof(struct sev_data_dbg);
 124        case SEV_CMD_DBG_ENCRYPT:               return sizeof(struct sev_data_dbg);
 125        case SEV_CMD_SEND_START:                return sizeof(struct sev_data_send_start);
 126        case SEV_CMD_SEND_UPDATE_DATA:          return sizeof(struct sev_data_send_update_data);
 127        case SEV_CMD_SEND_UPDATE_VMSA:          return sizeof(struct sev_data_send_update_vmsa);
 128        case SEV_CMD_SEND_FINISH:               return sizeof(struct sev_data_send_finish);
 129        case SEV_CMD_RECEIVE_START:             return sizeof(struct sev_data_receive_start);
 130        case SEV_CMD_RECEIVE_FINISH:            return sizeof(struct sev_data_receive_finish);
 131        case SEV_CMD_RECEIVE_UPDATE_DATA:       return sizeof(struct sev_data_receive_update_data);
 132        case SEV_CMD_RECEIVE_UPDATE_VMSA:       return sizeof(struct sev_data_receive_update_vmsa);
 133        case SEV_CMD_LAUNCH_UPDATE_SECRET:      return sizeof(struct sev_data_launch_secret);
 134        case SEV_CMD_DOWNLOAD_FIRMWARE:         return sizeof(struct sev_data_download_firmware);
 135        case SEV_CMD_GET_ID:                    return sizeof(struct sev_data_get_id);
 136        case SEV_CMD_ATTESTATION_REPORT:        return sizeof(struct sev_data_attestation_report);
 137        case SEV_CMD_SEND_CANCEL:                       return sizeof(struct sev_data_send_cancel);
 138        default:                                return 0;
 139        }
 140
 141        return 0;
 142}
 143
 144static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
 145{
 146        struct psp_device *psp = psp_master;
 147        struct sev_device *sev;
 148        unsigned int phys_lsb, phys_msb;
 149        unsigned int reg, ret = 0;
 150        int buf_len;
 151
 152        if (!psp || !psp->sev_data)
 153                return -ENODEV;
 154
 155        if (psp_dead)
 156                return -EBUSY;
 157
 158        sev = psp->sev_data;
 159
 160        buf_len = sev_cmd_buffer_len(cmd);
 161        if (WARN_ON_ONCE(!data != !buf_len))
 162                return -EINVAL;
 163
 164        /*
 165         * Copy the incoming data to driver's scratch buffer as __pa() will not
 166         * work for some memory, e.g. vmalloc'd addresses, and @data may not be
 167         * physically contiguous.
 168         */
 169        if (data)
 170                memcpy(sev->cmd_buf, data, buf_len);
 171
 172        /* Get the physical address of the command buffer */
 173        phys_lsb = data ? lower_32_bits(__psp_pa(sev->cmd_buf)) : 0;
 174        phys_msb = data ? upper_32_bits(__psp_pa(sev->cmd_buf)) : 0;
 175
 176        dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
 177                cmd, phys_msb, phys_lsb, psp_timeout);
 178
 179        print_hex_dump_debug("(in):  ", DUMP_PREFIX_OFFSET, 16, 2, data,
 180                             buf_len, false);
 181
 182        iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
 183        iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
 184
 185        sev->int_rcvd = 0;
 186
 187        reg = cmd;
 188        reg <<= SEV_CMDRESP_CMD_SHIFT;
 189        reg |= SEV_CMDRESP_IOC;
 190        iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
 191
 192        /* wait for command completion */
 193        ret = sev_wait_cmd_ioc(sev, &reg, psp_timeout);
 194        if (ret) {
 195                if (psp_ret)
 196                        *psp_ret = 0;
 197
 198                dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
 199                psp_dead = true;
 200
 201                return ret;
 202        }
 203
 204        psp_timeout = psp_cmd_timeout;
 205
 206        if (psp_ret)
 207                *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
 208
 209        if (reg & PSP_CMDRESP_ERR_MASK) {
 210                dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",
 211                        cmd, reg & PSP_CMDRESP_ERR_MASK);
 212                ret = -EIO;
 213        }
 214
 215        print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
 216                             buf_len, false);
 217
 218        /*
 219         * Copy potential output from the PSP back to data.  Do this even on
 220         * failure in case the caller wants to glean something from the error.
