Loading...
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AMD Platform Security Processor (PSP) interface
4 *
5 * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.
6 *
7 * Author: Brijesh Singh <brijesh.singh@amd.com>
8 */
9
10#include <linux/kernel.h>
11#include <linux/irqreturn.h>
12
13#include "sp-dev.h"
14#include "psp-dev.h"
15#include "sev-dev.h"
16#include "tee-dev.h"
17
18struct psp_device *psp_master;
19
20static struct psp_device *psp_alloc_struct(struct sp_device *sp)
21{
22 struct device *dev = sp->dev;
23 struct psp_device *psp;
24
25 psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
26 if (!psp)
27 return NULL;
28
29 psp->dev = dev;
30 psp->sp = sp;
31
32 snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
33
34 return psp;
35}
36
37static irqreturn_t psp_irq_handler(int irq, void *data)
38{
39 struct psp_device *psp = data;
40 unsigned int status;
41
42 /* Read the interrupt status: */
43 status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
44
45 /* invoke subdevice interrupt handlers */
46 if (status) {
47 if (psp->sev_irq_handler)
48 psp->sev_irq_handler(irq, psp->sev_irq_data, status);
49
50 if (psp->tee_irq_handler)
51 psp->tee_irq_handler(irq, psp->tee_irq_data, status);
52 }
53
54 /* Clear the interrupt status by writing the same value we read. */
55 iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
56
57 return IRQ_HANDLED;
58}
59
60static unsigned int psp_get_capability(struct psp_device *psp)
61{
62 unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg);
63
64 /*
65 * Check for a access to the registers. If this read returns
66 * 0xffffffff, it's likely that the system is running a broken
67 * BIOS which disallows access to the device. Stop here and
68 * fail the PSP initialization (but not the load, as the CCP
69 * could get properly initialized).
70 */
71 if (val == 0xffffffff) {
72 dev_notice(psp->dev, "psp: unable to access the device: you might be running a broken BIOS.\n");
73 return -ENODEV;
74 }
75 psp->capability = val;
76
77 /* Detect if TSME and SME are both enabled */
78 if (psp->capability & PSP_CAPABILITY_PSP_SECURITY_REPORTING &&
79 psp->capability & (PSP_SECURITY_TSME_STATUS << PSP_CAPABILITY_PSP_SECURITY_OFFSET) &&
80 cc_platform_has(CC_ATTR_HOST_MEM_ENCRYPT))
81 dev_notice(psp->dev, "psp: Both TSME and SME are active, SME is unnecessary when TSME is active.\n");
82
83 return 0;
84}
85
86static int psp_check_sev_support(struct psp_device *psp)
87{
88 /* Check if device supports SEV feature */
89 if (!(psp->capability & PSP_CAPABILITY_SEV)) {
90 dev_dbg(psp->dev, "psp does not support SEV\n");
91 return -ENODEV;
92 }
93
94 return 0;
95}
96
97static int psp_check_tee_support(struct psp_device *psp)
98{
99 /* Check if device supports TEE feature */
100 if (!(psp->capability & PSP_CAPABILITY_TEE)) {
101 dev_dbg(psp->dev, "psp does not support TEE\n");
102 return -ENODEV;
103 }
104
105 return 0;
106}
107
108static int psp_init(struct psp_device *psp)
109{
110 int ret;
111
112 if (!psp_check_sev_support(psp)) {
113 ret = sev_dev_init(psp);
114 if (ret)
115 return ret;
116 }
117
118 if (!psp_check_tee_support(psp)) {
119 ret = tee_dev_init(psp);
120 if (ret)
121 return ret;
122 }
123
124 return 0;
125}
126
127int psp_dev_init(struct sp_device *sp)
128{
129 struct device *dev = sp->dev;
130 struct psp_device *psp;
131 int ret;
132
133 ret = -ENOMEM;
134 psp = psp_alloc_struct(sp);
135 if (!psp)
136 goto e_err;
137
138 sp->psp_data = psp;
139
140 psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
141 if (!psp->vdata) {
142 ret = -ENODEV;
143 dev_err(dev, "missing driver data\n");
144 goto e_err;
145 }
146
147 psp->io_regs = sp->io_map;
148
149 ret = psp_get_capability(psp);
150 if (ret)
151 goto e_disable;
152
153 /* Disable and clear interrupts until ready */
154 iowrite32(0, psp->io_regs + psp->vdata->inten_reg);
155 iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);
156
157 /* Request an irq */
158 ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
159 if (ret) {
160 dev_err(dev, "psp: unable to allocate an IRQ\n");
161 goto e_err;
162 }
163
164 ret = psp_init(psp);
165 if (ret)
166 goto e_irq;
167
168 if (sp->set_psp_master_device)
169 sp->set_psp_master_device(sp);
170
171 /* Enable interrupt */
172 iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);
173
174 dev_notice(dev, "psp enabled\n");
175
