1 | // SPDX-License-Identifier: GPL-2.0-only |
2 | /* Copyright(c) 2023 Intel Corporation. All rights reserved. */ |
3 | |
4 | #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt |
5 | |
6 | #include <linux/tsm.h> |
7 | #include <linux/err.h> |
8 | #include <linux/slab.h> |
9 | #include <linux/rwsem.h> |
10 | #include <linux/string.h> |
11 | #include <linux/module.h> |
12 | #include <linux/cleanup.h> |
13 | #include <linux/configfs.h> |
14 | |
15 | static struct tsm_provider { |
16 | const struct tsm_ops *ops; |
17 | const struct config_item_type *type; |
18 | void *data; |
19 | } provider; |
20 | static DECLARE_RWSEM(tsm_rwsem); |
21 | |
22 | /** |
23 | * DOC: Trusted Security Module (TSM) Attestation Report Interface |
24 | * |
25 | * The TSM report interface is a common provider of blobs that facilitate |
26 | * attestation of a TVM (confidential computing guest) by an attestation |
27 | * service. A TSM report combines a user-defined blob (likely a public-key with |
28 | * a nonce for a key-exchange protocol) with a signed attestation report. That |
29 | * combined blob is then used to obtain secrets provided by an agent that can |
30 | * validate the attestation report. The expectation is that this interface is |
31 | * invoked infrequently, however configfs allows for multiple agents to |
32 | * own their own report generation instances to generate reports as |
33 | * often as needed. |
34 | * |
35 | * The attestation report format is TSM provider specific, when / if a standard |
36 | * materializes that can be published instead of the vendor layout. Until then |
37 | * the 'provider' attribute indicates the format of 'outblob', and optionally |
38 | * 'auxblob'. |
39 | */ |
40 | |
41 | struct tsm_report_state { |
42 | struct tsm_report report; |
43 | unsigned long write_generation; |
44 | unsigned long read_generation; |
45 | struct config_item cfg; |
46 | }; |
47 | |
48 | enum tsm_data_select { |
49 | TSM_REPORT, |
50 | TSM_CERTS, |
51 | }; |
52 | |
53 | static struct tsm_report *to_tsm_report(struct config_item *cfg) |
54 | { |
55 | struct tsm_report_state *state = |
56 | container_of(cfg, struct tsm_report_state, cfg); |
57 | |
58 | return &state->report; |
59 | } |
60 | |
61 | static struct tsm_report_state *to_state(struct tsm_report *report) |
62 | { |
63 | return container_of(report, struct tsm_report_state, report); |
64 | } |
65 | |
66 | static int try_advance_write_generation(struct tsm_report *report) |
67 | { |
68 | struct tsm_report_state *state = to_state(report); |
69 | |
70 | lockdep_assert_held_write(&tsm_rwsem); |
71 | |
72 | /* |
73 | * Malicious or broken userspace has written enough times for |
74 | * read_generation == write_generation by modular arithmetic without an |
75 | * interim read. Stop accepting updates until the current report |
76 | * configuration is read. |
77 | */ |
78 | if (state->write_generation == state->read_generation - 1) |
79 | return -EBUSY; |
80 | state->write_generation++; |
81 | return 0; |
82 | } |
83 | |
84 | static ssize_t tsm_report_privlevel_store(struct config_item *cfg, |
85 | const char *buf, size_t len) |
86 | { |
87 | struct tsm_report *report = to_tsm_report(cfg); |
88 | unsigned int val; |
89 | int rc; |
90 | |
91 | rc = kstrtouint(s: buf, base: 0, res: &val); |
92 | if (rc) |
93 | return rc; |
94 | |
95 | /* |
96 | * The valid privilege levels that a TSM might accept, if it accepts a |
97 | * privilege level setting at all, are a max of TSM_PRIVLEVEL_MAX (see |