 221         */
 222        if (data)
 223                memcpy(data, sev->cmd_buf, buf_len);
 224
 225        return ret;
 226}
 227
 228static int sev_do_cmd(int cmd, void *data, int *psp_ret)
 229{
 230        int rc;
 231
 232        mutex_lock(&sev_cmd_mutex);
 233        rc = __sev_do_cmd_locked(cmd, data, psp_ret);
 234        mutex_unlock(&sev_cmd_mutex);
 235
 236        return rc;
 237}
 238
 239static int __sev_platform_init_locked(int *error)
 240{
 241        struct psp_device *psp = psp_master;
 242        struct sev_data_init data;
 243        struct sev_device *sev;
 244        int rc = 0;
 245
 246        if (!psp || !psp->sev_data)
 247                return -ENODEV;
 248
 249        sev = psp->sev_data;
 250
 251        if (sev->state == SEV_STATE_INIT)
 252                return 0;
 253
 254        memset(&data, 0, sizeof(data));
 255        if (sev_es_tmr) {
 256                u64 tmr_pa;
 257
 258                /*
 259                 * Do not include the encryption mask on the physical
 260                 * address of the TMR (firmware should clear it anyway).
 261                 */
 262                tmr_pa = __pa(sev_es_tmr);
 263
 264                data.flags |= SEV_INIT_FLAGS_SEV_ES;
 265                data.tmr_address = tmr_pa;
 266                data.tmr_len = SEV_ES_TMR_SIZE;
 267        }
 268
 269        rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
 270        if (rc)
 271                return rc;
 272
 273        sev->state = SEV_STATE_INIT;
 274
 275        /* Prepare for first SEV guest launch after INIT */
 276        wbinvd_on_all_cpus();
 277        rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
 278        if (rc)
 279                return rc;
 280
 281        dev_dbg(sev->dev, "SEV firmware initialized\n");
 282
 283        return rc;
 284}
 285
 286int sev_platform_init(int *error)
 287{
 288        int rc;
 289
 290        mutex_lock(&sev_cmd_mutex);
 291        rc = __sev_platform_init_locked(error);
 292        mutex_unlock(&sev_cmd_mutex);
 293
 294        return rc;
 295}
 296EXPORT_SYMBOL_GPL(sev_platform_init);
 297
 298static int __sev_platform_shutdown_locked(int *error)
 299{
 300        struct sev_device *sev = psp_master->sev_data;
 301        int ret;
 302
 303        ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
 304        if (ret)
 305                return ret;
 306
 307        sev->state = SEV_STATE_UNINIT;
 308        dev_dbg(sev->dev, "SEV firmware shutdown\n");
 309
 310        return ret;
 311}
 312
 313static int sev_platform_shutdown(int *error)
 314{
 315        int rc;
 316
 317        mutex_lock(&sev_cmd_mutex);
 318        rc = __sev_platform_shutdown_locked(NULL);
 319        mutex_unlock(&sev_cmd_mutex);
 320
 321        return rc;
 322}
 323
 324static int sev_get_platform_state(int *state, int *error)
 325{
 326        struct sev_user_data_status data;
 327        int rc;
 328
 329        rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, error);
 330        if (rc)
 331                return rc;
 332
 333        *state = data.state;
 334        return rc;
 335}
 336
 337static int sev_ioctl_do_reset(struct sev_issue_cmd *argp, bool writable)
 338{
 339        int state, rc;
 340
 341        if (!writable)
 342                return -EPERM;
 343
 344        /*
 345         * The SEV spec requires that FACTORY_RESET must be issued in
 346         * UNINIT state. Before we go further lets check if any guest is
 347         * active.