176 return 0;
177
178e_irq:
179 sp_free_psp_irq(psp->sp, psp);
180e_err:
181 sp->psp_data = NULL;
182
183 dev_notice(dev, "psp initialization failed\n");
184
185 return ret;
186
187e_disable:
188 sp->psp_data = NULL;
189
190 return ret;
191}
192
193void psp_dev_destroy(struct sp_device *sp)
194{
195 struct psp_device *psp = sp->psp_data;
196
197 if (!psp)
198 return;
199
200 sev_dev_destroy(psp);
201
202 tee_dev_destroy(psp);
203
204 sp_free_psp_irq(sp, psp);
205
206 if (sp->clear_psp_master_device)
207 sp->clear_psp_master_device(sp);
208}
209
210void psp_set_sev_irq_handler(struct psp_device *psp, psp_irq_handler_t handler,
211 void *data)
212{
213 psp->sev_irq_data = data;
214 psp->sev_irq_handler = handler;
215}
216
217void psp_clear_sev_irq_handler(struct psp_device *psp)
218{
219 psp_set_sev_irq_handler(psp, NULL, NULL);
220}
221
222void psp_set_tee_irq_handler(struct psp_device *psp, psp_irq_handler_t handler,
223 void *data)
224{
225 psp->tee_irq_data = data;
226 psp->tee_irq_handler = handler;
227}
228
229void psp_clear_tee_irq_handler(struct psp_device *psp)
230{
231 psp_set_tee_irq_handler(psp, NULL, NULL);
232}
233
234struct psp_device *psp_get_master_device(void)
235{
236 struct sp_device *sp = sp_get_psp_master_device();
237
238 return sp ? sp->psp_data : NULL;
239}
240
241void psp_pci_init(void)
242{
243 psp_master = psp_get_master_device();
244
245 if (!psp_master)
246 return;
247
248 sev_pci_init();
249}
250
251void psp_pci_exit(void)
252{
253 if (!psp_master)
254 return;
255
256 sev_pci_exit();
257}
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * AMD Platform Security Processor (PSP) interface
4 *
5 * Copyright (C) 2016,2018 Advanced Micro Devices, Inc.
6 *
7 * Author: Brijesh Singh <brijesh.singh@amd.com>
8 */
9
10#include <linux/module.h>
11#include <linux/kernel.h>
12#include <linux/kthread.h>
13#include <linux/sched.h>
14#include <linux/interrupt.h>
15#include <linux/spinlock.h>
16#include <linux/spinlock_types.h>
17#include <linux/types.h>
18#include <linux/mutex.h>
19#include <linux/delay.h>
20#include <linux/hw_random.h>
21#include <linux/ccp.h>
22#include <linux/firmware.h>
23
24#include "sp-dev.h"
25#include "psp-dev.h"
26
27#define DEVICE_NAME "sev"
28#define SEV_FW_FILE "amd/sev.fw"
29#define SEV_FW_NAME_SIZE 64
30
31static DEFINE_MUTEX(sev_cmd_mutex);
32static struct sev_misc_dev *misc_dev;
33static struct psp_device *psp_master;
34
35static int psp_cmd_timeout = 100;
36module_param(psp_cmd_timeout, int, 0644);
37MODULE_PARM_DESC(psp_cmd_timeout, " default timeout value, in seconds, for PSP commands");
38
39static int psp_probe_timeout = 5;
40module_param(psp_probe_timeout, int, 0644);
41MODULE_PARM_DESC(psp_probe_timeout, " default timeout value, in seconds, during PSP device probe");
42
43static bool psp_dead;
44static int psp_timeout;
45
46static inline bool sev_version_greater_or_equal(u8 maj, u8 min)
47{
48 if (psp_master->api_major > maj)
49 return true;
50 if (psp_master->api_major == maj && psp_master->api_minor >= min)
51 return true;
52 return false;
53}
54
55static struct psp_device *psp_alloc_struct(struct sp_device *sp)
56{
57 struct device *dev = sp->dev;
58 struct psp_device *psp;
59
60 psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);
61 if (!psp)
62 return NULL;
63
64 psp->dev = dev;
65 psp->sp = sp;
66
67 snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);
68
69 return psp;
70}
71
72static irqreturn_t psp_irq_handler(int irq, void *data)
73{
74 struct psp_device *psp = data;
75 unsigned int status;
76 int reg;
77
78 /* Read the interrupt status: */
79 status = ioread32(psp->io_regs + psp->vdata->intsts_reg);
80
81 /* Check if it is command completion: */
82 if (!(status & PSP_CMD_COMPLETE))
83 goto done;
84
85 /* Check if it is SEV command completion: */
86 reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
87 if (reg & PSP_CMDRESP_RESP) {
88 psp->sev_int_rcvd = 1;
89 wake_up(&psp->sev_int_queue);
90 }
91
92done:
93 /* Clear the interrupt status by writing the same value we read. */
94 iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);
95
96 return IRQ_HANDLED;
97}
98
99static int sev_wait_cmd_ioc(struct psp_device *psp,
100 unsigned int *reg, unsigned int timeout)
101{
102 int ret;
103
104 ret = wait_event_timeout(psp->sev_int_queue,
105 psp->sev_int_rcvd, timeout * HZ);
106 if (!ret)
107 return -ETIMEDOUT;
108
