WSL2-Linux-Kernel/drivers/crypto/ccp/sev-dev.c

1129 строки
27 KiB
C
Исходник Обычный вид История

// SPDX-License-Identifier: GPL-2.0-only
/*
* AMD Secure Encrypted Virtualization (SEV) interface
*
* Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
*
* Author: Brijesh Singh <brijesh.singh@amd.com>
*/
#include <linux/module.h>
#include <linux/kernel.h>
#include <linux/kthread.h>
#include <linux/sched.h>
#include <linux/interrupt.h>
#include <linux/spinlock.h>
#include <linux/spinlock_types.h>
#include <linux/types.h>
#include <linux/mutex.h>
#include <linux/delay.h>
#include <linux/hw_random.h>
#include <linux/ccp.h>
#include <linux/firmware.h>
#include <linux/gfp.h>
#include <linux/cpufeature.h>
#include <asm/smp.h>
#include "psp-dev.h"
#include "sev-dev.h"
#define DEVICE_NAME "sev"
#define SEV_FW_FILE "amd/sev.fw"
#define SEV_FW_NAME_SIZE 64
static DEFINE_MUTEX(sev_cmd_mutex);
static struct sev_misc_dev *misc_dev;
static int psp_cmd_timeout = 100;
module_param(psp_cmd_timeout, int, 0644);
MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
static int psp_probe_timeout = 5;
module_param(psp_probe_timeout, int, 0644);
MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
MODULE_FIRMWARE("amd/amd_sev_fam17h_model0xh.sbin"); /* 1st gen EPYC */
MODULE_FIRMWARE("amd/amd_sev_fam17h_model3xh.sbin"); /* 2nd gen EPYC */
MODULE_FIRMWARE("amd/amd_sev_fam19h_model0xh.sbin"); /* 3rd gen EPYC */
static bool psp_dead;
static int psp_timeout;
/* Trusted Memory Region (TMR):
* The TMR is a 1MB area that must be 1MB aligned. Use the page allocator
* to allocate the memory, which will return aligned memory for the specified
* allocation order.
*/
#define SEV_ES_TMR_SIZE (1024 * 1024)
static void *sev_es_tmr;
static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
{
struct sev_device *sev = psp_master->sev_data;
if (sev->api_major > maj)
return true;
if (sev->api_major == maj && sev->api_minor >= min)
return true;
return false;
}
static void sev_irq_handler(int irq, void *data, unsigned int status)
{
struct sev_device *sev = data;
int reg;
/* Check if it is command completion: */
if (!(status & SEV_CMD_COMPLETE))
return;
/* Check if it is SEV command completion: */
reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
if (reg & PSP_CMDRESP_RESP) {
sev->int_rcvd = 1;
wake_up(&sev->int_queue);
}
}
static int sev_wait_cmd_ioc(struct sev_device *sev,
unsigned int *reg, unsigned int timeout)
{
int ret;
ret = wait_event_timeout(sev->int_queue,
sev->int_rcvd, timeout * HZ);
if (!ret)
return -ETIMEDOUT;
*reg = ioread32(sev->io_regs + sev->vdata->cmdresp_reg);
return 0;
}
static int sev_cmd_buffer_len(int cmd)
{
switch (cmd) {
case SEV_CMD_INIT: return sizeof(struct sev_data_init);
case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
case SEV_CMD_ATTESTATION_REPORT: return sizeof(struct sev_data_attestation_report);
case SEV_CMD_SEND_CANCEL: return sizeof(struct sev_data_send_cancel);
default: return 0;
}
return 0;
}
static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
{
struct psp_device *psp = psp_master;
struct sev_device *sev;
unsigned int phys_lsb, phys_msb;
unsigned int reg, ret = 0;
int buf_len;
if (!psp || !psp->sev_data)
return -ENODEV;
if (psp_dead)
return -EBUSY;
sev = psp->sev_data;
buf_len = sev_cmd_buffer_len(cmd);
if (WARN_ON_ONCE(!data != !buf_len))
return -EINVAL;
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
/*
* Copy the incoming data to driver's scratch buffer as __pa() will not
* work for some memory, e.g. vmalloc'd addresses, and @data may not be
* physically contiguous.