 348         *
 349         * If FW is in WORKING state then deny the request otherwise issue
 350         * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
 351         *
 352         */
 353        rc = sev_get_platform_state(&state, &argp->error);
 354        if (rc)
 355                return rc;
 356
 357        if (state == SEV_STATE_WORKING)
 358                return -EBUSY;
 359
 360        if (state == SEV_STATE_INIT) {
 361                rc = __sev_platform_shutdown_locked(&argp->error);
 362                if (rc)
 363                        return rc;
 364        }
 365
 366        return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
 367}
 368
 369static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
 370{
 371        struct sev_user_data_status data;
 372        int ret;
 373
 374        ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, &argp->error);
 375        if (ret)
 376                return ret;
 377
 378        if (copy_to_user((void __user *)argp->data, &data, sizeof(data)))
 379                ret = -EFAULT;
 380
 381        return ret;
 382}
 383
 384static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
 385{
 386        struct sev_device *sev = psp_master->sev_data;
 387        int rc;
 388
 389        if (!writable)
 390                return -EPERM;
 391
 392        if (sev->state == SEV_STATE_UNINIT) {
 393                rc = __sev_platform_init_locked(&argp->error);
 394                if (rc)
 395                        return rc;
 396        }
 397
 398        return __sev_do_cmd_locked(cmd, NULL, &argp->error);
 399}
 400
 401static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
 402{
 403        struct sev_device *sev = psp_master->sev_data;
 404        struct sev_user_data_pek_csr input;
 405        struct sev_data_pek_csr data;
 406        void __user *input_address;
 407        void *blob = NULL;
 408        int ret;
 409
 410        if (!writable)
 411                return -EPERM;
 412
 413        if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
 414                return -EFAULT;
 415
 416        memset(&data, 0, sizeof(data));
 417
 418        /* userspace wants to query CSR length */
 419        if (!input.address || !input.length)
 420                goto cmd;
 421
 422        /* allocate a physically contiguous buffer to store the CSR blob */
 423        input_address = (void __user *)input.address;
 424        if (input.length > SEV_FW_BLOB_MAX_SIZE)
 425                return -EFAULT;
 426
 427        blob = kmalloc(input.length, GFP_KERNEL);
 428        if (!blob)
 429                return -ENOMEM;
 430
 431        data.address = __psp_pa(blob);
 432        data.len = input.length;
 433
 434cmd:
 435        if (sev->state == SEV_STATE_UNINIT) {
 436                ret = __sev_platform_init_locked(&argp->error);
 437                if (ret)
 438                        goto e_free_blob;
 439        }
 440
 441        ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
 442
 443         /* If we query the CSR length, FW responded with expected data. */
 444        input.length = data.len;
 445
 446        if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
 447                ret = -EFAULT;
 448                goto e_free_blob;
 449        }
 450
 451        if (blob) {
 452                if (copy_to_user(input_address, blob, input.length))
 453                        ret = -EFAULT;
 454        }
 455
 456e_free_blob:
 457        kfree(blob);
 458        return ret;
 459}
 460
 461void *psp_copy_user_blob(u64 uaddr, u32 len)
 462{
 463        if (!uaddr || !len)
 464                return ERR_PTR(-EINVAL);
 465
 466        /* verify that blob length does not exceed our limit */
 467        if (len > SEV_FW_BLOB_MAX_SIZE)
 468                return ERR_PTR(-EINVAL);
 469
 470        return memdup_user((void __user *)uaddr, len);
 471}
 472EXPORT_SYMBOL_GPL(psp_copy_user_blob);
 473
 474static int sev_get_api_version(void)
 475{
 476        struct sev_device *sev = psp_master->sev_data;
 477        struct sev_user_data_status status;
 478        int error = 0, ret;
 479
 480        ret = sev_platform_status(&status, &error);
 481        if (ret) {
 482                dev_err(sev->dev,
 483                        "SEV: failed to get status. Error: %#x\n", error);
 484                return 1;
 485        }
 486
 487        sev->api_major = status.api_major;
 488        sev->api_minor = status.api_minor;
 489        sev->build = status.build;
 490        sev->state = status.state;
 491
 492        return 0;
 493}
 494
 495static int sev_get_firmware(struct device *dev,
 496                            const struct firmware **firmware)
 497{
 498        char fw_name_specific[SEV_FW_NAME_SIZE];
 499        char fw_name_subset[SEV_FW_NAME_SIZE];
 500
 501        snprintf(fw_name_specific, sizeof(fw_name_specific),
 502                 "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
 503                 boot_cpu_data.x86, boot_cpu_data.x86_model);
 504
 505        snprintf(fw_name_subset, sizeof(fw_name_subset),
 506                 "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
 507                 boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
 508
 509        /* Check for SEV FW for a particular model.
