crypto/ccp/sev-dev.c

0001 // SPDX-License-Identifier: GPL-2.0-only
0002 /*
0003  * AMD Secure Encrypted Virtualization (SEV) interface
0004  *
0005  * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
0006  *
0007  * Author: Brijesh Singh <brijesh.singh@amd.com>
0008  */
0009
0010 #include <linux/module.h>
0011 #include <linux/kernel.h>
0012 #include <linux/kthread.h>
0013 #include <linux/sched.h>
0014 #include <linux/interrupt.h>
0015 #include <linux/spinlock.h>
0016 #include <linux/spinlock_types.h>
0017 #include <linux/types.h>
0018 #include <linux/mutex.h>
0019 #include <linux/delay.h>
0020 #include <linux/hw_random.h>
0021 #include <linux/ccp.h>
0022 #include <linux/firmware.h>
0023 #include <linux/gfp.h>
0024 #include <linux/cpufeature.h>
0025 #include <linux/fs.h>
0026 #include <linux/fs_struct.h>
0027
0028 #include <asm/smp.h>
0029
0030 #include "psp-dev.h"
0031 #include "sev-dev.h"
0032
0033 #define DEVICE_NAME     "sev"
0034 #define SEV_FW_FILE     "amd/sev.fw"
0035 #define SEV_FW_NAME_SIZE    64
0036
0037 static DEFINE_MUTEX(sev_cmd_mutex);
0038 static struct sev_misc_dev *misc_dev;
0039
0040 static int psp_cmd_timeout = 100;
0041 module_param(psp_cmd_timeout, int, 0644);
0042 MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
0043
0044 static int psp_probe_timeout = 5;
0045 module_param(psp_probe_timeout, int, 0644);
0046 MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
0047
0048 static char *init_ex_path;
0049 module_param(init_ex_path, charp, 0444);
0050 MODULE_PARM_DESC(init_ex_path, " Path for INIT_EX data; if set try INIT_EX");
0051
0052 static bool psp_init_on_probe = true;
0053 module_param(psp_init_on_probe, bool, 0444);
0054 MODULE_PARM_DESC(psp_init_on_probe, "  if true, the PSP will be initialized on module init. Else the PSP will be initialized on the first command requiring it");
0055
0056 MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */
0057 MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */
0058 MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */
0059
0060 static bool psp_dead;
0061 static int psp_timeout;
0062
0063 /* Trusted Memory Region (TMR):
0064  *   The TMR is a 1MB area that must be 1MB aligned.  Use the page allocator
0065  *   to allocate the memory, which will return aligned memory for the specified
0066  *   allocation order.
0067  */
0068 #define SEV_ES_TMR_SIZE     (1024 * 1024)
0069 static void *sev_es_tmr;
0070
0071 /* INIT_EX NV Storage:
0072  *   The NV Storage is a 32Kb area and must be 4Kb page aligned.  Use the page
0073  *   allocator to allocate the memory, which will return aligned memory for the
0074  *   specified allocation order.
0075  */
0076 #define NV_LENGTH (32 * 1024)
0077 static void *sev_init_ex_buffer;
0078
0079 static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
0080 {
0081     struct sev_device *sev = psp_master->sev_data;
0082
0083     if (sev->api_major > maj)
0084         return true;
0085
0086     if (sev->api_major == maj && sev->api_minor >= min)
0087         return true;
0088
0089     return false;
0090 }
0091
0092 static void sev_irq_handler(int irq, void *data, unsigned int status)
0093 {
0094     struct sev_device *sev = data;
0095     int reg;
0096
0097     /* Check if it is command completion: */
0098     if (!(status & SEV_CMD_COMPLETE))
0099         return;
0100
0101     /* Check if it is SEV command completion: */
0102     reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
0103     if (reg & PSP_CMDRESP_RESP) {
0104         sev->int_rcvd = 1;
0105         wake_up(&sev->int_queue);
0106     }
0107 }
0108
0109 static int sev_wait_cmd_ioc(struct sev_device *sev,
0110                 unsigned int *reg, unsigned int timeout)
0111 {
0112     int ret;
0113
0114     ret = wait_event_timeout(sev->int_queue,
0115             sev->int_rcvd, timeout * HZ);
0116     if (!ret)
0117         return -ETIMEDOUT;
0118
0119     *reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
0120
0121     return 0;
0122 }
0123
0124 static int sev_cmd_buffer_len(int cmd)
0125 {
0126     switch (cmd) {
0127     case SEV_CMD_INIT:          return sizeof(struct sev_data_init);
0128     case SEV_CMD_INIT_EX:                   return sizeof(struct sev_data_init_ex);
0129     case SEV_CMD_PLATFORM_STATUS:       return sizeof(struct sev_user_data_status);
0130     case SEV_CMD_PEK_CSR:           return sizeof(struct sev_data_pek_csr);
0131     case SEV_CMD_PEK_CERT_IMPORT:       return sizeof(struct sev_data_pek_cert_import);
0132     case SEV_CMD_PDH_CERT_EXPORT:       return sizeof(struct sev_data_pdh_cert_export);
0133     case SEV_CMD_LAUNCH_START:      return sizeof(struct sev_data_launch_start);
0134     case SEV_CMD_LAUNCH_UPDATE_DATA:    return sizeof(struct sev_data_launch_update_data);
0135     case SEV_CMD_LAUNCH_UPDATE_VMSA:    return sizeof(struct sev_data_launch_update_vmsa);
0136     case SEV_CMD_LAUNCH_FINISH:     return sizeof(struct sev_data_launch_finish);
0137     case SEV_CMD_LAUNCH_MEASURE:        return sizeof(struct sev_data_launch_measure);
