From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753178AbdCBPm7 (ORCPT ); Thu, 2 Mar 2017 10:42:59 -0500 Received: from mail-bl2nam02on0057.outbound.protection.outlook.com ([104.47.38.57]:50579 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751628AbdCBPlh (ORCPT ); Thu, 2 Mar 2017 10:41:37 -0500 Authentication-Results: vger.kernel.org; dkim=none (message not signed) header.d=none;vger.kernel.org; dmarc=none action=none header.from=amd.com; Subject: [RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command From: Brijesh Singh To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , Date: Thu, 2 Mar 2017 10:18:40 -0500 Message-ID: <148846791999.2349.16796756305829956919.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: MWHPR10CA0011.namprd10.prod.outlook.com (10.172.48.21) To BN6PR12MB1601.namprd12.prod.outlook.com (10.172.20.23) X-MS-Office365-Filtering-Correlation-Id: 94ed922a-f3ab-4e2a-b4bd-08d4617f6f31 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081);SRVR:BN6PR12MB1601; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1601;3:YP7bbDyKaGqFHxdBFWDVfO5M2bLQy9RxE2F1SI4liATrtryfydGKvu+Mr+/KllXXYxw70mLebPUrQ/qsiB//GhNtT/g0VLIIWJbsaronWruJ1UhZXON3lgbZuhwOhg8H2dCafVscvYe02FnbrHiktYECdYMSAkv3an7H/dvv9bLV3UdzmtpjBxYCq0w1y18MJyLFTN6bRRYPqx6pRf3kuDCA7s0wnQWBjLyVNg1f8LuNREtjJAAlrrdzMAnILkf2ImcMPnxXlNxDOlywJajUaQC+jW0W2wIhtLfguddx/FU=;25:5n2pjZHa9mnHJf4mn72xmodv0OI0dV5SIMxyXQU/RyPqqs/BnPCw0nQXTHOPnWHGvBmviScwuSdR3G3BNTu+pBgN4H5nKf5J+qWTHMefVDHm2Z5oF5qYj8L9IlPB8ue4ietsNYw/+OlHDsx/sZ4bK221c9AZc4Ie9czLhh1tq9kbbCY7HzQS1WdQZG4Q3zO9eKO7lS6Pc0gW5IzMFTaJAoW0pcx+vPuLJP6wTWVhEcqzvlvAIzdwvmHRopOsKkBg19xLKXM6tRXN/9hvKZMKt7Q+JSZ8lMoKuelGIP8nYwTEgNBi1msLjS2esdTStpsWgc2sgIjn8yqaZXpSnBWRE/J1AFze1sbB8u7gRzjF+fwMFPBBzZOR4sFYlv5PxBXcIlA3zmTTyFLdO99jXSbSdSfUoEJCm1iFtQiGwpqlppA61SO+CNuN4dBiAl+X/G2/R0VqCE3yhrL8ZoCJK58yTA== X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1601;31:KY5QwqBh3wU/Cite90UqUnXCIqRrXwTlN7n8DHKP6DfmknydVCvOdoSQTrzte56Lbz8Om3POycUhq8y0kf8rPK/lNB6Lbpr4rJA4C8GhgIlsT6atOFKzofXF/slvr+9OaLKS+bvqfh1y11x4hBv00Y0+Ey4nUnmyzNx7/oGSFmVn3N8MO56qAhiZA/qXH0lxqPoyV5WT/uTYCIgY3kaCawkx3JnXNhKkycvROiIVMZVwLDgXA4c/xSA6IcOmlwIV;20:trJGMw+ESmoik4PrYpxOcAovdf7zX4K2LTjaKdcKLickHW9DT6XnbGEWTBWYI4K89i9k1kd2aET+NIciVg302bdKDBV9eUq8XQJwzUDyvP9NtFeCQU+dyw1CdFBPs+a2DScGaCA3a6dNJrZV6pv6KboCJTS7M+9pp6//dsMeup4SE5I55gyPVqxxA/FeH6Vb69R4/SP9FrfJ9J9l3HFZvcZREOsE9sFAlIIYKYwLbmmjwCPu1f8f+xApaDZGfQT3zFsYWeQG4MG6haLMvdm+H/mzTdsHvId/BqyIMo2Do0K4Kw3yvZre8MYZY9W2YPrg2er0L8MulzOksTx8bHCl23p5HQMUCd3SPVU+d8OVfQT5UC1b842VICHNuaDRsH+sLBZW4OjmO4DAsdRhQVEA66v2rmqDvU4Hpk9uoEaMqhId9yZOvKhe93LtUvJ7X4CBXzK4AnV/F3mIRJJP1bBdbPvXUmB+GMJM+ArylV5Jakrlx+lG234jEMSeezeoka/b