 510         * Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
 511         *
 512         * or
 513         *
 514         * Check for SEV FW common to a subset of models.
 515         * Ex. amd_sev_fam17h_model0xh.sbin for
 516         *     Family 17h Model 00h -- Family 17h Model 0Fh
 517         *
 518         * or
 519         *
 520         * Fall-back to using generic name: sev.fw
 521         */
 522        if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
 523            (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
 524            (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
 525                return 0;
 526
 527        return -ENOENT;
 528}
 529
 530/* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
 531static int sev_update_firmware(struct device *dev)
 532{
 533        struct sev_data_download_firmware *data;
 534        const struct firmware *firmware;
 535        int ret, error, order;
 536        struct page *p;
 537        u64 data_size;
 538
 539        if (sev_get_firmware(dev, &firmware) == -ENOENT) {
 540                dev_dbg(dev, "No SEV firmware file present\n");
 541                return -1;
 542        }
 543
 544        /*
 545         * SEV FW expects the physical address given to it to be 32
 546         * byte aligned. Memory allocated has structure placed at the
 547         * beginning followed by the firmware being passed to the SEV
 548         * FW. Allocate enough memory for data structure + alignment
 549         * padding + SEV FW.
 550         */
 551        data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
 552
 553        order = get_order(firmware->size + data_size);
 554        p = alloc_pages(GFP_KERNEL, order);
 555        if (!p) {
 556                ret = -1;
 557                goto fw_err;
 558        }
 559
 560        /*
 561         * Copy firmware data to a kernel allocated contiguous
 562         * memory region.
 563         */
 564        data = page_address(p);
 565        memcpy(page_address(p) + data_size, firmware->data, firmware->size);
 566
 567        data->address = __psp_pa(page_address(p) + data_size);
 568        data->len = firmware->size;
 569
 570        ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
 571        if (ret)
 572                dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
 573        else
 574                dev_info(dev, "SEV firmware update successful\n");
 575
 576        __free_pages(p, order);
 577
 578fw_err:
 579        release_firmware(firmware);
 580
 581        return ret;
 582}
 583
 584static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
 585{
 586        struct sev_device *sev = psp_master->sev_data;
 587        struct sev_user_data_pek_cert_import input;
 588        struct sev_data_pek_cert_import data;
 589        void *pek_blob, *oca_blob;
 590        int ret;
 591
 592        if (!writable)
 593                return -EPERM;
 594
 595        if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
 596                return -EFAULT;
 597
 598        /* copy PEK certificate blobs from userspace */
 599        pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
 600        if (IS_ERR(pek_blob))
 601                return PTR_ERR(pek_blob);
 602
 603        data.reserved = 0;
 604        data.pek_cert_address = __psp_pa(pek_blob);
 605        data.pek_cert_len = input.pek_cert_len;
 606
 607        /* copy PEK certificate blobs from userspace */
 608        oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
 609        if (IS_ERR(oca_blob)) {
 610                ret = PTR_ERR(oca_blob);
 611                goto e_free_pek;
 612        }
 613
 614        data.oca_cert_address = __psp_pa(oca_blob);
 615        data.oca_cert_len = input.oca_cert_len;
 616
 617        /* If platform is not in INIT state then transition it to INIT */
 618        if (sev->state != SEV_STATE_INIT) {
 619                ret = __sev_platform_init_locked(&argp->error);
 620                if (ret)
 621                        goto e_free_oca;
 622        }
 623
 624        ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
 625
 626e_free_oca:
 627        kfree(oca_blob);
 628e_free_pek:
 629        kfree(pek_blob);
 630        return ret;
 631}
 632
 633static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
 634{
 635        struct sev_user_data_get_id2 input;
 636        struct sev_data_get_id data;
 637        void __user *input_address;
 638        void *id_blob = NULL;
 639        int ret;
 640
 641        /* SEV GET_ID is available from SEV API v0.16 and up */
 642        if (!sev_version_greater_or_equal(0, 16))
 643                return -ENOTSUPP;
 644
 645        if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
 646                return -EFAULT;
 647
 648        input_address = (void __user *)input.address;
 649
 650        if (input.address && input.length) {
 651                id_blob = kmalloc(input.length, GFP_KERNEL);
 652                if (!id_blob)
 653                        return -ENOMEM;
 654
 655                data.address = __psp_pa(id_blob);
 656                data.len = input.length;
 657        } else {
 658                data.address = 0;
 659                data.len = 0;
 660        }
 661
 662        ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, &data, &argp->error);
 663
 664        /*
 665         * Firmware will return the length of the ID value (either the minimum
 666         * required length or the actual length written), return it to the user.
 667         */
 668        input.length = data.len;
 669
 670        if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
 671                ret = -EFAULT;
 672                goto e_free;
 673        }
 674
 675        if (id_blob) {
 676                if (copy_to_user(input_address, id_blob, data.len)) {
 677                        ret = -EFAULT;
 678                        goto e_free;
 679                }
 680        }
 681
 682e_free:
 683        kfree(id_blob);
 684
 685        return ret;
 686}
 687
 688static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
 689{
 690        struct sev_data_get_id *data;
 691        u64 data_size, user_size;
 692        void *id_blob, *mem;
 693        int ret;
 694
 695        /* SEV GET_ID available from SEV API v0.16 and up */
 696        if (!sev_version_greater_or_equal(0, 16))
 697                return -ENOTSUPP;
 698
 699        /* SEV FW expects the buffer it fills with the ID to be
 700         * 8-byte aligned. Memory allocated should be enough to
 701         * hold data structure + alignment padding + memory
 702         * where SEV FW writes the ID.
 703         */
 704        data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
 705        user_size = sizeof(struct sev_user_data_get_id);
 706
 707        mem = kzalloc(data_size + user_size, GFP_KERNEL);
 708        if (!mem)
 709                return -ENOMEM;
 710
 711        data = mem;
 712        id_blob = mem + data_size;
 713
 714        data->address = __psp_pa(id_blob);
 715        data->len = user_size;
 716
 717        ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
 718        if (!ret) {
 719                if (copy_to_user((void __user *)argp->data, id_blob, data->len))
 720                        ret = -EFAULT;
 721        }
 722
 723        kfree(mem);
 724
 725        return ret;
 726}
 727
 728static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
 729{
 730        struct sev_device *sev = psp_master->sev_data;
 731        struct sev_user_data_pdh_cert_export input;
 732        void *pdh_blob = NULL, *cert_blob = NULL;
 733        struct sev_data_pdh_cert_export data;
 734        void __user *input_cert_chain_address;
 735        void __user *input_pdh_cert_address;
 736        int ret;
 737
 738        /* If platform is not in INIT state then transition it to INIT. */
 739        if (sev->state != SEV_STATE_INIT) {
 740                if (!writable)
 741                        return -EPERM;
 742
 743                ret = __sev_platform_init_locked(&argp->error);
 744                if (ret)
 745                        return ret;
 746        }
 747
 748        if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
 749                return -EFAULT;
 750
 751        memset(&data, 0, sizeof(data));
 752
 753        /* Userspace wants to query the certificate length. */
