tdx-guest.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * TDX guest user interface driver
  4. *
  5. * Copyright (C) 2022 Intel Corporation
  6. */
  7. #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
  8. #include <linux/kernel.h>
  9. #include <linux/miscdevice.h>
  10. #include <linux/mm.h>
  11. #include <linux/module.h>
  12. #include <linux/mod_devicetable.h>
  13. #include <linux/string.h>
  14. #include <linux/uaccess.h>
  15. #include <linux/set_memory.h>
  16. #include <linux/io.h>
  17. #include <linux/delay.h>
  18. #include <linux/sockptr.h>
  19. #include <linux/tsm.h>
  20. #include <linux/tsm-mr.h>
  21. #include <uapi/linux/tdx-guest.h>
  22. #include <asm/cpu_device_id.h>
  23. #include <asm/tdx.h>
  24. /* TDREPORT buffer */
  25. static u8 *tdx_report_buf;
  26. /* Lock to serialize TDG.MR.REPORT and TDG.MR.RTMR.EXTEND TDCALLs */
  27. static DEFINE_MUTEX(mr_lock);
  28. /* TDREPORT fields */
  29. enum {
  30. TDREPORT_reportdata = 128,
  31. TDREPORT_tee_tcb_info = 256,
  32. TDREPORT_tdinfo = TDREPORT_tee_tcb_info + 256,
  33. TDREPORT_attributes = TDREPORT_tdinfo,
  34. TDREPORT_xfam = TDREPORT_attributes + sizeof(u64),
  35. TDREPORT_mrtd = TDREPORT_xfam + sizeof(u64),
  36. TDREPORT_mrconfigid = TDREPORT_mrtd + SHA384_DIGEST_SIZE,
  37. TDREPORT_mrowner = TDREPORT_mrconfigid + SHA384_DIGEST_SIZE,
  38. TDREPORT_mrownerconfig = TDREPORT_mrowner + SHA384_DIGEST_SIZE,
  39. TDREPORT_rtmr0 = TDREPORT_mrownerconfig + SHA384_DIGEST_SIZE,
  40. TDREPORT_rtmr1 = TDREPORT_rtmr0 + SHA384_DIGEST_SIZE,
  41. TDREPORT_rtmr2 = TDREPORT_rtmr1 + SHA384_DIGEST_SIZE,
  42. TDREPORT_rtmr3 = TDREPORT_rtmr2 + SHA384_DIGEST_SIZE,
  43. TDREPORT_servtd_hash = TDREPORT_rtmr3 + SHA384_DIGEST_SIZE,
  44. };
  45. static int tdx_do_report(sockptr_t data, sockptr_t tdreport)
  46. {
  47. scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
  48. u8 *reportdata = tdx_report_buf + TDREPORT_reportdata;
  49. int ret;
  50. if (!sockptr_is_null(data) &&
  51. copy_from_sockptr(reportdata, data, TDX_REPORTDATA_LEN))
  52. return -EFAULT;
  53. ret = tdx_mcall_get_report0(reportdata, tdx_report_buf);
  54. if (WARN_ONCE(ret, "tdx_mcall_get_report0() failed: %d", ret))
  55. return ret;
  56. if (!sockptr_is_null(tdreport) &&
  57. copy_to_sockptr(tdreport, tdx_report_buf, TDX_REPORT_LEN))
  58. return -EFAULT;
  59. }
  60. return 0;
  61. }
  62. static int tdx_do_extend(u8 mr_ind, const u8 *data)
  63. {
  64. scoped_cond_guard(mutex_intr, return -EINTR, &mr_lock) {
  65. /*
  66. * TDX requires @extend_buf to be 64-byte aligned.
  67. * It's safe to use REPORTDATA buffer for that purpose because
  68. * tdx_mr_report/extend_lock() are mutually exclusive.
