tdx-guest.c source code [linux/drivers/virt/coco/tdx-guest/tdx-guest.c]

1	// SPDX-License-Identifier: GPL-2.0
2	/*
3	* TDX guest user interface driver
4	*
5	* Copyright (C) 2022 Intel Corporation
6	*/
7
8	#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
9
10	#include <linux/kernel.h>
11	#include <linux/miscdevice.h>
12	#include <linux/mm.h>
13	#include <linux/module.h>
14	#include <linux/mod_devicetable.h>
15	#include <linux/string.h>
16	#include <linux/uaccess.h>
17	#include <linux/set_memory.h>
18	#include <linux/io.h>
19	#include <linux/delay.h>
20	#include <linux/sockptr.h>
21	#include <linux/tsm.h>
22	#include <linux/tsm-mr.h>
23
24	#include <uapi/linux/tdx-guest.h>
25
26	#include <asm/cpu_device_id.h>
27	#include <asm/tdx.h>
28
29	/ TDREPORT buffer /
30	static u8 *tdx_report_buf;
31
32	/ Lock to serialize TDG.MR.REPORT and TDG.MR.RTMR.EXTEND TDCALLs /
33	static DEFINE_MUTEX(mr_lock);
34
35	/ TDREPORT fields /
36	enum {
37	TDREPORT_reportdata = `128`,
38	TDREPORT_tee_tcb_info = `256`,
39	TDREPORT_tdinfo = TDREPORT_tee_tcb_info + `256`,
40	TDREPORT_attributes = TDREPORT_tdinfo,
41	TDREPORT_xfam = TDREPORT_attributes + sizeof(u64),
42	TDREPORT_mrtd = TDREPORT_xfam + sizeof(u64),
43	TDREPORT_mrconfigid = TDREPORT_mrtd + SHA384_DIGEST_SIZE,
44	TDREPORT_mrowner = TDREPORT_mrconfigid + SHA384_DIGEST_SIZE,
45	TDREPORT_mrownerconfig = TDREPORT_mrowner + SHA384_DIGEST_SIZE,
46	TDREPORT_rtmr0 = TDREPORT_mrownerconfig + SHA384_DIGEST_SIZE,
47	TDREPORT_rtmr1 = TDREPORT_rtmr0 + SHA384_DIGEST_SIZE,
48	TDREPORT_rtmr2 = TDREPORT_rtmr1 + SHA384_DIGEST_SIZE,
49	TDREPORT_rtmr3 = TDREPORT_rtmr2 + SHA384_DIGEST_SIZE,
50	TDREPORT_servtd_hash = TDREPORT_rtmr3 + SHA384_DIGEST_SIZE,
51	};
52
53	static int tdx_do_report(sockptr_t data, sockptr_t tdreport)
54	{
55	scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
56	u8 *reportdata = tdx_report_buf + TDREPORT_reportdata;
57	int ret;
58
59	if (!sockptr_is_null(sockptr: data) &&
60	copy_from_sockptr(dst: reportdata, src: data, TDX_REPORTDATA_LEN))
61	return -EFAULT;
62
63	ret = tdx_mcall_get_report0(reportdata, tdreport: tdx_report_buf);
64	if (WARN_ONCE(ret, "tdx_mcall_get_report0() failed: %d", ret))
65	return ret;
66
67	if (!sockptr_is_null(sockptr: tdreport) &&
68	copy_to_sockptr(dst: tdreport, src: tdx_report_buf, TDX_REPORT_LEN))
69	return -EFAULT;
70	}
71	return `0`;
72	}
73
74	static int tdx_do_extend(u8 mr_ind, const u8 *data)
75	{
76	scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
77	/*
78	* TDX requires @extend_buf to be 64-byte aligned.
79	* It's safe to use REPORTDATA buffer for that purpose because
80	* tdx_mr_report/extend_lock() are mutually exclusive.
