From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933760AbdKAWDb (ORCPT ); Wed, 1 Nov 2017 18:03:31 -0400 Received: from mail-bn3nam01on0087.outbound.protection.outlook.com ([104.47.33.87]:27280 "EHLO NAM01-BN3-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S933175AbdKAVRZ (ORCPT ); Wed, 1 Nov 2017 17:17:25 -0400 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky , x86@kernel.org Subject: [Part2 PATCH v7 29/38] KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE command Date: Wed, 1 Nov 2017 16:16:14 -0500 Message-Id: <20171101211623.71496-30-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171101211623.71496-1-brijesh.singh@amd.com> References: <20171101211623.71496-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: DM5PR06CA0064.namprd06.prod.outlook.com (2603:10b6:3:37::26) To DM2PR12MB0155.namprd12.prod.outlook.com (2a01:111:e400:50ce::18) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 22cc3a64-7bb5-46f7-20c4-08d5216de1d4 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(2017052603199);SRVR:DM2PR12MB0155; X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;3:6lR6rsfX2XzlfeR0aVEtK3/M+sXukg8zcrU/7xsmSrmcXb0dDtgkJpk3rL4ksdG+5hfMVJo+bMpxR2dLkDekQAzoIcuMNj9OwuxV4cX0Cf4LxcOnGx/7pZZwrUrVNL59v7Y0VySxrgeukd6s05UpFiLX0TWWsnnqekHk5HxASSjkjmBjVVel8v59wtsY/D3xhiQnHbPSirFIqsO3rw89KRc7wJik7D7Taj3X8jJ3FCYd7xxtIoPQcU7hm0uUWvPy;25:+T7ASZ4kNQ52SDRn01FbYxfKJ9PsoaAHlvPq9V+GUue83RqsItZyqycKMde32OH/JufWzxzJoubTJ87cJv2bVYszsOAHl44oVY2hrPe5HbqCOh5/wPeDBNlslh4sbgKgj5/Ul7qag3afiunF/R7rHs8sEfMJ9X9SGJifj3/3tMw4x/vCuDVdMzLlsl1g3SaiLaZzfU9105MaZx0fOqUB75f43VoagRYB9QyiGaHB0m5xP2IwrI/gxhKA308qYHIFedj3+uTu+zivKsBM4j9rA55lF2C9tkg3X3RWsirR9XgPI+ulFNj4YonasVRmbqtbUdaqXjeEuVGPKHD1L66uAg==;31:Rp6YnvCT5GsrWMEGpqFf8pkgfxxXZ6NyUdZ8VxTKIkFc2EKoWALpeb636Z/b9cLUa7PBQ9JMTDVj2Tu6k01YmlH1YxK0cfGNozVbc3nyApphYSmvq+J/GUNNtWZZ6b3PSS97/WSlzGwfrkKpONPrw8qcSYMlI+3CjsVvcScsJ8C9sWwjKpydWvw4b0XACz8ZfbtximCsvvj7fNcNsLglEkM4uGbmpCFx2tEnXrSG4Q8= X-MS-TrafficTypeDiagnostic: DM2PR12MB0155: X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:r0q8yZKh1n1USwZNm9P6Vmg/Wq/A/oUCIxHZCBg/Pn9IkerdN7ry0010MgRRZuWB3fkAHsD2SyiYzm47lrI3GEqKIMkVlvYPOh+CzGs+zE9Y5OPM7BwBA9GtiTXjYHfTtI002JIFogVBU9bMpNhOb0wfRG4iQ/5t9b8HVj38w22dOWm9JBn4rJ9amV9W9jND9s9s+I3yfcS5jMMmHi3etwFXos1ZK6FemUYYUPvwtenVEZoX7C/GF+CxKMufHRMfXY3C1Usz5EjhJ83XikxYFJh6e++JrFKrLzygnS2yFURGn93diiywNkdEkVm7O9R3QHvAOYol2YjJ0repBnzJHUMTJ4Xn1t6FtNsid1l2+JYSZZs8PzGS4V/yqSr1x7RsMmlKRpxhqXM6pvEVFUPP0XtOUjC7ZkzRUC4R1SDoWdmuwUYNBmcXk1dOUUhHix69KXpLE+ydsUK4mC22B2i55wmLWl6qHKml7HG1Fw+VSTZbleBlvdAJT4RUS5jTUf35;4:xNh0/nY/IxI8dRHthDKXGpgkAp8LijxBUd3KzdsDPzdDw1PHSN5sPAWu5V2EneMmG95JWRETvEfhMbEG1FqZEktPZrtKrwnMQWb3ChJH1+r5VBsi3vcQkLkP3o4lWxVacSxVIWk6UVqSgc4WMBxobOFNReXzq39047C56FltUMJF2eYwHPC3VsIDiSLwk1zTAwMdT95SnzF+wyz3H5TKePinZXeFR26HG8W5rUZMYJ4VXjECFba1Hugiuy4iPsfTzNtNHWp3pXPN2aT+Q+Vx5TW/Qm60y0yBHrRghpECXS428+oaQ1YjpFkSNVeUUujOMCHiQTsJ4jE6mjT0LMyCEg== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(100000703101)(100105400095)(3231020)(10201501046)(93006095)(93001095)(3002001)(6055026)(6041248)(20161123560025)(20161123555025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:DM2PR12MB0155;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:DM2PR12MB0155; X-Forefront-PRVS: 