tdx-guest.c source code [linux/drivers/virt/coco/tdx-guest/tdx-guest.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* TDX guest user interface driver
4	*
5	* Copyright (C) 2022 Intel Corporation
6	*/
7
8	#include <linux/kernel.h>
9	#include <linux/miscdevice.h>
10	#include <linux/mm.h>
11	#include <linux/module.h>
12	#include <linux/mod_devicetable.h>
13	#include <linux/string.h>
14	#include <linux/uaccess.h>
15	#include <linux/set_memory.h>
16	#include <linux/io.h>
17	#include <linux/delay.h>
18	#include <linux/tsm.h>
19	#include <linux/sizes.h>
20
21	#include <uapi/linux/tdx-guest.h>
22
23	#include <asm/cpu_device_id.h>
24	#include <asm/tdx.h>
25
26	/*
27	* Intel's SGX QE implementation generally uses Quote size less
28	* than 8K (2K Quote data + ~5K of certificate blob).
29	*/
30	#define GET_QUOTE_BUF_SIZE SZ_8K
31
32	#define GET_QUOTE_CMD_VER 1
33
34	/ TDX GetQuote status codes /
35	#define GET_QUOTE_SUCCESS 0
36	#define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff
37
38	/ struct tdx_quote_buf: Format of Quote request buffer.*
39	* @version: Quote format version, filled by TD.
40	* @status: Status code of Quote request, filled by VMM.
41	* @in_len: Length of TDREPORT, filled by TD.
42	* @out_len: Length of Quote data, filled by VMM.
43	* @data: Quote data on output or TDREPORT on input.
44	*
45	* More details of Quote request buffer can be found in TDX
46	* Guest-Host Communication Interface (GHCI) for Intel TDX 1.0,
47	* section titled "TDG.VP.VMCALL<GetQuote>"
48	*/
49	struct tdx_quote_buf {
50	u64 version;
51	u64 status;
52	u32 in_len;
53	u32 out_len;
54	u8 data[];
55	};
56
57	/ Quote data buffer /
58	static void *quote_data;
59
60	/ Lock to streamline quote requests /
61	static DEFINE_MUTEX(quote_lock);
62
63	/*
64	* GetQuote request timeout in seconds. Expect that 30 seconds
65	* is enough time for QE to respond to any Quote requests.
66	*/
67	static u32 getquote_timeout = `30`;
68
69	static long tdx_get_report0(struct tdx_report_req __user *req)
70	{
71	u8 reportdata, tdreport;
72	long ret;
73
74	reportdata = kmalloc(TDX_REPORTDATA_LEN, GFP_KERNEL);
75	if (!reportdata)
76	return -ENOMEM;
77
78	tdreport = kzalloc(TDX_REPORT_LEN, GFP_KERNEL);
79	if (!tdreport) {
80	ret = -ENOMEM;
81	goto out;
82	}
83
84	if (copy_from_user(to: reportdata, from: req->reportdata, TDX_REPORTDATA_LEN)) {
85	ret = -EFAULT;
86	goto out;
87	}
88
89	/ Generate TDREPORT0 using "TDG.MR.REPORT" TDCALL /
90	ret = tdx_mcall_get_report0(reportdata, tdreport);
91	if (ret)
92	goto out;
93
94	if (copy_to_user(to: req->tdreport, from: tdreport, TDX_REPORT_LEN))
95	ret = -EFAULT;
96
97	out:
98	kfree(objp: reportdata);
99	kfree(objp: tdreport);
100
101	return ret;
102	}
103
104	static void free_quote_buf(void *buf)
105	{
106	size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
107	unsigned int count = len >> PAGE_SHIFT;
108
109	if (set_memory_encrypted(addr: (unsigned long)buf, numpages: count)) {
110	pr_err("Failed to restore encryption mask for Quote buffer, leak it\n");
111	return;
112	}
113
114	free_pages_exact(virt: buf, size: len);
115	}
116
117	static void alloc_quote_buf(void*)
118	{
119	size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
120	unsigned int count = len >> PAGE_SHIFT;
121	void *addr;
122
123	addr = alloc_pages_exact(size: len, GFP_KERNEL \| __GFP_ZERO);
124	if (!addr)
125	return NULL;
126
127	if (set_memory_decrypted(addr: (unsigned long)addr, numpages: count)) {
128	free_pages_exact(virt: addr, size: len);
129	return NULL;
130	}
131
132	return addr;
133	}
134
135	/*
136	* wait_for_quote_completion() - Wait for Quote request completion
137	* @quote_buf: Address of Quote buffer.
138	* @timeout: Timeout in seconds to wait for the Quote generation.
139	*
140	* As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>",
141	* the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT
142	* while VMM processes the GetQuote request, and will change it to success
143	* or error code after processing is complete. So wait till the status
144	* changes from GET_QUOTE_IN_FLIGHT or the request being timed out.
145	*/
146	static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout)
147	{
148	int i = `0`;
149
150	/*
151	* Quote requests usually take a few seconds to complete, so waking up
152	* once per second to recheck the status is fine for this use case.