81	*/
82	u8 *extend_buf = tdx_report_buf + TDREPORT_reportdata;
83	int ret;
84
85	memcpy(extend_buf, data, SHA384_DIGEST_SIZE);
86
87	ret = tdx_mcall_extend_rtmr(index: mr_ind, data: extend_buf);
88	if (WARN_ONCE(ret, "tdx_mcall_extend_rtmr(%u) failed: %d", mr_ind, ret))
89	return ret;
90	}
91	return `0`;
92	}
93
94	#define TDX_MR_(r) .mr_value = (void *)TDREPORT_##r, TSM_MR_(r, SHA384)
95	static struct tsm_measurement_register tdx_mrs[] = {
96	{ TDX_MR_(rtmr0) \| TSM_MR_F_RTMR },
97	{ TDX_MR_(rtmr1) \| TSM_MR_F_RTMR },
98	{ TDX_MR_(rtmr2) \| TSM_MR_F_RTMR },
99	{ TDX_MR_(rtmr3) \| TSM_MR_F_RTMR },
100	{ TDX_MR_(mrtd) },
101	{ TDX_MR_(mrconfigid) \| TSM_MR_F_NOHASH },
102	{ TDX_MR_(mrowner) \| TSM_MR_F_NOHASH },
103	{ TDX_MR_(mrownerconfig) \| TSM_MR_F_NOHASH },
104	};
105	#undef TDX_MR_
106
107	static int tdx_mr_refresh(const struct tsm_measurements *tm)
108	{
109	return tdx_do_report(data: KERNEL_SOCKPTR(NULL), tdreport: KERNEL_SOCKPTR(NULL));
110	}
111
112	static int tdx_mr_extend(const struct tsm_measurements *tm,
113	const struct tsm_measurement_register *mr,
114	const u8 *data)
115	{
116	return tdx_do_extend(mr_ind: mr - tm->mrs, data);
117	}
118
119	static struct tsm_measurements tdx_measurements = {
120	.mrs = tdx_mrs,
121	.nr_mrs = ARRAY_SIZE(tdx_mrs),
122	.refresh = tdx_mr_refresh,
123	.write = tdx_mr_extend,
124	};
125
126	static const struct attribute_group tdx_mr_init(void*)
127	{
128	const struct attribute_group *g;
129	int rc;
130
131	u8 *buf __free(kfree) = kzalloc(TDX_REPORT_LEN, GFP_KERNEL);
132	if (!buf)
133	return ERR_PTR(error: -ENOMEM);
134
135	tdx_report_buf = buf;
136	rc = tdx_mr_refresh(tm: &tdx_measurements);
137	if (rc)
138	return ERR_PTR(error: rc);
139
140	/*
141	* @mr_value was initialized with the offset only, while the base
142	* address is being added here.
143	*/
144	for (size_t i = `0`; i < ARRAY_SIZE(tdx_mrs); ++i)
145	(long* )&tdx_mrs[i].mr_value += (long*)buf;
146
147	g = tsm_mr_create_attribute_group(tm: &tdx_measurements);
148	if (!IS_ERR(ptr: g))
149	tdx_report_buf = no_free_ptr(buf);
150
151	return g;
152	}
153
154	static void tdx_mr_deinit(const struct attribute_group *mr_grp)
155	{
156	tsm_mr_free_attribute_group(attr_grp: mr_grp);
157	kfree(objp: tdx_report_buf);
158	}
159
160	/*
161	* Intel's SGX QE implementation generally uses Quote size less
162	* than 8K (2K Quote data + ~5K of certificate blob).
163	*/
164	#define GET_QUOTE_BUF_SIZE SZ_8K
165
166	#define GET_QUOTE_CMD_VER 1
167
168	/ TDX GetQuote status codes /
169	#define GET_QUOTE_SUCCESS 0
170	#define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff
171
172	/ struct tdx_quote_buf: Format of Quote request buffer.*
173	* @version: Quote format version, filled by TD.
174	* @status: Status code of Quote request, filled by VMM.
175	* @in_len: Length of TDREPORT, filled by TD.
176	* @out_len: Length of Quote data, filled by VMM.
177	* @data: Quote data on output or TDREPORT on input.