0478C23FE0 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(39860400002)(376002)(346002)(189002)(199003)(1076002)(6116002)(97736004)(66066001)(50466002)(3846002)(25786009)(4326008)(54906003)(316002)(8676002)(47776003)(36756003)(23676003)(50986999)(478600001)(7416002)(81156014)(81166006)(105586002)(53416004)(53936002)(189998001)(106356001)(2906002)(16526018)(2870700001)(76176999)(33646002)(305945005)(7736002)(86362001)(5660300001)(6486002)(101416001)(50226002)(68736007)(8936002)(2950100002)(6666003);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR12MB0155;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtETTJQUjEyTUIwMTU1OzIzOlNFMHdBQno2U3N2QzV1RnlrQzFEV2lxdndt?= =?utf-8?B?QU5TYUNmb2R3c3ZpZmtkZ3l4Z2RzaFBrZWFDU2dkQXB6azZralc0YnF4MnBm?= =?utf-8?B?YXdFT2JFZ1ZpZlFQR2tIWHJYTVBUSFZQdk1iUU9vOFkybjI0eVZ1L2hwZER0?= =?utf-8?B?TDN3VGRkOEYyQld0bWZEdE1xYXl3K1lHeFVGbjBUUmRxdU9LdVFtWkgwMFNl?= =?utf-8?B?YWs5cHFqUDUwVjcvK0psYTVnbnFjdERwY2NtaW80N2JIMlZXWWN2Y3FZamMy?= =?utf-8?B?N2NDY1hsakZ2YUxTWmtBM2VUR0JUTEpXUnY1SkY3dmtXbjlPamJWallzSUho?= =?utf-8?B?N2ZlVzkrcGtDMFEyeVZodnE1Vmp4a2N6UHpPZW9MbHZCbmdpQWN3VDQxUHdD?= =?utf-8?B?U0xKSW9WdUtpN2M1Q2NjYTk1RGY4WjloZWxoTGNtZHF1QWdmUW51aStOblA4?= =?utf-8?B?RitIMVBUZkdIS1Z5YXJESFVURThvajl3dzdubWIyeTB3ZWs0RDlzWmE1aExP?= =?utf-8?B?WFF0RWN5V0l0OFVGeS85RmVXNTkxTnZ3SGtqZVc4SUJILyt1aENFdFJ5L05l?= =?utf-8?B?ZGtWbGxNY3M4bmpnS2xHdkR1YkNBSXg4NkdJNytuYktKL05ma25hRUhsU0hw?= =?utf-8?B?dnVhTzlwd2gzdDZoNDA0eVNWOXJub1YzSDNkUTJqRFhkRE1UL2FLaExqNlpv?= =?utf-8?B?eHIydWdMQlFSeSs5L1BEeTRSQit2MnVPYnJ3T05LN01LQnFCOVVwQ1MvWFN5?= =?utf-8?B?ZGgxSHY4OENFVmtZTW4wZmdxMllWdXV3MnJ1MlRMODcvL0NxK2JoUEhSY1cx?= =?utf-8?B?WjluczR4bFFtU1hJU1dXbTRnTGtSeUtKR1VVZE9QRFNwZVJvNlhJSjVONEtk?= =?utf-8?B?WURZVjZaWlNTZEJ6WWdUZFJydlJIbzhwb2Q5Y0QyNWpFb3gvL0pEOC9QZlgy?= =?utf-8?B?TW9mK3d0UGxQRDFuS1pGMjN2RlJHV1Y0K25rTFUrT2ZIaDlycXRXV3hiQTFF?= =?utf-8?B?SkVNait6bE9wd3c4S290ZTZ6QWxvd3RtYzI4RHZqTnhzT0RYRzNOVGxYbi9j?= =?utf-8?B?Y28xS1dkVjVhc2t2ZTdFUkx3UjhzM29iMU1FL2tNbDVpVzdqcEdCaVRlOG5q?= =?utf-8?B?WkxEVGJsY3ZMSnNteXpsQm1UeXc2N041dkt3d3VtSU1wZVRsbFBqQk9GWmVF?= =?utf-8?B?YzNwWStKSExxYzVsWm5JaHJuT0xyYzdTcWxKTGNMQXFuaWlLaUR0RzI0a3B3?= =?utf-8?B?MUh0Y2EvQ2c4MWJkdW9RMkFicmJVcFo1Zkp2d1grQzh2dC9Tay84QzB2Y1Y1?= =?utf-8?B?OWEwWUFpWWJlNy9jdlRTL0NCQjBjb3d4ckx3Q1Z3V2M0bkFNSHlxOXVJWnVr?= =?utf-8?B?SmJpNmNQcG9WRTNkdnFZWThLVkZsSGNpTldscERXOEJ2Tjd2R0Mwczd3VGVK?= =?utf-8?Q?xt0pE6X2baKj2gH7aQSP/nViRRM?