0138     case SEV_CMD_ACTIVATE:          return sizeof(struct sev_data_activate);
0139     case SEV_CMD_DEACTIVATE:        return sizeof(struct sev_data_deactivate);
0140     case SEV_CMD_DECOMMISSION:      return sizeof(struct sev_data_decommission);
0141     case SEV_CMD_GUEST_STATUS:      return sizeof(struct sev_data_guest_status);
0142     case SEV_CMD_DBG_DECRYPT:       return sizeof(struct sev_data_dbg);
0143     case SEV_CMD_DBG_ENCRYPT:       return sizeof(struct sev_data_dbg);
0144     case SEV_CMD_SEND_START:        return sizeof(struct sev_data_send_start);
0145     case SEV_CMD_SEND_UPDATE_DATA:      return sizeof(struct sev_data_send_update_data);
0146     case SEV_CMD_SEND_UPDATE_VMSA:      return sizeof(struct sev_data_send_update_vmsa);
0147     case SEV_CMD_SEND_FINISH:       return sizeof(struct sev_data_send_finish);
0148     case SEV_CMD_RECEIVE_START:     return sizeof(struct sev_data_receive_start);
0149     case SEV_CMD_RECEIVE_FINISH:        return sizeof(struct sev_data_receive_finish);
0150     case SEV_CMD_RECEIVE_UPDATE_DATA:   return sizeof(struct sev_data_receive_update_data);
0151     case SEV_CMD_RECEIVE_UPDATE_VMSA:   return sizeof(struct sev_data_receive_update_vmsa);
0152     case SEV_CMD_LAUNCH_UPDATE_SECRET:  return sizeof(struct sev_data_launch_secret);
0153     case SEV_CMD_DOWNLOAD_FIRMWARE:     return sizeof(struct sev_data_download_firmware);
0154     case SEV_CMD_GET_ID:            return sizeof(struct sev_data_get_id);
0155     case SEV_CMD_ATTESTATION_REPORT:    return sizeof(struct sev_data_attestation_report);
0156     case SEV_CMD_SEND_CANCEL:       return sizeof(struct sev_data_send_cancel);
0157     default:                return 0;
0158     }
0159
0160     return 0;
0161 }
0162
0163 static void *sev_fw_alloc(unsigned long len)
0164 {
0165     struct page *page;
0166
0167     page = alloc_pages(GFP_KERNEL, get_order(len));
0168     if (!page)
0169         return NULL;
0170
0171     return page_address(page);
0172 }
0173
0174 static struct file *open_file_as_root(const char *filename, int flags, umode_t mode)
0175 {
0176     struct file *fp;
0177     struct path root;
0178     struct cred *cred;
0179     const struct cred *old_cred;
0180
0181     task_lock(&init_task);
0182     get_fs_root(init_task.fs, &root);
0183     task_unlock(&init_task);
0184
0185     cred = prepare_creds();
0186     if (!cred)
0187         return ERR_PTR(-ENOMEM);
0188     cred->fsuid = GLOBAL_ROOT_UID;
0189     old_cred = override_creds(cred);
0190
0191     fp = file_open_root(&root, filename, flags, mode);
0192     path_put(&root);
0193
0194     revert_creds(old_cred);
0195
0196     return fp;
0197 }
0198
0199 static int sev_read_init_ex_file(void)
0200 {
0201     struct sev_device *sev = psp_master->sev_data;
0202     struct file *fp;
0203     ssize_t nread;
0204
0205     lockdep_assert_held(&sev_cmd_mutex);
0206
0207     if (!sev_init_ex_buffer)
0208         return -EOPNOTSUPP;
0209
0210     fp = open_file_as_root(init_ex_path, O_RDONLY, 0);
0211     if (IS_ERR(fp)) {
0212         int ret = PTR_ERR(fp);
0213
0214         dev_err(sev->dev,
0215             "SEV: could not open %s for read, error %d\n",
0216             init_ex_path, ret);
0217         return ret;
0218     }
0219
0220     nread = kernel_read(fp, sev_init_ex_buffer, NV_LENGTH, NULL);
0221     if (nread != NV_LENGTH) {
0222         dev_err(sev->dev,
0223             "SEV: failed to read %u bytes to non volatile memory area, ret %ld\n",
0224             NV_LENGTH, nread);
0225         return -EIO;
0226     }
0227
0228     dev_dbg(sev->dev, "SEV: read %ld bytes from NV file\n", nread);
0229     filp_close(fp, NULL);
0230
0231     return 0;
0232 }
0233
0234 static void sev_write_init_ex_file(void)
0235 {
0236     struct sev_device *sev = psp_master->sev_data;
0237     struct file *fp;
0238     loff_t offset = 0;
0239     ssize_t nwrite;
0240
0241     lockdep_assert_held(&sev_cmd_mutex);
0242
0243     if (!sev_init_ex_buffer)
0244         return;
0245
0246     fp = open_file_as_root(init_ex_path, O_CREAT | O_WRONLY, 0600);
0247     if (IS_ERR(fp)) {
0248         dev_err(sev->dev,
0249             "SEV: could not open file for write, error %ld\n",
0250             PTR_ERR(fp));
0251         return;
0252     }
0253
0254     nwrite = kernel_write(fp, sev_init_ex_buffer, NV_LENGTH, &offset);
0255     vfs_fsync(fp, 0);
0256     filp_close(fp, NULL);
0257
0258     if (nwrite != NV_LENGTH) {
0259         dev_err(sev->dev,
0260             "SEV: failed to write %u bytes to non volatile memory area, ret %ld\n",
0261             NV_LENGTH, nwrite);
0262         return;
0263     }
0264
0265     dev_dbg(sev->dev, "SEV: write successful to NV file\n");
0266 }
0267
0268 static void sev_write_init_ex_file_if_required(int cmd_id)
0269 {
0270     lockdep_assert_held(&sev_cmd_mutex);
0271
0272     if (!sev_init_ex_buffer)
0273         return;
0274
0275     /*
0276      * Only a few platform commands modify the SPI/NV area, but none of the
0277      * non-platform commands do. Only INIT(_EX), PLATFORM_RESET, PEK_GEN,
0278      * PEK_CERT_IMPORT, and PDH_GEN do.