109 *reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);
110
111 return 0;
112}
113
114static int sev_cmd_buffer_len(int cmd)
115{
116 switch (cmd) {
117 case SEV_CMD_INIT: return sizeof(struct sev_data_init);
118 case SEV_CMD_PLATFORM_STATUS: return sizeof(struct sev_user_data_status);
119 case SEV_CMD_PEK_CSR: return sizeof(struct sev_data_pek_csr);
120 case SEV_CMD_PEK_CERT_IMPORT: return sizeof(struct sev_data_pek_cert_import);
121 case SEV_CMD_PDH_CERT_EXPORT: return sizeof(struct sev_data_pdh_cert_export);
122 case SEV_CMD_LAUNCH_START: return sizeof(struct sev_data_launch_start);
123 case SEV_CMD_LAUNCH_UPDATE_DATA: return sizeof(struct sev_data_launch_update_data);
124 case SEV_CMD_LAUNCH_UPDATE_VMSA: return sizeof(struct sev_data_launch_update_vmsa);
125 case SEV_CMD_LAUNCH_FINISH: return sizeof(struct sev_data_launch_finish);
126 case SEV_CMD_LAUNCH_MEASURE: return sizeof(struct sev_data_launch_measure);
127 case SEV_CMD_ACTIVATE: return sizeof(struct sev_data_activate);
128 case SEV_CMD_DEACTIVATE: return sizeof(struct sev_data_deactivate);
129 case SEV_CMD_DECOMMISSION: return sizeof(struct sev_data_decommission);
130 case SEV_CMD_GUEST_STATUS: return sizeof(struct sev_data_guest_status);
131 case SEV_CMD_DBG_DECRYPT: return sizeof(struct sev_data_dbg);
132 case SEV_CMD_DBG_ENCRYPT: return sizeof(struct sev_data_dbg);
133 case SEV_CMD_SEND_START: return sizeof(struct sev_data_send_start);
134 case SEV_CMD_SEND_UPDATE_DATA: return sizeof(struct sev_data_send_update_data);
135 case SEV_CMD_SEND_UPDATE_VMSA: return sizeof(struct sev_data_send_update_vmsa);
136 case SEV_CMD_SEND_FINISH: return sizeof(struct sev_data_send_finish);
137 case SEV_CMD_RECEIVE_START: return sizeof(struct sev_data_receive_start);
138 case SEV_CMD_RECEIVE_FINISH: return sizeof(struct sev_data_receive_finish);
139 case SEV_CMD_RECEIVE_UPDATE_DATA: return sizeof(struct sev_data_receive_update_data);
140 case SEV_CMD_RECEIVE_UPDATE_VMSA: return sizeof(struct sev_data_receive_update_vmsa);
141 case SEV_CMD_LAUNCH_UPDATE_SECRET: return sizeof(struct sev_data_launch_secret);
142 case SEV_CMD_DOWNLOAD_FIRMWARE: return sizeof(struct sev_data_download_firmware);
143 case SEV_CMD_GET_ID: return sizeof(struct sev_data_get_id);
144 default: return 0;
145 }
146
147 return 0;
148}
149
150static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
151{
152 struct psp_device *psp = psp_master;
153 unsigned int phys_lsb, phys_msb;
154 unsigned int reg, ret = 0;
155
156 if (!psp)
157 return -ENODEV;
158
159 if (psp_dead)
160 return -EBUSY;
161
162 /* Get the physical address of the command buffer */
163 phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;
164 phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;
165
166 dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",
167 cmd, phys_msb, phys_lsb, psp_timeout);
168
169 print_hex_dump_debug("(in): ", DUMP_PREFIX_OFFSET, 16, 2, data,
170 sev_cmd_buffer_len(cmd), false);
171
172 iowrite32(phys_lsb, psp->io_regs + psp->vdata->cmdbuff_addr_lo_reg);
173 iowrite32(phys_msb, psp->io_regs + psp->vdata->cmdbuff_addr_hi_reg);
174
175 psp->sev_int_rcvd = 0;
176
177 reg = cmd;
178 reg <<= PSP_CMDRESP_CMD_SHIFT;
179 reg |= PSP_CMDRESP_IOC;
180 iowrite32(reg, psp->io_regs + psp->vdata->cmdresp_reg);
181
182 /* wait for command completion */
183 ret = sev_wait_cmd_ioc(psp, ®, psp_timeout);
184 if (ret) {
185 if (psp_ret)
186 *psp_ret = 0;
187
188 dev_err(psp->dev, "sev command %#x timed out, disabling PSP \n", cmd);
189 psp_dead = true;
190
191 return ret;
192 }
193
194 psp_timeout = psp_cmd_timeout;
195
196 if (psp_ret)
197 *psp_ret = reg & PSP_CMDRESP_ERR_MASK;
198
199 if (reg & PSP_CMDRESP_ERR_MASK) {
200 dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n",
201 cmd, reg & PSP_CMDRESP_ERR_MASK);
202 ret = -EIO;
203 }
204
205 print_hex_dump_debug("(out): ", DUMP_PREFIX_OFFSET, 16, 2, data,
206 sev_cmd_buffer_len(cmd), false);
207
208 return ret;
209}
210
211static int sev_do_cmd(int cmd, void *data, int *psp_ret)
212{
213 int rc;
214
215 mutex_lock(&sev_cmd_mutex);
216 rc = __sev_do_cmd_locked(cmd, data, psp_ret);
217 mutex_unlock(&sev_cmd_mutex);
218
219 return rc;
220}
221
222static int __sev_platform_init_locked(int *error)
223{
224 struct psp_device *psp = psp_master;
225 int rc = 0;
226
227 if (!psp)
228 return -ENODEV;
229
230 if (psp->sev_state == SEV_STATE_INIT)