= X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;6:WNYrcHMbYVtyzg+gbzYsWfJY2l/dTDTHOEjaLjihPEGEtKes4J7O8Qlv2tX0rXPJYxxtisQYVOOYQ+kzkPgaEn4thCMBEvZL4h0pDIzGvOEkA/nSq9FA3fOPO1R3/+chzXukkTo1+7/V40P3Px7C2MQmdw84f6GjEiq56Ddw7SKEI2ZjAgvAB+RaL3P1VyJoM8oLkDHI64OlvTJ1SRgsxih/cHBVTIK4gKeHXHx5BougVnh++TMLLbfWhl83MAhXl2yYfYse3B6eqVkKlqeLu6jox7Cfd+8syX9rtn9h041EZYjS3IYBPZje6UHWbzLmIt3SLb/DTiOM7cMzzMIvzGDx9G4ixNOXMGU1tMI/5qA=;5:5/CF1YgyF+g3B1KIiIC1NjEvQiYgvliJ51xRe4EFxkXUFCiw0hiuWnXCke5L207JIaKMYEKMlLdkUwLkbY1sbeEEY4xmU9V9K3W5u9508zboQJ2tZ4Q0KhX6gm2gu4JbelEbbmW1/Ws4qXtgpOxR59mRPDgP1EbghKWbXh3OqLw=;24:qCc3m/Jhc1k/FqvwC+xyZEoIiSyXWr7oixpwr3jFNwDd8kirmC1EO3spExn1JLsf2tfqxrrB2l+6DrV0HP5/mgJL5b25ah7btAgQzAscdko=;7:3aHkHNUH2H4i7Xb+MyTPBF0A9C7tg/W1BnwQc1w+wm374aWd/dpI6NJgfbhDSENVPeoFwlkBW1PPC5/3TWOFodyEVuDDNemDiAfG4+JNm7xrQJkK0bys22hSiKDw6PxEIQkxcpAWdlzmsxc0cO79xxm4WQ1qDauL0mi1PH131N4mdG176glZRGkhI06rGRkbOXfBZxR9wpN1UlDD2ko8FAumXuW+W793h30oXmFTyLMQSihAqhfZg8sUVJ9Ke8YB SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;DM2PR12MB0155;20:hPfYnKWjiqBLjDaRAnphtLDcw0n/aQZb9hdaU7vH/dMSyzRy5LPoarNJhaNnpv1i+9zmB8ihx/WcRALj8qxCJ9dO8mDffmJudyG9rY3O1FyK0eQF7gbKl2c5kvp5ww4iJSzsAZ3dsZU9AypLiNuDXH0AFPt4z7L4nFwyJ49xAi8z94ewZJ5Hc/pszy06Tj62YFk7s1H7pV1SvKUlbqWqOsrckKsiBtEodH3q8kf17G7BHfXLQuPxeefjjBAUc/od X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2017 21:16:56.2970 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 22cc3a64-7bb5-46f7-20c4-08d5216de1d4 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR12MB0155 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The command is used to retrieve the measurement of contents encrypted through the KVM_SEV_LAUNCH_UPDATE_DATA command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index f400753a37a8..c9be9dde7b85 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -5911,6 +5911,77 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_measure *data; + struct kvm_sev_launch_measure params; + void *blob = NULL; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* User wants to query the blob length */ + if (!params.len) + goto cmd; + + if (params.uaddr) { + if (params.len > SEV_FW_BLOB_MAX_SIZE) { + ret = -EINVAL; + goto e_free; + } + + if (!access_ok(VERIFY_WRITE, params.uaddr, params.len)) { + ret = -EFAULT; + goto e_free; + } + + ret = -ENOMEM; + blob = kmalloc(params.len, GFP_KERNEL); + if (!blob) + goto e_free; + + data->address = __psp_pa(blob); + data->len = params.len; + } + +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* + * If we query the session length, FW responded with expected data. + */ + if (!params.len) + goto done; + + if (ret) + goto e_free_blob; + + if (blob) { + if (copy_to_user((void __user *)(uintptr_t)params.uaddr, blob, params.len)) + ret = -EFAULT; + } + +done: + params.len = data->len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) + ret = -EFAULT; +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -5934,6 +6005,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_UPDATE_DATA: r = sev_launch_update_data(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_MEASURE: + r = sev_launch_measure(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; -- 2.9.5