  69. */
  70. u8 *extend_buf = tdx_report_buf + TDREPORT_reportdata;
  71. int ret;
  72. memcpy(extend_buf, data, SHA384_DIGEST_SIZE);
  73. ret = tdx_mcall_extend_rtmr(mr_ind, extend_buf);
  74. if (WARN_ONCE(ret, "tdx_mcall_extend_rtmr(%u) failed: %d", mr_ind, ret))
  75. return ret;
  76. }
  77. return 0;
  78. }
  79. #define TDX_MR_(r) .mr_value = (void *)TDREPORT_##r, TSM_MR_(r, SHA384)
  80. static struct tsm_measurement_register tdx_mrs[] = {
  81. { TDX_MR_(rtmr0) | TSM_MR_F_RTMR },
  82. { TDX_MR_(rtmr1) | TSM_MR_F_RTMR },
  83. { TDX_MR_(rtmr2) | TSM_MR_F_RTMR },
  84. { TDX_MR_(rtmr3) | TSM_MR_F_RTMR },
  85. { TDX_MR_(mrtd) },
  86. { TDX_MR_(mrconfigid) | TSM_MR_F_NOHASH },
  87. { TDX_MR_(mrowner) | TSM_MR_F_NOHASH },
  88. { TDX_MR_(mrownerconfig) | TSM_MR_F_NOHASH },
  89. };
  90. #undef TDX_MR_
  91. static int tdx_mr_refresh(const struct tsm_measurements *tm)
  92. {
  93. return tdx_do_report(KERNEL_SOCKPTR(NULL), KERNEL_SOCKPTR(NULL));
  94. }
  95. static int tdx_mr_extend(const struct tsm_measurements *tm,
  96. const struct tsm_measurement_register *mr,
  97. const u8 *data)
  98. {
  99. return tdx_do_extend(mr - tm->mrs, data);
  100. }
  101. static struct tsm_measurements tdx_measurements = {
  102. .mrs = tdx_mrs,
  103. .nr_mrs = ARRAY_SIZE(tdx_mrs),
  104. .refresh = tdx_mr_refresh,
  105. .write = tdx_mr_extend,
  106. };
  107. static const struct attribute_group *tdx_mr_init(void)
  108. {
  109. const struct attribute_group *g;
  110. int rc;
  111. u8 *buf __free(kfree) = kzalloc(TDX_REPORT_LEN, GFP_KERNEL);
  112. if (!buf)
  113. return ERR_PTR(-ENOMEM);
  114. tdx_report_buf = buf;
  115. rc = tdx_mr_refresh(&tdx_measurements);
  116. if (rc)
  117. return ERR_PTR(rc);
  118. /*
  119. * @mr_value was initialized with the offset only, while the base
  120. * address is being added here.
  121. */
  122. for (size_t i = 0; i < ARRAY_SIZE(tdx_mrs); ++i)
  123. *(long *)&tdx_mrs[i].mr_value += (long)buf;
  124. g = tsm_mr_create_attribute_group(&tdx_measurements);
  125. if (!IS_ERR(g))
  126. tdx_report_buf = no_free_ptr(buf);
  127. return g;
  128. }
  129. static void tdx_mr_deinit(const struct attribute_group *mr_grp)
  130. {
  131. tsm_mr_free_attribute_group(mr_grp);
  132. kfree(tdx_report_buf);
  133. }
  134. /*
  135. * Intel's SGX QE implementation generally uses Quote size less
  136. * than 8K (2K Quote data + ~5K of certificate blob).
  137. * DICE-based attestation uses layered evidence that requires
  138. * larger Quote size (~100K).
  139. */
  140. #define GET_QUOTE_BUF_SIZE SZ_128K
  141. #define GET_QUOTE_CMD_VER 1
  142. /* TDX GetQuote status codes */
  143. #define GET_QUOTE_SUCCESS 0
  144. #define GET_QUOTE_IN_FLIGHT 0xffffffffffffffff
  145. #define TDX_QUOTE_MAX_LEN (GET_QUOTE_BUF_SIZE - sizeof(struct tdx_quote_buf))
  146. /* struct tdx_quote_buf: Format of Quote request buffer.
  147. * @version: Quote format version, filled by TD.
  148. * @status: Status code of Quote request, filled by VMM.
  149. * @in_len: Length of TDREPORT, filled by TD.
  150. * @out_len: Length of Quote data, filled by VMM.
  151. * @data: Quote data on output or TDREPORT on input.
  152. *
  153. * More details of Quote request buffer can be found in TDX
  154. * Guest-Host Communication Interface (GHCI) for Intel TDX 1.0,
  155. * section titled "TDG.VP.VMCALL<GetQuote>"
  156. */
  157. struct tdx_quote_buf {
  158. u64 version;
  159. u64 status;
  160. u32 in_len;
  161. u32 out_len;
  162. u8 data[];
  163. };
  164. /* Quote data buffer */
  165. static void *quote_data;
  166. /* Lock to streamline quote requests */
  167. static DEFINE_MUTEX(quote_lock);
  168. /*
  169. * GetQuote request timeout in seconds. Expect that 30 seconds
  170. * is enough time for QE to respond to any Quote requests.