231 return 0;
232
233 rc = __sev_do_cmd_locked(SEV_CMD_INIT, &psp->init_cmd_buf, error);
234 if (rc)
235 return rc;
236
237 psp->sev_state = SEV_STATE_INIT;
238 dev_dbg(psp->dev, "SEV firmware initialized\n");
239
240 return rc;
241}
242
243int sev_platform_init(int *error)
244{
245 int rc;
246
247 mutex_lock(&sev_cmd_mutex);
248 rc = __sev_platform_init_locked(error);
249 mutex_unlock(&sev_cmd_mutex);
250
251 return rc;
252}
253EXPORT_SYMBOL_GPL(sev_platform_init);
254
255static int __sev_platform_shutdown_locked(int *error)
256{
257 int ret;
258
259 ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);
260 if (ret)
261 return ret;
262
263 psp_master->sev_state = SEV_STATE_UNINIT;
264 dev_dbg(psp_master->dev, "SEV firmware shutdown\n");
265
266 return ret;
267}
268
269static int sev_platform_shutdown(int *error)
270{
271 int rc;
272
273 mutex_lock(&sev_cmd_mutex);
274 rc = __sev_platform_shutdown_locked(NULL);
275 mutex_unlock(&sev_cmd_mutex);
276
277 return rc;
278}
279
280static int sev_get_platform_state(int *state, int *error)
281{
282 int rc;
283
284 rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,
285 &psp_master->status_cmd_buf, error);
286 if (rc)
287 return rc;
288
289 *state = psp_master->status_cmd_buf.state;
290 return rc;
291}
292
293static int sev_ioctl_do_reset(struct sev_issue_cmd *argp)
294{
295 int state, rc;
296
297 /*
298 * The SEV spec requires that FACTORY_RESET must be issued in
299 * UNINIT state. Before we go further lets check if any guest is
300 * active.
301 *
302 * If FW is in WORKING state then deny the request otherwise issue
303 * SHUTDOWN command do INIT -> UNINIT before issuing the FACTORY_RESET.
304 *
305 */
306 rc = sev_get_platform_state(&state, &argp->error);
307 if (rc)
308 return rc;
309
310 if (state == SEV_STATE_WORKING)
311 return -EBUSY;
312
313 if (state == SEV_STATE_INIT) {
314 rc = __sev_platform_shutdown_locked(&argp->error);
315 if (rc)
316 return rc;
317 }
318
319 return __sev_do_cmd_locked(SEV_CMD_FACTORY_RESET, NULL, &argp->error);
320}
321
322static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)
323{
324 struct sev_user_data_status *data = &psp_master->status_cmd_buf;
325 int ret;
326
327 ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);
328 if (ret)
329 return ret;
330
331 if (copy_to_user((void __user *)argp->data, data, sizeof(*data)))
332 ret = -EFAULT;
333
334 return ret;
335}
336
337static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)
338{
339 int rc;
340
341 if (psp_master->sev_state == SEV_STATE_UNINIT) {
342 rc = __sev_platform_init_locked(&argp->error);
343 if (rc)
344 return rc;
345 }
346
347 return __sev_do_cmd_locked(cmd, NULL, &argp->error);
348}
349
350static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
351{
352 struct sev_user_data_pek_csr input;
353 struct sev_data_pek_csr *data;
354 void *blob = NULL;
355 int ret;
356
357 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
358 return -EFAULT;
359
360 data = kzalloc(sizeof(*data), GFP_KERNEL);
361 if (!data)
362 return -ENOMEM;
363
364 /* userspace wants to query CSR length */
365 if (!input.address || !input.length)
366 goto cmd;
367
368 /* allocate a physically contiguous buffer to store the CSR blob */
369 if (!access_ok(input.address, input.length) ||
370 input.length > SEV_FW_BLOB_MAX_SIZE) {
371 ret = -EFAULT;
372 goto e_free;
373 }
374
375 blob = kmalloc(input.length, GFP_KERNEL);
376 if (!blob) {
377 ret = -ENOMEM;
378 goto e_free;
379 }
380
381 data->address = __psp_pa(blob);
382 data->len = input.length;
383
384cmd:
385 if (psp_master->sev_state == SEV_STATE_UNINIT) {
386 ret = __sev_platform_init_locked(&argp->error);
387 if (ret)
388 goto e_free_blob;
389 }
390
391 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CSR, data, &argp->error);
392
393 /* If we query the CSR length, FW responded with expected data. */
394 input.length = data->len;
395
396 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
397 ret = -EFAULT;
398 goto e_free_blob;
399 }
400
401 if (blob) {
402 if (copy_to_user((void __user *)input.address, blob, input.length))
403 ret = -EFAULT;
404 }
405
406e_free_blob:
407 kfree(blob);
408e_free:
409 kfree(data);
410 return ret;
411}
412
413void *psp_copy_user_blob(u64 __user uaddr, u32 len)
414{
415 if (!uaddr || !len)
416 return ERR_PTR(-EINVAL);
417
418 /* verify that blob length does not exceed our limit */
