From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752858AbdLEBJD (ORCPT ); Mon, 4 Dec 2017 20:09:03 -0500 Received: from mail-by2nam03on0057.outbound.protection.outlook.com ([104.47.42.57]:42880 "EHLO NAM03-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752602AbdLEBF4 (ORCPT ); Mon, 4 Dec 2017 20:05:56 -0500 Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=brijesh.singh@amd.com; From: Brijesh Singh To: kvm@vger.kernel.org, linux-kernel@vger.kernel.org, x86@kernel.org Cc: bp@alien8.de, Brijesh Singh , Thomas Gleixner , Ingo Molnar , "H. Peter Anvin" , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= , Joerg Roedel , Borislav Petkov , Tom Lendacky Subject: [Part2 PATCH v9 29/38] KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE command Date: Mon, 4 Dec 2017 19:04:29 -0600 Message-Id: <20171205010438.5773-30-brijesh.singh@amd.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20171205010438.5773-1-brijesh.singh@amd.com> References: <20171205010438.5773-1-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.78.1] X-ClientProxiedBy: CY4PR0601CA0087.namprd06.prod.outlook.com (52.132.96.156) To CY1PR12MB0149.namprd12.prod.outlook.com (10.161.173.19) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3d71ca92-b45f-4f2d-848a-08d53b7c4233 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(5600026)(4604075)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(48565401081)(2017052603286);SRVR:CY1PR12MB0149; X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;3:5crOwpz7z0KSIM2i4d6c2l2IqUBC5rCIopvhoNIC5BLICmjFE8PEHRIQqWV5gWI9Omv7bx0xWZ5CdgZmhJj33/i7EOZwSsjNELVLQc508k5owJthW5O9SHPCsO5MhN7tx1fgRMfGiABsEeYC0kkjFzve/0o8lTRInc/flkaOTwCDRx0th6fVkXUrlF5spUx5p/TtBQ9Wsu0D60FdMdnrvG3TpVTxu/D9tRSA2eeMCKHMy6g4c4DqgmNox4UJSbmO;25:Wj3iJlYKL2QASQA8ryUa4f49dA+XZkzotPCgwMIJ71RPY3udD42O6jVUsNlPEN6UWCgPGHkkZ1/cW9+5j8XCjC77215ZgK+L+TwyabcXtrF8FRFEzQS+X+/8mwU6bj/YYc7sGhwKwYBTh1Ysg3XhBSlUvO3fLNP+lk8rX9/pJXRtgVM0LZLQxTOVnpXJC6g8Kw2hkc1JxkLaGmi3mUDA6FDC0NHYkTfg6fpXQ+BX1FVFJ7UNljITwSOamj87VAB/HyAy94QF3Tv48vS4KTXGygo4ZfZPff0bhW16dK1SlpiugEEKYl1vGOpuea3XzUrVecpQJxZ6IuDTgjGYPhkWGA==;31:NGTfSIW/RkleJT3nsweheGS6mblr0VaUg63bHEPrqpjB7V3gEL3Z7C8G5pkpqFnooOOlZS2dUTTs746Eo4A1uzZ6my12F1VoyEMQPhmI/4SRImji5/eQchxUlvdc9UQDw09U7JySJ3kt3I6Ony1pZDyIeUKm/U/Mkps4/coJEouMlPuUW0hBvkU9RC3p2bOaTEtihA7U2oojC8aHznucjoyR3TeEeJ3lhrpGP4430v0= X-MS-TrafficTypeDiagnostic: CY1PR12MB0149: X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:np/vhVBnMX/zhoZKkNjSinjUQsMzk8Csu0D12zxT5F2eUpJZDfSbD12dQBgWA3GlykW4Jm3LyNoYmwIDvEZ5op8jQYzAY0sO0FgBefU4OIY9xibN2WNjNoDBwoDVwQtxQq+956sQ5CASthnf7KETZHpAeLlahlo3DdNFoNewD+MPNnShgRV+Zusiyaeo3acWhwFwINMYn/mGr7Azk/W0tKE8y1EdpvBnr6OVsJTA1Rxclp7bxbPRDOdyVCgD6SWUAWZdwaRBNK157Bf+5hBCag5a8zkZg6Stx4vX9rCSCI5yh8c8AqiFzY9uYwRJD3Of1h5fNn+rDIDtbbi/CNL46W2nxVlwbdVch7aPDGXRiegisoP3zNS3JkgrnjgYeY5gM2hbvVXE7xQSlnn1qTJ7sjUH/BnN2xdoxciAKqVsFldAu++6NqTBRJs/l8DrF2QAKzgZzibbzRfhGsfMqkec56SoC9uiiNaTGCA5rfVlD6Nt2EeYTXw5kHlC9gXohjOr;4:KPHvOnpwb2btENmDI6K08RG4LMyvYgMK6HI4u5nq6KO2ot/bVH/naGAD0y+HIvKag1rO1gbUoWmCiDWDYBik6MaGLS4GuOeO9kbHWdXRWifYPzfZdOwGlFibqLVx0GK6tZlRN6NhjSfP5JmcUNLNnLpAsXe+vExDqWewg8fcxXzN99ScyxgQ6reU+VfRyJzTN3BpsIo8LsJ8AslQTSSMb2yZFurULPhvwPVxIGNT/nkgRuGWMDcJSknXsWoOH/zfXkh2rDamTtIQWmhbn6AR0A8PWq4QWq9QrhX1b/tgr2Xl+THaI2bPD0oYcpkDBoVi+XT2XysQrrHqbSR6UfC5JA== X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231022)(6055026)(6041248)(20161123558100)(20161123555025)(20161123562025)(20161123564025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123560025)(6072148)(201708071742011);SRVR:CY1PR12MB0149;BCL:0;PCL:0;RULEID:(100000803101)(100110400095);SRVR:CY1PR12MB0149; X-Forefront-PRVS: 0512CC5201 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(366004)(39860400002)(346002)(376002)(189002)(199003)(16526018)(189998001)(106356001)(478600001)(7416002)(2870700001)(101416001)(23676004)(52116002)(97736004)(86362001)(7696005)(33646002)(54906003)(25786009)(105586002)(76176011)(316002)(2950100002)(7736002)(2906002)(6486002)(50226002)(81166006)(81156014)(8936002)(53936002)(8676002)(4326008)(1076002)(305945005)(66066001)(6116002)(53416004)(5660300001)(47776003)(68736007)(3846002)(50466002)(36756003);DIR:OUT;SFP:1101;SCL:1;SRVR:CY1PR12MB0149;H:wsp141597wss.amd.com;FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtDWTFQUjEyTUIwMTQ5OzIzOm45YWdMcXFXV25NT3lvYXg4dVhpWUNBVklQ?= =?utf-8?B?dGdRd2dQZ3hUY3hTVmE3T1FWcmxORGZjR0VkMWpLOHg3RytxQzNSZVRLdFZ1?= =?utf-8?B?dTliVE03NDZQWEZnR3dTYVQvNFMzNDVUMG42QjlESmJFUzcvdmQ3NVJycWhG?= =?utf-8?B?UERVRHBUbXNPZVd0Vmk2WTVhV0dDRllaeFN5eFBSR0Z0Wm5LZFVBcktYM3ZG?= =?utf-8?B?RlZvOWJZMzNMQTBLMmgzYTNGaGRVN1EvRHllWUw0NGUrSzEvU2JTL015aEFJ?= =?utf-8?B?VDVVSWltbXZCcHY5d05uaDZqdkE5V0NKRlk2eXZUY1FISVc5cjU1a1ltQWtv?= =?utf-8?B?dENnMVRhdUl4MlZVUzYrMk5FakMwd2YzOHlIRzVDdHNwR0w3QXdJTkMzSFgz?= =?utf-8?B?ck5MVWNmTXoyMEgwL1p4c3FkVERUQ1NNK0JXYUNlZDFjdXdObnlFQ1JqREJz?= =?utf-8?B?U3dNMjVnRktkR0pFdE1SeEdJa1o0dTI0aUdFZHI3eDZPb2FUeStQSG4wVE5x?= =?utf-8?B?VG9kSkRGYlRaMU50WjVZL2FPNDE3K0xuRXhpVzA1VGkyZDBycEZ3Qjd5eU5v?= =?utf-8?B?eVRiZXU2d2Nob1Fpb0RhM2NHbWlRWjJlSHNzUHJ4WlRQV3E4QlVXMW4wd2Z2?