1
2
3
4
5
6
7
8
9
10#include <linux/module.h>
11#include <linux/kernel.h>
12#include <linux/kthread.h>
13#include <linux/sched.h>
14#include <linux/interrupt.h>
15#include <linux/spinlock.h>
16#include <linux/spinlock_types.h>
17#include <linux/types.h>
18#include <linux/mutex.h>
19#include <linux/delay.h>
20#include <linux/hw_random.h>
21#include <linux/ccp.h>
22#include <linux/firmware.h>
23#include <linux/gfp.h>
24
25#include <asm/smp.h>
26
27#include "psp-dev.h"
28#include "sev-dev.h"
29
30#define DEVICE_NAME "sev"
31#define SEV_FW_FILE "amd/sev.fw"
32#define SEV_FW_NAME_SIZE 64
33
34static DEFINE_MUTEX(sev_cmd_mutex);
35static struct sev_misc_dev *misc_dev;
36
37static int psp_cmd_timeout = 100;
38module_param(psp_cmd_timeout, int, 0644);
39MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
40
41static int psp_probe_timeout = 5;
42module_param(psp_probe_timeout, int, 0644);
43MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
44
45static bool psp_dead;
46static int psp_timeout;
47
48
49
50
51
52
53#define SEV_ES_TMR_SIZE (1024 * 1024)
54static void *sev_es_tmr;
55
56static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
57{
58 struct sev_device *sev = psp_master->sev_data;
59
60 if (sev->api_major > maj)
61 return true;
62
63 if (sev->api_major == maj && sev->api_minor >= min)
64 return true;
65
66 return false;
67}
68
69static void sev_irq_handler(int irq, void *data, unsigned int status)
70{
71 struct sev_device *sev = data;
72 int reg;
73
74
75 if (!(status & SEV_CMD_COMPLETE))
76 return;
77
78
79 reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
80 if (reg & PSP_CMDRESP_RESP) {
81 sev->int_rcvd = 1;
82 wake_up(&sev->int_queue);
83 }
84}
85
86static int sev_wait_cmd_ioc(struct sev_device *sev,
87 unsigned int *reg, unsigned int timeout)
88{
89 int ret;
90
91 ret = wait_event_timeout(sev->int_queue,
92 sev->int_rcvd, timeout * HZ);
93 if (!ret)
94 return -ETIMEDOUT;
95
96 *reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
97
98 return 0;
99}
100
101static int sev_cmd_buffer_len(int cmd)
102{
103 switch (cmd) {
104 case SEV_CMD_INIT: return sizeof(struct sev_data_init);
105 case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
106 case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
107 case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
108 case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
109 case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
110 case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
111 case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
112 case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
113 case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
114 case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
115 case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
116 case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
117 case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
118 case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
119 case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
120 case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
121 case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
122 case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
123 case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
124 case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
125 case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
126 case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
127 case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
128 case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
129 case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
130 case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
131 default: return 0;
132 }
133
134 return 0;
135}
136
137static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
138{
139 struct psp_device *psp = psp_master;
140 struct sev_device *sev;
141 unsigned int phys_lsb, phys_msb;
142 unsigned int reg, ret = 0;
143
144 if (!psp || !psp->sev_data)
145 return -ENODEV;
146
147 if (psp_dead)
148 return -EBUSY;
149
150 sev = psp->sev_data;
151
152
153 phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;