X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040375)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(6041248)(20161123558025)(20161123555025)(20161123564025)(20161123560025)(20161123562025)(6072148);SRVR:BN6PR12MB1601;BCL:0;PCL:0;RULEID:;SRVR:BN6PR12MB1601; X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1601;4:KlL2v67zrVkr9yKYUBEBApROeh3wSOX69Uhglvy8RhGpDIo3DGB7DA3ZMJ3gMAFsuC8jrSG+T4E+WbqtkQKNtQVAaHVf8eQo0tRmfZp58Yg2UzZq956qf5SE/rCpxnQmvggmGqbX328EtUx0eMxQWsyuOwgsp3L0/S6KzPupXHnLVurO0gVT5ZL+IK544ua+7Q0mdC/NQ85zG1WqM1ehbjr+VABGmQIRQYz53vHT18GYcrQHbR2xueH5V05skZzImfD75SwUz1hPALw4igfBdWzGKHI70idGIGmEUIGQ4zlCw8YsNKcPW0Y0tORXno/RA+ME+k72GRSMzQLZH959sQEk/Gr2W0oN+JUrftV55NEw6wqbHw6ChPAGCwZ+QhoP9uOyyoJbuxGTuD07kUO/ZGmvCDFmzNvLHFQZZMuNzL7hp5hYlq01ivYD3KEKitzPWuIGCdgt3TUE8zG9KoF782J4JTmPhZgw/2wwtHBJGCqWW9kHqCn3znZByvNspuxDUcVVSrDT/SyGiSlpojVbE7xSUleUQxalamaS2RBIUWBuQmQMops0BXys8y69LiXTYtQt9TIhLcNiDi0Ak0lapU0waPE0WGQ6Sa5jzDmfYnqmPcGi9ppQkZEBwdYXa2VBLfFpAZwVlvxve66qVPbVVoQ4sFjYBDGHIjPP6X+Ud8c= X-Forefront-PRVS: 023495660C X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(4630300001)(6049001)(6009001)(7916002)(39410400002)(39450400003)(39840400002)(39860400002)(39850400002)(53936002)(33716001)(4001350100001)(38730400002)(92566002)(8676002)(3846002)(7416002)(23676002)(81166006)(6116002)(77096006)(25786008)(7406005)(2201001)(90366009)(54356999)(33646002)(76176999)(50986999)(6486002)(86362001)(9686003)(83506001)(2950100002)(6666003)(230700001)(47776003)(66066001)(1191002)(7736002)(42186005)(2906002)(305945005)(50466002)(5660300001)(189998001)(103116003)(921003)(2101003)(83996005)(84006005)(217873001)(1121003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR12MB1601;H:[127.0.1.1];FPR:;SPF:None;MLV:sfv;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtCTjZQUjEyTUIxNjAxOzIzOmlLTkFBR0E4bkFUVUlrb2dwa0V3dVZwR2Zs?= =?utf-8?B?UEdGdlVSNFBOSm5nN2FDTGw0ckoyVG5GYWJCa0YyMWk1aUJHWWIzbzFRSkNL?= =?utf-8?B?UlJRS0N1Q1UwOWxnNTNMTEQ3akhNeGNNUlpVRFMxUHFvYmdDbEtjeitPeEJw?= =?utf-8?B?Q2xKYTVlajljUCtDN1VQQU82TXA5bDE5SU1sMGNaQk9oQ3NDR3MxZkRRYjJk?= =?utf-8?B?eUpHcnNnTURmRzNnWVhmZUl0OGo4SHZIaWtzdUVUeityNThaSGlFeTFybEZN?= =?utf-8?B?TE45YjlCbTNGS0ZiTHBMQ3k0SXZGcjBVQVJGMENSUjYxcWl1Y1ZVT01Qd0Z1?= =?utf-8?B?QkVnQ3g5YVI1Um1GaHBXUjhXYzBqMVo3cW5UMUU0bFpWMDZJMW1INUE5SnJU?= =?utf-8?B?K0w0VmZQQjhJRWdDNkdvaUJvcnQxUlc1N2E4bG1Zb2pZQ1dGT0k0R1FQOGMw?= =?utf-8?B?cFcwTno2NUVmQ2hnb3RublppR21MeEYvR29NdVc4OWxKQk1pM3V6RjVxTEJu?= =?utf-8?B?bVY1aStIQ2VoUXE0THg3U01CYkNLVTh2TFR3SlJ1S3M5WEVrRCtxRmI0TTdq?= =?utf-8?B?N0hBOWc0ZzVpOXhSZHRGQjdvTmljVGViZ3ZiSzhQTG1rbEt4T3VhUktzN2lk?= =?utf-8?B?UlNXVi8vcEU1WlZsbm9sYXdYWjhveWNtOENHMWJFaGlqbFVWSTRiZGdveVdS?= =?utf-8?B?Vi9VK1A1QmNWaTBxNHB2VXNINHBOMW5XM1dUQjdFcTZJeEN3K1Y3QWo2TWVF?= =?utf-8?B?RjFqQXhLZDRsam9PV2tROGwwLzA2b0puRjVGeUEya2RLc1hVeGpjM3l6SWhR?= =?utf-8?B?Nk9LTkR6TDN2VzROVGxPSm9ydXZDVmM2ZndBbmRUbVprT0k5NWpGZ2RabGNB?= =?utf-8?B?aG43d1RYSzUvL0ZaL3FGMERoYTVZL3F6Q0dqQ3dINitiQnVHZGZYSjdxMkhQ?= =?utf-8?B?RlNBakR5SGdyVXBSTXZrRDZmS1RHV293SlM5bzVkWnhpQ0VISHRpbERyTlpF?= =?utf-8?B?T250anpYd3c5dWpKcUlCNUM1UzRkckl2WW4zQVZJQW5wS1BpQUtDVzVTMVE1?= =?utf-8?B?S0VmQUUwaFpIeHM5KzRyb0pad0dDcDBySXBNV1lGa1JpdnYyQlJFTVVMT2tR?