*/
if (data)
memcpy(sev->cmd_buf, data, buf_len);
/* Get the physical address of the command buffer */
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
phys_lsb = data ? lower_32_bits(__psp_pa(sev->cmd_buf)) : 0;
phys_msb = data ? upper_32_bits(__psp_pa(sev->cmd_buf)) : 0;
dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
cmd, phys_msb, phys_lsb, psp_timeout);
print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
buf_len, false);
iowrite32(phys_lsb, sev->io_regs + sev->vdata->cmdbuff_addr_lo_reg);
iowrite32(phys_msb, sev->io_regs + sev->vdata->cmdbuff_addr_hi_reg);
sev->int_rcvd = 0;
reg = cmd;
reg <<= SEV_CMDRESP_CMD_SHIFT;
reg |= SEV_CMDRESP_IOC;
iowrite32(reg, sev->io_regs + sev->vdata->cmdresp_reg);
/* wait for command completion */
ret = sev_wait_cmd_ioc(sev, &reg, psp_timeout);
if (ret) {
if (psp_ret)
*psp_ret = 0;
dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);
psp_dead = true;
return ret;
}
psp_timeout = psp_cmd_timeout;
if (psp_ret)
*psp_ret = reg & PSP_CMDRESP_ERR_MASK;
if (reg & PSP_CMDRESP_ERR_MASK) {
dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",
cmd, reg & PSP_CMDRESP_ERR_MASK);
ret = -EIO;
}
print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
buf_len, false);
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
/*
* Copy potential output from the PSP back to data. Do this even on
* failure in case the caller wants to glean something from the error.
*/
if (data)
memcpy(data, sev->cmd_buf, buf_len);
return ret;
}
static int sev_do_cmd(int cmd, void *data, int *psp_ret)
{
int rc;
mutex_lock(&sev_cmd_mutex);
rc = __sev_do_cmd_locked(cmd, data, psp_ret);
mutex_unlock(&sev_cmd_mutex);
return rc;
}
static int __sev_platform_init_locked(int *error)
{
struct psp_device *psp = psp_master;
struct sev_data_init data;
struct sev_device *sev;
int rc = 0;
if (!psp || !psp->sev_data)
return -ENODEV;
sev = psp->sev_data;
if (sev->state == SEV_STATE_INIT)
return 0;
memset(&data, 0, sizeof(data));
if (sev_es_tmr) {
u64 tmr_pa;
/*
* Do not include the encryption mask on the physical
* address of the TMR (firmware should clear it anyway).
*/
tmr_pa = __pa(sev_es_tmr);
data.flags |= SEV_INIT_FLAGS_SEV_ES;
data.tmr_address = tmr_pa;
data.tmr_len = SEV_ES_TMR_SIZE;
}
rc = __sev_do_cmd_locked(SEV_CMD_INIT, &data, error);
if (rc)
return rc;
sev->state = SEV_STATE_INIT;
/* Prepare for first SEV guest launch after INIT */
wbinvd_on_all_cpus();
rc = __sev_do_cmd_locked(SEV_CMD_DF_FLUSH, NULL, error);
if (rc)
return rc;
dev_dbg(sev->dev, "SEV firmware initialized\n");
return rc;
}
int sev_platform_init(int *error)
{
int rc;
mutex_lock(&sev_cmd_mutex);
rc = __sev_platform_init_locked(error);
mutex_unlock(&sev_cmd_mutex);
return rc;
}
EXPORT_SYMBOL_GPL(sev_platform_init);
static int __sev_platform_shutdown_locked(int *error)
{
struct sev_device *sev = psp_master->sev_data;
int ret;
if (sev->state == SEV_STATE_UNINIT)
return 0;
ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
if (ret)
return ret;
sev->state = SEV_STATE_UNINIT;
dev_dbg(sev->dev, "SEV firmware shutdown\n");
return ret;
}
static int sev_platform_shutdown(int *error)
{
int rc;
mutex_lock(&sev_cmd_mutex);
rc = __sev_platform_shutdown_locked(NULL);
mutex_unlock(&sev_cmd_mutex);
return rc;
}
static int sev_get_platform_state(int *state, int *error)
{
struct sev_user_data_status data;
int rc;
rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, error);
if (rc)
return rc;
*state = data.state;
return rc;
}
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
static int sev_ioctl_do_reset(struct sev_issue_cmd *argp, bool writable)
{
int state, rc;
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
if (!writable)
return -EPERM;
/*
* The SEV spec requires that FACTORY_RESET must be issued in
* UNINIT state. Before we go further lets check if any guest is
* active.