154 phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;
155
156 dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
157 cmd, phys_msb, phys_lsb, psp_timeout);
158
159 print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
160 sev_cmd_buffer_len(cmd), false);
161
162 iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
163 iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
164
165 sev->int_rcvd = 0;
166
167 reg = cmd;
168 reg <<= SEV_CMDRESP_CMD_SHIFT;
169 reg |= SEV_CMDRESP_IOC;
170 iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
171
172
173 ret = sev_wait_cmd_ioc(sev, ®, psp_timeout);
174 if (ret) {
175 if (psp_ret)
176 *psp_ret = 0;
177
178 dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
179 psp_dead = true;
180
181 return ret;
182 }
183
184 psp_timeout = psp_cmd_timeout;
185
186 if (psp_ret)
187 *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
188
189 if (reg & PSP_CMDRESP_ERR_MASK) {
190 dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",
191 cmd, reg & PSP_CMDRESP_ERR_MASK);
192 ret = -EIO;
193 }
194
195 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
196 sev_cmd_buffer_len(cmd), false);
197
198 return ret;
199}
200
201static int sev_do_cmd(int cmd, void *data, int *psp_ret)
202{
203 int rc;
204
205 mutex_lock(&sev_cmd_mutex);
206 rc = __sev_do_cmd_locked(cmd, data, psp_ret);
207 mutex_unlock(&sev_cmd_mutex);
208
209 return rc;
210}
211
212static int __sev_platform_init_locked(int *error)
213{
214 struct psp_device *psp = psp_master;
215 struct sev_device *sev;
216 int rc = 0;
217
218 if (!psp || !psp->sev_data)
219 return -ENODEV;
220
221 sev = psp->sev_data;
222
223 if (sev->state == SEV_STATE_INIT)
224 return 0;
225
226 if (sev_es_tmr) {
227 u64 tmr_pa;
228
229
230
231
232
233 tmr_pa = __pa(sev_es_tmr);
234
235 sev->init_cmd_buf.flags |= SEV_INIT_FLAGS_SEV_ES;
236 sev->init_cmd_buf.tmr_address = tmr_pa;
237 sev->init_cmd_buf.tmr_len = SEV_ES_TMR_SIZE;
238 }
239
240 rc = __sev_do_cmd_locked(SEV_CMD_INIT, &sev->init_cmd_buf, error);
241 if (rc)
242 return rc;
243
244 sev->state = SEV_STATE_INIT;
245
246
247 wbinvd_on_all_cpus();
248 rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
249 if (rc)
250 return rc;
251
252 dev_dbg(sev->dev, "SEV firmware initialized\n");
253
254 return rc;
255}
256
257int sev_platform_init(int *error)
258{
259 int rc;
260
261 mutex_lock(&sev_cmd_mutex);
262 rc = __sev_platform_init_locked(error);
263 mutex_unlock(&sev_cmd_mutex);
264
265 return rc;
266}
267EXPORT_SYMBOL_GPL(sev_platform_init);
268
269static int __sev_platform_shutdown_locked(int *error)
270{
271 struct sev_device *sev = psp_master->sev_data;
272 int ret;
273
274 ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
275 if (ret)
276 return ret;
277
278 sev->state = SEV_STATE_UNINIT;
279 dev_dbg(sev->dev, "SEV firmware shutdown\n");
280
281 return ret;
282}
283
284static int sev_platform_shutdown(int *error)
285{
286 int rc;
287
288 mutex_lock(&sev_cmd_mutex);
289 rc = __sev_platform_shutdown_locked(NULL);
290 mutex_unlock(&sev_cmd_mutex);
291
292 return rc;
293}
294
295static int sev_get_platform_state(int *state, int *error)
296{
297 struct sev_device *sev = psp_master->sev_data;
298 int rc;
299
300 rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
301 &sev->status_cmd_buf, error);
302 if (rc)
303 return rc;
304
305 *state = sev->status_cmd_buf.state;
306 return rc;
307}
308
309static int sev_ioctl_do_reset(struct sev_issue_cmd *argp, bool writable)
310{
311 int state, rc;
312
313 if (!writable)
314 return -EPERM;
315
316
317
318
319
320
321
322
323
324
325 rc = sev_get_platform_state(&state, &argp->error);
326 if (rc)
327 return rc;
328
329 if (state == SEV_STATE_WORKING)
330 return -EBUSY;
331
332 if (state == SEV_STATE_INIT) {
333 rc = __sev_platform_shutdown_locked(&argp->error);
334 if (rc)
335 return rc;
336 }
337
338 return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
339}
340
341static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
342{
343 struct sev_device *sev = psp_master->sev_data;
344 struct sev_user_data_status *data = &sev->status_cmd_buf;
345 int ret;
346
347 ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);
348 if (ret)