0279      */
0280     switch (cmd_id) {
0281     case SEV_CMD_FACTORY_RESET:
0282     case SEV_CMD_INIT_EX:
0283     case SEV_CMD_PDH_GEN:
0284     case SEV_CMD_PEK_CERT_IMPORT:
0285     case SEV_CMD_PEK_GEN:
0286         break;
0287     default:
0288         return;
0289     }
0290
0291     sev_write_init_ex_file();
0292 }
0293
0294 static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
0295 {
0296     struct psp_device *psp = psp_master;
0297     struct sev_device *sev;
0298     unsigned int phys_lsb, phys_msb;
0299     unsigned int reg, ret = 0;
0300     int buf_len;
0301
0302     if (!psp || !psp->sev_data)
0303         return -ENODEV;
0304
0305     if (psp_dead)
0306         return -EBUSY;
0307
0308     sev = psp->sev_data;
0309
0310     buf_len = sev_cmd_buffer_len(cmd);
0311     if (WARN_ON_ONCE(!data != !buf_len))
0312         return -EINVAL;
0313
0314     /*
0315      * Copy the incoming data to driver's scratch buffer as __pa() will not
0316      * work for some memory, e.g. vmalloc'd addresses, and @data may not be
0317      * physically contiguous.
0318      */
0319     if (data)
0320         memcpy(sev->cmd_buf, data, buf_len);
0321
0322     /* Get the physical address of the command buffer */
0323     phys_lsb = data ? lower_32_bits(__psp_pa(sev->cmd_buf)) : 0;
0324     phys_msb = data ? upper_32_bits(__psp_pa(sev->cmd_buf)) : 0;
0325
0326     dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
0327         cmd, phys_msb, phys_lsb, psp_timeout);
0328
0329     print_hex_dump_debug("(in):  ", DUMP_PREFIX_OFFSET, 16, 2, data,
0330                  buf_len, false);
0331
0332     iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
0333     iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
0334
0335     sev->int_rcvd = 0;
0336
0337     reg = cmd;
0338     reg <<= SEV_CMDRESP_CMD_SHIFT;
0339     reg |= SEV_CMDRESP_IOC;
0340     iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
0341
0342     /* wait for command completion */
0343     ret = sev_wait_cmd_ioc(sev, &reg, psp_timeout);
0344     if (ret) {
0345         if (psp_ret)
0346             *psp_ret = 0;
0347
0348         dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
0349         psp_dead = true;
0350
0351         return ret;
0352     }
0353
0354     psp_timeout = psp_cmd_timeout;
0355
0356     if (psp_ret)
0357         *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
0358
0359     if (reg & PSP_CMDRESP_ERR_MASK) {
0360         dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",
0361             cmd, reg & PSP_CMDRESP_ERR_MASK);
0362         ret = -EIO;
0363     } else {
0364         sev_write_init_ex_file_if_required(cmd);
0365     }
0366
0367     print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
0368                  buf_len, false);
0369
0370     /*
0371      * Copy potential output from the PSP back to data.  Do this even on
0372      * failure in case the caller wants to glean something from the error.
0373      */
0374     if (data)
0375         memcpy(data, sev->cmd_buf, buf_len);
0376
0377     return ret;
0378 }
0379
0380 static int sev_do_cmd(int cmd, void *data, int *psp_ret)
0381 {
0382     int rc;
0383
0384     mutex_lock(&sev_cmd_mutex);
0385     rc = __sev_do_cmd_locked(cmd, data, psp_ret);
0386     mutex_unlock(&sev_cmd_mutex);
0387
0388     return rc;
0389 }
0390
0391 static int __sev_init_locked(int *error)
0392 {
0393     struct sev_data_init data;
0394
0395     memset(&data, 0, sizeof(data));
0396     if (sev_es_tmr) {
0397         /*
0398          * Do not include the encryption mask on the physical
0399          * address of the TMR (firmware should clear it anyway).
0400          */
0401         data.tmr_address = __pa(sev_es_tmr);
0402
0403         data.flags |= SEV_INIT_FLAGS_SEV_ES;
0404         data.tmr_len = SEV_ES_TMR_SIZE;
0405     }
0406
0407     return __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
0408 }
0409
0410 static int __sev_init_ex_locked(int *error)
0411 {
0412     struct sev_data_init_ex data;
0413     int ret;
0414
0415     memset(&data, 0, sizeof(data));
0416     data.length = sizeof(data);
0417     data.nv_address = __psp_pa(sev_init_ex_buffer);
0418     data.nv_len = NV_LENGTH;
0419
0420     ret = sev_read_init_ex_file();
0421     if (ret)
0422         return ret;
0423
0424     if (sev_es_tmr) {
0425         /*
0426          * Do not include the encryption mask on the physical
0427          * address of the TMR (firmware should clear it anyway).