98 | * SEV-SNP GHCB) and a minimum of a TSM selected floor value no less |
99 | * than 0. |
100 | */ |
101 | if (provider.ops->privlevel_floor > val || val > TSM_PRIVLEVEL_MAX) |
102 | return -EINVAL; |
103 | |
104 | guard(rwsem_write)(T: &tsm_rwsem); |
105 | rc = try_advance_write_generation(report); |
106 | if (rc) |
107 | return rc; |
108 | report->desc.privlevel = val; |
109 | |
110 | return len; |
111 | } |
112 | CONFIGFS_ATTR_WO(tsm_report_, privlevel); |
113 | |
114 | static ssize_t tsm_report_privlevel_floor_show(struct config_item *cfg, |
115 | char *buf) |
116 | { |
117 | guard(rwsem_read)(T: &tsm_rwsem); |
118 | return sysfs_emit(buf, fmt: "%u\n" , provider.ops->privlevel_floor); |
119 | } |
120 | CONFIGFS_ATTR_RO(tsm_report_, privlevel_floor); |
121 | |
122 | static ssize_t tsm_report_inblob_write(struct config_item *cfg, |
123 | const void *buf, size_t count) |
124 | { |
125 | struct tsm_report *report = to_tsm_report(cfg); |
126 | int rc; |
127 | |
128 | guard(rwsem_write)(T: &tsm_rwsem); |
129 | rc = try_advance_write_generation(report); |
130 | if (rc) |
131 | return rc; |
132 | |
133 | report->desc.inblob_len = count; |
134 | memcpy(report->desc.inblob, buf, count); |
135 | return count; |
136 | } |
137 | CONFIGFS_BIN_ATTR_WO(tsm_report_, inblob, NULL, TSM_INBLOB_MAX); |
138 | |
139 | static ssize_t tsm_report_generation_show(struct config_item *cfg, char *buf) |
140 | { |
141 | struct tsm_report *report = to_tsm_report(cfg); |
142 | struct tsm_report_state *state = to_state(report); |
143 | |
144 | guard(rwsem_read)(T: &tsm_rwsem); |
145 | return sysfs_emit(buf, fmt: "%lu\n" , state->write_generation); |
146 | } |
147 | CONFIGFS_ATTR_RO(tsm_report_, generation); |
148 | |
149 | static ssize_t tsm_report_provider_show(struct config_item *cfg, char *buf) |
150 | { |
151 | guard(rwsem_read)(T: &tsm_rwsem); |
152 | return sysfs_emit(buf, fmt: "%s\n" , provider.ops->name); |
153 | } |
154 | CONFIGFS_ATTR_RO(tsm_report_, provider); |
155 | |
156 | static ssize_t __read_report(struct tsm_report *report, void *buf, size_t count, |
157 | enum tsm_data_select select) |
158 | { |
159 | loff_t offset = 0; |
160 | ssize_t len; |
161 | u8 *out; |
162 | |
163 | if (select == TSM_REPORT) { |
164 | out = report->outblob; |
165 | len = report->outblob_len; |
166 | } else { |
167 | out = report->auxblob; |
168 | len = report->auxblob_len; |
169 | } |
170 | |
171 | /* |
172 | * Recall that a NULL @buf is configfs requesting the size of |
173 | * the buffer. |
174 | */ |
175 | if (!buf) |
176 | return len; |
177 | return memory_read_from_buffer(to: buf, count, ppos: &offset, from: out, available: len); |
178 | } |
179 | |
180 | static ssize_t read_cached_report(struct tsm_report *report, void *buf, |
181 | size_t count, enum tsm_data_select select) |
182 | { |
183 | struct tsm_report_state *state = to_state(report); |
184 | |
185 | guard(rwsem_read)(T: &tsm_rwsem); |
186 | if (!report->desc.inblob_len) |
187 | return -EINVAL; |
188 | |
189 | /* |
190 | * A given TSM backend always fills in ->outblob regardless of |
191 | * whether the report includes an auxblob or not. |
192 | */ |
193 | if (!report->outblob || |
194 | state->read_generation != state->write_generation) |
195 | return -EWOULDBLOCK; |
196 | |
197 | return __read_report(report, buf, count, select); |
198 | } |
199 | |
200 | static ssize_t tsm_report_read(struct tsm_report *report, void *buf, |
201 | size_t count, enum tsm_data_select select) |
202 | { |
203 | struct tsm_report_state *state = to_state(report); |
