From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752052AbdJXSmx (ORCPT ); Tue, 24 Oct 2017 14:42:53 -0400 Received: from mail-by2nam01on0057.outbound.protection.outlook.com ([104.47.34.57]:52496 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752021AbdJXSmq (ORCPT ); Tue, 24 Oct 2017 14:42:46 -0400 Subject: Re: [Part2 PATCH v6.1 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command To: Brijesh Singh , Borislav Petkov Cc: Paolo Bonzini , =?UTF-8?B?UmFkaW0gS3LEjW3DocWZ?= , Borislav Petkov , Herbert Xu , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org References: <20171020023413.122280-19-brijesh.singh@amd.com> <20171023221009.46924-1-brijesh.singh@amd.com> From: Gary R Hook Message-ID: Date: Tue, 24 Oct 2017 13:42:38 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <20171023221009.46924-1-brijesh.singh@amd.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Originating-IP: [165.204.77.1] X-ClientProxiedBy: BN6PR04CA0055.namprd04.prod.outlook.com (10.174.93.172) To MWHPR12MB1326.namprd12.prod.outlook.com (10.169.205.139) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ba9f8794-2ea5-49c1-be8d-08d51b0f0397 X-MS-Office365-Filtering-HT: Tenant X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001)(48565401081)(4534020)(4602075)(4627075)(201703031133081)(201702281549075)(2017052603231);SRVR:MWHPR12MB1326; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1326;3:ixU3OipKfNDntFIclPr0XQl/5Tv3YHia1782eV+ZNAtI5LBvyH1CWFlZ391BblFYgPw3gvRkSstyGvnJi58JfcPBfRIuRQ7LAug31uswfwGugpEFCpS25ADX/uTm+Z8e94nJwXHDAYc9pUAL1UAREddfh6voPGNtYtljbyuGUk75bQ8Wn7uYhcYj9hTCApUXyf/oynUCDXtv1HtC0m2nUIbRAubNrYgk0fNrk5Fb5v7NEHT/Wr3ty2dlOqbwKGpI;25:8x2PL167ke/OYLlerMGciPr8xCHVASi/L/qlxr0Vcqaw6j0N0HYqyabNKXj1kA7CER36o94gK9r5uSYdboiwcmvAvwultIlJW9sTvBwg9qCwihAS9wR3jptZJ/pQYU192VWpq0MhAdS/Rzd4IIJBh8YI6IZP/i1q10xs1uQB9OupSjPVtrCMnq3wxFO54FfjmusdwOMJ0z2LBXKdYjmxaviDrs/ADHZ7JZMw+qs0+xuSdfdYVF7S/lF65IuAXQy2RuNwmwGN+cIp6RvXxl9jDjgg4ykQs0fSELQEkvAqnT0zqI5R0JM9AEZtOdm87UsbJR19CtMXQCZLclk0k+3SYw==;31:xXUUnn1H9BRA2jI0yOmDU5ZgTLGxM1p43cK3vEyPf2p58cJ9ny6wL7vSlAW+lO9VkaqL0b7hMFtqsM2LOvPl3IsVBMj6LOjQToIqESpe7wanDSNP+CLHhdeUAm5SHq6aVCk7R58jqATdIz0pY3EYd71siIguMnDsbCAxxgbKJItsYh5A7z6nRdRtVgZwZQlk9zuCuHwkUJKozjYwGbPljOWRg8yiV7pVExF3rpPo/KY= X-MS-TrafficTypeDiagnostic: MWHPR12MB1326: Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Gary.Hook@amd.com; X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1326;20:zuhjSSiSU2Hlis8AbBtR3k1eLG8QrGLZhJwnrFHwpKBY+r4k/dLn4tdS9uMc18nu1OORIsB58JvxaBdbHBnmX5GTs6LKY6tyfG72fOzCp0X9EQ1GPZ891hgSernNZOZ99hZlZJGQIKk6e6/v3u4h2WdSNbRsp6V7t3sUEAi4nYivsBpb8IkkVyKzOzlY/XBpyy1kNB4gZ9YSc2gnybnFDfIDx+NrluBIG4TgnKz1TogFoeKQ3C+YID1VY0mcvMr0gEA+A16YPsnjcCAh0itHwTPUcdgykutqTBlqaRQkQI0AmB/v6YXrEUp6VqlObJHMf8qw5AGj008mwOv83HEmaciZ9I6R1sJhtxcgG/+ci1L3gHzEnwfdLX6Ln/RObGcLJNvA+P4OEMKTVSBLGJLR5eIFfta4eAjkdX7SCC4DkwrDa0kjsIPN0i9phAsyjuAVBc5Hz2jgI