0428          */
0429         data.tmr_address = __pa(sev_es_tmr);
0430
0431         data.flags |= SEV_INIT_FLAGS_SEV_ES;
0432         data.tmr_len = SEV_ES_TMR_SIZE;
0433     }
0434
0435     return __sev_do_cmd_locked(SEV_CMD_INIT_EX, &data, error);
0436 }
0437
0438 static int __sev_platform_init_locked(int *error)
0439 {
0440     struct psp_device *psp = psp_master;
0441     struct sev_device *sev;
0442     int rc, psp_ret = -1;
0443     int (*init_function)(int *error);
0444
0445     if (!psp || !psp->sev_data)
0446         return -ENODEV;
0447
0448     sev = psp->sev_data;
0449
0450     if (sev->state == SEV_STATE_INIT)
0451         return 0;
0452
0453     init_function = sev_init_ex_buffer ? __sev_init_ex_locked :
0454             __sev_init_locked;
0455     rc = init_function(&psp_ret);
0456     if (rc && psp_ret == SEV_RET_SECURE_DATA_INVALID) {
0457         /*
0458          * Initialization command returned an integrity check failure
0459          * status code, meaning that firmware load and validation of SEV
0460          * related persistent data has failed. Retrying the
0461          * initialization function should succeed by replacing the state
0462          * with a reset state.
0463          */
0464         dev_err(sev->dev, "SEV: retrying INIT command because of SECURE_DATA_INVALID error. Retrying once to reset PSP SEV state.");
0465         rc = init_function(&psp_ret);
0466     }
0467     if (error)
0468         *error = psp_ret;
0469
0470     if (rc)
0471         return rc;
0472
0473     sev->state = SEV_STATE_INIT;
0474
0475     /* Prepare for first SEV guest launch after INIT */
0476     wbinvd_on_all_cpus();
0477     rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
0478     if (rc)
0479         return rc;
0480
0481     dev_dbg(sev->dev, "SEV firmware initialized\n");
0482
0483     dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
0484          sev->api_minor, sev->build);
0485
0486     return 0;
0487 }
0488
0489 int sev_platform_init(int *error)
0490 {
0491     int rc;
0492
0493     mutex_lock(&sev_cmd_mutex);
0494     rc = __sev_platform_init_locked(error);
0495     mutex_unlock(&sev_cmd_mutex);
0496
0497     return rc;
0498 }
0499 EXPORT_SYMBOL_GPL(sev_platform_init);
0500
0501 static int __sev_platform_shutdown_locked(int *error)
0502 {
0503     struct sev_device *sev = psp_master->sev_data;
0504     int ret;
0505
0506     if (!sev || sev->state == SEV_STATE_UNINIT)
0507         return 0;
0508
0509     ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
0510     if (ret)
0511         return ret;
0512
0513     sev->state = SEV_STATE_UNINIT;
0514     dev_dbg(sev->dev, "SEV firmware shutdown\n");
0515
0516     return ret;
0517 }
0518
0519 static int sev_platform_shutdown(int *error)
0520 {
0521     int rc;
0522
0523     mutex_lock(&sev_cmd_mutex);
0524     rc = __sev_platform_shutdown_locked(NULL);
0525     mutex_unlock(&sev_cmd_mutex);
0526
0527     return rc;
0528 }
0529
0530 static int sev_get_platform_state(int *state, int *error)
0531 {
0532     struct sev_user_data_status data;
0533     int rc;
0534
0535     rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, error);
0536     if (rc)
0537         return rc;
0538
0539     *state = data.state;
0540     return rc;
0541 }
0542
0543 static int sev_ioctl_do_reset(struct sev_issue_cmd *argp, bool writable)
0544 {
0545     int state, rc;
0546
0547     if (!writable)
0548         return -EPERM;
0549
0550     /*
0551      * The SEV spec requires that FACTORY_RESET must be issued in
0552      * UNINIT state. Before we go further lets check if any guest is
0553      * active.
