Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AMD Platform Security Processor (PSP) interface
4 *
5 * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
6 *
7 * Author: Brijesh Singh <brijesh.singh@amd.com>
8 */
9
10#include <linux/kernel.h>
11#include <linux/irqreturn.h>
12#include <linux/mutex.h>
13#include <linux/bitfield.h>
14#include <linux/delay.h>
15
16#include "sp-dev.h"
17#include "psp-dev.h"
18#include "sev-dev.h"
19#include "tee-dev.h"
20#include "platform-access.h"
21#include "dbc.h"
22#include "hsti.h"
23
24struct psp_device *psp_master;
25
26#define PSP_C2PMSG_17_CMDRESP_CMD GENMASK(19, 16)
27
28static int psp_mailbox_poll(const void __iomem *cmdresp_reg, unsigned int *cmdresp,
29 unsigned int timeout_msecs)
30{
31 while (true) {
32 *cmdresp = ioread32(cmdresp_reg);
33 if (FIELD_GET(PSP_CMDRESP_RESP, *cmdresp))
34 return 0;
35
36 if (!timeout_msecs--)
37 break;
38
39 usleep_range(1000, 1100);
40 }
41
42 return -ETIMEDOUT;
43}
44
45int psp_mailbox_command(struct psp_device *psp, enum psp_cmd cmd, void *cmdbuff,
46 unsigned int timeout_msecs, unsigned int *cmdresp)
47{
48 void __iomem *cmdresp_reg, *cmdbuff_lo_reg, *cmdbuff_hi_reg;
49 int ret;
50
51 if (!psp || !psp->vdata || !psp->vdata->cmdresp_reg ||
52 !psp->vdata->cmdbuff_addr_lo_reg || !psp->vdata->cmdbuff_addr_hi_reg)
53 return -ENODEV;
54
55 cmdresp_reg = psp->io_regs + psp->vdata->cmdresp_reg;
56 cmdbuff_lo_reg = psp->io_regs + psp->vdata->cmdbuff_addr_lo_reg;
57 cmdbuff_hi_reg = psp->io_regs + psp->vdata->cmdbuff_addr_hi_reg;
58
59 mutex_lock(&psp->mailbox_mutex);
60
61 /* Ensure mailbox is ready for a command */
62 ret = -EBUSY;
63 if (psp_mailbox_poll(cmdresp_reg, cmdresp, 0))
64 goto unlock;
65
66 if (cmdbuff) {
67 iowrite32(lower_32_bits(__psp_pa(cmdbuff)), cmdbuff_lo_reg);
68 iowrite32(upper_32_bits(__psp_pa(cmdbuff)), cmdbuff_hi_reg);
69 }
70
71 *cmdresp = FIELD_PREP(PSP_C2PMSG_17_CMDRESP_CMD, cmd);
72 iowrite32(*cmdresp, cmdresp_reg);
73
74 ret = psp_mailbox_poll(cmdresp_reg, cmdresp, timeout_msecs);
75
76unlock:
77 mutex_unlock(&psp->mailbox_mutex);
78
79 return ret;
80}
81
82int psp_extended_mailbox_cmd(struct psp_device *psp, unsigned int timeout_msecs,
83 struct psp_ext_request *req)
84{
85 unsigned int reg;
86 int ret;
87
88 print_hex_dump_debug("->psp ", DUMP_PREFIX_OFFSET, 16, 2, req,
89 req->header.payload_size, false);
90
91 ret = psp_mailbox_command(psp, PSP_CMD_TEE_EXTENDED_CMD, (void *)req,
92 timeout_msecs, ®);
93 if (ret) {
94 return ret;
95 } else if (FIELD_GET(PSP_CMDRESP_STS, reg)) {
96 req->header.status = FIELD_GET(PSP_CMDRESP_STS, reg);
97 return -EIO;
98 }
99
100 print_hex_dump_debug("<-psp ", DUMP_PREFIX_OFFSET, 16, 2, req,
101 req->header.payload_size, false);
102
103 return 0;
104}
105
106static struct psp_device *psp_alloc_struct(struct sp_device *sp)
107{
108 struct device *dev = sp->dev;
109 struct psp_device *psp;
110
111 psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
112 if (!psp)
113 return NULL;
114
115 psp->dev = dev;
116 psp->sp = sp;
117
118 snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
119
120 return psp;
121}
122
123static irqreturn_t psp_irq_handler(int irq, void *data)
124{
125 struct psp_device *psp = data;
126 unsigned int status;
127
128 /* Read the interrupt status: */
129 status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
130
131 /* Clear the interrupt status by writing the same value we read. */
132 iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
133
134 /* invoke subdevice interrupt handlers */
135 if (status) {
136 if (psp->sev_irq_handler)
137 psp->sev_irq_handler(irq, psp->sev_irq_data, status);
138 }
139
140 return IRQ_HANDLED;
141}
142
143static unsigned int psp_get_capability(struct psp_device *psp)
144{
145 unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg);
146
147 /*
148 * Check for a access to the registers. If this read returns
149 * 0xffffffff, it's likely that the system is running a broken
150 * BIOS which disallows access to the device. Stop here and
151 * fail the PSP initialization (but not the load, as the CCP
152 * could get properly initialized).