419 if (len > SEV_FW_BLOB_MAX_SIZE)
420 return ERR_PTR(-EINVAL);
421
422 return memdup_user((void __user *)(uintptr_t)uaddr, len);
423}
424EXPORT_SYMBOL_GPL(psp_copy_user_blob);
425
426static int sev_get_api_version(void)
427{
428 struct sev_user_data_status *status;
429 int error = 0, ret;
430
431 status = &psp_master->status_cmd_buf;
432 ret = sev_platform_status(status, &error);
433 if (ret) {
434 dev_err(psp_master->dev,
435 "SEV: failed to get status. Error: %#x\n", error);
436 return 1;
437 }
438
439 psp_master->api_major = status->api_major;
440 psp_master->api_minor = status->api_minor;
441 psp_master->build = status->build;
442 psp_master->sev_state = status->state;
443
444 return 0;
445}
446
447static int sev_get_firmware(struct device *dev,
448 const struct firmware **firmware)
449{
450 char fw_name_specific[SEV_FW_NAME_SIZE];
451 char fw_name_subset[SEV_FW_NAME_SIZE];
452
453 snprintf(fw_name_specific, sizeof(fw_name_specific),
454 "amd/amd_sev_fam%.2xh_model%.2xh.sbin",
455 boot_cpu_data.x86, boot_cpu_data.x86_model);
456
457 snprintf(fw_name_subset, sizeof(fw_name_subset),
458 "amd/amd_sev_fam%.2xh_model%.1xxh.sbin",
459 boot_cpu_data.x86, (boot_cpu_data.x86_model & 0xf0) >> 4);
460
461 /* Check for SEV FW for a particular model.
462 * Ex. amd_sev_fam17h_model00h.sbin for Family 17h Model 00h
463 *
464 * or
465 *
466 * Check for SEV FW common to a subset of models.
467 * Ex. amd_sev_fam17h_model0xh.sbin for
468 * Family 17h Model 00h -- Family 17h Model 0Fh
469 *
470 * or
471 *
472 * Fall-back to using generic name: sev.fw
473 */
474 if ((firmware_request_nowarn(firmware, fw_name_specific, dev) >= 0) ||
475 (firmware_request_nowarn(firmware, fw_name_subset, dev) >= 0) ||
476 (firmware_request_nowarn(firmware, SEV_FW_FILE, dev) >= 0))
477 return 0;
478
479 return -ENOENT;
480}
481
482/* Don't fail if SEV FW couldn't be updated. Continue with existing SEV FW */
483static int sev_update_firmware(struct device *dev)
484{
485 struct sev_data_download_firmware *data;
486 const struct firmware *firmware;
487 int ret, error, order;
488 struct page *p;
489 u64 data_size;
490
491 if (sev_get_firmware(dev, &firmware) == -ENOENT) {
492 dev_dbg(dev, "No SEV firmware file present\n");
493 return -1;
494 }
495
496 /*
497 * SEV FW expects the physical address given to it to be 32
498 * byte aligned. Memory allocated has structure placed at the
499 * beginning followed by the firmware being passed to the SEV
500 * FW. Allocate enough memory for data structure + alignment
501 * padding + SEV FW.
502 */
503 data_size = ALIGN(sizeof(struct sev_data_download_firmware), 32);
504
505 order = get_order(firmware->size + data_size);
506 p = alloc_pages(GFP_KERNEL, order);
507 if (!p) {
508 ret = -1;
509 goto fw_err;
510 }
511
512 /*
513 * Copy firmware data to a kernel allocated contiguous
514 * memory region.
515 */
516 data = page_address(p);
517 memcpy(page_address(p) + data_size, firmware->data, firmware->size);
518
519 data->address = __psp_pa(page_address(p) + data_size);
520 data->len = firmware->size;
521
522 ret = sev_do_cmd(SEV_CMD_DOWNLOAD_FIRMWARE, data, &error);
523 if (ret)
524 dev_dbg(dev, "Failed to update SEV firmware: %#x\n", error);
525 else
526 dev_info(dev, "SEV firmware update successful\n");
527
528 __free_pages(p, order);
529
530fw_err:
531 release_firmware(firmware);
532
533 return ret;
534}
535
536static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)
537{
538 struct sev_user_data_pek_cert_import input;
539 struct sev_data_pek_cert_import *data;
540 void *pek_blob, *oca_blob;
541 int ret;
542
543 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
544 return -EFAULT;
545
546 data = kzalloc(sizeof(*data), GFP_KERNEL);
547 if (!data)
548 return -ENOMEM;
549
550 /* copy PEK certificate blobs from userspace */
551 pek_blob = psp_copy_user_blob(input.pek_cert_address, input.pek_cert_len);
552 if (IS_ERR(pek_blob)) {
553 ret = PTR_ERR(pek_blob);
554 goto e_free;
555 }
556
557 data->pek_cert_address = __psp_pa(pek_blob);
558 data->pek_cert_len = input.pek_cert_len;
559
560 /* copy PEK certificate blobs from userspace */
561 oca_blob = psp_copy_user_blob(input.oca_cert_address, input.oca_cert_len);
562 if (IS_ERR(oca_blob)) {
563 ret = PTR_ERR(oca_blob);
564 goto e_free_pek;
565 }
566
567 data->oca_cert_address = __psp_pa(oca_blob);
568 data->oca_cert_len = input.oca_cert_len;