0554      *
0555      * If FW is in WORKING state then deny the request otherwise issue
0556      * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
0557      *
0558      */
0559     rc = sev_get_platform_state(&state, &argp->error);
0560     if (rc)
0561         return rc;
0562
0563     if (state == SEV_STATE_WORKING)
0564         return -EBUSY;
0565
0566     if (state == SEV_STATE_INIT) {
0567         rc = __sev_platform_shutdown_locked(&argp->error);
0568         if (rc)
0569             return rc;
0570     }
0571
0572     return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
0573 }
0574
0575 static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
0576 {
0577     struct sev_user_data_status data;
0578     int ret;
0579
0580     memset(&data, 0, sizeof(data));
0581
0582     ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, &argp->error);
0583     if (ret)
0584         return ret;
0585
0586     if (copy_to_user((void __user *)argp->data, &data, sizeof(data)))
0587         ret = -EFAULT;
0588
0589     return ret;
0590 }
0591
0592 static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
0593 {
0594     struct sev_device *sev = psp_master->sev_data;
0595     int rc;
0596
0597     if (!writable)
0598         return -EPERM;
0599
0600     if (sev->state == SEV_STATE_UNINIT) {
0601         rc = __sev_platform_init_locked(&argp->error);
0602         if (rc)
0603             return rc;
0604     }
0605
0606     return __sev_do_cmd_locked(cmd, NULL, &argp->error);
0607 }
0608
0609 static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
0610 {
0611     struct sev_device *sev = psp_master->sev_data;
0612     struct sev_user_data_pek_csr input;
0613     struct sev_data_pek_csr data;
0614     void __user *input_address;
0615     void *blob = NULL;
0616     int ret;
0617
0618     if (!writable)
0619         return -EPERM;
0620
0621     if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
0622         return -EFAULT;
0623
0624     memset(&data, 0, sizeof(data));
0625
0626     /* userspace wants to query CSR length */
0627     if (!input.address || !input.length)
0628         goto cmd;
0629
0630     /* allocate a physically contiguous buffer to store the CSR blob */
0631     input_address = (void __user *)input.address;
0632     if (input.length > SEV_FW_BLOB_MAX_SIZE)
0633         return -EFAULT;
0634
0635     blob = kzalloc(input.length, GFP_KERNEL);
0636     if (!blob)
0637         return -ENOMEM;
0638
0639     data.address = __psp_pa(blob);
0640     data.len = input.length;
0641
0642 cmd:
0643     if (sev->state == SEV_STATE_UNINIT) {
0644         ret = __sev_platform_init_locked(&argp->error);
0645         if (ret)
0646             goto e_free_blob;
0647     }
0648
0649     ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
0650
0651      /* If we query the CSR length, FW responded with expected data. */
0652     input.length = data.len;
0653
0654     if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
0655         ret = -EFAULT;
0656         goto e_free_blob;
0657     }
0658
0659     if (blob) {
0660         if (copy_to_user(input_address, blob, input.length))
0661             ret = -EFAULT;
0662     }
0663
0664 e_free_blob:
0665     kfree(blob);
0666     return ret;
0667 }
0668
0669 void *psp_copy_user_blob(u64 uaddr, u32 len)
0670 {
0671     if (!uaddr || !len)
0672         return ERR_PTR(-EINVAL);
0673
0674     /* verify that blob length does not exceed our limit */
0675     if (len > SEV_FW_BLOB_MAX_SIZE)
0676         return ERR_PTR(-EINVAL);
0677
0678     return memdup_user((void __user *)uaddr, len);
0679 }
0680 EXPORT_SYMBOL_GPL(psp_copy_user_blob);
0681
0682 static int sev_get_api_version(void)
0683 {
0684     struct sev_device *sev = psp_master->sev_data;
0685     struct sev_user_data_status status;
0686     int error = 0, ret;
0687
0688     ret = sev_platform_status(&status, &error);
0689     if (ret) {
0690         dev_err(sev->dev,
0691             "SEV: failed to get status. Error: %#x\n", error);
0692         return 1;
0693     }
0694
0695     sev->api_major = status.api_major;
0696     sev->api_minor = status.api_minor;
0697     sev->build = status.build;
0698     sev->state = status.state;
0699
0700     return 0;
0701 }
0702
0703 static int sev_get_firmware(struct device *dev,
0704                 const struct firmware **firmware)
0705 {
0706     char fw_name_specific[SEV_FW_NAME_SIZE];
0707     char fw_name_subset[SEV_FW_NAME_SIZE];
0708
0709     snprintf(fw_name_specific, sizeof(fw_name_specific),
0710          "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
0711          boot_cpu_data.x86, boot_cpu_data.x86_model);
0712
0713     snprintf(fw_name_subset, sizeof(fw_name_subset),
0714          "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
0715          boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
0716
0717     /* Check for SEV FW for a particular model.
0718      * Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
0719      *
0720      * or
0721      *
0722      * Check for SEV FW common to a subset of models.
0723      * Ex. amd_sev_fam17h_model0xh.sbin for
0724      *     Family 17h Model 00h -- Family 17h Model 0Fh
0725      *
0726      * or
0727      *
0728      * Fall-back to using generic name: sev.fw
0729      */
0730     if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
0731         (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
0732         (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
0733         return 0;
0734
0735     return -ENOENT;
0736 }
0737
0738 /* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
0739 static int sev_update_firmware(struct device *dev)
0740 {
0741     struct sev_data_download_firmware *data;
0742     const struct firmware *firmware;
0743     int ret, error, order;
0744     struct page *p;
0745     u64 data_size;
0746
0747     if (sev_get_firmware(dev, &firmware) == -ENOENT) {
0748         dev_dbg(dev, "No SEV firmware file present\n");
0749         return -1;
0750     }
0751
0752     /*
0753      * SEV FW expects the physical address given to it to be 32
0754      * byte aligned. Memory allocated has structure placed at the
0755      * beginning followed by the firmware being passed to the SEV
0756      * FW. Allocate enough memory for data structure + alignment
0757      * padding + SEV FW.
0758      */
0759     data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
0760
0761     order = get_order(firmware->size + data_size);
0762     p = alloc_pages(GFP_KERNEL, order);
0763     if (!p) {
0764         ret = -1;
0765         goto fw_err;
0766     }
0767
0768     /*
0769      * Copy firmware data to a kernel allocated contiguous
0770      * memory region.