*
* If FW is in WORKING state then deny the request otherwise issue
* SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
*
*/
rc = sev_get_platform_state(&state, &argp->error);
if (rc)
return rc;
if (state == SEV_STATE_WORKING)
return -EBUSY;
if (state == SEV_STATE_INIT) {
rc = __sev_platform_shutdown_locked(&argp->error);
if (rc)
return rc;
}
return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
}
static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
{
struct sev_user_data_status data;
int ret;
ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, &argp->error);
if (ret)
return ret;
if (copy_to_user((void __user *)argp->data, &data, sizeof(data)))
ret = -EFAULT;
return ret;
}
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable)
{
struct sev_device *sev = psp_master->sev_data;
int rc;
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
if (!writable)
return -EPERM;
if (sev->state == SEV_STATE_UNINIT) {
rc = __sev_platform_init_locked(&argp->error);
if (rc)
return rc;
}
return __sev_do_cmd_locked(cmd, NULL, &argp->error);
}
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
{
struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pek_csr input;
struct sev_data_pek_csr data;
void __user *input_address;
void *blob = NULL;
int ret;
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
if (!writable)
return -EPERM;
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
memset(&data, 0, sizeof(data));
/* userspace wants to query CSR length */
if (!input.address || !input.length)
goto cmd;
/* allocate a physically contiguous buffer to store the CSR blob */
input_address = (void __user *)input.address;
if (input.length > SEV_FW_BLOB_MAX_SIZE)
return -EFAULT;
blob = kmalloc(input.length, GFP_KERNEL);
if (!blob)
return -ENOMEM;
data.address = __psp_pa(blob);
data.len = input.length;
cmd:
if (sev->state == SEV_STATE_UNINIT) {
ret = __sev_platform_init_locked(&argp->error);
if (ret)
goto e_free_blob;
}
ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, &data, &argp->error);
/* If we query the CSR length, FW responded with expected data. */
input.length = data.len;
if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
ret = -EFAULT;
goto e_free_blob;
}
if (blob) {
if (copy_to_user(input_address, blob, input.length))
ret = -EFAULT;
}
e_free_blob:
kfree(blob);
return ret;
}
void *psp_copy_user_blob(u64 uaddr, u32 len)
{
if (!uaddr || !len)
return ERR_PTR(-EINVAL);
/* verify that blob length does not exceed our limit */
if (len > SEV_FW_BLOB_MAX_SIZE)
return ERR_PTR(-EINVAL);
return memdup_user((void __user *)uaddr, len);
}
EXPORT_SYMBOL_GPL(psp_copy_user_blob);
static int sev_get_api_version(void)
{
struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_status status;
int error = 0, ret;
ret = sev_platform_status(&status, &error);
if (ret) {
dev_err(sev->dev,
"SEV: failed to get status. Error: %#x\n", error);
return 1;
}
sev->api_major = status.api_major;
sev->api_minor = status.api_minor;
sev->build = status.build;
sev->state = status.state;
return 0;
}
static int sev_get_firmware(struct device *dev,
const struct firmware **firmware)
{
char fw_name_specific[SEV_FW_NAME_SIZE];
char fw_name_subset[SEV_FW_NAME_SIZE];
snprintf(fw_name_specific, sizeof(fw_name_specific),
"amd/amd_sev_fam%.2xh_model%.2xh.sbin",
boot_cpu_data.x86, boot_cpu_data.x86_model);
snprintf(fw_name_subset, sizeof(fw_name_subset),
"amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
/* Check for SEV FW for a particular model.
* Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
*
* or
*
* Check for SEV FW common to a subset of models.