569
570 /* If platform is not in INIT state then transition it to INIT */
571 if (psp_master->sev_state != SEV_STATE_INIT) {
572 ret = __sev_platform_init_locked(&argp->error);
573 if (ret)
574 goto e_free_oca;
575 }
576
577 ret = __sev_do_cmd_locked(SEV_CMD_PEK_CERT_IMPORT, data, &argp->error);
578
579e_free_oca:
580 kfree(oca_blob);
581e_free_pek:
582 kfree(pek_blob);
583e_free:
584 kfree(data);
585 return ret;
586}
587
588static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
589{
590 struct sev_user_data_get_id2 input;
591 struct sev_data_get_id *data;
592 void *id_blob = NULL;
593 int ret;
594
595 /* SEV GET_ID is available from SEV API v0.16 and up */
596 if (!sev_version_greater_or_equal(0, 16))
597 return -ENOTSUPP;
598
599 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
600 return -EFAULT;
601
602 /* Check if we have write access to the userspace buffer */
603 if (input.address &&
604 input.length &&
605 !access_ok(input.address, input.length))
606 return -EFAULT;
607
608 data = kzalloc(sizeof(*data), GFP_KERNEL);
609 if (!data)
610 return -ENOMEM;
611
612 if (input.address && input.length) {
613 id_blob = kmalloc(input.length, GFP_KERNEL);
614 if (!id_blob) {
615 kfree(data);
616 return -ENOMEM;
617 }
618
619 data->address = __psp_pa(id_blob);
620 data->len = input.length;
621 }
622
623 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
624
625 /*
626 * Firmware will return the length of the ID value (either the minimum
627 * required length or the actual length written), return it to the user.
628 */
629 input.length = data->len;
630
631 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
632 ret = -EFAULT;
633 goto e_free;
634 }
635
636 if (id_blob) {
637 if (copy_to_user((void __user *)input.address,
638 id_blob, data->len)) {
639 ret = -EFAULT;
640 goto e_free;
641 }
642 }
643
644e_free:
645 kfree(id_blob);
646 kfree(data);
647
648 return ret;
649}
650
651static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp)
652{
653 struct sev_data_get_id *data;
654 u64 data_size, user_size;
655 void *id_blob, *mem;
656 int ret;
657
658 /* SEV GET_ID available from SEV API v0.16 and up */
659 if (!sev_version_greater_or_equal(0, 16))
660 return -ENOTSUPP;
661
662 /* SEV FW expects the buffer it fills with the ID to be
663 * 8-byte aligned. Memory allocated should be enough to
664 * hold data structure + alignment padding + memory
665 * where SEV FW writes the ID.
666 */
667 data_size = ALIGN(sizeof(struct sev_data_get_id), 8);
668 user_size = sizeof(struct sev_user_data_get_id);
669
670 mem = kzalloc(data_size + user_size, GFP_KERNEL);
671 if (!mem)
672 return -ENOMEM;
673
674 data = mem;
675 id_blob = mem + data_size;
676
677 data->address = __psp_pa(id_blob);
678 data->len = user_size;
679
680 ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error);
681 if (!ret) {
682 if (copy_to_user((void __user *)argp->data, id_blob, data->len))
683 ret = -EFAULT;
684 }
685
686 kfree(mem);
687
688 return ret;
689}
690
691static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)
692{
693 struct sev_user_data_pdh_cert_export input;
694 void *pdh_blob = NULL, *cert_blob = NULL;
695 struct sev_data_pdh_cert_export *data;
696 int ret;
697
698 if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
699 return -EFAULT;
700
701 data = kzalloc(sizeof(*data), GFP_KERNEL);
702 if (!data)
703 return -ENOMEM;
704
705 /* Userspace wants to query the certificate length. */
706 if (!input.pdh_cert_address ||
707 !input.pdh_cert_len ||
708 !input.cert_chain_address)
709 goto cmd;
710
711 /* Allocate a physically contiguous buffer to store the PDH blob. */
712 if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
713 !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
714 ret = -EFAULT;
715 goto e_free;
716 }
717
718 /* Allocate a physically contiguous buffer to store the cert chain blob. */
719 if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
720 !access_ok(input.cert_chain_address, input.cert_chain_len)) {
721 ret = -EFAULT;
722 goto e_free;
723 }
724
725 pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL);
726 if (!pdh_blob) {
727 ret = -ENOMEM;
728 goto e_free;
729 }
730
731 data->pdh_cert_address = __psp_pa(pdh_blob);
732 data->pdh_cert_len = input.pdh_cert_len;
733
734 cert_blob = kmalloc(input.cert_chain_len, GFP_KERNEL);
735 if (!cert_blob) {