153 */
154 if (val == 0xffffffff) {
155 dev_notice(psp->dev, "psp: unable to access the device: you might be running a broken BIOS.\n");
156 return -ENODEV;
157 }
158 psp->capability.raw = val;
159
160 return 0;
161}
162
163static int psp_check_sev_support(struct psp_device *psp)
164{
165 /* Check if device supports SEV feature */
166 if (!psp->capability.sev) {
167 dev_dbg(psp->dev, "psp does not support SEV\n");
168 return -ENODEV;
169 }
170
171 return 0;
172}
173
174static int psp_check_tee_support(struct psp_device *psp)
175{
176 /* Check if device supports TEE feature */
177 if (!psp->capability.tee) {
178 dev_dbg(psp->dev, "psp does not support TEE\n");
179 return -ENODEV;
180 }
181
182 return 0;
183}
184
185static int psp_init(struct psp_device *psp)
186{
187 int ret;
188
189 if (!psp_check_sev_support(psp)) {
190 ret = sev_dev_init(psp);
191 if (ret)
192 return ret;
193 }
194
195 if (!psp_check_tee_support(psp)) {
196 ret = tee_dev_init(psp);
197 if (ret)
198 return ret;
199 }
200
201 if (psp->vdata->platform_access) {
202 ret = platform_access_dev_init(psp);
203 if (ret)
204 return ret;
205 }
206
207 /* dbc must come after platform access as it tests the feature */
208 if (PSP_FEATURE(psp, DBC) ||
209 psp->capability.dbc_thru_ext) {
210 ret = dbc_dev_init(psp);
211 if (ret)
212 return ret;
213 }
214
215 /* HSTI uses platform access on some systems. */
216 ret = psp_init_hsti(psp);
217 if (ret)
218 return ret;
219
220 return 0;
221}
222
223int psp_dev_init(struct sp_device *sp)
224{
225 struct device *dev = sp->dev;
226 struct psp_device *psp;
227 int ret;
228
229 ret = -ENOMEM;
230 psp = psp_alloc_struct(sp);
231 if (!psp)
232 goto e_err;
233
234 sp->psp_data = psp;
235
236 psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
237 if (!psp->vdata) {
238 ret = -ENODEV;
239 dev_err(dev, "missing driver data\n");
240 goto e_err;
241 }
242
243 psp->io_regs = sp->io_map;
244 mutex_init(&psp->mailbox_mutex);
245
246 ret = psp_get_capability(psp);
247 if (ret)
248 goto e_disable;
249
250 /* Disable and clear interrupts until ready */
251 iowrite32(0, psp->io_regs + psp->vdata->inten_reg);
252 iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);
253
254 /* Request an irq */
255 ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
256 if (ret) {
257 dev_err(dev, "psp: unable to allocate an IRQ\n");
258 goto e_err;
259 }
260
261 /* master device must be set for platform access */
262 if (psp->sp->set_psp_master_device)
263 psp->sp->set_psp_master_device(psp->sp);
264
265 ret = psp_init(psp);
266 if (ret)
267 goto e_irq;
268
269 /* Enable interrupt */
270 iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);
271
272 dev_notice(dev, "psp enabled\n");
273
274 return 0;
275
276e_irq:
277 if (sp->clear_psp_master_device)
278 sp->clear_psp_master_device(sp);
279
280 sp_free_psp_irq(psp->sp, psp);
281e_err:
282 sp->psp_data = NULL;
283
284 dev_notice(dev, "psp initialization failed\n");
285
286 return ret;
287
288e_disable:
289 sp->psp_data = NULL;
290
291 return ret;
292}
293
294void psp_dev_destroy(struct sp_device *sp)
295{
296 struct psp_device *psp = sp->psp_data;
297
298 if (!psp)
299 return;
300
301 sev_dev_destroy(psp);
302
303 tee_dev_destroy(psp);
304
305 dbc_dev_destroy(psp);
306
307 platform_access_dev_destroy(psp);
308
309 sp_free_psp_irq(sp, psp);
310
311 if (sp->clear_psp_master_device)
312 sp->clear_psp_master_device(sp);
313}
314
315void psp_set_sev_irq_handler(struct psp_device *psp, psp_irq_handler_t handler,
316 void *data)
317{
318 psp->sev_irq_data = data;
319 psp->sev_irq_handler = handler;
320}
321
322void psp_clear_sev_irq_handler(struct psp_device *psp)
323{
324 psp_set_sev_irq_handler(psp, NULL, NULL);
325}
326
327struct psp_device *psp_get_master_device(void)
328{
329 struct sp_device *sp = sp_get_psp_master_device();
330
331 return sp ? sp->psp_data : NULL;
332}
333
334void psp_pci_init(void)
335{
336 psp_master = psp_get_master_device();
337
338 if (!psp_master)
339 return;
340
341 sev_pci_init();
342}
343
344void psp_pci_exit(void)
345{
346 if (!psp_master)
347 return;
348
349 sev_pci_exit();
350}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AMD Platform Security Processor (PSP) interface
4 *
5 * Copyright (C) 2016,2018 Advanced Micro Devices, Inc.