178	*
179	* More details of Quote request buffer can be found in TDX
180	* Guest-Host Communication Interface (GHCI) for Intel TDX 1.0,
181	* section titled "TDG.VP.VMCALL<GetQuote>"
182	*/
183	struct tdx_quote_buf {
184	u64 version;
185	u64 status;
186	u32 in_len;
187	u32 out_len;
188	u8 data[];
189	};
190
191	/ Quote data buffer /
192	static void *quote_data;
193
194	/ Lock to streamline quote requests /
195	static DEFINE_MUTEX(quote_lock);
196
197	/*
198	* GetQuote request timeout in seconds. Expect that 30 seconds
199	* is enough time for QE to respond to any Quote requests.
200	*/
201	static u32 getquote_timeout = `30`;
202
203	static long tdx_get_report0(struct tdx_report_req __user *req)
204	{
205	return tdx_do_report(data: USER_SOCKPTR(p: req->reportdata),
206	tdreport: USER_SOCKPTR(p: req->tdreport));
207	}
208
209	static void free_quote_buf(void *buf)
210	{
211	size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
212	unsigned int count = len >> PAGE_SHIFT;
213
214	if (set_memory_encrypted(addr: (unsigned long)buf, numpages: count)) {
215	pr_err("Failed to restore encryption mask for Quote buffer, leak it\n");
216	return;
217	}
218
219	free_pages_exact(virt: buf, size: len);
220	}
221
222	static void alloc_quote_buf(void*)
223	{
224	size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
225	unsigned int count = len >> PAGE_SHIFT;
226	void *addr;
227
228	addr = alloc_pages_exact(len, GFP_KERNEL \| __GFP_ZERO);
229	if (!addr)
230	return NULL;
231
232	if (set_memory_decrypted(addr: (unsigned long)addr, numpages: count))
233	return NULL;
234
235	return addr;
236	}
237
238	/*
239	* wait_for_quote_completion() - Wait for Quote request completion
240	* @quote_buf: Address of Quote buffer.
241	* @timeout: Timeout in seconds to wait for the Quote generation.
242	*
243	* As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>",
244	* the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT
245	* while VMM processes the GetQuote request, and will change it to success
246	* or error code after processing is complete. So wait till the status
247	* changes from GET_QUOTE_IN_FLIGHT or the request being timed out.
248	*/
249	static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout)
250	{
251	int i = `0`;
252
253	/*
254	* Quote requests usually take a few seconds to complete, so waking up
255	* once per second to recheck the status is fine for this use case.
256	*/
257	while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) {
258	if (msleep_interruptible(MSEC_PER_SEC))
259	return -EINTR;
260	}
261
262	return (i == timeout) ? -ETIMEDOUT : `0`;
263	}
264
265	static int tdx_report_new_locked(struct tsm_report report, void* *data)
266	{
267	u8 *buf;
268	struct tdx_quote_buf *quote_buf = quote_data;
269	struct tsm_report_desc *desc = &report->desc;
270	int ret;
271	u64 err;
272
273	/*
274	* If the previous request is timedout or interrupted, and the
275	* Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by
276	* VMM), don't permit any new request.
277	*/
278	if (quote_buf->status == GET_QUOTE_IN_FLIGHT)
279	return -EBUSY;
280
281	if (desc->inblob_len != TDX_REPORTDATA_LEN)
282	return -EINVAL;
283
284	memset(quote_data, `0`, GET_QUOTE_BUF_SIZE);
285
286	/ Update Quote buffer header /
287	quote_buf->version = GET_QUOTE_CMD_VER;
288	quote_buf->in_len = TDX_REPORT_LEN;
289
290	ret = tdx_do_report(data: KERNEL_SOCKPTR(p: desc->inblob),
291	tdreport: KERNEL_SOCKPTR(p: quote_buf->data));
292	if (ret)
293	return ret;
294
295	err = tdx_hcall_get_quote(buf: quote_data, GET_QUOTE_BUF_SIZE);
296	if (err) {