349 return ret;
350
351 if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
352 ret = -EFAULT;
353
354 return ret;
355}
356
357static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
358{
359 struct sev_device *sev = psp_master->sev_data;
360 int rc;
361
362 if (!writable)
363 return -EPERM;
364
365 if (sev->state == SEV_STATE_UNINIT) {
366 rc = __sev_platform_init_locked(&argp->error);
367 if (rc)
368 return rc;
369 }
370
371 return __sev_do_cmd_locked(cmd, NULL, &argp->error);
372}
373
374static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
375{
376 struct sev_device *sev = psp_master->sev_data;
377 struct sev_user_data_pek_csr input;
378 struct sev_data_pek_csr *data;
379 void __user *input_address;
380 void *blob = NULL;
381 int ret;
382
383 if (!writable)
384 return -EPERM;
385
386 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
387 return -EFAULT;
388
389 data = kzalloc(sizeof(*data), GFP_KERNEL);
390 if (!data)
391 return -ENOMEM;
392
393
394 if (!input.address || !input.length)
395 goto cmd;
396
397
398 input_address = (void __user *)input.address;
399 if (input.length > SEV_FW_BLOB_MAX_SIZE) {
400 ret = -EFAULT;
401 goto e_free;
402 }
403
404 blob = kmalloc(input.length, GFP_KERNEL);
405 if (!blob) {
406 ret = -ENOMEM;
407 goto e_free;
408 }
409
410 data->address = __psp_pa(blob);
411 data->len = input.length;
412
413cmd:
414 if (sev->state == SEV_STATE_UNINIT) {
415 ret = __sev_platform_init_locked(&argp->error);
416 if (ret)
417 goto e_free_blob;
418 }
419
420 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
421
422
423 input.length = data->len;
424
425 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
426 ret = -EFAULT;
427 goto e_free_blob;
428 }
429
430 if (blob) {
431 if (copy_to_user(input_address, blob, input.length))
432 ret = -EFAULT;
433 }
434
435e_free_blob:
436 kfree(blob);
437e_free:
438 kfree(data);
439 return ret;
440}
441
442void *psp_copy_user_blob(u64 uaddr, u32 len)
443{
444 if (!uaddr || !len)
445 return ERR_PTR(-EINVAL);
446
447
448 if (len > SEV_FW_BLOB_MAX_SIZE)
449 return ERR_PTR(-EINVAL);
450
451 return memdup_user((void __user *)uaddr, len);
452}
453EXPORT_SYMBOL_GPL(psp_copy_user_blob);
454
455static int sev_get_api_version(void)
456{
457 struct sev_device *sev = psp_master->sev_data;
458 struct sev_user_data_status *status;
459 int error = 0, ret;
460
461 status = &sev->status_cmd_buf;
462 ret = sev_platform_status(status, &error);
463 if (ret) {
464 dev_err(sev->dev,
465 "SEV: failed to get status. Error: %#x\n", error);
466 return 1;
467 }
468
469 sev->api_major = status->api_major;
470 sev->api_minor = status->api_minor;
471 sev->build = status->build;
472 sev->state = status->state;
473
474 return 0;
475}
476
477static int sev_get_firmware(struct device *dev,
478 const struct firmware **firmware)
479{
480 char fw_name_specific[SEV_FW_NAME_SIZE];
481 char fw_name_subset[SEV_FW_NAME_SIZE];
482
483 snprintf(fw_name_specific, sizeof(fw_name_specific),
484 "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
485 boot_cpu_data.x86, boot_cpu_data.x86_model);
486
487 snprintf(fw_name_subset, sizeof(fw_name_subset),
488 "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
489 boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504 if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
505 (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
506 (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
507 return 0;
508
509 return -ENOENT;
510}
511
512
513static int sev_update_firmware(struct device *dev)
514{
515 struct sev_data_download_firmware *data;
516 const struct firmware *firmware;
517 int ret, error, order;
518 struct page *p;
519 u64 data_size;
520
521 if (sev_get_firmware(dev, &firmware) == -ENOENT) {
522 dev_dbg(dev, "No SEV firmware file present\n");
523 return -1;
524 }
525
526
527
528
529
530
531
532
533 data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
534
535 order = get_order(firmware->size + data_size);
536 p = alloc_pages(GFP_KERNEL, order);
537 if (!p) {
538 ret = -1;
539 goto fw_err;
540 }
541
542
543
544
545
546 data = page_address(p);
547 memcpy(page_address(p) + data_size, firmware->data, firmware->size);
548