* Ex. amd_sev_fam17h_model0xh.sbin for
* Family 17h Model 00h -- Family 17h Model 0Fh
*
* or
*
* Fall-back to using generic name: sev.fw
*/
if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
(firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
(firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
return 0;
return -ENOENT;
}
/* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
static int sev_update_firmware(struct device *dev)
{
struct sev_data_download_firmware *data;
const struct firmware *firmware;
int ret, error, order;
struct page *p;
u64 data_size;
if (sev_get_firmware(dev, &firmware) == -ENOENT) {
dev_dbg(dev, "No SEV firmware file present\n");
return -1;
}
/*
* SEV FW expects the physical address given to it to be 32
* byte aligned. Memory allocated has structure placed at the
* beginning followed by the firmware being passed to the SEV
* FW. Allocate enough memory for data structure + alignment
* padding + SEV FW.
*/
data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
order = get_order(firmware->size + data_size);
p = alloc_pages(GFP_KERNEL, order);
if (!p) {
ret = -1;
goto fw_err;
}
/*
* Copy firmware data to a kernel allocated contiguous
* memory region.
*/
data = page_address(p);
memcpy(page_address(p) + data_size, firmware->data, firmware->size);
data->address = __psp_pa(page_address(p) + data_size);
data->len = firmware->size;
ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
if (ret)
dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
else
dev_info(dev, "SEV firmware update successful\n");
__free_pages(p, order);
fw_err:
release_firmware(firmware);
return ret;
}
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp, bool writable)
{
struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pek_cert_import input;
struct sev_data_pek_cert_import data;
void *pek_blob, *oca_blob;
int ret;
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
if (!writable)
return -EPERM;
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
/* copy PEK certificate blobs from userspace */
pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
if (IS_ERR(pek_blob))
return PTR_ERR(pek_blob);
data.reserved = 0;
data.pek_cert_address = __psp_pa(pek_blob);
data.pek_cert_len = input.pek_cert_len;
/* copy PEK certificate blobs from userspace */
oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
if (IS_ERR(oca_blob)) {
ret = PTR_ERR(oca_blob);
goto e_free_pek;
}
data.oca_cert_address = __psp_pa(oca_blob);
data.oca_cert_len = input.oca_cert_len;
/* If platform is not in INIT state then transition it to INIT */
if (sev->state != SEV_STATE_INIT) {
ret = __sev_platform_init_locked(&argp->error);
if (ret)
goto e_free_oca;
}
ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, &data, &argp->error);
e_free_oca:
kfree(oca_blob);
e_free_pek:
kfree(pek_blob);
return ret;
}
static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
{
struct sev_user_data_get_id2 input;
struct sev_data_get_id data;
void __user *input_address;
void *id_blob = NULL;
int ret;
/* SEV GET_ID is available from SEV API v0.16 and up */
if (!sev_version_greater_or_equal(0, 16))
return -ENOTSUPP;
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
input_address = (void __user *)input.address;
if (input.address && input.length) {
id_blob = kmalloc(input.length, GFP_KERNEL);
if (!id_blob)
return -ENOMEM;
data.address = __psp_pa(id_blob);
data.len = input.length;
} else {
data.address = 0;
data.len = 0;
}
ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, &data, &argp->error);
/*
* Firmware will return the length of the ID value (either the minimum
* required length or the actual length written), return it to the user.
*/
input.length = data.len;
if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
ret = -EFAULT;
goto e_free;
}
if (id_blob) {
if (copy_to_user(input_address, id_blob, data.len)) {
ret = -EFAULT;
goto e_free;
}
}
e_free:
kfree(id_blob);
return ret;
}
static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
{
struct sev_data_get_id *data;
u64 data_size, user_size;
void *id_blob, *mem;
int ret;
/* SEV GET_ID available from SEV API v0.16 and up */
if (!sev_version_greater_or_equal(0, 16))
return -ENOTSUPP;
/* SEV FW expects the buffer it fills with the ID to be
* 8-byte aligned. Memory allocated should be enough to
* hold data structure + alignment padding + memory
* where SEV FW writes the ID.
