From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752511AbdJDNPj (ORCPT ); Wed, 4 Oct 2017 09:15:39 -0400 Received: from mail-cys01nam02on0059.outbound.protection.outlook.com ([104.47.37.59]:3808 "EHLO NAM02-CY1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752369AbdJDNPd (ORCPT ); Wed, 4 Oct 2017 09:15:33 -0400 From: Brijesh Singh To: x86@kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v5 26/31] KVM: SVM: Add support for SEV LAUNCH_SECRET command Date: Wed, 4 Oct 2017 08:14:07 -0500 Message-Id: <20171004131412.13038-27-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171004131412.13038-1-brijesh.singh@amd.com> References: <20171004131412.13038-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: MWHPR2201CA0056.namprd22.prod.outlook.com (10.172.59.30) To SN1PR12MB0160.namprd12.prod.outlook.com (10.162.3.147) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 52fe1ca6-77f0-4f38-db1a-08d50b29fb76 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075);SRVR:SN1PR12MB0160; X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;3:Z2mjfDZVWSqojADAD8sdAvIz9GxaSIlbjSReIRW61kesNvNJngNJDtObMriU/ERCg3t4tCnKYeG72z3lWST1/ij4MrU/ryPwr8x8S1Xraw/g+Jgw7fYSWUeQF8LCgWBsZkQxKsPsQwPxhKtaV8si1YSuGV3rwYuXs6yy18TF0439Sak0X+7VA6zja3x+hR6OjDkfPBdh4QV7Y8zEP9qCz9I+VkXqo7vfvSuza9zY5f+lrFqKAa5uiPlQdqM9C3u5;25:n2O+1W0ooJ0+vrsuNWvCH5PtHN8uMUoMmNISoSTTsnUM4GWTZc6neECxLX1ylLkhnmQSBNZ01ea1DI5b3WiTxGXmIhw9sZgG0BzWKsDk5a8j3hSbdAAtMRKMH6tba6VpPlrWfam2NT5AJ7w/5LJUFh4d1onH9Q0PiVclVpSl67ghOSZWN0dI8xRhaFF2mngfEOmqNlt5qIrwFw1AEVlgkgopVpfrlpcBR6MEgf9/MYVtssCduCYfDYI104Sjs1QJkEFNp67ysoeq26qCsvRf3ctaCJ+0/zl0a7QLIZzIWLklBDOJ+Brc9edlesmt5WQO8DBMX7QAATDpXt58n/GEig==;31:6/deO+QbOSytKsghC/hCKKlHU3azy7UPehf/ZBLU2Muyu5XkG/U+DEC94sq9fm0kAYQx+bbG44W7W72BEC93lJksg0gFQNCvHRo484kO00EalNalFQLosatES6HfRgtc1Y/WiHj1ubwG+OlkYN6TNo/8jVCBKMC9M8E+Hi5BRihgTJL/7UTmef+eLwCNEgs6J+fJvfCkju4YlaJJxp+WmtnaZXk/gTy/8Eu9Jrca0S4= X-MS-TrafficTypeDiagnostic: SN1PR12MB0160: X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:BiHdG8u8z2tTqdDa/iWUFTuYCoOTQBxuS3p1OxKuccxBRUAYsXzXO15lZf0/9ijUs7yGtR0AYlDOV+adbKWjYMr+3sA5yIYMNyDcgPtHLdbVeRslpJaj6qFwzyVUGtrjmcD0ZP91R/deoK/7ELkOIYMkAiDUxkzR0G0AM9PXOKwA0F9q0EOOGkRqyvbrcqnWXMh7HmDbIqHsXT7SmgLYhGrPYrhXM1eT5GKsIVWbqreD34QBbOmxSeNTtK9leQBMH8RDr9yIiBtENFzOK8P9s7IYsYIGjX+Bp6/KuAXTfPLkAzQrkNlsbGVdEybXuve3iQeA57v/mQ0G957nN1DU1AKjOEkmDCJqg6X+wA1hqhNPVFLgDpCDfcAvaZuKGSLzp0k/0VYqCbOipJJGD+PTR/XUiDRJTkIcoP0yIOZbluVjgoR5zDt/rVmst76E8zHOG0xFet179NIEs7Jr/t7RM15Pwi8aaLqG5KBsoDp+ONTihll0Iv9Pd6X14C0GFoIq;4:PNMm7V0C1Ht5ZuyA+b6exGDBK911mVzX+xJgTVibvAiKJlN4aAcHIprSGODUYuB3BzoS6PjpPJkJLSgCWCtQRVQA79o1UiTcAchjMPJuvBrL2LJaJeOg74k+pUhZmPwMZSfubGkLuQ9VyQ/AeocyRzsBHCn03nBB/X6jRreGdVs+7zpyIMLq6G6LzonF6tKGxRU/J8CXNJKqiZ5Yr40wl/VMpOz9itxoXKiIgCfRdUTrnCxBComyfmAyUKYBL8ZvDFaXyPRx5l9+pFUP3Gx/pypBOGMIPUuA0Hq1xza4BE9GUei/GLnkZfLPFVyZNxBqFKdO69tzPNQrDif1wLKvOw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3002001)(93006095)(93001095)(10201501046)(6055026)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123562025)(20161123555025)(20161123560025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:SN1PR12MB0160;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:SN1PR12MB0160; X-Forefront-PRVS: 