From patchwork Mon Mar 6 09:20:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrea Righi X-Patchwork-Id: 1752270 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=wOxXSp9+; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4PVY3r0ydzz246m for ; Mon, 6 Mar 2023 20:21:28 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pZ720-0007od-26; Mon, 06 Mar 2023 09:21:20 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pZ71q-0007gu-Iy for kernel-team@lists.ubuntu.com; Mon, 06 Mar 2023 09:21:10 +0000 Received: from mail-ed1-f72.google.com (mail-ed1-f72.google.com [209.85.208.72]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id DAC643F592 for ; Mon, 6 Mar 2023 09:21:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1678094469; bh=KAUb4gufqXFtAZDEeRUoworWxTwkI+ySLIH32QIDcYc=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=wOxXSp9+cbva1CVs/eLd1CtEckofFycjN7h2eXWl7wzDfEyjwz3XuLiu6MxdkqlRj zhlhpFC8X/Zys7CZ+d7ZO9MvnvOQuLC5Rcwy/GSnoUO4Fxi31NtQxkZL5EzJOJxMkz KKiS+wf6t6z/x1ZJnX3/ZEgytqWOtHbuoQrz+paU2TPljkO+L97gorMGgymVM6J/HJ hjbU9L68kl4TCLgozJELy1BLJyqJd1K6vOd4kn9MQbRbEp/h6gv7wGqyZ0yNodn3Za yR5dztrOgP6mn9zSvdGBta1lU80fT71ZzHSBOroBtkPURvq0CpdXKbPntFsYEV/Yrr b1Akm1S86R2DA== Received: by mail-ed1-f72.google.com with SMTP id dn8-20020a05640222e800b004bd35dd76a9so12969428edb.13 for ; Mon, 06 Mar 2023 01:21:09 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KAUb4gufqXFtAZDEeRUoworWxTwkI+ySLIH32QIDcYc=; b=so2rTafmVbO94AX/fvZsi7O1kIyDJYVRMcIUMtJ42FRKjbQKXqG+qTb0G/MO/qmJGI 4b1UodCKthrlV7HHJzyOYVH+DdHMbXemyWS4puwsyyMl/+HyJ5bmRDswQ7ytHr57WUc5 FwDrM3SL8VEWkQDzK2ZNpth2vksjE0YQJICh0v+zCKlKJJkgVSxVkUo1kvBs+J5AKQkE twmkReYAstUaRDCT24RyOqf0ae6cmPXeuocO4ACP1usl8/94o2GSkT0lta1nq3py2+16 tMtv+p8Og5zbWDhGS1ifY5CNpEYQRuEmtn0np2e1PdGetrr+BoEXd/BIepU4+eETdWXv denA== X-Gm-Message-State: AO0yUKUaRQNGgPOKt9Rl+WjklsCNk8YaIusxW807cRikVTfJHyGKCI9l IwPKbITjWbpDLjI6+m8YJ5oWZ4o8e9giC1JVahweM9nFatAySNIH2I7GFvQBtNp3R0ixj7YJKfs nW4M66p3SzYlcDDt+zFmOinJiLrRQRKQFGaeUrc2BLyjoly1r8g== X-Received: by 2002:a17:906:4953:b0:877:a2d1:7560 with SMTP id f19-20020a170906495300b00877a2d17560mr10056841ejt.27.1678094468552; Mon, 06 Mar 2023 01:21:08 -0800 (PST) X-Google-Smtp-Source: AK7set+180waPCG5GXattevLf9by75b8htxhroslAPoeCLdpLmhQoAzH3o1fjlAUpPh27nn0VHjT4Q== X-Received: by 2002:a17:906:4953:b0:877:a2d1:7560 with SMTP id f19-20020a170906495300b00877a2d17560mr10056827ejt.27.1678094468228; Mon, 06 Mar 2023 01:21:08 -0800 (PST) Received: from localhost.localdomain (host-79-53-23-214.retail.telecomitalia.it. [79.53.23.214]) by smtp.gmail.com with ESMTPSA id n18-20020a50c212000000b004af515d2dd8sm4864293edf.74.2023.03.06.01.21.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Mar 2023 01:21:08 -0800 (PST) From: Andrea Righi To: kernel-team@lists.ubuntu.com Subject: [SRU][K][PATCH 3/6] UBUNTU: SAUCE: x86/tdx: Add a wrapper to get TDREPORT0 from the TDX Module Date: Mon, 6 Mar 2023 10:20:55 +0100 Message-Id: <20230306092058.26718-4-andrea.righi@canonical.