549 data->address = __psp_pa(page_address(p) + data_size);
550 data->len = firmware->size;
551
552 ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
553 if (ret)
554 dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
555 else
556 dev_info(dev, "SEV firmware update successful\n");
557
558 __free_pages(p, order);
559
560fw_err:
561 release_firmware(firmware);
562
563 return ret;
564}
565
566static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
567{
568 struct sev_device *sev = psp_master->sev_data;
569 struct sev_user_data_pek_cert_import input;
570 struct sev_data_pek_cert_import *data;
571 void *pek_blob, *oca_blob;
572 int ret;
573
574 if (!writable)
575 return -EPERM;
576
577 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
578 return -EFAULT;
579
580 data = kzalloc(sizeof(*data), GFP_KERNEL);
581 if (!data)
582 return -ENOMEM;
583
584
585 pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
586 if (IS_ERR(pek_blob)) {
587 ret = PTR_ERR(pek_blob);
588 goto e_free;
589 }
590
591 data->pek_cert_address = __psp_pa(pek_blob);
592 data->pek_cert_len = input.pek_cert_len;
593
594
595 oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
596 if (IS_ERR(oca_blob)) {
597 ret = PTR_ERR(oca_blob);
598 goto e_free_pek;
599 }
600
601 data->oca_cert_address = __psp_pa(oca_blob);
602 data->oca_cert_len = input.oca_cert_len;
603
604
605 if (sev->state != SEV_STATE_INIT) {
606 ret = __sev_platform_init_locked(&argp->error);
607 if (ret)
608 goto e_free_oca;
609 }
610
611 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
612
613e_free_oca:
614 kfree(oca_blob);
615e_free_pek:
616 kfree(pek_blob);
617e_free:
618 kfree(data);
619 return ret;
620}
621
622static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
623{
624 struct sev_user_data_get_id2 input;
625 struct sev_data_get_id *data;
626 void __user *input_address;
627 void *id_blob = NULL;
628 int ret;
629
630
631 if (!sev_version_greater_or_equal(0, 16))
632 return -ENOTSUPP;
633
634 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
635 return -EFAULT;
636
637 input_address = (void __user *)input.address;
638
639 data = kzalloc(sizeof(*data), GFP_KERNEL);
640 if (!data)
641 return -ENOMEM;
642
643 if (input.address && input.length) {
644 id_blob = kmalloc(input.length, GFP_KERNEL);
645 if (!id_blob) {
646 kfree(data);
647 return -ENOMEM;
648 }
649
650 data->address = __psp_pa(id_blob);
651 data->len = input.length;
652 }
653
654 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
655
656
657
658
659
660 input.length = data->len;
661
662 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
663 ret = -EFAULT;
664 goto e_free;
665 }
666
667 if (id_blob) {
668 if (copy_to_user(input_address, id_blob, data->len)) {
669 ret = -EFAULT;
670 goto e_free;
671 }
672 }
673
674e_free:
675 kfree(id_blob);
676 kfree(data);
677
678 return ret;
679}
680
681static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
682{
683 struct sev_data_get_id *data;
684 u64 data_size, user_size;
685 void *id_blob, *mem;
686 int ret;
687
688
689 if (!sev_version_greater_or_equal(0, 16))
690 return -ENOTSUPP;
691
692
693
694
695
696
697 data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
698 user_size = sizeof(struct sev_user_data_get_id);
699
700 mem = kzalloc(data_size + user_size, GFP_KERNEL);
701 if (!mem)
702 return -ENOMEM;
703
704 data = mem;
705 id_blob = mem + data_size;
706
707 data->address = __psp_pa(id_blob);
708 data->len = user_size;
709
710 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
711 if (!ret) {
712 if (copy_to_user((void __user *)argp->data, id_blob, data->len))
713 ret = -EFAULT;
714 }
715
716 kfree(mem);
717
718 return ret;
719}
720
721static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
722{
723 struct sev_device *sev = psp_master->sev_data;
724 struct sev_user_data_pdh_cert_export input;
725 void *pdh_blob = NULL, *cert_blob = NULL;
726 struct sev_data_pdh_cert_export *data;
727 void __user *input_cert_chain_address;
728 void __user *input_pdh_cert_address;
729 int ret;
730
731
732 if (sev->state != SEV_STATE_INIT) {
733 if (!writable)
734 return -EPERM;
735
736 ret = __sev_platform_init_locked(&argp->error);
737 if (ret)
738 return ret;