1Th7WshbekaynmYJn13yC+TtLUDDnsQWbXMnnTieO4leGCOHmpOUe3c;4:H3XusTLX5w4XTYpnqKhVji/lSOcuPJFsrhY1Rv+LpfQfCN4+sYLrAWDb9N6ZCdtJqSOV7Ao3Lm72cnNFngKIJKnMpVc9CFLNw+H7xkzd6AlLpJDe024Aywar5Yaa6R2f1lTM83c9rQbsdvUBnAWPUhs66v4dEKtnqqhWswBvSxzjWoxDg4g9kg1h51jG6NWMrcH1c6LsMgh+9QdUpeXU2MajBRhc57mni/OeDIMRWW6iLpIz+4bOnNH0PQzDC3NFB7g9xr9R57NlqY7gAaB5obGTLtyaxel1L/xAhOpEGTWYwV6pUrutnJE9YjSsPAGnn/MJGCVVeW0YRmDlQLMbSw== X-Exchange-Antispam-Report-Test: UriScan:(9452136761055)(767451399110); X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(100000703101)(100105400095)(3231020)(3002001)(93006095)(93001095)(6055026)(6041248)(20161123562025)(20161123558100)(20161123560025)(20161123564025)(20161123555025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:MWHPR12MB1326;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:MWHPR12MB1326; X-Forefront-PRVS: 047001DADA X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10009020)(6009001)(6049001)(39860400002)(376002)(346002)(189002)(24454002)(199003)(33646002)(6666003)(81156014)(81166006)(5660300001)(8676002)(2950100002)(316002)(2870700001)(6116002)(54906003)(16526018)(64126003)(58126008)(36756003)(106356001)(54356999)(83506002)(16576012)(105586002)(478600001)(4326008)(31686004)(72206003)(101416001)(8936002)(76176999)(50986999)(110136005)(189998001)(50466002)(23676002)(66066001)(7736002)(65826007)(6246003)(53546010)(53936002)(25786009)(86362001)(6486002)(305945005)(90366009)(77096006)(2906002)(65806001)(229853002)(65956001)(68736007)(47776003)(31696002)(3846002)(97736004);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR12MB1326;H:[10.236.19.127];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjEyTUIxMzI2OzIzOkw1Q0duM2tiU0VtUFh0dE41bVJGUGJiNHJP?= =?utf-8?B?ZzFVdmhPSlhSdnEyYTVnZGVkMnQxbnplbUpHb0ZIU092dnhnMnpMc0dUQzQ1?= =?utf-8?B?YTJlNS8vL0ZGTTVtZlpwQkNZNHQ5UlRBN0x6TWlDMXhOSGtGMnJpcFQ1MjJT?= =?utf-8?B?amxTNFhtSDJSYUxVSlRjVnNvb3F0SldBWlpSalVaM0ZSVFlXaVBaQ0d1bFRG?= =?utf-8?B?ekZiUnNKaWNVWTRWcE1hL2s5NDhHdkV3cVd6MDRzWnArSHBhN01WOGZKNWdE?= =?utf-8?B?OUFPWUkzNzcwSnlmY2RGQkg0ZDFxc3hUTlpURWZMR2JjekFwUitJYXZ3MHRW?= =?utf-8?B?RTZBYlhiV2xXNGhrKy84Qm0rb2JjZ2loVGNVemN3ZXVyVysvcXpYRHdFZDlU?= =?utf-8?B?RTl2TUpncDIwQUJraDB2NlpqVU5kMFVlQ1NXL0M2RlBwb1NMamZjQ2hrbmhw?= =?utf-8?B?NFBpTnBjN3gwb2lLOURoSzBvU1Q2OU5Eb2xTSDVzdDVpVEpiTDczY2VVYWlG?= =?utf-8?B?TkZLbDE4T2hnNGdrd0tUdW5Id3BIcVJuOUl5TkdDbTJwU0srWWdxSjNPVjl1?= =?utf-8?B?bU9mYlRLNm1USkkwRjNoUENsTnJUL1pJU0I3NWZIK1FJQmRsUGJxVGg2Mzk4?= =?utf-8?B?RnlNNTBTdzBsWlYyY3QyRzNZbExQcUFieHdyWlI2bFBIcWFPaXQrbHpsM3Jo?= =?utf-8?B?dU0ySUw5bCtYQlFxd0hyK2pWZ0dDMWFzZXBDa1VvQTJSSjg3QWVDRUdNTWtZ?= =?utf-8?B?T2xHQ1hVVUwxM2N2aGhoSG9TOWU2bjltWUQ5YUNWSTR5WU8yK0JDdGlReHBw?= =?utf-8?B?RzBMUjFCWUlVVE4vWEdsMUhrOXNZWDhzRXdLaGJwMEJMU01FM3FCdDAzMGgv?= =?utf-8?B?a3ZvV3h5RTdqd0xxSEpMVk5uM1lwamJZTWVBWTRlTDN2UGM1amVxYXh4VXk1?= =?utf-8?B?ZlhMUTNLdXRGRm83WDBRQ0szRndST1NVeEJGZjdTNHdIbWY4eVluUTRFbVpm?