6 *
7 * Author: Brijesh Singh <brijesh.singh@amd.com>
8 */
9
10#include <linux/module.h>
11#include <linux/kernel.h>
12#include <linux/kthread.h>
13#include <linux/sched.h>
14#include <linux/interrupt.h>
15#include <linux/spinlock.h>
16#include <linux/spinlock_types.h>
17#include <linux/types.h>
18#include <linux/mutex.h>
19#include <linux/delay.h>
20#include <linux/hw_random.h>
21#include <linux/ccp.h>
22#include <linux/firmware.h>
23
24#include "sp-dev.h"
25#include "psp-dev.h"
26
27#define DEVICE_NAME "sev"
28#define SEV_FW_FILE "amd/sev.fw"
29#define SEV_FW_NAME_SIZE 64
30
31static DEFINE_MUTEX(sev_cmd_mutex);
32static struct sev_misc_dev *misc_dev;
33static struct psp_device *psp_master;
34
35static int psp_cmd_timeout = 100;
36module_param(psp_cmd_timeout, int, 0644);
37MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
38
39static int psp_probe_timeout = 5;
40module_param(psp_probe_timeout, int, 0644);
41MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
42
43static bool psp_dead;
44static int psp_timeout;
45
46static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
47{
48 if (psp_master->api_major > maj)
49 return true;
50 if (psp_master->api_major == maj && psp_master->api_minor >= min)
51 return true;
52 return false;
53}
54
55static struct psp_device *psp_alloc_struct(struct sp_device *sp)
56{
57 struct device *dev = sp->dev;
58 struct psp_device *psp;
59
60 psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
61 if (!psp)
62 return NULL;
63
64 psp->dev = dev;
65 psp->sp = sp;
66
67 snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
68
69 return psp;
70}
71
72static irqreturn_t psp_irq_handler(int irq, void *data)
73{
74 struct psp_device *psp = data;
75 unsigned int status;
76 int reg;
77
78 /* Read the interrupt status: */
79 status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
80
81 /* Check if it is command completion: */
82 if (!(status & PSP_CMD_COMPLETE))
83 goto done;
84
85 /* Check if it is SEV command completion: */
86 reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
87 if (reg & PSP_CMDRESP_RESP) {
88 psp->sev_int_rcvd = 1;
89 wake_up(&psp->sev_int_queue);
90 }
91
92done:
93 /* Clear the interrupt status by writing the same value we read. */
94 iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
95
96 return IRQ_HANDLED;
97}
98
99static int sev_wait_cmd_ioc(struct psp_device *psp,
100 unsigned int *reg, unsigned int timeout)
101{
102 int ret;
103
104 ret = wait_event_timeout(psp->sev_int_queue,
105 psp->sev_int_rcvd, timeout * HZ);
106 if (!ret)
107 return -ETIMEDOUT;
108
109 *reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
110
111 return 0;
112}
113
114static int sev_cmd_buffer_len(int cmd)
115{
116 switch (cmd) {
117 case SEV_CMD_INIT: return sizeof(struct sev_data_init);
118 case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
119 case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
120 case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
121 case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
122 case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
123 case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
124 case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
125 case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
126 case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
127 case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
128 case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
129 case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
130 case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
131 case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
132 case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
133 case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
134 case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
135 case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
136 case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
137 case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
138 case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
139 case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
140 case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
141 case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
142 case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
143 case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
144 default: return 0;
145 }
146
147 return 0;
148}
149
150static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
151{
152 struct psp_device *psp = psp_master;