  171. */
  172. static u32 getquote_timeout = 30;
  173. static long tdx_get_report0(struct tdx_report_req __user *req)
  174. {
  175. return tdx_do_report(USER_SOCKPTR(req->reportdata),
  176. USER_SOCKPTR(req->tdreport));
  177. }
  178. static void free_quote_buf(void *buf)
  179. {
  180. size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
  181. unsigned int count = len >> PAGE_SHIFT;
  182. if (set_memory_encrypted((unsigned long)buf, count)) {
  183. pr_err("Failed to restore encryption mask for Quote buffer, leak it\n");
  184. return;
  185. }
  186. free_pages_exact(buf, len);
  187. }
  188. static void *alloc_quote_buf(void)
  189. {
  190. size_t len = PAGE_ALIGN(GET_QUOTE_BUF_SIZE);
  191. unsigned int count = len >> PAGE_SHIFT;
  192. void *addr;
  193. addr = alloc_pages_exact(len, GFP_KERNEL | __GFP_ZERO);
  194. if (!addr)
  195. return NULL;
  196. if (set_memory_decrypted((unsigned long)addr, count))
  197. return NULL;
  198. return addr;
  199. }
  200. /*
  201. * wait_for_quote_completion() - Wait for Quote request completion
  202. * @quote_buf: Address of Quote buffer.
  203. * @timeout: Timeout in seconds to wait for the Quote generation.
  204. *
  205. * As per TDX GHCI v1.0 specification, sec titled "TDG.VP.VMCALL<GetQuote>",
  206. * the status field in the Quote buffer will be set to GET_QUOTE_IN_FLIGHT
  207. * while VMM processes the GetQuote request, and will change it to success
  208. * or error code after processing is complete. So wait till the status
  209. * changes from GET_QUOTE_IN_FLIGHT or the request being timed out.
  210. */
  211. static int wait_for_quote_completion(struct tdx_quote_buf *quote_buf, u32 timeout)
  212. {
  213. int i = 0;
  214. /*
  215. * Quote requests usually take a few seconds to complete, so waking up
  216. * once per second to recheck the status is fine for this use case.
  217. */
  218. while (quote_buf->status == GET_QUOTE_IN_FLIGHT && i++ < timeout) {
  219. if (msleep_interruptible(MSEC_PER_SEC))
  220. return -EINTR;
  221. }
  222. return (i == timeout) ? -ETIMEDOUT : 0;
  223. }
  224. static int tdx_report_new_locked(struct tsm_report *report, void *data)
  225. {
  226. u8 *buf;
  227. struct tdx_quote_buf *quote_buf = quote_data;
  228. struct tsm_report_desc *desc = &report->desc;
  229. u32 out_len;
  230. int ret;
  231. u64 err;
  232. /*
  233. * If the previous request is timedout or interrupted, and the
  234. * Quote buf status is still in GET_QUOTE_IN_FLIGHT (owned by
  235. * VMM), don't permit any new request.