739 }
740
741 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
742 return -EFAULT;
743
744 data = kzalloc(sizeof(*data), GFP_KERNEL);
745 if (!data)
746 return -ENOMEM;
747
748
749 if (!input.pdh_cert_address ||
750 !input.pdh_cert_len ||
751 !input.cert_chain_address)
752 goto cmd;
753
754 input_pdh_cert_address = (void __user *)input.pdh_cert_address;
755 input_cert_chain_address = (void __user *)input.cert_chain_address;
756
757
758 if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) {
759 ret = -EFAULT;
760 goto e_free;
761 }
762
763
764 if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) {
765 ret = -EFAULT;
766 goto e_free;
767 }
768
769 pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
770 if (!pdh_blob) {
771 ret = -ENOMEM;
772 goto e_free;
773 }
774
775 data->pdh_cert_address = __psp_pa(pdh_blob);
776 data->pdh_cert_len = input.pdh_cert_len;
777
778 cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
779 if (!cert_blob) {
780 ret = -ENOMEM;
781 goto e_free_pdh;
782 }
783
784 data->cert_chain_address = __psp_pa(cert_blob);
785 data->cert_chain_len = input.cert_chain_len;
786
787cmd:
788 ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
789
790
791 input.cert_chain_len = data->cert_chain_len;
792 input.pdh_cert_len = data->pdh_cert_len;
793
794 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
795 ret = -EFAULT;
796 goto e_free_cert;
797 }
798
799 if (pdh_blob) {
800 if (copy_to_user(input_pdh_cert_address,
801 pdh_blob, input.pdh_cert_len)) {
802 ret = -EFAULT;
803 goto e_free_cert;
804 }
805 }
806
807 if (cert_blob) {
808 if (copy_to_user(input_cert_chain_address,
809 cert_blob, input.cert_chain_len))
810 ret = -EFAULT;
811 }
812
813e_free_cert:
814 kfree(cert_blob);
815e_free_pdh:
816 kfree(pdh_blob);
817e_free:
818 kfree(data);
819 return ret;
820}
821
822static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
823{
824 void __user *argp = (void __user *)arg;
825 struct sev_issue_cmd input;
826 int ret = -EFAULT;
827 bool writable = file->f_mode & FMODE_WRITE;
828
829 if (!psp_master || !psp_master->sev_data)
830 return -ENODEV;
831
832 if (ioctl != SEV_ISSUE_CMD)
833 return -EINVAL;
834
835 if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
836 return -EFAULT;
837
838 if (input.cmd > SEV_MAX)
839 return -EINVAL;
840
841 mutex_lock(&sev_cmd_mutex);
842
843 switch (input.cmd) {
844
845 case SEV_FACTORY_RESET:
846 ret = sev_ioctl_do_reset(&input, writable);
847 break;
848 case SEV_PLATFORM_STATUS:
849 ret = sev_ioctl_do_platform_status(&input);
850 break;
851 case SEV_PEK_GEN:
852 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input, writable);
853 break;
854 case SEV_PDH_GEN:
855 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input, writable);
856 break;
857 case SEV_PEK_CSR:
858 ret = sev_ioctl_do_pek_csr(&input, writable);
859 break;
860 case SEV_PEK_CERT_IMPORT:
861 ret = sev_ioctl_do_pek_import(&input, writable);
862 break;
863 case SEV_PDH_CERT_EXPORT:
864 ret = sev_ioctl_do_pdh_export(&input, writable);
865 break;
866 case SEV_GET_ID:
867 pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
868 ret = sev_ioctl_do_get_id(&input);
869 break;
870 case SEV_GET_ID2:
871 ret = sev_ioctl_do_get_id2(&input);
872 break;
873 default:
874 ret = -EINVAL;
875 goto out;
876 }
877
878 if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
879 ret = -EFAULT;
880out:
881 mutex_unlock(&sev_cmd_mutex);
882
883 return ret;
884}
885
886static const struct file_operations sev_fops = {
887 .owner = THIS_MODULE,
888 .unlocked_ioctl = sev_ioctl,
889};
890
891int sev_platform_status(struct sev_user_data_status *data, int *error)
892{
893 return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
894}
895EXPORT_SYMBOL_GPL(sev_platform_status);
896
897int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
898{
899 return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
900}
901EXPORT_SYMBOL_GPL(sev_guest_deactivate);
902
903int sev_guest_activate(struct sev_data_activate *data, int *error)
904{
905 return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
906}
907EXPORT_SYMBOL_GPL(sev_guest_activate);
908
909int sev_guest_decommission(struct sev_data_decommission *data, int *error)