153 unsigned int phys_lsb, phys_msb;
154 unsigned int reg, ret = 0;
155
156 if (!psp)
157 return -ENODEV;
158
159 if (psp_dead)
160 return -EBUSY;
161
162 /* Get the physical address of the command buffer */
163 phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;
164 phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;
165
166 dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
167 cmd, phys_msb, phys_lsb, psp_timeout);
168
169 print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
170 sev_cmd_buffer_len(cmd), false);
171
172 iowrite32(phys_lsb, psp->io_regs + psp->vdata->cmdbuff_addr_lo_reg);
173 iowrite32(phys_msb, psp->io_regs + psp->vdata->cmdbuff_addr_hi_reg);
174
175 psp->sev_int_rcvd = 0;
176
177 reg = cmd;
178 reg <<= PSP_CMDRESP_CMD_SHIFT;
179 reg |= PSP_CMDRESP_IOC;
180 iowrite32(reg, psp->io_regs + psp->vdata->cmdresp_reg);
181
182 /* wait for command completion */
183 ret = sev_wait_cmd_ioc(psp, ®, psp_timeout);
184 if (ret) {
185 if (psp_ret)
186 *psp_ret = 0;
187
188 dev_err(psp->dev, "sev command %#x timed out, disabling PSP \n", cmd);
189 psp_dead = true;
190
191 return ret;
192 }
193
194 psp_timeout = psp_cmd_timeout;
195
196 if (psp_ret)
197 *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
198
199 if (reg & PSP_CMDRESP_ERR_MASK) {
200 dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n",
201 cmd, reg & PSP_CMDRESP_ERR_MASK);
202 ret = -EIO;
203 }
204
205 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
206 sev_cmd_buffer_len(cmd), false);
207
208 return ret;
209}
210
211static int sev_do_cmd(int cmd, void *data, int *psp_ret)
212{
213 int rc;
214
215 mutex_lock(&sev_cmd_mutex);
216 rc = __sev_do_cmd_locked(cmd, data, psp_ret);
217 mutex_unlock(&sev_cmd_mutex);
218
219 return rc;
220}
221
222static int __sev_platform_init_locked(int *error)
223{
224 struct psp_device *psp = psp_master;
225 int rc = 0;
226
227 if (!psp)
228 return -ENODEV;
229
230 if (psp->sev_state == SEV_STATE_INIT)
231 return 0;
232
233 rc = __sev_do_cmd_locked(SEV_CMD_INIT, &psp->init_cmd_buf, error);
234 if (rc)
235 return rc;
236
237 psp->sev_state = SEV_STATE_INIT;
238 dev_dbg(psp->dev, "SEV firmware initialized\n");
239
240 return rc;
241}
242
243int sev_platform_init(int *error)
244{
245 int rc;
246
247 mutex_lock(&sev_cmd_mutex);
248 rc = __sev_platform_init_locked(error);
249 mutex_unlock(&sev_cmd_mutex);
250
251 return rc;
252}
253EXPORT_SYMBOL_GPL(sev_platform_init);
254
255static int __sev_platform_shutdown_locked(int *error)
256{
257 int ret;
258
259 ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
260 if (ret)
261 return ret;
262
263 psp_master->sev_state = SEV_STATE_UNINIT;
264 dev_dbg(psp_master->dev, "SEV firmware shutdown\n");
265
266 return ret;
267}
268
269static int sev_platform_shutdown(int *error)
270{
271 int rc;
272
273 mutex_lock(&sev_cmd_mutex);
274 rc = __sev_platform_shutdown_locked(NULL);
275 mutex_unlock(&sev_cmd_mutex);
276
277 return rc;
278}
279
280static int sev_get_platform_state(int *state, int *error)
281{
282 int rc;
283
284 rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
285 &psp_master->status_cmd_buf, error);
286 if (rc)
287 return rc;
288
289 *state = psp_master->status_cmd_buf.state;
290 return rc;
291}
292
293static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
294{
295 int state, rc;
296
297 /*
298 * The SEV spec requires that FACTORY_RESET must be issued in
299 * UNINIT state. Before we go further lets check if any guest is
300 * active.
301 *
302 * If FW is in WORKING state then deny the request otherwise issue
303 * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
304 *
305 */
306 rc = sev_get_platform_state(&state, &argp->error);
307 if (rc)
308 return rc;
309
310 if (state == SEV_STATE_WORKING)
311 return -EBUSY;
312
313 if (state == SEV_STATE_INIT) {
314 rc = __sev_platform_shutdown_locked(&argp->error);
315 if (rc)
316 return rc;
317 }
318
319 return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
320}
321
322static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
323{
324 struct sev_user_data_status *data = &psp_master->status_cmd_buf;
325 int ret;
326
327 ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);
328 if (ret)
329 return ret;
330
331 if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
332 ret = -EFAULT;
333
334 return ret;
335}
336
337static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
338{
339 int rc;
340
341 if (psp_master->sev_state == SEV_STATE_UNINIT) {
342 rc = __sev_platform_init_locked(&argp->error);
343 if (rc)
344 return rc;