= =?utf-8?B?dlh5UTRoSlBRQ0ZtT0xzT1ZyRkt2OXdtaVB4T2FPZ0tGWm1hSWhLdnhBQkpG?= =?utf-8?B?aXFib3pRZ3BYd3RTRnZhZjUvTjdkakFZeGVRcEhQOGZSdjJrS0tiNHdaL2Rj?= =?utf-8?B?KzdFMG9PeUZBWWdlVklSTTZ2ZDZ0cmtsYWU3NDhuakxWSnNCaWpBcUczK1Jw?= =?utf-8?B?VlpaWWE2UDVWb2x4aXQrMEdNclhrRGtDemkxaVE1ZktnSFlUSXMrMHJzVzh1?= =?utf-8?B?a0ptTUVLSEk3cVVoeTd6TlFpS1VyTnhBOFp5N2hvS3EwWEt0WkVRRHluSith?= =?utf-8?B?S29mUlZOano3UkpBSTVZcCtYaW5RTk1hMXNLU1RnNGViSHVSQTR4L2lFa2FN?= =?utf-8?B?SWM4SEdVNlF1eEtxYTVSamp2RVNlZEFRdjArUXRLeVZmaXdJTUdkRGViQndu?= =?utf-8?B?a3hIU1RjNVovUEtvcHU4QnBNd3BPdzFvQVk4b1dqTUQ5ei9HM0NCWk5SQ3Fo?= =?utf-8?B?QnNmRCtMdWFNVXZRaVlYblZMM2NwdUJIaGpDTkl5NWJsWFBIYXdZbGNEWjVY?= =?utf-8?B?aFRoN2hieEc1QmJCVFFCZHpFT0RmOGJVam5kZG9IYXVHMHBFQ3lGZ09XUlJB?= =?utf-8?B?ekZVTy91OUp5amtlVVNydz09?= X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1601;6:ww83vpNBdiV4UTzLYQ9qas2gsmPQhfQfMxELQqeENZ5UV5CHSE2RGLmUa2a31PTHNdDaPtolbw1OCn2gqmFQq4kbC8J/CAwdkVCZbtCiUIUaVQjoXCBuVg+cg2TtqWX/JfA9gNJKh5eKYkcNPJuJYMKqstTGWBVfao4i/IOc9z+dh5iwrj02lj42FR5SHFG2RMP9zZ70v1ANCfsQUAXimclPk3j1o7hHwG47wNCWoQm+JYfYbgLQDKkbgXi4iG4fF2jkPsZ4ZRTmIaWJXnCKqAKwHATyLeLtjTxF5fIz758BYrq7c7OURgobGR1h2Hvue/rD3ep3CNjstOh/8We9xzrHysj8QdAOQk+9q682vomKPlRmBcZFsL0QgJngALtNLeJo4lpkxyxHC86HFzhhpbiX7gtrVek9ENpvaXOWp3A=;5:d/9GU792nwnny55g/dR73PtfNkJMdn/UFbqqS1EB5EpAcjeSgHlxCuFpvo/3uUwIt7DMJ+Xz3VOKPBbttcZJEPu+wtd3lp66viDFiXIbXkDfYRGpsbJB0O8i3vFyi4zAFC9Znt1lOm5THkBu7H4IHg==;24:N2WjTzp6hAJod4QCxRnublQS5YctEnvmlZfylHT8w0ZBus73yQyICpnvoqT3KTD1c+nXN8xkhIxGBuKOut81bHksMUbiyjC6BG1AHaClM5w= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;BN6PR12MB1601;7:VQsojPfx2pSkEg8eg6eCNtOEf8/KLc81Ge2yfPWdAEHIM4WufbI4I+saWz/n7uim5LWdL55LusHEQ/VSj6LpAwhV3ihqfWLWmyqKuUg5QmkW51Xtjo2stZT6WL/IUQz8GFqoHo/QRL5KythRRP2kA0/2Lq+9XDn9XHkPiNKVSrLJ9CleLoB3mPso6KYS8pZZCw6LF0X4twxibAsYrcWCJ9v//a9SSPXmUXDjPds6YFPx423dtwhlvx+8xiA8iMY4B9wt9/fhaUfTCyxIzxRk7cSqu7+QtsbhjSbDIPZrF1S/WwzWGicxWYNO+xXbaiN062ypra81nJHEqMFIKBGLiw==;20:sFagOgbQuHLPtsTdWQE78K9Kt/DHzIopn5m59DYhRMtiwNq5geTYfddAl4y9Q37FX+itg/LGwcfG8IfvJmGsYiGYeV0bkl+sCSjgLK9YWuZpI2kvlzpA4paxY9dbG01z1++aiz8yRx3KU9Qz5gC/4jgN1v7XGnBrLpmNse651G7yD+TgYRFIAu4QGo2bIZ47cJYggZ1kNwuAIZdkoGM7Fgq3kpMkwsNo35HBZOM8g3SEN4dkjR8LeILOcMh/kh8a X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Mar 2017 15:18:44.7631 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR12MB1601 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The command is used to retrieve the measurement of memory encrypted through the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation purposes. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 64899ed..13996d6 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6141,6 +6141,54 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + int ret; + void *addr = NULL; + struct kvm_sev_launch_measure params; + struct sev_data_launch_measure *data; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void *)argp->data, + sizeof(struct kvm_sev_launch_measure))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + if (params.address && params.length) { + ret = -EFAULT; + addr = kzalloc(params.length, GFP_KERNEL); + if (!addr) + goto err_1; + data->address = __psp_pa(addr); + data->length = params.length; + } + + data->handle = sev_get_handle(kvm); + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* copy the measurement to userspace */ + if (addr && + copy_to_user((void *)params.address, addr, params.length)) { + ret = -EFAULT; + goto err_1; + } + + params.length = data->length; + if (copy_to_user((void *)argp->data, ¶ms, + sizeof(struct kvm_sev_launch_measure))) + ret = -EFAULT; + + kfree(addr); +err_1: + kfree(data); + return ret; +} + static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) { int r = -ENOTTY; @@ -6176,6 +6224,10 @@ static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_MEASURE: { + r = sev_launch_measure(kvm, &sev_cmd); + break; + } default: break; } From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command Date: Thu, 2 Mar 2017 10:18:40 -0500 Message-ID: <148846791999.2349.16796756305829956919.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linux-pci@vger.kernel.org, linus.walleij@linaro.org, gary.hook@amd.com, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, cl@linux.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, peterz@infradead.org, piotr.luc@intel.com, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, arnd@arndb.de, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, luto@kernel.org, devel@linuxdriverproj List-Id: linux-efi@vger.kernel.org The command is used to retrieve the measurement of memory encrypted through the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation purposes. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 64899ed..13996d6 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6141,6 +6141,54 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + int ret; + void *addr = NULL; + struct kvm_sev_launch_measure params; + struct sev_data_launch_measure *data; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void *)argp->data, + sizeof(struct kvm_sev_launch_measure))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + if (params.address && params.length) { + ret = -EFAULT; + addr = kzalloc(params.length, GFP_KERNEL); + if (!addr) + goto err_1; + data->address = __psp_pa(addr); + data->length = params.length; + } + + data->handle = sev_get_handle(kvm); + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* copy the measurement to userspace */ + if (addr && + copy_to_user((void *)params.address, addr, params.length)) { + ret = -EFAULT; + goto err_1; + } + + params.length = data->length; + if (copy_to_user((void *)argp->data, ¶ms, + sizeof(struct kvm_sev_launch_measure))) + ret = -EFAULT; + + kfree(addr); +err_1: + kfree(data); + return ret; +} + static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) { int r = -ENOTTY; @@ -6176,6 +6224,10 @@ static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_MEASURE: { + r = sev_launch_measure(kvm, &sev_cmd); + break; + } default: break; } -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brijesh Singh Subject: [RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command Date: Thu, 2 Mar 2017 10:18:40 -0500 Message-ID: <148846791999.2349.16796756305829956919.