297	pr_err("GetQuote hypercall failed, status:%llx\n", err);
298	return -EIO;
299	}
300
301	ret = wait_for_quote_completion(quote_buf, timeout: getquote_timeout);
302	if (ret) {
303	pr_err("GetQuote request timedout\n");
304	return ret;
305	}
306
307	buf = kvmemdup(src: quote_buf->data, len: quote_buf->out_len, GFP_KERNEL);
308	if (!buf)
309	return -ENOMEM;
310
311	report->outblob = buf;
312	report->outblob_len = quote_buf->out_len;
313
314	/*
315	* TODO: parse the PEM-formatted cert chain out of the quote buffer when
316	* provided
317	*/
318
319	return ret;
320	}
321
322	static int tdx_report_new(struct tsm_report report, void* *data)
323	{
324	scoped_cond_guard(mutex_intr, return -EINTR, &quote_lock)
325	return tdx_report_new_locked(report, data);
326	}
327
328	static bool tdx_report_attr_visible(int n)
329	{
330	switch (n) {
331	case TSM_REPORT_GENERATION:
332	case TSM_REPORT_PROVIDER:
333	return true;
334	}
335
336	return false;
337	}
338
339	static bool tdx_report_bin_attr_visible(int n)
340	{
341	switch (n) {
342	case TSM_REPORT_INBLOB:
343	case TSM_REPORT_OUTBLOB:
344	return true;
345	}
346
347	return false;
348	}
349
350	static long tdx_guest_ioctl(struct file file, unsigned* int cmd,
351	unsigned long arg)
352	{
353	switch (cmd) {
354	case TDX_CMD_GET_REPORT0:
355	return tdx_get_report0(req: (struct tdx_report_req __user *)arg);
356	default:
357	return -ENOTTY;
358	}
359	}
360
361	static const struct file_operations tdx_guest_fops = {
362	.owner = THIS_MODULE,
363	.unlocked_ioctl = tdx_guest_ioctl,
364	};
365
366	static const struct attribute_group *tdx_attr_groups[] = {
367	NULL, / measurements /
368	NULL
369	};
370
371	static struct miscdevice tdx_misc_dev = {
372	.name = KBUILD_MODNAME,
373	.minor = MISC_DYNAMIC_MINOR,
374	.fops = &tdx_guest_fops,
375	.groups = tdx_attr_groups,
376	};
377
378	static const struct x86_cpu_id tdx_guest_ids[] = {
379	X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL),
380	{}
381	};
382	MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids);
383
384	static const struct tsm_report_ops tdx_tsm_ops = {
385	.name = KBUILD_MODNAME,
386	.report_new = tdx_report_new,
387	.report_attr_visible = tdx_report_attr_visible,
388	.report_bin_attr_visible = tdx_report_bin_attr_visible,
389	};
390
391	static int __init tdx_guest_init(void)
392	{
393	int ret;
394
395	if (!x86_match_cpu(match: tdx_guest_ids))
396	return -ENODEV;
397
398	tdx_attr_groups[`0`] = tdx_mr_init();
399	if (IS_ERR(ptr: tdx_attr_groups[`0`]))
400	return PTR_ERR(ptr: tdx_attr_groups[`0`]);
401
402	ret = misc_register(misc: &tdx_misc_dev);
403	if (ret)
404	goto deinit_mr;
405
406	quote_data = alloc_quote_buf();
407	if (!quote_data) {
408	pr_err("Failed to allocate Quote buffer\n");
409	ret = -ENOMEM;
410	goto free_misc;
411	}
412
413	ret = tsm_report_register(ops: &tdx_tsm_ops, NULL);
414	if (ret)
415	goto free_quote;
416
417	return `0`;
418
419	free_quote:
420	free_quote_buf(buf: quote_data);
421	free_misc:
422	misc_deregister(misc: &tdx_misc_dev);
423	deinit_mr:
424	tdx_mr_deinit(mr_grp: tdx_attr_groups[`0`]);
425
426	return ret;
427	}
428	module_init(tdx_guest_init);
429
430	static void __exit tdx_guest_exit(void)
431	{
432	tsm_report_unregister(ops: &tdx_tsm_ops);
433	free_quote_buf(buf: quote_data);
434	misc_deregister(misc: &tdx_misc_dev);
435	tdx_mr_deinit(mr_grp: tdx_attr_groups[`0`]);
436	}
437	module_exit(tdx_guest_exit);
438
439	MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>");
440	MODULE_DESCRIPTION("TDX Guest Driver");
441	MODULE_LICENSE("GPL");
442

source code of linux/drivers/virt/coco/tdx-guest/tdx-guest.c