0771      */
0772     data = page_address(p);
0773     memcpy(page_address(p) + data_size, firmware->data, firmware->size);
0774
0775     data->address = __psp_pa(page_address(p) + data_size);
0776     data->len = firmware->size;
0777
0778     ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
0779     if (ret)
0780         dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
0781     else
0782         dev_info(dev, "SEV firmware update successful\n");
0783
0784     __free_pages(p, order);
0785
0786 fw_err:
0787     release_firmware(firmware);
0788
0789     return ret;
0790 }
0791
0792 static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
0793 {
0794     struct sev_device *sev = psp_master->sev_data;
0795     struct sev_user_data_pek_cert_import input;
0796     struct sev_data_pek_cert_import data;
0797     void *pek_blob, *oca_blob;
0798     int ret;
0799
0800     if (!writable)
0801         return -EPERM;
0802
0803     if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
0804         return -EFAULT;
0805
0806     /* copy PEK certificate blobs from userspace */
0807     pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
0808     if (IS_ERR(pek_blob))
0809         return PTR_ERR(pek_blob);
0810
0811     data.reserved = 0;
0812     data.pek_cert_address = __psp_pa(pek_blob);
0813     data.pek_cert_len = input.pek_cert_len;
0814
0815     /* copy PEK certificate blobs from userspace */
0816     oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
0817     if (IS_ERR(oca_blob)) {
0818         ret = PTR_ERR(oca_blob);
0819         goto e_free_pek;
0820     }
0821
0822     data.oca_cert_address = __psp_pa(oca_blob);
0823     data.oca_cert_len = input.oca_cert_len;
0824
0825     /* If platform is not in INIT state then transition it to INIT */
0826     if (sev->state != SEV_STATE_INIT) {
0827         ret = __sev_platform_init_locked(&argp->error);
0828         if (ret)
0829             goto e_free_oca;
0830     }
0831
0832     ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
0833
0834 e_free_oca:
0835     kfree(oca_blob);
0836 e_free_pek:
0837     kfree(pek_blob);
0838     return ret;
0839 }
0840
0841 static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
0842 {
0843     struct sev_user_data_get_id2 input;
0844     struct sev_data_get_id data;
0845     void __user *input_address;
0846     void *id_blob = NULL;
0847     int ret;
0848
0849     /* SEV GET_ID is available from SEV API v0.16 and up */
0850     if (!sev_version_greater_or_equal(0, 16))
0851         return -ENOTSUPP;
0852
0853     if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
0854         return -EFAULT;
0855
0856     input_address = (void __user *)input.address;
0857
0858     if (input.address && input.length) {
0859         id_blob = kzalloc(input.length, GFP_KERNEL);
0860         if (!id_blob)
0861             return -ENOMEM;
0862
0863         data.address = __psp_pa(id_blob);
0864         data.len = input.length;
0865     } else {
0866         data.address = 0;
0867         data.len = 0;
0868     }
0869
0870     ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, &data, &argp->error);
0871
0872     /*
0873      * Firmware will return the length of the ID value (either the minimum
0874      * required length or the actual length written), return it to the user.
0875      */
0876     input.length = data.len;
0877
0878     if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
0879         ret = -EFAULT;
0880         goto e_free;
0881     }
0882
0883     if (id_blob) {
0884         if (copy_to_user(input_address, id_blob, data.len)) {
0885             ret = -EFAULT;
0886             goto e_free;
0887         }
0888     }
0889
0890 e_free:
0891     kfree(id_blob);
0892
0893     return ret;
0894 }
0895
0896 static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
0897 {
0898     struct sev_data_get_id *data;
0899     u64 data_size, user_size;
0900     void *id_blob, *mem;
0901     int ret;
0902
0903     /* SEV GET_ID available from SEV API v0.16 and up */
0904     if (!sev_version_greater_or_equal(0, 16))
0905         return -ENOTSUPP;
0906
0907     /* SEV FW expects the buffer it fills with the ID to be
0908      * 8-byte aligned. Memory allocated should be enough to
0909      * hold data structure + alignment padding + memory
0910      * where SEV FW writes the ID.
0911      */
0912     data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
0913     user_size = sizeof(struct sev_user_data_get_id);
0914
0915     mem = kzalloc(data_size + user_size, GFP_KERNEL);
0916     if (!mem)
0917         return -ENOMEM;
0918
0919     data = mem;
0920     id_blob = mem + data_size;
0921
0922     data->address = __psp_pa(id_blob);
0923     data->len = user_size;
0924
0925     ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
0926     if (!ret) {
0927         if (copy_to_user((void __user *)argp->data, id_blob, data->len))
0928             ret = -EFAULT;
0929     }
0930
0931     kfree(mem);
0932
0933     return ret;
0934 }
0935
0936 static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
0937 {
0938     struct sev_device *sev = psp_master->sev_data;
0939     struct sev_user_data_pdh_cert_export input;
0940     void *pdh_blob = NULL, *cert_blob = NULL;
0941     struct sev_data_pdh_cert_export data;
0942     void __user *input_cert_chain_address;
0943     void __user *input_pdh_cert_address;
0944     int ret;
0945
0946     /* If platform is not in INIT state then transition it to INIT. */
0947     if (sev->state != SEV_STATE_INIT) {
0948         if (!writable)
0949             return -EPERM;
0950
0951         ret = __sev_platform_init_locked(&argp->error);
0952         if (ret)
0953             return ret;
0954     }
0955
0956     if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
0957         return -EFAULT;
0958
0959     memset(&data, 0, sizeof(data));
0960
0961     /* Userspace wants to query the certificate length. */