736 ret = -ENOMEM;
737 goto e_free_pdh;
738 }
739
740 data->cert_chain_address = __psp_pa(cert_blob);
741 data->cert_chain_len = input.cert_chain_len;
742
743cmd:
744 /* If platform is not in INIT state then transition it to INIT. */
745 if (psp_master->sev_state != SEV_STATE_INIT) {
746 ret = __sev_platform_init_locked(&argp->error);
747 if (ret)
748 goto e_free_cert;
749 }
750
751 ret = __sev_do_cmd_locked(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error);
752
753 /* If we query the length, FW responded with expected data. */
754 input.cert_chain_len = data->cert_chain_len;
755 input.pdh_cert_len = data->pdh_cert_len;
756
757 if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) {
758 ret = -EFAULT;
759 goto e_free_cert;
760 }
761
762 if (pdh_blob) {
763 if (copy_to_user((void __user *)input.pdh_cert_address,
764 pdh_blob, input.pdh_cert_len)) {
765 ret = -EFAULT;
766 goto e_free_cert;
767 }
768 }
769
770 if (cert_blob) {
771 if (copy_to_user((void __user *)input.cert_chain_address,
772 cert_blob, input.cert_chain_len))
773 ret = -EFAULT;
774 }
775
776e_free_cert:
777 kfree(cert_blob);
778e_free_pdh:
779 kfree(pdh_blob);
780e_free:
781 kfree(data);
782 return ret;
783}
784
785static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
786{
787 void __user *argp = (void __user *)arg;
788 struct sev_issue_cmd input;
789 int ret = -EFAULT;
790
791 if (!psp_master)
792 return -ENODEV;
793
794 if (ioctl != SEV_ISSUE_CMD)
795 return -EINVAL;
796
797 if (copy_from_user(&input, argp, sizeof(struct sev_issue_cmd)))
798 return -EFAULT;
799
800 if (input.cmd > SEV_MAX)
801 return -EINVAL;
802
803 mutex_lock(&sev_cmd_mutex);
804
805 switch (input.cmd) {
806
807 case SEV_FACTORY_RESET:
808 ret = sev_ioctl_do_reset(&input);
809 break;
810 case SEV_PLATFORM_STATUS:
811 ret = sev_ioctl_do_platform_status(&input);
812 break;
813 case SEV_PEK_GEN:
814 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PEK_GEN, &input);
815 break;
816 case SEV_PDH_GEN:
817 ret = sev_ioctl_do_pek_pdh_gen(SEV_CMD_PDH_GEN, &input);
818 break;
819 case SEV_PEK_CSR:
820 ret = sev_ioctl_do_pek_csr(&input);
821 break;
822 case SEV_PEK_CERT_IMPORT:
823 ret = sev_ioctl_do_pek_import(&input);
824 break;
825 case SEV_PDH_CERT_EXPORT:
826 ret = sev_ioctl_do_pdh_export(&input);
827 break;
828 case SEV_GET_ID:
829 pr_warn_once("SEV_GET_ID command is deprecated, use SEV_GET_ID2\n");
830 ret = sev_ioctl_do_get_id(&input);
831 break;
832 case SEV_GET_ID2:
833 ret = sev_ioctl_do_get_id2(&input);
834 break;
835 default:
836 ret = -EINVAL;
837 goto out;
838 }
839
840 if (copy_to_user(argp, &input, sizeof(struct sev_issue_cmd)))
841 ret = -EFAULT;
842out:
843 mutex_unlock(&sev_cmd_mutex);
844
845 return ret;
846}
847
848static const struct file_operations sev_fops = {
849 .owner = THIS_MODULE,
850 .unlocked_ioctl = sev_ioctl,
851};
852
853int sev_platform_status(struct sev_user_data_status *data, int *error)
854{
855 return sev_do_cmd(SEV_CMD_PLATFORM_STATUS, data, error);
856}
857EXPORT_SYMBOL_GPL(sev_platform_status);
858
859int sev_guest_deactivate(struct sev_data_deactivate *data, int *error)
860{
861 return sev_do_cmd(SEV_CMD_DEACTIVATE, data, error);
862}
863EXPORT_SYMBOL_GPL(sev_guest_deactivate);
864
865int sev_guest_activate(struct sev_data_activate *data, int *error)
866{
867 return sev_do_cmd(SEV_CMD_ACTIVATE, data, error);
868}
869EXPORT_SYMBOL_GPL(sev_guest_activate);
870
871int sev_guest_decommission(struct sev_data_decommission *data, int *error)
872{
873 return sev_do_cmd(SEV_CMD_DECOMMISSION, data, error);
874}
875EXPORT_SYMBOL_GPL(sev_guest_decommission);
876
877int sev_guest_df_flush(int *error)
878{
879 return sev_do_cmd(SEV_CMD_DF_FLUSH, NULL, error);
880}
881EXPORT_SYMBOL_GPL(sev_guest_df_flush);
882
883static void sev_exit(struct kref *ref)
884{
885 struct sev_misc_dev *misc_dev = container_of(ref, struct sev_misc_dev, refcount);
886
887 misc_deregister(&misc_dev->misc);
888}
889
890static int sev_misc_init(struct psp_device *psp)
891{
892 struct device *dev = psp->dev;
893 int ret;
894
895 /*
896 * SEV feature support can be detected on multiple devices but the SEV
897 * FW commands must be issued on the master. During probe, we do not
898 * know the master hence we create /dev/sev on the first device probe.
899 * sev_do_cmd() finds the right master device to which to issue the
900 * command to the firmware.