= =?utf-8?B?MFA5Kzd5VUlaU0lSWTBib3pyb0EwZnhYanBIeEQ5TS95VTNNM04xRDcveDZY?= =?utf-8?B?a2tyTWFCVHpsbFJYd2dWdFI5OWxac0VkWVpmK1VZWUI0NXV1TjlXMkZOcjMv?= =?utf-8?B?SXlLdVVGaDF1aUV4N2J0Z2hNRmpkdmtzVEc5dSt4UUdFNkp6SVhONW5pZkFB?= =?utf-8?B?ZkpMZ2RST2doK3Y2ZGJqWjBIcTZuZDkwRDNZRm91Y29ycDhabGwrME9EVXBM?= =?utf-8?B?NEVBY0NZY3AxS2xkbU5hb2ViRzhkbytqUjFwTVp1b3QvdTVhenFPNExSMm0z?= =?utf-8?B?V1R4TDF2OHFlWXlCZ2VuQUdGaGdwVGxCZGQ1eDU5NExTc3hBMXNXaHh2VGgv?= =?utf-8?B?T0JTVklkaHN5K3pBVzhWem04VVByZlV2RGdISzladCtFemJrN0ZwUTViQlBQ?= =?utf-8?B?eUlmeFE4V3FFNmpwdHNGejJGaFVYTFE0Rjh2dXdLcjhpS2FDNkNLOFdpclM0?= =?utf-8?B?WGlxV0FkTElBc2dTUkdtcEdYYlRDZFNUZnZjNEJtRFpKMHVVWXBqRHltQWVE?= =?utf-8?B?bkZTZ3BjNURsckpmK0NNaHZwQzFsYzIrYVlUek11c3Vwbkt5T2E4QjNWV0xy?= =?utf-8?B?OW15bjdlNTYxK0VkcUNjSXR1WGI1TytJTStwMDRPT2U2ekxQNWp1UjRXcUx4?= =?utf-8?B?UEw1Z1ZLWnlKc2JxL0Z1YnJvR0RnS0w5cytGWFk5L2Y3RmtReXZpaHZDQ3k5?= =?utf-8?B?eXNPUFVJOEx2RmV4SHFkRHhRKzBDVWFINk9wcC85S3FRTGFNV3p6bi81a0l0?= =?utf-8?B?dHd3bFFFRHFwUnZ0WmxPOVZKVTRqWm53QUh0WnpuYUZybWNsNUtmTHNaaXhL?= =?utf-8?Q?G7gPc4N3xKoE8nY75y+FMj+CLZ8opeoD?= X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1326;6:OoLb/vSviAe9G27M+JDesLzrC8fCtBKk/zWAhtt8MKBv4c4JTSGhOkF8wXWp+oO2/sPtSWLpZ2SyCVUSDrs5vQZLQwN3t5yizD7KdWSg0nc4eEczIwA2KtNP/52homz5Y7brxCh9q1G897PLG3yl8B2FBg1obRZ4bLwMeD5DfSGS2gUzC8w8XUNoVy574ZibQx8XVRggP7twh7rKYx1jhD5lChCZwamr1otNQIz2T9pZ+0RxVNRuiteM9RAklj4OzcF9Zk5LnPhVAoaTTIVh1RLHGMhCJrZVgNPYDOpbyDTM2r/aZTlUxEqUZYPH2i7K6bDRel69bBlCm8IcAOGMAQ==;5:TRLOiGoNlcgJtZD3ttRKGyk5UDAQjYSnrAfXqVGHO7qs7+v4mCpbvJdI/VjWC245Pkd7B1zr8yYtGcIoFnARBtL5nyEHYLLijd921CjYin7Sk23vQEGi45Wz08AtiGqx/GxGfVQ0HakDHi8XTs539A==;24:p+Jt729m3u+oZk1YupgH39iWAlo6YJIncONB7BcM0C7o7mhCYGVuUuW4iYV+N2IFHVkzY88Y9pfUWGKGjZO9cj9wOyvo22bnQpik0dBi8/4=;7:jFfvSVxTd33x3bsBjeruFRzenMGGFj/xlNc3BnV3psQm1Y+n2Lw9zb9wztr+mCgwnAiXUmtq2pS4hoacsFJLmG+2QqGtNDJIiFU818zWIVJn6jZiQ3YZ3SjdF6a4tyM2mOGF8JoY+mSWh3MctD1Z9cxbwQnQWoQdboMCEMG1EatP1JJEE2qlJFZrGeHmeqA5A11VRGDmWGcstuFe/dA9wheIViCF49D7Ux/Bcm9Cc5I= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;MWHPR12MB1326;20:88dxwOPbsXfMXMRQ/aT6fpaQBr3N0QpVbwNxdVR+i1Ikq5RQcnsb6CXMPKHOEDZdlKonFDXk3jBZaclgOWJbKUBPCAoqkIHCPc11iAGzmOO3DmXOifS2fjM14IXCzXJwEXLTic1nG/JibkSpaiNnH6tUd6rnpHcNTvL9ZjEoq9WTrDQ4xWDupr7j3kqja/g6/O/6+B5tZsQH78E0xrRGTl9C3nv6vo2K/UtdaS9cfd8LEnQ8EQgQmJd+aEc21OmW X-OriginatorOrg: amd.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Oct 2017 18:42:42.6528 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: ba9f8794-2ea5-49c1-be8d-08d51b0f0397 X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR12MB1326 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 10/23/2017 05:10 PM, Brijesh Singh wrote: > The SEV_PEK_CSR command can be used to generate a PEK certificate > signing request. The command is defined in SEV spec section 5.7. > > Cc: Paolo Bonzini > Cc: "Radim Krčmář" > Cc: Borislav Petkov > Cc: Herbert Xu > Cc: Gary Hook > Cc: Tom Lendacky > Cc: linux-crypto@vger.kernel.org > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Signed-off-by: Brijesh Singh > --- Acked-by: Gary R Hook > > Changes since v6: > * when sev_do_cmd() and sev_platform_shutdown() fails then propogate > the error status code from sev_do_cmd() because it can give us > much better reason for the failure. > > drivers/crypto/ccp/psp-dev.c | 81 ++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 81 insertions(+) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index 3672435150cf..aaf1c5cf821d 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -223,6 +223,84 @@ static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp) > return ret; > } > > +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp) > +{ > + struct sev_user_data_pek_csr input; > + struct sev_data_pek_csr *data; > + void *blob = NULL; > + int ret, err; > + > + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) > + return -EFAULT; > + > + data = kzalloc(sizeof(*data), GFP_KERNEL); > + if (!data) > + return -ENOMEM; > + > + /* userspace wants to query CSR length */ > + if (!input.address || !input.length) > + goto cmd; > + > + /* allocate a physically contiguous buffer to store the CSR blob */ > + if (!access_ok(VERIFY_WRITE, input.address, input.length) || > + input.length > SEV_FW_BLOB_MAX_SIZE) { > + ret = -EFAULT; > + goto e_free; > + } > + > + blob = kmalloc(input.length, GFP_KERNEL); > + if (!blob) { > + ret = -ENOMEM; > + goto e_free; > + } > + > + data->address = __psp_pa(blob); > + data->len = input.length; > + > +cmd: > + ret = sev_platform_init(NULL, &argp->error); > + if (ret) > + goto e_free_blob; > + > + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error); > + > + /* > + * If we query the CSR length, FW responded with expected data > + */ > + input.length = data->len; > + > + if (sev_platform_shutdown(&err)) { > + /* > + * If both sev_do_cmd() and sev_platform_shutdown() commands > + * failed then propogate the error code from the sev_do_cmd() > + * because it contains a useful status code for the command > + * failure. > + */ > + if (ret) > + goto e_free_blob; > + > + ret = -EIO; > + argp->error = err; > + goto e_free_blob; > + } > + > + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { > + ret = -EFAULT; > + goto e_free_blob; > + } > + > + if (blob) { > + if (copy_to_user((void __user *)input.address, blob, input.length)) > + ret = -EFAULT; > + } > + > +e_free_blob: > + kfree(blob); > +e_free: > + kfree(data); > + return ret; > +} > + > static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) > { > void __user *argp = (void __user *)arg; > @@ -252,6 +330,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) > case SEV_PDH_GEN: > ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input); > break; > + case SEV_PEK_CSR: > + ret = sev_ioctl_do_pek_csr(&input); > + break; > default: > ret = -EINVAL; > goto out; >