0962     if (!input.pdh_cert_address ||
0963         !input.pdh_cert_len ||
0964         !input.cert_chain_address)
0965         goto cmd;
0966
0967     input_pdh_cert_address = (void __user *)input.pdh_cert_address;
0968     input_cert_chain_address = (void __user *)input.cert_chain_address;
0969
0970     /* Allocate a physically contiguous buffer to store the PDH blob. */
0971     if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)
0972         return -EFAULT;
0973
0974     /* Allocate a physically contiguous buffer to store the cert chain blob. */
0975     if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)
0976         return -EFAULT;
0977
0978     pdh_blob = kzalloc(input.pdh_cert_len, GFP_KERNEL);
0979     if (!pdh_blob)
0980         return -ENOMEM;
0981
0982     data.pdh_cert_address = __psp_pa(pdh_blob);
0983     data.pdh_cert_len = input.pdh_cert_len;
0984
0985     cert_blob = kzalloc(input.cert_chain_len, GFP_KERNEL);
0986     if (!cert_blob) {
0987         ret = -ENOMEM;
0988         goto e_free_pdh;
0989     }
0990
0991     data.cert_chain_address = __psp_pa(cert_blob);
0992     data.cert_chain_len = input.cert_chain_len;
0993
0994 cmd:
0995     ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, &data, &argp->error);
0996
0997     /* If we query the length, FW responded with expected data. */
0998     input.cert_chain_len = data.cert_chain_len;
0999     input.pdh_cert_len = data.pdh_cert_len;
1000
1001     if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
1002         ret = -EFAULT;
1003         goto e_free_cert;
1004     }
1005
1006     if (pdh_blob) {
1007         if (copy_to_user(input_pdh_cert_address,
1008                  pdh_blob, input.pdh_cert_len)) {
1009             ret = -EFAULT;
1010             goto e_free_cert;
1011         }
1012     }
1013
1014     if (cert_blob) {
1015         if (copy_to_user(input_cert_chain_address,
1016                  cert_blob, input.cert_chain_len))
1017             ret = -EFAULT;
1018     }
1019
1020 e_free_cert:
1021     kfree(cert_blob);
1022 e_free_pdh:
1023     kfree(pdh_blob);
1024     return ret;
1025 }
1026
1027 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
1028 {
1029     void __user *argp = (void __user *)arg;
1030     struct sev_issue_cmd input;
1031     int ret = -EFAULT;
1032     bool writable = file->f_mode & FMODE_WRITE;
1033
1034     if (!psp_master || !psp_master->sev_data)
1035         return -ENODEV;
1036
1037     if (ioctl != SEV_ISSUE_CMD)
1038         return -EINVAL;
1039
1040     if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
1041         return -EFAULT;
1042
1043     if (input.cmd > SEV_MAX)
1044         return -EINVAL;
1045
1046     mutex_lock(&sev_cmd_mutex);
1047
1048     switch (input.cmd) {
1049
1050     case SEV_FACTORY_RESET:
1051         ret = sev_ioctl_do_reset(&input, writable);
1052         break;
1053     case SEV_PLATFORM_STATUS:
1054         ret = sev_ioctl_do_platform_status(&input);
1055         break;
1056     case SEV_PEK_GEN:
1057         ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input, writable);
1058         break;
1059     case SEV_PDH_GEN:
1060         ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input, writable);
1061         break;
1062     case SEV_PEK_CSR:
1063         ret = sev_ioctl_do_pek_csr(&input, writable);
1064         break;
1065     case SEV_PEK_CERT_IMPORT:
1066         ret = sev_ioctl_do_pek_import(&input, writable);
1067         break;
1068     case SEV_PDH_CERT_EXPORT:
1069         ret = sev_ioctl_do_pdh_export(&input, writable);
1070         break;
1071     case SEV_GET_ID:
1072         pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
1073         ret = sev_ioctl_do_get_id(&input);
1074         break;
1075     case SEV_GET_ID2:
1076         ret = sev_ioctl_do_get_id2(&input);
1077         break;
1078     default:
1079         ret = -EINVAL;
1080         goto out;
1081     }
1082
1083     if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
1084         ret = -EFAULT;
1085 out:
1086     mutex_unlock(&sev_cmd_mutex);
1087
1088     return ret;
1089 }
1090
1091 static const struct file_operations sev_fops = {
1092     .owner  = THIS_MODULE,
1093     .unlocked_ioctl = sev_ioctl,
1094 };
1095
1096 int sev_platform_status(struct sev_user_data_status *data, int *error)
1097 {
1098     return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
1099 }
1100 EXPORT_SYMBOL_GPL(sev_platform_status);
1101
1102 int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
1103 {
1104     return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
1105 }
1106 EXPORT_SYMBOL_GPL(sev_guest_deactivate);
1107
1108 int sev_guest_activate(struct sev_data_activate *data, int *error)
1109 {
1110     return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
1111 }
1112 EXPORT_SYMBOL_GPL(sev_guest_activate);
1113
1114 int sev_guest_decommission(struct sev_data_decommission *data, int *error)
1115 {
1116     return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
1117 }
1118 EXPORT_SYMBOL_GPL(sev_guest_decommission);
1119
1120 int sev_guest_df_flush(int *error)
1121 {
1122     return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
1123 }
1124 EXPORT_SYMBOL_GPL(sev_guest_df_flush);
1125
1126 static void sev_exit(struct kref *ref)
1127 {
1128     misc_deregister(&misc_dev->misc);
1129     kfree(misc_dev);
1130     misc_dev = NULL;
1131 }
1132
1133 static int sev_misc_init(struct sev_device *sev)
1134 {
1135     struct device *dev = sev->dev;
1136     int ret;
1137
1138     /*
1139      * SEV feature support can be detected on multiple devices but the SEV
1140      * FW commands must be issued on the master. During probe, we do not
1141      * know the master hence we create /dev/sev on the first device probe.
1142      * sev_do_cmd() finds the right master device to which to issue the
1143      * command to the firmware.