345 }
346
347 return __sev_do_cmd_locked(cmd, NULL, &argp->error);
348}
349
350static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
351{
352 struct sev_user_data_pek_csr input;
353 struct sev_data_pek_csr *data;
354 void *blob = NULL;
355 int ret;
356
357 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
358 return -EFAULT;
359
360 data = kzalloc(sizeof(*data), GFP_KERNEL);
361 if (!data)
362 return -ENOMEM;
363
364 /* userspace wants to query CSR length */
365 if (!input.address || !input.length)
366 goto cmd;
367
368 /* allocate a physically contiguous buffer to store the CSR blob */
369 if (!access_ok(input.address, input.length) ||
370 input.length > SEV_FW_BLOB_MAX_SIZE) {
371 ret = -EFAULT;
372 goto e_free;
373 }
374
375 blob = kmalloc(input.length, GFP_KERNEL);
376 if (!blob) {
377 ret = -ENOMEM;
378 goto e_free;
379 }
380
381 data->address = __psp_pa(blob);
382 data->len = input.length;
383
384cmd:
385 if (psp_master->sev_state == SEV_STATE_UNINIT) {
386 ret = __sev_platform_init_locked(&argp->error);
387 if (ret)
388 goto e_free_blob;
389 }
390
391 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
392
393 /* If we query the CSR length, FW responded with expected data. */
394 input.length = data->len;
395
396 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
397 ret = -EFAULT;
398 goto e_free_blob;
399 }
400
401 if (blob) {
402 if (copy_to_user((void __user *)input.address, blob, input.length))
403 ret = -EFAULT;
404 }
405
406e_free_blob:
407 kfree(blob);
408e_free:
409 kfree(data);
410 return ret;
411}
412
413void *psp_copy_user_blob(u64 __user uaddr, u32 len)
414{
415 if (!uaddr || !len)
416 return ERR_PTR(-EINVAL);
417
418 /* verify that blob length does not exceed our limit */
419 if (len > SEV_FW_BLOB_MAX_SIZE)
420 return ERR_PTR(-EINVAL);
421
422 return memdup_user((void __user *)(uintptr_t)uaddr, len);
423}
424EXPORT_SYMBOL_GPL(psp_copy_user_blob);
425
426static int sev_get_api_version(void)
427{
428 struct sev_user_data_status *status;
429 int error = 0, ret;
430
431 status = &psp_master->status_cmd_buf;
432 ret = sev_platform_status(status, &error);
433 if (ret) {
434 dev_err(psp_master->dev,
435 "SEV: failed to get status. Error: %#x\n", error);
436 return 1;
437 }
438
439 psp_master->api_major = status->api_major;
440 psp_master->api_minor = status->api_minor;
441 psp_master->build = status->build;
442 psp_master->sev_state = status->state;
443
444 return 0;
445}
446
447static int sev_get_firmware(struct device *dev,
448 const struct firmware **firmware)
449{
450 char fw_name_specific[SEV_FW_NAME_SIZE];
451 char fw_name_subset[SEV_FW_NAME_SIZE];
452
453 snprintf(fw_name_specific, sizeof(fw_name_specific),
454 "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
455 boot_cpu_data.x86, boot_cpu_data.x86_model);
456
457 snprintf(fw_name_subset, sizeof(fw_name_subset),
458 "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
459 boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
460
461 /* Check for SEV FW for a particular model.
462 * Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
463 *
464 * or
465 *
466 * Check for SEV FW common to a subset of models.
467 * Ex. amd_sev_fam17h_model0xh.sbin for
468 * Family 17h Model 00h -- Family 17h Model 0Fh
469 *
470 * or
471 *
472 * Fall-back to using generic name: sev.fw
473 */
474 if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
475 (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
476 (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
477 return 0;
478
479 return -ENOENT;
480}
481
482/* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
483static int sev_update_firmware(struct device *dev)
484{
485 struct sev_data_download_firmware *data;
486 const struct firmware *firmware;
487 int ret, error, order;
488 struct page *p;
489 u64 data_size;
490
491 if (sev_get_firmware(dev, &firmware) == -ENOENT) {
492 dev_dbg(dev, "No SEV firmware file present\n");
493 return -1;
494 }
495
496 /*
497 * SEV FW expects the physical address given to it to be 32
498 * byte aligned. Memory allocated has structure placed at the
499 * beginning followed by the firmware being passed to the SEV
500 * FW. Allocate enough memory for data structure + alignment
501 * padding + SEV FW.
502 */
503 data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
504
505 order = get_order(firmware->size + data_size);
506 p = alloc_pages(GFP_KERNEL, order);
507 if (!p) {
508 ret = -1;
509 goto fw_err;
510 }
511
512 /*
513 * Copy firmware data to a kernel allocated contiguous
514 * memory region.