901 */
902 if (!misc_dev) {
903 struct miscdevice *misc;
904
905 misc_dev = devm_kzalloc(dev, sizeof(*misc_dev), GFP_KERNEL);
906 if (!misc_dev)
907 return -ENOMEM;
908
909 misc = &misc_dev->misc;
910 misc->minor = MISC_DYNAMIC_MINOR;
911 misc->name = DEVICE_NAME;
912 misc->fops = &sev_fops;
913
914 ret = misc_register(misc);
915 if (ret)
916 return ret;
917
918 kref_init(&misc_dev->refcount);
919 } else {
920 kref_get(&misc_dev->refcount);
921 }
922
923 init_waitqueue_head(&psp->sev_int_queue);
924 psp->sev_misc = misc_dev;
925 dev_dbg(dev, "registered SEV device\n");
926
927 return 0;
928}
929
930static int psp_check_sev_support(struct psp_device *psp)
931{
932 /* Check if device supports SEV feature */
933 if (!(ioread32(psp->io_regs + psp->vdata->feature_reg) & 1)) {
934 dev_dbg(psp->dev, "psp does not support SEV\n");
935 return -ENODEV;
936 }
937
938 return 0;
939}
940
941int psp_dev_init(struct sp_device *sp)
942{
943 struct device *dev = sp->dev;
944 struct psp_device *psp;
945 int ret;
946
947 ret = -ENOMEM;
948 psp = psp_alloc_struct(sp);
949 if (!psp)
950 goto e_err;
951
952 sp->psp_data = psp;
953
954 psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;
955 if (!psp->vdata) {
956 ret = -ENODEV;
957 dev_err(dev, "missing driver data\n");
958 goto e_err;
959 }
960
961 psp->io_regs = sp->io_map;
962
963 ret = psp_check_sev_support(psp);
964 if (ret)
965 goto e_disable;
966
967 /* Disable and clear interrupts until ready */
968 iowrite32(0, psp->io_regs + psp->vdata->inten_reg);
969 iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);
970
971 /* Request an irq */
972 ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);
973 if (ret) {
974 dev_err(dev, "psp: unable to allocate an IRQ\n");
975 goto e_err;
976 }
977
978 ret = sev_misc_init(psp);
979 if (ret)
980 goto e_irq;
981
982 if (sp->set_psp_master_device)
983 sp->set_psp_master_device(sp);
984
985 /* Enable interrupt */
986 iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);
987
988 dev_notice(dev, "psp enabled\n");
989
990 return 0;
991
992e_irq:
993 sp_free_psp_irq(psp->sp, psp);
994e_err:
995 sp->psp_data = NULL;
996
997 dev_notice(dev, "psp initialization failed\n");
998
999 return ret;
1000
1001e_disable:
1002 sp->psp_data = NULL;
1003
1004 return ret;
1005}
1006
1007void psp_dev_destroy(struct sp_device *sp)
1008{
1009 struct psp_device *psp = sp->psp_data;
1010
1011 if (!psp)
1012 return;
1013
1014 if (psp->sev_misc)
1015 kref_put(&misc_dev->refcount, sev_exit);
1016
1017 sp_free_psp_irq(sp, psp);
1018}
1019
1020int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
1021 void *data, int *error)
1022{
1023 if (!filep || filep->f_op != &sev_fops)
1024 return -EBADF;
1025
1026 return sev_do_cmd(cmd, data, error);
1027}
1028EXPORT_SYMBOL_GPL(sev_issue_cmd_external_user);
1029
1030void psp_pci_init(void)
1031{
1032 struct sp_device *sp;
1033 int error, rc;
1034
1035 sp = sp_get_psp_master_device();
1036 if (!sp)
1037 return;
1038
1039 psp_master = sp->psp_data;
1040
1041 psp_timeout = psp_probe_timeout;
1042
1043 if (sev_get_api_version())
1044 goto err;
1045
1046 /*
1047 * If platform is not in UNINIT state then firmware upgrade and/or
1048 * platform INIT command will fail. These command require UNINIT state.
1049 *
1050 * In a normal boot we should never run into case where the firmware
1051 * is not in UNINIT state on boot. But in case of kexec boot, a reboot
1052 * may not go through a typical shutdown sequence and may leave the
1053 * firmware in INIT or WORKING state.
1054 */
1055
1056 if (psp_master->sev_state != SEV_STATE_UNINIT) {
1057 sev_platform_shutdown(NULL);
1058 psp_master->sev_state = SEV_STATE_UNINIT;
1059 }
1060
1061 if (sev_version_greater_or_equal(0, 15) &&
1062 sev_update_firmware(psp_master->dev) == 0)
1063 sev_get_api_version();
1064
1065 /* Initialize the platform */
1066 rc = sev_platform_init(&error);
1067 if (rc) {
1068 dev_err(sp->dev, "SEV: failed to INIT error %#x\n", error);
1069 return;
1070 }
1071
1072 dev_info(sp->dev, "SEV API:%d.%d build:%d\n", psp_master->api_major,
1073 psp_master->api_minor, psp_master->build);
1074
1075 return;
1076
1077err:
1078 psp_master = NULL;
1079}
1080
1081void psp_pci_exit(void)
1082{
1083 if (!psp_master)
1084 return;
1085
1086 sev_platform_shutdown(NULL);
1087}