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> Sender: owner-linux-mm@kvack.org List-Id: kvm.vger.kernel.org The command is used to retrieve the measurement of memory encrypted through the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation purposes. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 64899ed..13996d6 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6141,6 +6141,54 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + int ret; + void *addr = NULL; + struct kvm_sev_launch_measure params; + struct sev_data_launch_measure *data; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void *)argp->data, + sizeof(struct kvm_sev_launch_measure))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + if (params.address && params.length) { + ret = -EFAULT; + addr = kzalloc(params.length, GFP_KERNEL); + if (!addr) + goto err_1; + data->address = __psp_pa(addr); + data->length = params.length; + } + + data->handle = sev_get_handle(kvm); + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* copy the measurement to userspace */ + if (addr && + copy_to_user((void *)params.address, addr, params.length)) { + ret = -EFAULT; + goto err_1; + } + + params.length = data->length; + if (copy_to_user((void *)argp->data, ¶ms, + sizeof(struct kvm_sev_launch_measure))) + ret = -EFAULT; + + kfree(addr); +err_1: + kfree(data); + return ret; +} + static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) { int r = -ENOTTY; @@ -6176,6 +6224,10 @@ static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_MEASURE: { + r = sev_launch_measure(kvm, &sev_cmd); + break; + } default: break; } -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf0-f200.google.com (mail-pf0-f200.google.com [209.85.192.200]) by kanga.kvack.org (Postfix) with ESMTP id 1988E6B03BE for ; Thu, 2 Mar 2017 10:18:56 -0500 (EST) Received: by mail-pf0-f200.google.com with SMTP id u62so84871599pfk.1 for ; Thu, 02 Mar 2017 07:18:56 -0800 (PST) Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-by2nam03on0060.outbound.protection.outlook.com. [104.47.42.60]) by mx.google.com with ESMTPS id t5si7667595pgj.171.2017.03.02.07.18.55 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 02 Mar 2017 07:18:55 -0800 (PST) Subject: [RFC PATCH v2 31/32] kvm: svm: Add support for SEV LAUNCH_MEASURE command From: Brijesh Singh Date: Thu, 2 Mar 2017 10:18:40 -0500 Message-ID: <148846791999.2349.16796756305829956919.stgit@brijesh-build-machine> In-Reply-To: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> References: <148846752022.2349.13667498174822419498.stgit@brijesh-build-machine> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Sender: owner-linux-mm@kvack.org List-ID: To: simon.guinot@sequanux.org, linux-efi@vger.kernel.org, brijesh.singh@amd.com, kvm@vger.kernel.org, rkrcmar@redhat.com, matt@codeblueprint.co.uk, linux-pci@vger.kernel.org, linus.walleij@linaro.org, gary.hook@amd.com, linux-mm@kvack.org, paul.gortmaker@windriver.com, hpa@zytor.com, cl@linux.com, dan.j.williams@intel.com, aarcange@redhat.com, sfr@canb.auug.org.au, andriy.shevchenko@linux.intel.com, herbert@gondor.apana.org.au, bhe@redhat.com, xemul@parallels.com, joro@8bytes.org, x86@kernel.org, peterz@infradead.org, piotr.luc@intel.com, mingo@redhat.com, msalter@redhat.com, ross.zwisler@linux.intel.com, bp@suse.de, dyoung@redhat.com, thomas.lendacky@amd.com, jroedel@suse.de, keescook@chromium.org, arnd@arndb.de, toshi.kani@hpe.com, mathieu.desnoyers@efficios.com, luto@kernel.org, devel@linuxdriverproject.org, bhelgaas@google.com, tglx@linutronix.de, mchehab@kernel.org, iamjoonsoo.kim@lge.com, labbott@fedoraproject.org, tony.luck@intel.com, alexandre.bounine@idt.com, kuleshovmail@gmail.com, linux-kernel@vger.kernel.org, mcgrof@kernel.org, mst@redhat.com, linux-crypto@vger.kernel.org, tj@kernel.org, pbonzini@redhat.com, akpm@linux-foundation.org, davem@davemloft.net The command is used to retrieve the measurement of memory encrypted through the LAUNCH_UPDATE_DATA command. This measurement can be used for attestation purposes. Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 64899ed..13996d6 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6141,6 +6141,54 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + int ret; + void *addr = NULL; + struct kvm_sev_launch_measure params; + struct sev_data_launch_measure *data; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void *)argp->data, + sizeof(struct kvm_sev_launch_measure))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + if (params.address && params.length) { + ret = -EFAULT; + addr = kzalloc(params.length, GFP_KERNEL); + if (!addr) + goto err_1; + data->address = __psp_pa(addr); + data->length = params.length; + } + + data->handle = sev_get_handle(kvm); + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* copy the measurement to userspace */ + if (addr && + copy_to_user((void *)params.address, addr, params.length)) { + ret = -EFAULT; + goto err_1; + } + + params.length = data->length; + if (copy_to_user((void *)argp->data, ¶ms, + sizeof(struct kvm_sev_launch_measure))) + ret = -EFAULT; + + kfree(addr); +err_1: + kfree(data); + return ret; +} + static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) { int r = -ENOTTY; @@ -6176,6 +6224,10 @@ static int amd_memory_encryption_cmd(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_MEASURE: { + r = sev_launch_measure(kvm, &sev_cmd); + break; + } default: break; } -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@kvack.org. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: email@kvack.org