*/
data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
user_size = sizeof(struct sev_user_data_get_id);
mem = kzalloc(data_size + user_size, GFP_KERNEL);
if (!mem)
return -ENOMEM;
data = mem;
id_blob = mem + data_size;
data->address = __psp_pa(id_blob);
data->len = user_size;
ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
if (!ret) {
if (copy_to_user((void __user *)argp->data, id_blob, data->len))
ret = -EFAULT;
}
kfree(mem);
return ret;
}
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
{
struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pdh_cert_export input;
void *pdh_blob = NULL, *cert_blob = NULL;
struct sev_data_pdh_cert_export data;
void __user *input_cert_chain_address;
void __user *input_pdh_cert_address;
int ret;
/* If platform is not in INIT state then transition it to INIT. */
if (sev->state != SEV_STATE_INIT) {
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
if (!writable)
return -EPERM;
ret = __sev_platform_init_locked(&argp->error);
if (ret)
return ret;
}
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
memset(&data, 0, sizeof(data));
/* Userspace wants to query the certificate length. */
if (!input.pdh_cert_address ||
!input.pdh_cert_len ||
!input.cert_chain_address)
goto cmd;
input_pdh_cert_address = (void __user *)input.pdh_cert_address;
input_cert_chain_address = (void __user *)input.cert_chain_address;
/* Allocate a physically contiguous buffer to store the PDH blob. */
if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)
return -EFAULT;
/* Allocate a physically contiguous buffer to store the cert chain blob. */
if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE)
return -EFAULT;
pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
if (!pdh_blob)
return -ENOMEM;
data.pdh_cert_address = __psp_pa(pdh_blob);
data.pdh_cert_len = input.pdh_cert_len;
cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
if (!cert_blob) {
ret = -ENOMEM;
goto e_free_pdh;
}
data.cert_chain_address = __psp_pa(cert_blob);
data.cert_chain_len = input.cert_chain_len;
cmd:
ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, &data, &argp->error);
/* If we query the length, FW responded with expected data. */
input.cert_chain_len = data.cert_chain_len;
input.pdh_cert_len = data.pdh_cert_len;
if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
ret = -EFAULT;
goto e_free_cert;
}
if (pdh_blob) {
if (copy_to_user(input_pdh_cert_address,
pdh_blob, input.pdh_cert_len)) {
ret = -EFAULT;
goto e_free_cert;
}
}
if (cert_blob) {
if (copy_to_user(input_cert_chain_address,
cert_blob, input.cert_chain_len))
ret = -EFAULT;
}
e_free_cert:
kfree(cert_blob);
e_free_pdh:
kfree(pdh_blob);
return ret;
}
static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
{
void __user *argp = (void __user *)arg;
struct sev_issue_cmd input;
int ret = -EFAULT;
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
bool writable = file->f_mode & FMODE_WRITE;
if (!psp_master || !psp_master->sev_data)
return -ENODEV;
if (ioctl != SEV_ISSUE_CMD)
return -EINVAL;
if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
return -EFAULT;
if (input.cmd > SEV_MAX)
return -EINVAL;
mutex_lock(&sev_cmd_mutex);
switch (input.cmd) {
case SEV_FACTORY_RESET:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_reset(&input, writable);
break;
case SEV_PLATFORM_STATUS:
ret = sev_ioctl_do_platform_status(&input);
break;
case SEV_PEK_GEN:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input, writable);
break;
case SEV_PDH_GEN:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input, writable);
break;
case SEV_PEK_CSR:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_pek_csr(&input, writable);
break;
case SEV_PEK_CERT_IMPORT:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_pek_import(&input, writable);
break;
case SEV_PDH_CERT_EXPORT:
crypto: ccp - use file mode for sev ioctl permissions Instead of using CAP_SYS_ADMIN which is restricted to the root user, check the file mode for write permissions before executing commands that can affect the platform. This allows for more fine-grained access control to the SEV ioctl interface. This would allow a SEV-only user or group the ability to administer the platform without requiring them to be root or granting them overly powerful permissions. For example: chown root:root /dev/sev chmod 600 /dev/sev setfacl -m g:sev:r /dev/sev setfacl -m g:sev-admin:rw /dev/sev In this instance, members of the "sev-admin" group have the ability to perform all ioctl calls (including the ones that modify platform state). Members of the "sev" group only have access to the ioctls that do not modify the platform state. This also makes opening "/dev/sev" more consistent with how file descriptors are usually handled. By only checking for CAP_SYS_ADMIN, the file descriptor could be opened read-only but could still execute ioctls that modify the platform state. This patch enforces that the file descriptor is opened with write privileges if it is going to be used to modify the platform state. This flexibility is completely opt-in, and if it is not desirable by the administrator then they do not need to give anyone else access to /dev/sev. Signed-off-by: Connor Kuehl <ckuehl@redhat.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Reviewed-by: Bandan Das <bsd@redhat.com> Acked-by: David Rientjes <rientjes@google.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2020-03-06 20:20:10 +03:00
ret = sev_ioctl_do_pdh_export(&input, writable);
break;
case SEV_GET_ID:
pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
ret = sev_ioctl_do_get_id(&input);
break;
case SEV_GET_ID2:
ret = sev_ioctl_do_get_id2(&input);
break;
default:
ret = -EINVAL;
goto out;
}
if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
ret = -EFAULT;
out:
mutex_unlock(&sev_cmd_mutex);
return ret;
}
static const struct file_operations sev_fops = {
.owner = THIS_MODULE,
.unlocked_ioctl = sev_ioctl,
};
int sev_platform_status(struct sev_user_data_status *data, int *error)
{
return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
}
EXPORT_SYMBOL_GPL(sev_platform_status);
int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
{
return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
}
EXPORT_SYMBOL_GPL(sev_guest_deactivate);
int sev_guest_activate(struct sev_data_activate *data, int *error)
{
return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
}
EXPORT_SYMBOL_GPL(sev_guest_activate);
int sev_guest_decommission(struct sev_data_decommission *data, int *error)
{
return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
}
EXPORT_SYMBOL_GPL(sev_guest_decommission);
int sev_guest_df_flush(int *error)
{
return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
}
EXPORT_SYMBOL_GPL(sev_guest_df_flush);
static void sev_exit(struct kref *ref)
{
misc_deregister(&misc_dev->misc);
kfree(misc_dev);
misc_dev = NULL;
}
static int sev_misc_init(struct sev_device *sev)
{
struct device *dev = sev->dev;
int ret;
/*
* SEV feature support can be detected on multiple devices but the SEV
* FW commands must be issued on the master. During probe, we do not
* know the master hence we create /dev/sev on the first device probe.
* sev_do_cmd() finds the right master device to which to issue the
* command to the firmware.
*/
if (!misc_dev) {
struct miscdevice *misc;
misc_dev = kzalloc(sizeof(*misc_dev), GFP_KERNEL);
if (!misc_dev)
return -ENOMEM;
misc = &misc_dev->misc;
misc->minor = MISC_DYNAMIC_MINOR;
misc->name = DEVICE_NAME;
misc->fops = &sev_fops;
ret = misc_register(misc);
if (ret)
return ret;
kref_init(&misc_dev->refcount);
} else {
kref_get(&misc_dev->refcount);
}
init_waitqueue_head(&sev->int_queue);
sev->misc = misc_dev;
dev_dbg(dev, "registered SEV device\n");
return 0;
}
int sev_dev_init(struct psp_device *psp)
{
struct device *dev = psp->dev;
struct sev_device *sev;
int ret = -ENOMEM;
if (!boot_cpu_has(X86_FEATURE_SEV)) {
dev_info_once(dev, "SEV: memory encryption not enabled by BIOS\n");
return 0;
}
sev = devm_kzalloc(dev, sizeof(*sev), GFP_KERNEL);
if (!sev)
goto e_err;
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
sev->cmd_buf = (void *)devm_get_free_pages(dev, GFP_KERNEL, 0);
if (!sev->cmd_buf)
goto e_sev;
psp->sev_data = sev;
sev->dev = dev;
sev->psp = psp;
sev->io_regs = psp->io_regs;
sev->vdata = (struct sev_vdata *)psp->vdata->sev;
if (!sev->vdata) {
