80 static bool is_vmpck_empty(struct snp_guest_dev *snp_dev)
84 	if (snp_dev->vmpck)
85 		return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN);
107 static void snp_disable_vmpck(struct snp_guest_dev *snp_dev)
109 	dev_alert(snp_dev->dev, "Disabling vmpck_id %d to prevent IV reuse.\n",
111 	memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN);
112 	snp_dev->vmpck = NULL;
115 static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev)
122 	count = *snp_dev->os_area_msg_seqno;
128 static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev)
130 	u64 count = __snp_get_msg_seqno(snp_dev);
141 		dev_err(snp_dev->dev, "request message sequence counter overflow\n");
148 static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev)
154 	*snp_dev->os_area_msg_seqno += 2;
164 static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen)
186 			dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN);
258 static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg,
261 	struct snp_guest_crypto *crypto = snp_dev->crypto;
270 static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg,
273 	struct snp_guest_crypto *crypto = snp_dev->crypto;
283 static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz)
285 	struct snp_guest_crypto *crypto = snp_dev->crypto;
286 	struct snp_guest_msg *resp = &snp_dev->secret_response;
287 	struct snp_guest_msg *req = &snp_dev->secret_request;
291 	dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n",
295 	memcpy(resp, snp_dev->response, sizeof(*resp));
314 	return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len);
317 static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
320 	struct snp_guest_msg *req = &snp_dev->secret_request;
338 	dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
341 	return __enc_payload(snp_dev, req, payload, sz);
344 static int __handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
359 	rc = snp_issue_guest_request(exit_code, &snp_dev->input, rio);
369 		override_npages = snp_dev->input.data_npages;
409 	snp_inc_msg_seqno(snp_dev);
425 		snp_dev->input.data_npages = override_npages;
430 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code,
439 	seqno = snp_get_msg_seqno(snp_dev);
444 	memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
446 	/* Encrypt the userspace provided payload in snp_dev->secret_request. */
447 	rc = enc_payload(snp_dev, seqno, rio->msg_version, type, req_buf, req_sz);
455 	memcpy(snp_dev->request, &snp_dev->secret_request,
456 	       sizeof(snp_dev->secret_request));
458 	rc = __handle_guest_request(snp_dev, exit_code, rio);
464 		dev_alert(snp_dev->dev,
468 		snp_disable_vmpck(snp_dev);
472 	rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
474 		dev_alert(snp_dev->dev, "Detected unexpected decode failure from ASP. rc: %d\n", rc);
475 		snp_disable_vmpck(snp_dev);
487 static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
489 	struct snp_guest_crypto *crypto = snp_dev->crypto;
490 	struct snp_report_req *req = &snp_dev->req.report;
512 	rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg,
526 static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
528 	struct snp_derived_key_req *req = &snp_dev->req.derived_key;
529 	struct snp_guest_crypto *crypto = snp_dev->crypto;
552 	rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg,
567 static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg,
571 	struct snp_ext_report_req *req = &snp_dev->req.ext_report;
572 	struct snp_guest_crypto *crypto = snp_dev->crypto;
607 	memset(snp_dev->certs_data, 0, req->certs_len);
620 	snp_dev->input.data_npages = npages;
621 	ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg,
627 		req->certs_len = snp_dev->input.data_npages << PAGE_SHIFT;
636 	if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, req->certs_len)) {
651 	struct snp_guest_dev *snp_dev = to_snp_dev(file);
669 	if (is_vmpck_empty(snp_dev)) {
670 		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
677 		ret = get_report(snp_dev, &input);
680 		ret = get_derived_key(snp_dev, &input);
690 		ret = get_ext_report(snp_dev, &input, &io);
790 	struct snp_guest_dev *snp_dev = data;
807 	if (is_vmpck_empty(snp_dev)) {
808 		dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n");
831 	ret = get_ext_report(snp_dev, &input, &io);
864 		dev_warn_ratelimited(snp_dev->dev, "certificate slots conveyed without size\n");
873 		dev_warn_ratelimited(snp_dev->dev, "certificate data truncated\n");
903 	struct snp_guest_dev *snp_dev;
922 	snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL);
923 	if (!snp_dev)
927 	snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno);
928 	if (!snp_dev->vmpck) {
934 	if (is_vmpck_empty(snp_dev)) {
939 	platform_set_drvdata(pdev, snp_dev);
940 	snp_dev->dev = dev;
941 	snp_dev->secrets = secrets;
944 	snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg));
945 	if (!snp_dev->request)
948 	snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg));
949 	if (!snp_dev->response)
952 	snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE);
953 	if (!snp_dev->certs_data)
957 	snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN);
958 	if (!snp_dev->crypto)
961 	misc = &snp_dev->misc;
967 	snp_dev->input.req_gpa = __pa(snp_dev->request);
968 	snp_dev->input.resp_gpa = __pa(snp_dev->response);
969 	snp_dev->input.data_gpa = __pa(snp_dev->certs_data);
971 	ret = tsm_register(&sev_tsm_ops, snp_dev, &tsm_report_extra_type);
987 	free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE);
989 	free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg));
991 	free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg));
999 	struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev);
1001 	free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE);
1002 	free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg));
1003 	free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg));
1004 	deinit_crypto(snp_dev->crypto);
1005 	misc_deregister(&snp_dev->misc);

Indexes created Sun Jun 16 09:41:23 MDT 2024