910{
911 return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
912}
913EXPORT_SYMBOL_GPL(sev_guest_decommission);
914
915int sev_guest_df_flush(int *error)
916{
917 return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
918}
919EXPORT_SYMBOL_GPL(sev_guest_df_flush);
920
921static void sev_exit(struct kref *ref)
922{
923 misc_deregister(&misc_dev->misc);
924 kfree(misc_dev);
925 misc_dev = NULL;
926}
927
928static int sev_misc_init(struct sev_device *sev)
929{
930 struct device *dev = sev->dev;
931 int ret;
932
933
934
935
936
937
938
939
940 if (!misc_dev) {
941 struct miscdevice *misc;
942
943 misc_dev = kzalloc(sizeof(*misc_dev), GFP_KERNEL);
944 if (!misc_dev)
945 return -ENOMEM;
946
947 misc = &misc_dev->misc;
948 misc->minor = MISC_DYNAMIC_MINOR;
949 misc->name = DEVICE_NAME;
950 misc->fops = &sev_fops;
951
952 ret = misc_register(misc);
953 if (ret)
954 return ret;
955
956 kref_init(&misc_dev->refcount);
957 } else {
958 kref_get(&misc_dev->refcount);
959 }
960
961 init_waitqueue_head(&sev->int_queue);
962 sev->misc = misc_dev;
963 dev_dbg(dev, "registered SEV device\n");
964
965 return 0;
966}
967
968int sev_dev_init(struct psp_device *psp)
969{
970 struct device *dev = psp->dev;
971 struct sev_device *sev;
972 int ret = -ENOMEM;
973
974 sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
975 if (!sev)
976 goto e_err;
977
978 psp->sev_data = sev;
979
980 sev->dev = dev;
981 sev->psp = psp;
982
983 sev->io_regs = psp->io_regs;
984
985 sev->vdata = (struct sev_vdata *)psp->vdata->sev;
986 if (!sev->vdata) {
987 ret = -ENODEV;
988 dev_err(dev, "sev: missing driver data\n");
989 goto e_err;
990 }
991
992 psp_set_sev_irq_handler(psp, sev_irq_handler, sev);
993
994 ret = sev_misc_init(sev);
995 if (ret)
996 goto e_irq;
997
998 dev_notice(dev, "sev enabled\n");
999
1000 return 0;
1001
1002e_irq:
1003 psp_clear_sev_irq_handler(psp);
1004e_err:
1005 psp->sev_data = NULL;
1006
1007 dev_notice(dev, "sev initialization failed\n");
1008
1009 return ret;
1010}
1011
1012void sev_dev_destroy(struct psp_device *psp)
1013{
1014 struct sev_device *sev = psp->sev_data;
1015
1016 if (!sev)
1017 return;
1018
1019 if (sev->misc)
1020 kref_put(&misc_dev->refcount, sev_exit);
1021
1022 psp_clear_sev_irq_handler(psp);
1023}
1024
1025int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1026 void *data, int *error)
1027{
1028 if (!filep || filep->f_op != &sev_fops)
1029 return -EBADF;
1030
1031 return sev_do_cmd(cmd, data, error);
1032}
1033EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1034
1035void sev_pci_init(void)
1036{
1037 struct sev_device *sev = psp_master->sev_data;
1038 struct page *tmr_page;
1039 int error, rc;
1040
1041 if (!sev)
1042 return;
1043
1044 psp_timeout = psp_probe_timeout;
1045
1046 if (sev_get_api_version())
1047 goto err;
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059 if (sev->state != SEV_STATE_UNINIT) {
1060 sev_platform_shutdown(NULL);
1061 sev->state = SEV_STATE_UNINIT;
1062 }
1063
1064 if (sev_version_greater_or_equal(0, 15) &&
1065 sev_update_firmware(sev->dev) == 0)
1066 sev_get_api_version();
1067
1068
1069 tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE));
1070 if (tmr_page) {
1071 sev_es_tmr = page_address(tmr_page);
1072 } else {
1073 sev_es_tmr = NULL;
1074 dev_warn(sev->dev,
1075 "SEV: TMR allocation failed, SEV-ES support unavailable\n");
1076 }
1077
1078
1079 rc = sev_platform_init(&error);
1080 if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
1081
1082
1083
1084
1085
1086
1087
1088 dev_dbg(sev->dev, "SEV: retrying INIT command");
1089 rc = sev_platform_init(&error);
1090 }
1091
1092 if (rc) {
1093 dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
1094 return;
1095 }
1096
1097 dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
1098 sev->api_minor, sev->build);
1099
1100 return;
1101
1102err:
1103 psp_master->sev_data = NULL;
1104}
1105
1106void sev_pci_exit(void)
1107{
1108 if (!psp_master->sev_data)
1109 return;
1110
1111 sev_platform_shutdown(NULL);
1112
1113 if (sev_es_tmr) {
1114
1115 wbinvd_on_all_cpus();
1116
1117 free_pages((unsigned long)sev_es_tmr,
1118 get_order(SEV_ES_TMR_SIZE));
1119 sev_es_tmr = NULL;
1120 }
1121}
1122