ret = -ENODEV;
dev_err(dev, "sev: missing driver data\n");
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
goto e_buf;
}
psp_set_sev_irq_handler(psp, sev_irq_handler, sev);
ret = sev_misc_init(sev);
if (ret)
goto e_irq;
dev_notice(dev, "sev enabled\n");
return 0;
e_irq:
psp_clear_sev_irq_handler(psp);
crypto: ccp: Play nice with vmalloc'd memory for SEV command structs Copy the incoming @data comman to an internal buffer so that callers can put SEV command buffers on the stack without running afoul of CONFIG_VMAP_STACK=y, i.e. without bombing on vmalloc'd pointers. As of today, the largest supported command takes a 68 byte buffer, i.e. pretty much every command can be put on the stack. Because sev_cmd_mutex is held for the entirety of a transaction, only a single bounce buffer is required. Use the internal buffer unconditionally, as the majority of in-kernel users will soon switch to using the stack. At that point, checking virt_addr_valid() becomes (negligible) overhead in most cases, and supporting both paths slightly increases complexity. Since the commands are all quite small, the cost of the copies is insignificant compared to the latency of communicating with the PSP. Allocate a full page for the buffer as opportunistic preparation for SEV-SNP, which requires the command buffer to be in firmware state for commands that trigger memory writes from the PSP firmware. Using a full page now will allow SEV-SNP support to simply transition the page as needed. Cc: Brijesh Singh <brijesh.singh@amd.com> Cc: Borislav Petkov <bp@suse.de> Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Sean Christopherson <seanjc@google.com> Message-Id: <20210406224952.4177376-5-seanjc@google.com> Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> Acked-by: Tom Lendacky <thomas.lendacky@amd.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-04-07 01:49:48 +03:00
e_buf:
devm_free_pages(dev, (unsigned long)sev->cmd_buf);
e_sev:
devm_kfree(dev, sev);
e_err:
psp->sev_data = NULL;
dev_notice(dev, "sev initialization failed\n");
return ret;
}
static void sev_firmware_shutdown(struct sev_device *sev)
{
sev_platform_shutdown(NULL);
if (sev_es_tmr) {
/* The TMR area was encrypted, flush it from the cache */
wbinvd_on_all_cpus();
free_pages((unsigned long)sev_es_tmr,
get_order(SEV_ES_TMR_SIZE));
sev_es_tmr = NULL;
}
}
void sev_dev_destroy(struct psp_device *psp)
{
struct sev_device *sev = psp->sev_data;
if (!sev)
return;
sev_firmware_shutdown(sev);
if (sev->misc)
kref_put(&misc_dev->refcount, sev_exit);
psp_clear_sev_irq_handler(psp);
}
int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
void *data, int *error)
{
if (!filep || filep->f_op != &sev_fops)
return -EBADF;
return sev_do_cmd(cmd, data, error);
}
EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
void sev_pci_init(void)
{
struct sev_device *sev = psp_master->sev_data;
struct page *tmr_page;
int error, rc;
if (!sev)
return;
psp_timeout = psp_probe_timeout;
if (sev_get_api_version())
goto err;
if (sev_version_greater_or_equal(0, 15) &&
sev_update_firmware(sev->dev) == 0)
sev_get_api_version();
/* Obtain the TMR memory area for SEV-ES use */
tmr_page = alloc_pages(GFP_KERNEL, get_order(SEV_ES_TMR_SIZE));
if (tmr_page) {
sev_es_tmr = page_address(tmr_page);
} else {
sev_es_tmr = NULL;
dev_warn(sev->dev,
"SEV: TMR allocation failed, SEV-ES support unavailable\n");
}
/* Initialize the platform */
rc = sev_platform_init(&error);
if (rc && (error == SEV_RET_SECURE_DATA_INVALID)) {
/*
* INIT command returned an integrity check failure
* status code, meaning that firmware load and
* validation of SEV related persistent data has
* failed and persistent state has been erased.
* Retrying INIT command here should succeed.
*/
dev_dbg(sev->dev, "SEV: retrying INIT command");
rc = sev_platform_init(&error);
}
if (rc) {
dev_err(sev->dev, "SEV: failed to INIT error %#x\n", error);
return;
}
dev_info(sev->dev, "SEV API:%d.%d build:%d\n", sev->api_major,
sev->api_minor, sev->build);
return;
err:
psp_master->sev_data = NULL;
}
void sev_pci_exit(void)
{
struct sev_device *sev = psp_master->sev_data;
if (!sev)
return;
sev_firmware_shutdown(sev);
}