  236. */
  237. if (quote_buf->status == GET_QUOTE_IN_FLIGHT)
  238. return -EBUSY;
  239. if (desc->inblob_len != TDX_REPORTDATA_LEN)
  240. return -EINVAL;
  241. memset(quote_data, 0, GET_QUOTE_BUF_SIZE);
  242. /* Update Quote buffer header */
  243. quote_buf->version = GET_QUOTE_CMD_VER;
  244. quote_buf->in_len = TDX_REPORT_LEN;
  245. ret = tdx_do_report(KERNEL_SOCKPTR(desc->inblob),
  246. KERNEL_SOCKPTR(quote_buf->data));
  247. if (ret)
  248. return ret;
  249. err = tdx_hcall_get_quote(quote_data, GET_QUOTE_BUF_SIZE);
  250. if (err) {
  251. pr_err("GetQuote hypercall failed, status:%llx\n", err);
  252. return -EIO;
  253. }
  254. ret = wait_for_quote_completion(quote_buf, getquote_timeout);
  255. if (ret) {
  256. pr_err("GetQuote request timedout\n");
  257. return ret;
  258. }
  259. out_len = READ_ONCE(quote_buf->out_len);
  260. if (out_len > TDX_QUOTE_MAX_LEN)
  261. return -EFBIG;
  262. buf = kvmemdup(quote_buf->data, out_len, GFP_KERNEL);
  263. if (!buf)
  264. return -ENOMEM;
  265. report->outblob = buf;
  266. report->outblob_len = out_len;
  267. /*
  268. * TODO: parse the PEM-formatted cert chain out of the quote buffer when
  269. * provided
  270. */
  271. return ret;
  272. }
  273. static int tdx_report_new(struct tsm_report *report, void *data)
  274. {
  275. scoped_cond_guard(mutex_intr, return -EINTR, &quote_lock)
  276. return tdx_report_new_locked(report, data);
  277. }
  278. static bool tdx_report_attr_visible(int n)
  279. {
  280. switch (n) {
  281. case TSM_REPORT_GENERATION:
  282. case TSM_REPORT_PROVIDER:
  283. return true;
  284. }
  285. return false;
  286. }
  287. static bool tdx_report_bin_attr_visible(int n)
  288. {
  289. switch (n) {
  290. case TSM_REPORT_INBLOB:
  291. case TSM_REPORT_OUTBLOB:
  292. return true;
  293. }
  294. return false;
  295. }
  296. static long tdx_guest_ioctl(struct file *file, unsigned int cmd,
  297. unsigned long arg)
  298. {
  299. switch (cmd) {
  300. case TDX_CMD_GET_REPORT0:
  301. return tdx_get_report0((struct tdx_report_req __user *)arg);
  302. default:
  303. return -ENOTTY;
  304. }
  305. }
  306. static const struct file_operations tdx_guest_fops = {
  307. .owner = THIS_MODULE,
  308. .unlocked_ioctl = tdx_guest_ioctl,
  309. };
  310. static const struct attribute_group *tdx_attr_groups[] = {
  311. NULL, /* measurements */
  312. NULL
  313. };
  314. static struct miscdevice tdx_misc_dev = {
  315. .name = KBUILD_MODNAME,
  316. .minor = MISC_DYNAMIC_MINOR,
  317. .fops = &tdx_guest_fops,
  318. .groups = tdx_attr_groups,
  319. };
  320. static const struct x86_cpu_id tdx_guest_ids[] = {
  321. X86_MATCH_FEATURE(X86_FEATURE_TDX_GUEST, NULL),
  322. {}
  323. };
  324. MODULE_DEVICE_TABLE(x86cpu, tdx_guest_ids);
  325. static const struct tsm_report_ops tdx_tsm_ops = {
  326. .name = KBUILD_MODNAME,
  327. .report_new = tdx_report_new,
  328. .report_attr_visible = tdx_report_attr_visible,
  329. .report_bin_attr_visible = tdx_report_bin_attr_visible,
  330. };
  331. static int __init tdx_guest_init(void)
  332. {
  333. int ret;
  334. if (!x86_match_cpu(tdx_guest_ids))
  335. return -ENODEV;
  336. tdx_attr_groups[0] = tdx_mr_init();
  337. if (IS_ERR(tdx_attr_groups[0]))
  338. return PTR_ERR(tdx_attr_groups[0]);
  339. ret = misc_register(&tdx_misc_dev);
  340. if (ret)
  341. goto deinit_mr;
  342. quote_data = alloc_quote_buf();
  343. if (!quote_data) {
  344. pr_err("Failed to allocate Quote buffer\n");
  345. ret = -ENOMEM;
  346. goto free_misc;
  347. }
  348. ret = tsm_report_register(&tdx_tsm_ops, NULL);
  349. if (ret)
  350. goto free_quote;
  351. return 0;
  352. free_quote:
  353. free_quote_buf(quote_data);
  354. free_misc:
  355. misc_deregister(&tdx_misc_dev);
  356. deinit_mr:
  357. tdx_mr_deinit(tdx_attr_groups[0]);
  358. return ret;
  359. }
  360. module_init(tdx_guest_init);
  361. static void __exit tdx_guest_exit(void)
  362. {
  363. tsm_report_unregister(&tdx_tsm_ops);
  364. free_quote_buf(quote_data);
  365. misc_deregister(&tdx_misc_dev);
  366. tdx_mr_deinit(tdx_attr_groups[0]);
  367. }
  368. module_exit(tdx_guest_exit);
  369. MODULE_AUTHOR("Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>");
  370. MODULE_DESCRIPTION("TDX Guest Driver");
  371. MODULE_LICENSE("GPL");