204 | const struct tsm_ops *ops; |
205 | ssize_t rc; |
206 | |
207 | /* try to read from the existing report if present and valid... */ |
208 | rc = read_cached_report(report, buf, count, select); |
209 | if (rc >= 0 || rc != -EWOULDBLOCK) |
210 | return rc; |
211 | |
212 | /* slow path, report may need to be regenerated... */ |
213 | guard(rwsem_write)(T: &tsm_rwsem); |
214 | ops = provider.ops; |
215 | if (!ops) |
216 | return -ENOTTY; |
217 | if (!report->desc.inblob_len) |
218 | return -EINVAL; |
219 | |
220 | /* did another thread already generate this report? */ |
221 | if (report->outblob && |
222 | state->read_generation == state->write_generation) |
223 | goto out; |
224 | |
225 | kvfree(addr: report->outblob); |
226 | kvfree(addr: report->auxblob); |
227 | report->outblob = NULL; |
228 | report->auxblob = NULL; |
229 | rc = ops->report_new(report, provider.data); |
230 | if (rc < 0) |
231 | return rc; |
232 | state->read_generation = state->write_generation; |
233 | out: |
234 | return __read_report(report, buf, count, select); |
235 | } |
236 | |
237 | static ssize_t tsm_report_outblob_read(struct config_item *cfg, void *buf, |
238 | size_t count) |
239 | { |
240 | struct tsm_report *report = to_tsm_report(cfg); |
241 | |
242 | return tsm_report_read(report, buf, count, select: TSM_REPORT); |
243 | } |
244 | CONFIGFS_BIN_ATTR_RO(tsm_report_, outblob, NULL, TSM_OUTBLOB_MAX); |
245 | |
246 | static ssize_t tsm_report_auxblob_read(struct config_item *cfg, void *buf, |
247 | size_t count) |
248 | { |
249 | struct tsm_report *report = to_tsm_report(cfg); |
250 | |
251 | return tsm_report_read(report, buf, count, select: TSM_CERTS); |
252 | } |
253 | CONFIGFS_BIN_ATTR_RO(tsm_report_, auxblob, NULL, TSM_OUTBLOB_MAX); |
254 | |
255 | #define TSM_DEFAULT_ATTRS() \ |
256 | &tsm_report_attr_generation, \ |
257 | &tsm_report_attr_provider |
258 | |
259 | static struct configfs_attribute *tsm_report_attrs[] = { |
260 | TSM_DEFAULT_ATTRS(), |
261 | NULL, |
262 | }; |
263 | |
264 | static struct configfs_attribute *[] = { |
265 | TSM_DEFAULT_ATTRS(), |
266 | &tsm_report_attr_privlevel, |
267 | &tsm_report_attr_privlevel_floor, |
268 | NULL, |
269 | }; |
270 | |
271 | #define TSM_DEFAULT_BIN_ATTRS() \ |
272 | &tsm_report_attr_inblob, \ |
273 | &tsm_report_attr_outblob |
274 | |
275 | static struct configfs_bin_attribute *tsm_report_bin_attrs[] = { |
276 | TSM_DEFAULT_BIN_ATTRS(), |
277 | NULL, |
278 | }; |
279 | |
280 | static struct configfs_bin_attribute *[] = { |
281 | TSM_DEFAULT_BIN_ATTRS(), |
282 | &tsm_report_attr_auxblob, |
283 | NULL, |
284 | }; |
285 | |
286 | static void tsm_report_item_release(struct config_item *cfg) |
287 | { |
288 | struct tsm_report *report = to_tsm_report(cfg); |
289 | struct tsm_report_state *state = to_state(report); |
290 | |
291 | kvfree(addr: report->auxblob); |
292 | kvfree(addr: report->outblob); |
293 | kfree(objp: state); |
294 | } |
295 | |
296 | static struct configfs_item_operations tsm_report_item_ops = { |
297 | .release = tsm_report_item_release, |
298 | }; |
299 | |
300 | const struct config_item_type tsm_report_default_type = { |
301 | .ct_owner = THIS_MODULE, |
302 | .ct_bin_attrs = tsm_report_bin_attrs, |
303 | .ct_attrs = tsm_report_attrs, |
304 | .ct_item_ops = &tsm_report_item_ops, |
305 | }; |
306 | EXPORT_SYMBOL_GPL(tsm_report_default_type); |
307 | |
308 | const struct config_item_type = { |
309 | .ct_owner = THIS_MODULE, |
310 | .ct_bin_attrs = tsm_report_bin_extra_attrs, |
311 | .ct_attrs = tsm_report_extra_attrs, |