 754        if (!input.pdh_cert_address ||
 755            !input.pdh_cert_len ||
 756            !input.cert_chain_address)
 757                goto cmd;
 758
 759        input_pdh_cert_address = (void __user *)input.pdh_cert_address;
 760        input_cert_chain_address = (void __user *)input.cert_chain_address;
 761
 762        /* Allocate a physically contiguous buffer to store the PDH blob. */
 763        if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)
 764                return -EFAULT;
 765
 766        /* Allocate a physically contiguous buffer to store the cert chain blob. */
 767        if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)
 768                return -EFAULT;
 769
 770        pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
 771        if (!pdh_blob)
 772                return -ENOMEM;
 773
 774        data.pdh_cert_address = __psp_pa(pdh_blob);
 775        data.pdh_cert_len = input.pdh_cert_len;
 776
 777        cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
 778        if (!cert_blob) {
 779                ret = -ENOMEM;
 780                goto e_free_pdh;
 781        }
 782
 783        data.cert_chain_address = __psp_pa(cert_blob);
 784        data.cert_chain_len = input.cert_chain_len;
 785
 786cmd:
 787        ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, &data, &argp->error);
 788
 789        /* If we query the length, FW responded with expected data. */
 790        input.cert_chain_len = data.cert_chain_len;
 791        input.pdh_cert_len = data.pdh_cert_len;
 792
 793        if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
 794                ret = -EFAULT;
 795                goto e_free_cert;
 796        }
 797
 798        if (pdh_blob) {
 799                if (copy_to_user(input_pdh_cert_address,
 800                                 pdh_blob, input.pdh_cert_len)) {
 801                        ret = -EFAULT;
 802                        goto e_free_cert;
 803                }
 804        }
 805
 806        if (cert_blob) {
 807                if (copy_to_user(input_cert_chain_address,
 808                                 cert_blob, input.cert_chain_len))
 809                        ret = -EFAULT;
 810        }
 811
 812e_free_cert:
 813        kfree(cert_blob);
 814e_free_pdh:
 815        kfree(pdh_blob);
 816        return ret;
 817}
 818
 819static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 820{
 821        void __user *argp = (void __user *)arg;
 822        struct sev_issue_cmd input;
 823        int ret = -EFAULT;
 824        bool writable = file->f_mode & FMODE_WRITE;
 825
 826        if (!psp_master || !psp_master->sev_data)
 827                return -ENODEV;
 828
 829        if (ioctl != SEV_ISSUE_CMD)
 830                return -EINVAL;
 831
 832        if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
 833                return -EFAULT;
 834
 835        if (input.cmd > SEV_MAX)
 836                return -EINVAL;
 837
 838        mutex_lock(&sev_cmd_mutex);
 839
 840        switch (input.cmd) {
 841
 842        case SEV_FACTORY_RESET:
 843                ret = sev_ioctl_do_reset(&input, writable);
 844                break;
 845        case SEV_PLATFORM_STATUS:
 846                ret = sev_ioctl_do_platform_status(&input);
 847                break;
 848        case SEV_PEK_GEN:
 849                ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input, writable);
 850                break;
 851        case SEV_PDH_GEN:
 852                ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input, writable);
 853                break;
 854        case SEV_PEK_CSR:
 855                ret = sev_ioctl_do_pek_csr(&input, writable);
 856                break;
 857        case SEV_PEK_CERT_IMPORT:
 858                ret = sev_ioctl_do_pek_import(&input, writable);
 859                break;
 860        case SEV_PDH_CERT_EXPORT:
 861                ret = sev_ioctl_do_pdh_export(&input, writable);
 862                break;
 863        case SEV_GET_ID:
 864                pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
 865                ret = sev_ioctl_do_get_id(&input);
 866                break;
 867        case SEV_GET_ID2:
 868                ret = sev_ioctl_do_get_id2(&input);
 869                break;
 870        default:
 871                ret = -EINVAL;
 872                goto out;
 873        }
 874
 875        if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
 876                ret = -EFAULT;
 877out:
 878        mutex_unlock(&sev_cmd_mutex);
 879
 880        return ret;
 881}
 882
 883static const struct file_operations sev_fops = {
 884        .owner  = THIS_MODULE,
 885        .unlocked_ioctl = sev_ioctl,
 886};
 887
 888int sev_platform_status(struct sev_user_data_status *data, int *error)
 889{
 890        return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
 891}
 892EXPORT_SYMBOL_GPL(sev_platform_status);
 893
 894int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
 895{
 896        return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
 897}
 898EXPORT_SYMBOL_GPL(sev_guest_deactivate);
 899
 900int sev_guest_activate(struct sev_data_activate *data, int *error)
 901{
 902        return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
 903}
 904EXPORT_SYMBOL_GPL(sev_guest_activate);
 905
 906int sev_guest_decommission(struct sev_data_decommission *data, int *error)
 907{
 908        return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
 909}
 910EXPORT_SYMBOL_GPL(sev_guest_decommission);
 911
 912int sev_guest_df_flush(int *error)
 913{
 914        return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
 915}
 916EXPORT_SYMBOL_GPL(sev_guest_df_flush);
 917
 918static void sev_exit(struct kref *ref)
 919{
 920        misc_deregister(&misc_dev->misc);
 921        kfree(misc_dev);
 922        misc_dev = NULL;
 923}
 924
 925static int sev_misc_init(struct sev_device *sev)
 926{
 927        struct device *dev = sev->dev;
 928        int ret;
 929
 930        /*
 931         * SEV feature support can be detected on multiple devices but the SEV
 932         * FW commands must be issued on the master. During probe, we do not
 933         * know the master hence we create /dev/sev on the first device probe.
 934         * sev_do_cmd() finds the right master device to which to issue the
 935         * command to the firmware.
 936         */
 937        if (!misc_dev) {
 938                struct miscdevice *misc;
 939
 940                misc_dev = kzalloc(sizeof(*misc_dev), GFP_KERNEL);
 941                if (!misc_dev)
 942                        return -ENOMEM;
 943
 944                misc = &misc_dev->misc;
 945                misc->minor = MISC_DYNAMIC_MINOR;
 946                misc->name = DEVICE_NAME;
 947                misc->fops = &sev_fops;
 948
 949                ret = misc_register(misc);
 950                if (ret)
 951                        return ret;
 952
 953                kref_init(&misc_dev->refcount);
 954        } else {
 955                kref_get(&misc_dev->refcount);
 956        }
 957
 958        init_waitqueue_head(&sev->int_queue);
 959        sev->misc = misc_dev;
 960        dev_dbg(dev, "registered SEV device\n");
 961
 962        return 0;
 963}
 964
 965int sev_dev_init(struct psp_device *psp)
 966{
 967        struct device *dev = psp->dev;
 968        struct sev_device *sev;
 969        int ret = -ENOMEM;
 970
 971        if (!boot_cpu_has(X86_FEATURE_SEV)) {
 972                dev_info_once(dev, "SEV: memory encryption not enabled by BIOS\n");
 973                return 0;
 974        }
 975
 976        sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
 977        if (!sev)
 978                goto e_err;
 979
 980        sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 0);
 981        if (!sev->cmd_buf)
 982                goto e_sev;
 983
 984        psp->sev_data = sev;
 985
 986        sev->dev = dev;
 987        sev->psp = psp;
 988
 989        sev->io_regs = psp->io_regs;
 990
 991        sev->vdata = (struct sev_vdata *)psp->vdata->sev;
 992        if (!sev->vdata) {
 993                ret = -ENODEV;
 994                dev_err(dev, "sev: missing driver data\n");
 995                goto e_buf;
 996        }
 997
 998        psp_set_sev_irq_handler(psp, sev_irq_handler, sev);
 999
1000        ret = sev_misc_init(sev);
1001        if (ret)