515 */
516 data = page_address(p);
517 memcpy(page_address(p) + data_size, firmware->data, firmware->size);
518
519 data->address = __psp_pa(page_address(p) + data_size);
520 data->len = firmware->size;
521
522 ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
523 if (ret)
524 dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
525 else
526 dev_info(dev, "SEV firmware update successful\n");
527
528 __free_pages(p, order);
529
530fw_err:
531 release_firmware(firmware);
532
533 return ret;
534}
535
536static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
537{
538 struct sev_user_data_pek_cert_import input;
539 struct sev_data_pek_cert_import *data;
540 void *pek_blob, *oca_blob;
541 int ret;
542
543 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
544 return -EFAULT;
545
546 data = kzalloc(sizeof(*data), GFP_KERNEL);
547 if (!data)
548 return -ENOMEM;
549
550 /* copy PEK certificate blobs from userspace */
551 pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
552 if (IS_ERR(pek_blob)) {
553 ret = PTR_ERR(pek_blob);
554 goto e_free;
555 }
556
557 data->pek_cert_address = __psp_pa(pek_blob);
558 data->pek_cert_len = input.pek_cert_len;
559
560 /* copy PEK certificate blobs from userspace */
561 oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
562 if (IS_ERR(oca_blob)) {
563 ret = PTR_ERR(oca_blob);
564 goto e_free_pek;
565 }
566
567 data->oca_cert_address = __psp_pa(oca_blob);
568 data->oca_cert_len = input.oca_cert_len;
569
570 /* If platform is not in INIT state then transition it to INIT */
571 if (psp_master->sev_state != SEV_STATE_INIT) {
572 ret = __sev_platform_init_locked(&argp->error);
573 if (ret)
574 goto e_free_oca;
575 }
576
577 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
578
579e_free_oca:
580 kfree(oca_blob);
581e_free_pek:
582 kfree(pek_blob);
583e_free:
584 kfree(data);
585 return ret;
586}
587
588static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
589{
590 struct sev_user_data_get_id2 input;
591 struct sev_data_get_id *data;
592 void *id_blob = NULL;
593 int ret;
594
595 /* SEV GET_ID is available from SEV API v0.16 and up */
596 if (!sev_version_greater_or_equal(0, 16))
597 return -ENOTSUPP;
598
599 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
600 return -EFAULT;
601
602 /* Check if we have write access to the userspace buffer */
603 if (input.address &&
604 input.length &&
605 !access_ok(input.address, input.length))
606 return -EFAULT;
607
608 data = kzalloc(sizeof(*data), GFP_KERNEL);
609 if (!data)
610 return -ENOMEM;
611
612 if (input.address && input.length) {
613 id_blob = kmalloc(input.length, GFP_KERNEL);
614 if (!id_blob) {
615 kfree(data);
616 return -ENOMEM;
617 }
618
619 data->address = __psp_pa(id_blob);
620 data->len = input.length;
621 }
622
623 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
624
625 /*
626 * Firmware will return the length of the ID value (either the minimum
627 * required length or the actual length written), return it to the user.
628 */
629 input.length = data->len;
630
631 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
632 ret = -EFAULT;
633 goto e_free;
634 }
635
636 if (id_blob) {
637 if (copy_to_user((void __user *)input.address,
638 id_blob, data->len)) {
639 ret = -EFAULT;
640 goto e_free;
641 }
642 }
643
644e_free:
645 kfree(id_blob);
646 kfree(data);
647
648 return ret;
649}
650
651static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
652{
653 struct sev_data_get_id *data;
654 u64 data_size, user_size;
655 void *id_blob, *mem;
656 int ret;
657
658 /* SEV GET_ID available from SEV API v0.16 and up */
659 if (!sev_version_greater_or_equal(0, 16))
660 return -ENOTSUPP;
661
662 /* SEV FW expects the buffer it fills with the ID to be
663 * 8-byte aligned. Memory allocated should be enough to
664 * hold data structure + alignment padding + memory
665 * where SEV FW writes the ID.
666 */
667 data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
668 user_size = sizeof(struct sev_user_data_get_id);
669
670 mem = kzalloc(data_size + user_size, GFP_KERNEL);
671 if (!mem)
672 return -ENOMEM;
673
674 data = mem;
675 id_blob = mem + data_size;
676
677 data->address = __psp_pa(id_blob);
678 data->len = user_size;
679
680 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
681 if (!ret) {
682 if (copy_to_user((void __user *)argp->data, id_blob, data->len))
683 ret = -EFAULT;
684 }
685
686 kfree(mem);
687
688 return ret;
689}
690
691static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
692{
693 struct sev_user_data_pdh_cert_export input;
694 void *pdh_blob = NULL, *cert_blob = NULL;
695 struct sev_data_pdh_cert_export *data;
696 int ret;
697
698 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
699 return -EFAULT;
700
701 data = kzalloc(sizeof(*data), GFP_KERNEL);
702 if (!data)
703 return -ENOMEM;
704
705 /* Userspace wants to query the certificate length. */
706 if (!input.pdh_cert_address ||
707 !input.pdh_cert_len ||
708 !input.cert_chain_address)
709 goto cmd;
710
711 /* Allocate a physically contiguous buffer to store the PDH blob. */