153	*/
154	while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) {
155	if (msleep_interruptible(MSEC_PER_SEC))
156	return -EINTR;
157	}
158
159	return (i == timeout) ? -ETIMEDOUT : `0`;
160	}
161
162	static int tdx_report_new(struct tsm_report report, void* *data)
163	{
164	u8 buf, reportdata = NULL, *tdreport = NULL;
165	struct tdx_quote_buf *quote_buf = quote_data;
166	struct tsm_desc *desc = &report->desc;
167	int ret;
168	u64 err;
169
170	/ TODO: switch to guard(mutex_intr) /
171	if (mutex_lock_interruptible(&quote_lock))
172	return -EINTR;
173
174	/*
175	* If the previous request is timedout or interrupted, and the
176	* Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by
177	* VMM), don't permit any new request.
178	*/
179	if (quote_buf->status == GET_QUOTE_IN_FLIGHT) {
180	ret = -EBUSY;
181	goto done;
182	}
183
184	if (desc->inblob_len != TDX_REPORTDATA_LEN) {
185	ret = -EINVAL;
186	goto done;
187	}
188
189	reportdata = kmalloc(TDX_REPORTDATA_LEN, GFP_KERNEL);
190	if (!reportdata) {
191	ret = -ENOMEM;
192	goto done;
193	}
194
195	tdreport = kzalloc(TDX_REPORT_LEN, GFP_KERNEL);
196	if (!tdreport) {
197	ret = -ENOMEM;
198	goto done;
199	}
200
201	memcpy(reportdata, desc->inblob, desc->inblob_len);
202
203	/ Generate TDREPORT0 using "TDG.MR.REPORT" TDCALL /
204	ret = tdx_mcall_get_report0(reportdata, tdreport);
205	if (ret) {
206	pr_err("GetReport call failed\n");
207	goto done;
208	}
209
210	memset(quote_data, `0`, GET_QUOTE_BUF_SIZE);
211
212	/ Update Quote buffer header /
213	quote_buf->version = GET_QUOTE_CMD_VER;
214	quote_buf->in_len = TDX_REPORT_LEN;
215
216	memcpy(quote_buf->data, tdreport, TDX_REPORT_LEN);
217
218	err = tdx_hcall_get_quote(buf: quote_data, GET_QUOTE_BUF_SIZE);
219	if (err) {
220	pr_err("GetQuote hypercall failed, status:%llx\n", err);
221	ret = -EIO;
222	goto done;
223	}
224
225	ret = wait_for_quote_completion(quote_buf, timeout: getquote_timeout);
226	if (ret) {
227	pr_err("GetQuote request timedout\n");
228	goto done;
229	}
230
231	buf = kvmemdup(src: quote_buf->data, len: quote_buf->out_len, GFP_KERNEL);
232	if (!buf) {
233	ret = -ENOMEM;
234	goto done;
235	}
236
237	report->outblob = buf;
238	report->outblob_len = quote_buf->out_len;
239
240	/*
241	* TODO: parse the PEM-formatted cert chain out of the quote buffer when
242	* provided
243	*/
244	done:
245	mutex_unlock(lock: &quote_lock);
246	kfree(objp: reportdata);
247	kfree(objp: tdreport);
248
249	return ret;
250	}
251
252	static long tdx_guest_ioctl(struct file file, unsigned* int cmd,
253	unsigned long arg)
254	{
255	switch (cmd) {
256	case TDX_CMD_GET_REPORT0:
257	return tdx_get_report0(req: (struct tdx_report_req __user *)arg);
258	default:
259	return -ENOTTY;
260	}
261	}
262
263	static const struct file_operations tdx_guest_fops = {
264	.owner = THIS_MODULE,
265	.unlocked_ioctl = tdx_guest_ioctl,
266	.llseek = no_llseek,
267	};
268
269	static struct miscdevice tdx_misc_dev = {
270	.name = KBUILD_MODNAME,
271	.minor = MISC_DYNAMIC_MINOR,
272	.fops = &tdx_guest_fops,
273	};
274
275	static const struct x86_cpu_id tdx_guest_ids[] = {
276	X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL),
277	{}
278	};
279	MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids);
280
281	static const struct tsm_ops tdx_tsm_ops = {
282	.name = KBUILD_MODNAME,
283	.report_new = tdx_report_new,
284	};
285
286	static int __init tdx_guest_init(void)
287	{
288	int ret;
289
290	if (!x86_match_cpu(match: tdx_guest_ids))
291	return -ENODEV;
292
293	ret = misc_register(misc: &tdx_misc_dev);
294	if (ret)
295	return ret;
296
297	quote_data = alloc_quote_buf();
298	if (!quote_data) {
299	pr_err("Failed to allocate Quote buffer\n");
300	ret = -ENOMEM;
301	goto free_misc;
302	}
303
304	ret = tsm_register(ops: &tdx_tsm_ops, NULL, NULL);
305	if (ret)
306	goto free_quote;
307
308	return `0`;
309
310	free_quote:
311	free_quote_buf(buf: quote_data);
312	free_misc:
313	misc_deregister(misc: &tdx_misc_dev);
314
315	return ret;
316	}
317	module_init(tdx_guest_init);
318
319	static void __exit tdx_guest_exit(void)
320	{
321	tsm_unregister(ops: &tdx_tsm_ops);
322	free_quote_buf(buf: quote_data);
323	misc_deregister(misc: &tdx_misc_dev);
324	}
325	module_exit(tdx_guest_exit);
326
327	MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>");
328	MODULE_DESCRIPTION("TDX Guest Driver");
329	MODULE_LICENSE("GPL");
330

source code of linux/drivers/virt/coco/tdx-guest/tdx-guest.c