= =?utf-8?B?em9WOU9IS1QwYTRDRWhPT2ZKZU11SWFnWXRFR2FjMy91MWJ2SUdrTU54MEsv?= =?utf-8?B?eWEvWXhZVVhOMjZ1Ky9XOU4vbllIZHhvZUhZSDkwOFJXanpiVEFSR0NkZzNJ?= =?utf-8?B?VjRtUVNpR1VGdEFIR21DVFBEcDNUMmJzOUxqUlpYa25xdGVFVkhkVFJQa09k?= =?utf-8?B?eUk0UzNkdVdVYXdZSTh0RWc5S1BYMUZtenN4Q0QzT1hVak5OcHlHOUljOEY3?= =?utf-8?B?blkxd1FXZmNHZ3lDK1NRSmpwc1JKOGJZZUdJNG5BS05TZ3lyY2NyM0p4Y1RB?= =?utf-8?B?NGZvWWprRjNObThaVlJTYVM4aUNiUmhpU1p4OXViN09XbjBuMHB1ODNqZGdS?= =?utf-8?B?eWhBclBpWWpsclNYdEF5cUF1STMzSGtENk1yRERoTXgvRC9Ic0JiTktXREY0?= =?utf-8?B?Szlnemt1ejJ0NjFLNlRIRWZvRzZoUXJOSDNLV05BeEFnTjlPaXBBWGx4ZjZY?= =?utf-8?B?RGRxNlFFb2hmVk5xcWFxWVhKZURZdWNYMEsyNTdrNEpvK1NCOTd3Q1plYlEr?= =?utf-8?B?YkxFU2R4Zng3M2RsY1gwVFRQUGt0T0NLYVVsSXRpemI3RGlRVFEwUnhZRjVJ?= =?utf-8?B?UE1sVDVNSDVFMUx4RlplbzN1bXZBNUlXRVlxc2QyMWpUNnNrWjFIaFdyalhs?= =?utf-8?B?YW9JbWxhRU1HUFd0bGg3bWZsMWlNbmpSdmg2M3ljTTVlVVNYR0krdStGb29Z?= =?utf-8?B?ZFNQZkVJdFdPR29jVG10aVhZc3RtQUFxQUFOSTlDQUkxYnkyb2lWTUo1QmI4?= =?utf-8?B?KzgvWFBwcTQrcC9FSjNUeGdBa3ZjRmFtS0UxYVNhMGcyRnBadGFuRGdGVHBB?= =?utf-8?B?Z1dBQT09?= X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;6:evWXIa5dvOTSXOB1XO5E7kaNe+PkzHO+aGA0kDSoETYlawGzzFmdfWpleoiF3amHGdQ+PFANtoTk6PRBxvjNtaVUrmxj3VLiqczyvvCjx/KTVyNQoP/dZmTLQqGJNjq+G6YK+bnSqn8jqB8Vf6huF9VzOpP0x04vziKKWVIPjppOvnIP9OqIMBUuo08+MB7iQqgoRLEbKUXlMMNUOyF+7+Pnevfc+MxJeM4lNTjgf/ysFzd7MJKR0/MobckOuNKOQytczJvppuhdl+L0zQKm5LuK9cgd1EDok4lcYjjtG/QuH7q7uyGy/pO5NjIUybz5uf5bPtJZ+9JBuVdJ99aM+HiwuTzjSNk+qEcFOY0WWe0=;5:5KugN20pwPN6rYo9TdU9qCoOxM+hOZoncMKThinRhG1q6mkkmPtcaskBIZCPxofz9jkJJJMcxbrTLcI1OjdbwQqf1maNoEPCiVc087sTmdGGigzWNcCMgfEvqwGM0YTqGjRxbmsJ5Xio80Y0Il92lHbft3oSTVyYFOVK73Hb+s0=;24:VrUu9UeD1I8tM6IGKY/uOcc1Vv8qKUJGE6hJphSSkSC2NPlap7j1wioGgAVdXxa1hHmX9wXw9WEMg8WKDSUj7SUOLCrommVKy1xoPXPy+7A=;7:JxRQ5jgDGzPrhgufhjHH7RTROEtSGhZWL3YB9SBM7nW5DSqyNJ4WGz2tjgqjL66qmbr74TVPivcIAHzuAkHjYTjXlLMwUbG586A2bam+1bLeZYXylXOgHMnnUmeLawoOHvBHjCH/7yFl4txJJgQ6b4+VjxHHnNRinmRlmWDs8ohhtvLcjR9RToT0JnPXao8A4r5J8CEbh/Qi8LVTjszwciD8m3pSEE0ZOPSfoJHYfz8xOof6Se9fG+SukiA4/do1 SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;CY1PR12MB0149;20:s6cbKYS/hTQm5O/d/UibVtm9X9EUf6OZxNYgqdYTl9OphxvCHDjxDcp8567RSbeNJwap20mc4DIWO24ra+95TUjJ+gJ67m7PYNbEW7VVU67Wt696mF8w0tryO29XhH1ic8EMH9ATcshA0hpsCrt+jq6ODeIDTxUpza+BqSoW2tPYNjMUjgNbzo9DknUsA79biKY56WYSJ40lQjfELUlwHmONjIuptl/5sb6+bm+c3AyhHFAjJReCOTXyfuwrDMTs X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Dec 2017 01:05:20.9199 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 3d71ca92-b45f-4f2d-848a-08d53b7c4233 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY1PR12MB0149 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The command is used to retrieve the measurement of contents encrypted through the KVM_SEV_LAUNCH_UPDATE_DATA command. Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H. Peter Anvin" Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Joerg Roedel Cc: Borislav Petkov Cc: Tom Lendacky Cc: x86@kernel.org Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Brijesh Singh Reviewed-by: Borislav Petkov --- arch/x86/kvm/svm.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index 88951cbef3ec..74e010e6b5b9 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -6042,6 +6042,77 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp) return ret; } +static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp) +{ + struct kvm_sev_info *sev = &kvm->arch.sev_info; + struct sev_data_launch_measure *data; + struct kvm_sev_launch_measure params; + void *blob = NULL; + int ret; + + if (!sev_guest(kvm)) + return -ENOTTY; + + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) + return -EFAULT; + + data = kzalloc(sizeof(*data), GFP_KERNEL); + if (!data) + return -ENOMEM; + + /* User wants to query the blob length */ + if (!params.len) + goto cmd; + + if (params.uaddr) { + if (params.len > SEV_FW_BLOB_MAX_SIZE) { + ret = -EINVAL; + goto e_free; + } + + if (!access_ok(VERIFY_WRITE, params.uaddr, params.len)) { + ret = -EFAULT; + goto e_free; + } + + ret = -ENOMEM; + blob = kmalloc(params.len, GFP_KERNEL); + if (!blob) + goto e_free; + + data->address = __psp_pa(blob); + data->len = params.len; + } + +cmd: + data->handle = sev->handle; + ret = sev_issue_cmd(kvm, SEV_CMD_LAUNCH_MEASURE, data, &argp->error); + + /* + * If we query the session length, FW responded with expected data. + */ + if (!params.len) + goto done; + + if (ret) + goto e_free_blob; + + if (blob) { + if (copy_to_user((void __user *)(uintptr_t)params.uaddr, blob, params.len)) + ret = -EFAULT; + } + +done: + params.len = data->len; + if (copy_to_user((void __user *)(uintptr_t)argp->data, ¶ms, sizeof(params))) + ret = -EFAULT; +e_free_blob: + kfree(blob); +e_free: + kfree(data); + return ret; +} + static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) { struct kvm_sev_cmd sev_cmd; @@ -6065,6 +6136,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp) case KVM_SEV_LAUNCH_UPDATE_DATA: r = sev_launch_update_data(kvm, &sev_cmd); break; + case KVM_SEV_LAUNCH_MEASURE: + r = sev_launch_measure(kvm, &sev_cmd); + break; default: r = -EINVAL; goto out; -- 2.9.5