1144      */
1145     if (!misc_dev) {
1146         struct miscdevice *misc;
1147
1148         misc_dev = kzalloc(sizeof(*misc_dev), GFP_KERNEL);
1149         if (!misc_dev)
1150             return -ENOMEM;
1151
1152         misc = &misc_dev->misc;
1153         misc->minor = MISC_DYNAMIC_MINOR;
1154         misc->name = DEVICE_NAME;
1155         misc->fops = &sev_fops;
1156
1157         ret = misc_register(misc);
1158         if (ret)
1159             return ret;
1160
1161         kref_init(&misc_dev->refcount);
1162     } else {
1163         kref_get(&misc_dev->refcount);
1164     }
1165
1166     init_waitqueue_head(&sev->int_queue);
1167     sev->misc = misc_dev;
1168     dev_dbg(dev, "registered SEV device\n");
1169
1170     return 0;
1171 }
1172
1173 int sev_dev_init(struct psp_device *psp)
1174 {
1175     struct device *dev = psp->dev;
1176     struct sev_device *sev;
1177     int ret = -ENOMEM;
1178
1179     if (!boot_cpu_has(X86_FEATURE_SEV)) {
1180         dev_info_once(dev, "SEV: memory encryption not enabled by BIOS\n");
1181         return 0;
1182     }
1183
1184     sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
1185     if (!sev)
1186         goto e_err;
1187
1188     sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 0);
1189     if (!sev->cmd_buf)
1190         goto e_sev;
1191
1192     psp->sev_data = sev;
1193
1194     sev->dev = dev;
1195     sev->psp = psp;
1196
1197     sev->io_regs = psp->io_regs;
1198
1199     sev->vdata = (struct sev_vdata *)psp->vdata->sev;
1200     if (!sev->vdata) {
1201         ret = -ENODEV;
1202         dev_err(dev, "sev: missing driver data\n");
1203         goto e_buf;
1204     }
1205
1206     psp_set_sev_irq_handler(psp, sev_irq_handler, sev);
1207
1208     ret = sev_misc_init(sev);
1209     if (ret)
1210         goto e_irq;
1211
1212     dev_notice(dev, "sev enabled\n");
1213
1214     return 0;
1215
1216 e_irq:
1217     psp_clear_sev_irq_handler(psp);
1218 e_buf:
1219     devm_free_pages(dev, (unsigned long)sev->cmd_buf);
1220 e_sev:
1221     devm_kfree(dev, sev);
1222 e_err:
1223     psp->sev_data = NULL;
1224
1225     dev_notice(dev, "sev initialization failed\n");
1226
1227     return ret;
1228 }
1229
1230 static void sev_firmware_shutdown(struct sev_device *sev)
1231 {
1232     sev_platform_shutdown(NULL);
1233
1234     if (sev_es_tmr) {
1235         /* The TMR area was encrypted, flush it from the cache */
1236         wbinvd_on_all_cpus();
1237
1238         free_pages((unsigned long)sev_es_tmr,
1239                get_order(SEV_ES_TMR_SIZE));
1240         sev_es_tmr = NULL;
1241     }
1242
1243     if (sev_init_ex_buffer) {
1244         free_pages((unsigned long)sev_init_ex_buffer,
1245                get_order(NV_LENGTH));
1246         sev_init_ex_buffer = NULL;
1247     }
1248 }
1249
1250 void sev_dev_destroy(struct psp_device *psp)
1251 {
1252     struct sev_device *sev = psp->sev_data;
1253
1254     if (!sev)
1255         return;
1256
1257     sev_firmware_shutdown(sev);
1258
1259     if (sev->misc)
1260         kref_put(&misc_dev->refcount, sev_exit);
1261
1262     psp_clear_sev_irq_handler(psp);
1263 }
1264
1265 int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1266                 void *data, int *error)
1267 {
1268     if (!filep || filep->f_op != &sev_fops)
1269         return -EBADF;
1270
1271     return sev_do_cmd(cmd, data, error);
1272 }
1273 EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1274
1275 void sev_pci_init(void)
1276 {
1277     struct sev_device *sev = psp_master->sev_data;
1278     int error, rc;
1279
1280     if (!sev)
1281         return;
1282
1283     psp_timeout = psp_probe_timeout;
1284
1285     if (sev_get_api_version())
1286         goto err;
1287
1288     if (sev_version_greater_or_equal(0, 15) &&
1289         sev_update_firmware(sev->dev) == 0)
1290         sev_get_api_version();
1291
1292     /* If an init_ex_path is provided rely on INIT_EX for PSP initialization
1293      * instead of INIT.
1294      */
1295     if (init_ex_path) {
1296         sev_init_ex_buffer = sev_fw_alloc(NV_LENGTH);
1297         if (!sev_init_ex_buffer) {
1298             dev_err(sev->dev,
1299                 "SEV: INIT_EX NV memory allocation failed\n");
1300             goto err;
1301         }
1302     }
1303
1304     /* Obtain the TMR memory area for SEV-ES use */
1305     sev_es_tmr = sev_fw_alloc(SEV_ES_TMR_SIZE);
1306     if (!sev_es_tmr)
1307         dev_warn(sev->dev,
1308              "SEV: TMR allocation failed, SEV-ES support unavailable\n");
1309
1310     if (!psp_init_on_probe)
1311         return;
1312
1313     /* Initialize the platform */
1314     rc = sev_platform_init(&error);
1315     if (rc)
1316         dev_err(sev->dev, "SEV: failed to INIT error %#x, rc %d\n",
1317             error, rc);
1318
1319     return;
1320
1321 err:
1322     psp_master->sev_data = NULL;
1323 }
1324
1325 void sev_pci_exit(void)
1326 {
1327     struct sev_device *sev = psp_master->sev_data;
1328
1329     if (!sev)
1330         return;
1331
1332     sev_firmware_shutdown(sev);
1333 }