712 if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
713 !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
714 ret = -EFAULT;
715 goto e_free;
716 }
717
718 /* Allocate a physically contiguous buffer to store the cert chain blob. */
719 if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
720 !access_ok(input.cert_chain_address, input.cert_chain_len)) {
721 ret = -EFAULT;
722 goto e_free;
723 }
724
725 pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
726 if (!pdh_blob) {
727 ret = -ENOMEM;
728 goto e_free;
729 }
730
731 data->pdh_cert_address = __psp_pa(pdh_blob);
732 data->pdh_cert_len = input.pdh_cert_len;
733
734 cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
735 if (!cert_blob) {
736 ret = -ENOMEM;
737 goto e_free_pdh;
738 }
739
740 data->cert_chain_address = __psp_pa(cert_blob);
741 data->cert_chain_len = input.cert_chain_len;
742
743cmd:
744 /* If platform is not in INIT state then transition it to INIT. */
745 if (psp_master->sev_state != SEV_STATE_INIT) {
746 ret = __sev_platform_init_locked(&argp->error);
747 if (ret)
748 goto e_free_cert;
749 }
750
751 ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
752
753 /* If we query the length, FW responded with expected data. */
754 input.cert_chain_len = data->cert_chain_len;
755 input.pdh_cert_len = data->pdh_cert_len;
756
757 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
758 ret = -EFAULT;
759 goto e_free_cert;
760 }
761
762 if (pdh_blob) {
763 if (copy_to_user((void __user *)input.pdh_cert_address,
764 pdh_blob, input.pdh_cert_len)) {
765 ret = -EFAULT;
766 goto e_free_cert;
767 }
768 }
769
770 if (cert_blob) {
771 if (copy_to_user((void __user *)input.cert_chain_address,
772 cert_blob, input.cert_chain_len))
773 ret = -EFAULT;
774 }
775
776e_free_cert:
777 kfree(cert_blob);
778e_free_pdh:
779 kfree(pdh_blob);
780e_free:
781 kfree(data);
782 return ret;
783}
784
785static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
786{
787 void __user *argp = (void __user *)arg;
788 struct sev_issue_cmd input;
789 int ret = -EFAULT;
790
791 if (!psp_master)
792 return -ENODEV;
793
794 if (ioctl != SEV_ISSUE_CMD)
795 return -EINVAL;
796
797 if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
798 return -EFAULT;
799
800 if (input.cmd > SEV_MAX)
801 return -EINVAL;
802
803 mutex_lock(&sev_cmd_mutex);
804
805 switch (input.cmd) {
806
807 case SEV_FACTORY_RESET:
808 ret = sev_ioctl_do_reset(&input);
809 break;
810 case SEV_PLATFORM_STATUS:
811 ret = sev_ioctl_do_platform_status(&input);
812 break;
813 case SEV_PEK_GEN:
814 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input);
815 break;
816 case SEV_PDH_GEN:
817 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
818 break;
819 case SEV_PEK_CSR:
820 ret = sev_ioctl_do_pek_csr(&input);
821 break;
822 case SEV_PEK_CERT_IMPORT:
823 ret = sev_ioctl_do_pek_import(&input);
824 break;
825 case SEV_PDH_CERT_EXPORT:
826 ret = sev_ioctl_do_pdh_export(&input);
827 break;
828 case SEV_GET_ID:
829 pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
830 ret = sev_ioctl_do_get_id(&input);
831 break;
832 case SEV_GET_ID2:
833 ret = sev_ioctl_do_get_id2(&input);
834 break;
835 default:
836 ret = -EINVAL;
837 goto out;
838 }
839
840 if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
841 ret = -EFAULT;
842out:
843 mutex_unlock(&sev_cmd_mutex);
844
845 return ret;
846}
847
848static const struct file_operations sev_fops = {
849 .owner = THIS_MODULE,
850 .unlocked_ioctl = sev_ioctl,
851};
852
853int sev_platform_status(struct sev_user_data_status *data, int *error)
854{
855 return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
856}
857EXPORT_SYMBOL_GPL(sev_platform_status);
858
859int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
860{
861 return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
862}
863EXPORT_SYMBOL_GPL(sev_guest_deactivate);
864
865int sev_guest_activate(struct sev_data_activate *data, int *error)
866{
867 return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
868}
869EXPORT_SYMBOL_GPL(sev_guest_activate);
870
871int sev_guest_decommission(struct sev_data_decommission *data, int *error)
872{
873 return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
874}
875EXPORT_SYMBOL_GPL(sev_guest_decommission);
876
877int sev_guest_df_flush(int *error)
878{
879 return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
880}
881EXPORT_SYMBOL_GPL(sev_guest_df_flush);
882
883static void sev_exit(struct kref *ref)
884{
885 struct sev_misc_dev *misc_dev = container_of(ref, struct sev_misc_dev, refcount);
886
887 misc_deregister(&misc_dev->misc);
888}
889
890static int sev_misc_init(struct psp_device *psp)
891{
892 struct device *dev = psp->dev;
893 int ret;
894
895 /*
896 * SEV feature support can be detected on multiple devices but the SEV
897 * FW commands must be issued on the master. During probe, we do not
898 * know the master hence we create /dev/sev on the first device probe.
899 * sev_do_cmd() finds the right master device to which to issue the
900 * command to the firmware.