1002                goto e_irq;
1003
1004        dev_notice(dev, "sev enabled\n");
1005
1006        return 0;
1007
1008e_irq:
1009        psp_clear_sev_irq_handler(psp);
1010e_buf:
1011        devm_free_pages(dev, (unsigned long)sev->cmd_buf);
1012e_sev:
1013        devm_kfree(dev, sev);
1014e_err:
1015        psp->sev_data = NULL;
1016
1017        dev_notice(dev, "sev initialization failed\n");
1018
1019        return ret;
1020}
1021
1022void sev_dev_destroy(struct psp_device *psp)
1023{
1024        struct sev_device *sev = psp->sev_data;
1025
1026        if (!sev)
1027                return;
1028
1029        if (sev->misc)
1030                kref_put(&misc_dev->refcount, sev_exit);
1031
1032        psp_clear_sev_irq_handler(psp);
1033}
1034
1035int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1036                                void *data, int *error)
1037{
1038        if (!filep || filep->f_op != &sev_fops)
1039                return -EBADF;
1040
1041        return sev_do_cmd(cmd, data, error);
1042}
1043EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1044
1045void sev_pci_init(void)
1046{
1047        struct sev_device *sev = psp_master->sev_data;
1048        struct page *tmr_page;
1049        int error, rc;
1050
1051        if (!sev)
1052                return;
1053
1054        psp_timeout = psp_probe_timeout;
1055
1056        if (sev_get_api_version())
1057                goto err;
1058
1059        /*
1060         * If platform is not in UNINIT state then firmware upgrade and/or
1061         * platform INIT command will fail. These command require UNINIT state.
1062         *
1063         * In a normal boot we should never run into case where the firmware
1064         * is not in UNINIT state on boot. But in case of kexec boot, a reboot
1065         * may not go through a typical shutdown sequence and may leave the
1066         * firmware in INIT or WORKING state.
1067         */
1068
1069        if (sev->state != SEV_STATE_UNINIT) {
1070                sev_platform_shutdown(NULL);
1071                sev->state = SEV_STATE_UNINIT;
1072        }
1073
1074        if (sev_version_greater_or_equal(0, 15) &&
1075            sev_update_firmware(sev->dev) == 0)
1076                sev_get_api_version();
1077
1078        /* Obtain the TMR memory area for SEV-ES use */
1079        tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE));
1080        if (tmr_page) {
1081                sev_es_tmr = page_address(tmr_page);
1082        } else {
1083                sev_es_tmr = NULL;
1084                dev_warn(sev->dev,
1085                         "SEV: TMR allocation failed, SEV-ES support unavailable\n");
1086        }
1087
1088        /* Initialize the platform */
1089        rc = sev_platform_init(&error);
1090        if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
1091                /*
1092                 * INIT command returned an integrity check failure
1093                 * status code, meaning that firmware load and
1094                 * validation of SEV related persistent data has
1095                 * failed and persistent state has been erased.
1096                 * Retrying INIT command here should succeed.
1097                 */
1098                dev_dbg(sev->dev, "SEV: retrying INIT command");
1099                rc = sev_platform_init(&error);
1100        }
1101
1102        if (rc) {
1103                dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
1104                return;
1105        }
1106
1107        dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
1108                 sev->api_minor, sev->build);
1109
1110        return;
1111
1112err:
1113        psp_master->sev_data = NULL;
1114}
1115
1116void sev_pci_exit(void)
1117{
1118        if (!psp_master->sev_data)
1119                return;
1120
1121        sev_platform_shutdown(NULL);
1122
1123        if (sev_es_tmr) {
1124                /* The TMR area was encrypted, flush it from the cache */
1125                wbinvd_on_all_cpus();
1126
1127                free_pages((unsigned long)sev_es_tmr,
1128                           get_order(SEV_ES_TMR_SIZE));
1129                sev_es_tmr = NULL;
1130        }
1131}
1132