0450A714CB X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(346002)(376002)(199003)(189002)(97736004)(86362001)(23676002)(76176999)(53936002)(50986999)(1076002)(6116002)(3846002)(478600001)(36756003)(47776003)(101416001)(33646002)(6486002)(66066001)(189998001)(68736007)(105586002)(53416004)(50466002)(4326008)(54906003)(8936002)(305945005)(6666003)(2870700001)(81166006)(5660300001)(81156014)(25786009)(2906002)(8676002)(7736002)(2950100002)(7416002)(50226002)(106356001)(316002)(16526018)(219293001);DIR:OUT;SFP:1101;SCL:1;SRVR:SN1PR12MB0160;H:ubuntu-010236106000.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtTTjFQUjEyTUIwMTYwOzIzOjN6UEZVYzlLV0pDTkZRL0NSWHYybUNlRWg1?= =?utf-8?B?S01oZG10cEMxQ3o2TlVFdko5b0p5T3pXK1ZDZVg0NWJDdWRsWTR0MURXZ0ZD?= =?utf-8?B?RW00d21PdTVBWkVkN3IrNzRta1piUGluZ2F4a3pKaFdSQTBPb2pLZDVzZmdE?= =?utf-8?B?aXpKRTk0T1lOeTNCQVJGM1VVdlN6cURaRCtBZjVQN3VqaStUTWQ2Q0NxVTNw?= =?utf-8?B?VFA3aXZKMDVLOHQ2WTluQlY5ay93TitMN3VTRGU1R1hIWjcxZE1wT0tRUmtO?= =?utf-8?B?aFJOSkNWRHdUZGRxblZhOHdlVG93dlNoRHE4MlhqeUVJTmF4L25RanhoNkdW?= =?utf-8?B?dkMrSHZxZ00yUVVmY0Z5cVJDVEZIMDFoTERjZGFkTGczeDlJSkNBMXVmV0p0?= =?utf-8?B?eWY2TllGa0NYUjNvajlyNW9XMXlGcXI1K0c4Ny9oY0U0ZS9MVXZaMUZpSUYw?= =?utf-8?B?aldXTlFiN0ZDV2JUblMwOVlSa2k2czRRYlVzT2lsY1pUaTFNRjNaVVloMkE5?= =?utf-8?B?ZXp5VnQ5UVVnSDNScy9xTVVoMzllTG1vb1dnc1V3U2tuV3VWNFF0TVVMOUZx?= =?utf-8?B?dFpXTW1KWlY5QS9ZMEdvNC9MUWdXbjA0N2gxVmpoc3dnZXBHWU5OWStCVTFX?= =?utf-8?B?dnhMdFNsL294cHdldm9pY1lzdFEzb3dBSWhSYWNnMmovQU9nTndPVFpFRFBq?= =?utf-8?B?bk96aFBCUHFERDRiYXQrVEFPaE1xdjFLZkwvazcreVVTWEw0RHZFTVZQbFJG?= =?utf-8?B?aVhMcmZEVUZ1TTZZUC9hQklIbjdsMEQ2K2s1QTZXYXBsRDVzN05GV1NPQmhH?= =?utf-8?B?c3poLzl1V2N6K2tKWU1MbC9hTGgvVmMyOS9MbU01UDFhaEd1Y1JQUWZFVWE0?= =?utf-8?B?UkVhKzUyd3ZBTlJiNU1xRzBoVGh3eXpZMStyWnVNNnNINmVkbnkrbjdRY3o4?= =?utf-8?B?OTI2UmVnY3J1bE5PY2RpZjdBVTBqWisvMWxFUUtlSmtEbWhnd3ZCZkFtSHM3?= =?utf-8?B?eXRoM25XM3RRaWdFQ244RS9kRjVJMEpqdUt2SzFZN0ZJb1JXSFQ1MFEwNE1l?= =?utf-8?B?c2FRS0g0bDhZL290ME1OWGhrdEE4Skw2Y055aEpTY0dXdVlJQ0VVdEk5VXRL?= =?utf-8?B?OXUwbTdNRHRURFhyRG9mSFg2cnpVZEp6bXpUSUwza3NyY0k0eHowd05pVUZH?= =?utf-8?B?Mzl1STNFUVBHbzlXbmRwOGRURFJQVjlnaTQzdkJhNHE1VWFuRzRBUjVnbGs1?= =?utf-8?B?QU5BTTZOSzQwSk14MEEwbWhPMHB4N1ByUUEyQjRjT3laNHVtdzMzWko3NUNn?= =?utf-8?B?Qm1HSlZnRHNxOCtDUVlJSXJaNkQxVE1rVGJTazZrUTJSc3N5aXg0SE03ZC9w?= =?utf-8?B?K0VTbE8xNDh2OFdIcGhxaFdZcHplVU5WbEYrY0JZNmIxZXJVZEVwU012MFRw?= =?utf-8?B?THVBdHBkMFViNmQ2bjZMM2hGTDJFdTFHSkRVUlN0MFNvV3dvUXRtMmtpUFU0?= =?utf-8?B?Ym53Zz09?= X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;6:fTLylfRUsBoEsymClINt6r/5P4kPWpLGwjhTcM1XoDLyByOLOCMOzjtbiJlWLZfY141HcJFdsp1B4YiAaeFxyWD0rlHXmtf4R14wWvVTQ2K3LDqnBkUP3GyJXhrMocubjnpZUgdM2xrMnbY5ZGg8FAv0gXsYBsgAX7Q5h63H0q88ldVBJ4OpCBUNu/pOSzZPygTz9/7OJrzLB3nF/g5D/tS+OTZd35dC0nYsCM0Ei40mSyNB7sXuTYLuu9zw7S612Fk+MtN3UmGScI8Q1Vn+LZb3I4dcwTFOm7hmtCCGD2chdhgrmXOnjjETOqXWyuiBSM+LWjT45Sg8/cSORtvkZQ==;5:bY9+/GRGmGikU/V2EkKXVGDvpgHxMIDApmZdFCZKJ3G/rk/dG8HdLmyAuLkAN0Q8/AyzvnIXBUuD9aEsgzXGYGqG/zb9QFoIitfeVn3KvrQfhoz/j/SfdVa9u7KtyUwfZJNK+XV0p02JrFogCocn2A==;24:h4Gcb/ayfYUk0N4kcEXiSH3uQnbapgsE67fTOd2gcFBxJuoL+pYOZ7ZuMJKGFrHuU8ewzheBDfAvmZPTFFFcfCAbQg69zjlaxkPaQrZ59+I=;7:mYJfcli3zDj9KrZgZa3d9HcZhzB76O74zQqXb1RSdfibfmZ909Jqwk+Q6+i5FanLfdi5vB0sQbz7TSCW10OuYVO1D9aB7luYRGvR5J3zAOHjB4dzaBAsYeG2SkMKtKJ4HB+Ii4KmJoOuabVudVZp2XeRI5vg9u20sLXqCQo9JCqi87D4m8t7vKT6zLpGypD9yqSw5sRfDv3PjVs+t2ZZgQbJX8FGVL7abvIBoQHLRmM= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;SN1PR12MB0160;20:H0HA4qvgF1WO/M8P+wBzNMBnnEBSLp6U0EZPIMggQ21CcXvMJel5hz4JYfSSAS/pV/7kYVetJ9KMJdD+ZO66Hy0pw6LE3T6xli753a99SA+Kd/yb2sU8gdGExLWvwcxMFRrS2LKDC9AJ279EzzpOgPyiAC/FhbRI5wZfugq8Hjn8SkzIZ6xx/iohwcOlCLPOj5+Pp128HWutX9vjpjrwodcFXkPqfimJxUSAc6SWChd+EqwEkvy/I2uMmD/ITsmN X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2017 13:15:26.7447 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR12MB0160 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The command is used for injecting a secret into the guest memory region. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh --- arch/x86/kvm/svm.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 2aa50b220163..5ab81cc66333 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6396,6 +6396,75 @@ static int sev_dbg_encrypt(struct kvm *kvm, struct kvm_sev_cmd *argp) return sev_dbg_crypt(kvm, argp, false); } +static int sev_launch_secret(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_secret *data; + struct kvm_sev_launch_secret params; + struct page **pages; + void *blob, *hdr; + unsigned long n; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, + sizeof(struct kvm_sev_launch_secret))) + return -EFAULT; + + /* pin the guest memory region */ + pages = sev_pin_memory(kvm, params.guest_uaddr, params.guest_len, &n, 1); + if (!pages) + return -ENOMEM; + + /* + * The secret must be copied into contiguous memory region, lets verify + * that pinned memory pages are contiguous. + */ + if (get_num_contig_pages(0, pages, n) != n) { + ret = -EINVAL; + goto e_unpin_memory; + } + + ret = -ENOMEM; + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + goto e_unpin_memory; + + /* copy the secret from userspace into a kernel buffer */ + blob = copy_user_blob(params.trans_uaddr, params.trans_len); + if (IS_ERR(blob)) { + ret = PTR_ERR(blob); + goto e_free; + } + + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + /* copy the packet header from userspace into a kernel buffer */ + hdr = copy_user_blob(params.hdr_uaddr, params.hdr_len); + if (IS_ERR(hdr)) { + ret = PTR_ERR(hdr); + goto e_free_blob; + } + data->trans_address = __psp_pa(blob); + data->trans_len = params.trans_len; + + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_UPDATE_SECRET, data, &argp->error); + + kfree(hdr); + +e_free_blob: + kfree(blob); +e_free: + kfree(data); +e_unpin_memory: + sev_unpin_memory(kvm, pages, n); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6442,6 +6511,10 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) r = sev_dbg_encrypt(kvm, &sev_cmd); break; } + case KVM_SEV_LAUNCH_SECRET: { + r = sev_launch_secret(kvm, &sev_cmd); + break; + } default: break; } -- 2.9.5