901 */
902 if (!misc_dev) {
903 struct miscdevice *misc;
904
905 misc_dev = devm_kzalloc(dev, sizeof(*misc_dev), GFP_KERNEL);
906 if (!misc_dev)
907 return -ENOMEM;
908
909 misc = &misc_dev->misc;
910 misc->minor = MISC_DYNAMIC_MINOR;
911 misc->name = DEVICE_NAME;
912 misc->fops = &sev_fops;
913
914 ret = misc_register(misc);
915 if (ret)
916 return ret;
917
918 kref_init(&misc_dev->refcount);
919 } else {
920 kref_get(&misc_dev->refcount);
921 }
922
923 init_waitqueue_head(&psp->sev_int_queue);
924 psp->sev_misc = misc_dev;
925 dev_dbg(dev, "registered SEV device\n");
926
927 return 0;
928}
929
930static int psp_check_sev_support(struct psp_device *psp)
931{
932 /* Check if device supports SEV feature */
933 if (!(ioread32(psp->io_regs + psp->vdata->feature_reg) & 1)) {
934 dev_dbg(psp->dev, "psp does not support SEV\n");
935 return -ENODEV;
936 }
937
938 return 0;
939}
940
941int psp_dev_init(struct sp_device *sp)
942{
943 struct device *dev = sp->dev;
944 struct psp_device *psp;
945 int ret;
946
947 ret = -ENOMEM;
948 psp = psp_alloc_struct(sp);
949 if (!psp)
950 goto e_err;
951
952 sp->psp_data = psp;
953
954 psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
955 if (!psp->vdata) {
956 ret = -ENODEV;
957 dev_err(dev, "missing driver data\n");
958 goto e_err;
959 }
960
961 psp->io_regs = sp->io_map;
962
963 ret = psp_check_sev_support(psp);
964 if (ret)
965 goto e_disable;
966
967 /* Disable and clear interrupts until ready */
968 iowrite32(0, psp->io_regs + psp->vdata->inten_reg);
969 iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);
970
971 /* Request an irq */
972 ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
973 if (ret) {
974 dev_err(dev, "psp: unable to allocate an IRQ\n");
975 goto e_err;
976 }
977
978 ret = sev_misc_init(psp);
979 if (ret)
980 goto e_irq;
981
982 if (sp->set_psp_master_device)
983 sp->set_psp_master_device(sp);
984
985 /* Enable interrupt */
986 iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);
987
988 dev_notice(dev, "psp enabled\n");
989
990 return 0;
991
992e_irq:
993 sp_free_psp_irq(psp->sp, psp);
994e_err:
995 sp->psp_data = NULL;
996
997 dev_notice(dev, "psp initialization failed\n");
998
999 return ret;
1000
1001e_disable:
1002 sp->psp_data = NULL;
1003
1004 return ret;
1005}
1006
1007void psp_dev_destroy(struct sp_device *sp)
1008{
1009 struct psp_device *psp = sp->psp_data;
1010
1011 if (!psp)
1012 return;
1013
1014 if (psp->sev_misc)
1015 kref_put(&misc_dev->refcount, sev_exit);
1016
1017 sp_free_psp_irq(sp, psp);
1018}
1019
1020int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1021 void *data, int *error)
1022{
1023 if (!filep || filep->f_op != &sev_fops)
1024 return -EBADF;
1025
1026 return sev_do_cmd(cmd, data, error);
1027}
1028EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1029
1030void psp_pci_init(void)
1031{
1032 struct sp_device *sp;
1033 int error, rc;
1034
1035 sp = sp_get_psp_master_device();
1036 if (!sp)
1037 return;
1038
1039 psp_master = sp->psp_data;
1040
1041 psp_timeout = psp_probe_timeout;
1042
1043 if (sev_get_api_version())
1044 goto err;
1045
1046 /*
1047 * If platform is not in UNINIT state then firmware upgrade and/or
1048 * platform INIT command will fail. These command require UNINIT state.
1049 *
1050 * In a normal boot we should never run into case where the firmware
1051 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
1052 * may not go through a typical shutdown sequence and may leave the
1053 * firmware in INIT or WORKING state.
1054 */
1055
1056 if (psp_master->sev_state != SEV_STATE_UNINIT) {
1057 sev_platform_shutdown(NULL);
1058 psp_master->sev_state = SEV_STATE_UNINIT;
1059 }
1060
1061 if (sev_version_greater_or_equal(0, 15) &&
1062 sev_update_firmware(psp_master->dev) == 0)
1063 sev_get_api_version();
1064
1065 /* Initialize the platform */
1066 rc = sev_platform_init(&error);
1067 if (rc) {
1068 dev_err(sp->dev, "SEV: failed to INIT error %#x\n", error);
1069 return;
1070 }
1071
1072 dev_info(sp->dev, "SEV API:%d.%d build:%d\n", psp_master->api_major,
1073 psp_master->api_minor, psp_master->build);
1074
1075 return;
1076
1077err:
1078 psp_master = NULL;
1079}
1080
1081void psp_pci_exit(void)
1082{
1083 if (!psp_master)
1084 return;
1085
1086 sev_platform_shutdown(NULL);
1087}