312 | .ct_item_ops = &tsm_report_item_ops, |
313 | }; |
314 | EXPORT_SYMBOL_GPL(tsm_report_extra_type); |
315 | |
316 | static struct config_item *tsm_report_make_item(struct config_group *group, |
317 | const char *name) |
318 | { |
319 | struct tsm_report_state *state; |
320 | |
321 | guard(rwsem_read)(T: &tsm_rwsem); |
322 | if (!provider.ops) |
323 | return ERR_PTR(error: -ENXIO); |
324 | |
325 | state = kzalloc(size: sizeof(*state), GFP_KERNEL); |
326 | if (!state) |
327 | return ERR_PTR(error: -ENOMEM); |
328 | |
329 | config_item_init_type_name(item: &state->cfg, name, type: provider.type); |
330 | return &state->cfg; |
331 | } |
332 | |
333 | static struct configfs_group_operations tsm_report_group_ops = { |
334 | .make_item = tsm_report_make_item, |
335 | }; |
336 | |
337 | static const struct config_item_type tsm_reports_type = { |
338 | .ct_owner = THIS_MODULE, |
339 | .ct_group_ops = &tsm_report_group_ops, |
340 | }; |
341 | |
342 | static const struct config_item_type tsm_root_group_type = { |
343 | .ct_owner = THIS_MODULE, |
344 | }; |
345 | |
346 | static struct configfs_subsystem tsm_configfs = { |
347 | .su_group = { |
348 | .cg_item = { |
349 | .ci_namebuf = "tsm" , |
350 | .ci_type = &tsm_root_group_type, |
351 | }, |
352 | }, |
353 | .su_mutex = __MUTEX_INITIALIZER(tsm_configfs.su_mutex), |
354 | }; |
355 | |
356 | int tsm_register(const struct tsm_ops *ops, void *priv, |
357 | const struct config_item_type *type) |
358 | { |
359 | const struct tsm_ops *conflict; |
360 | |
361 | if (!type) |
362 | type = &tsm_report_default_type; |
363 | if (!(type == &tsm_report_default_type || type == &tsm_report_extra_type)) |
364 | return -EINVAL; |
365 | |
366 | guard(rwsem_write)(T: &tsm_rwsem); |
367 | conflict = provider.ops; |
368 | if (conflict) { |
369 | pr_err("\"%s\" ops already registered\n" , conflict->name); |
370 | return -EBUSY; |
371 | } |
372 | |
373 | provider.ops = ops; |
374 | provider.data = priv; |
375 | provider.type = type; |
376 | return 0; |
377 | } |
378 | EXPORT_SYMBOL_GPL(tsm_register); |
379 | |
380 | int tsm_unregister(const struct tsm_ops *ops) |
381 | { |
382 | guard(rwsem_write)(T: &tsm_rwsem); |
383 | if (ops != provider.ops) |
384 | return -EBUSY; |
385 | provider.ops = NULL; |
386 | provider.data = NULL; |
387 | provider.type = NULL; |
388 | return 0; |
389 | } |
390 | EXPORT_SYMBOL_GPL(tsm_unregister); |
391 | |
392 | static struct config_group *tsm_report_group; |
393 | |
394 | static int __init tsm_init(void) |
395 | { |
396 | struct config_group *root = &tsm_configfs.su_group; |
397 | struct config_group *tsm; |
398 | int rc; |
399 | |
400 | config_group_init(group: root); |
401 | rc = configfs_register_subsystem(subsys: &tsm_configfs); |
402 | if (rc) |
403 | return rc; |
404 | |
405 | tsm = configfs_register_default_group(parent_group: root, name: "report" , |
406 | item_type: &tsm_reports_type); |
407 | if (IS_ERR(ptr: tsm)) { |
408 | configfs_unregister_subsystem(subsys: &tsm_configfs); |
409 | return PTR_ERR(ptr: tsm); |
410 | } |
411 | tsm_report_group = tsm; |
412 | |
413 | return 0; |
414 | } |
415 | module_init(tsm_init); |
416 | |
417 | static void __exit tsm_exit(void) |
418 | { |
419 | configfs_unregister_default_group(group: tsm_report_group); |
420 | configfs_unregister_subsystem(subsys: &tsm_configfs); |
421 | } |
422 | module_exit(tsm_exit); |
423 | |
424 | MODULE_LICENSE("GPL" ); |
425 | MODULE_DESCRIPTION("Provide Trusted Security Module attestation reports via configfs" ); |
426 | |