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230306092058.26718-1-andrea.righi@canonical.com> References: <20230306092058.26718-1-andrea.righi@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Kuppuswamy Sathyanarayanan BugLink: https://bugs.launchpad.net/bugs/2009437 To support TDX attestation, the TDX guest driver exposes an IOCTL interface to allow userspace to get the TDREPORT0 (a.k.a. TDREPORT subtype 0) from the TDX module via TDG.MR.TDREPORT TDCALL. In order to get the TDREPORT0 in the TDX guest driver, instead of using a low level function like __tdx_module_call(), add a tdx_mcall_get_report0() wrapper function to handle it. This is a preparatory patch for adding attestation support. Signed-off-by: Kuppuswamy Sathyanarayanan Signed-off-by: Dave Hansen Acked-by: Wander Lairson Costa Link: https://lore.kernel.org/all/20221116223820.819090-2-sathyanarayanan.kuppuswamy%40linux.intel.com Signed-off-by: Andrea Righi --- arch/x86/coco/tdx/tdx.c | 40 ++++++++++++++++++++++++++++++++++++++ arch/x86/include/asm/tdx.h | 2 ++ 2 files changed, 42 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index b8998cf0508a..cfd4c95b9f04 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,6 +5,8 @@ #define pr_fmt(fmt) "tdx: " fmt #include +#include +#include #include #include #include @@ -15,6 +17,7 @@ /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -36,6 +39,12 @@ #define ATTR_SEPT_VE_DISABLE BIT(28) +/* TDX Module call error codes */ +#define TDCALL_RETURN_CODE(a) ((a) >> 32) +#define TDCALL_INVALID_OPERAND 0xc0000100 + +#define TDREPORT_SUBTYPE_0 0 + /* * Wrapper for standard use of __tdx_hypercall with no output aside from * return code. @@ -100,6 +109,37 @@ static inline void tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/** + * tdx_mcall_get_report0() - Wrapper to get TDREPORT0 (a.k.a. TDREPORT + * subtype 0) using TDG.MR.REPORT TDCALL. + * @reportdata: Address of the input buffer which contains user-defined + * REPORTDATA to be included into TDREPORT. + * @tdreport: Address of the output buffer to store TDREPORT. + * + * Refer to section titled "TDG.MR.REPORT leaf" in the TDX Module + * v1.0 specification for more information on TDG.MR.REPORT TDCALL. + * It is used in the TDX guest driver module to get the TDREPORT0. + * + * Return 0 on success, -EINVAL for invalid operands, or -EIO on + * other TDCALL failures. + */ +int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport) +{ + u64 ret; + + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), + virt_to_phys(reportdata), TDREPORT_SUBTYPE_0, + 0, NULL); + if (ret) { + if (TDCALL_RETURN_CODE(ret) == TDCALL_INVALID_OPERAND) + return -EINVAL; + return -EIO; + } + + return 0; +} +EXPORT_SYMBOL_GPL(tdx_mcall_get_report0); + static void tdx_parse_tdinfo(u64 *cc_mask) { struct tdx_module_output out; diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 020c81a7c729..28d889c9aa16 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -67,6 +67,8 @@ void tdx_safe_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); +int tdx_mcall_get_report0(u8 *reportdata, u8 *tdreport); + #else static inline void tdx_early_init(void) { };