]> www.infradead.org Git - users/hch/dma-mapping.git/commitdiff
crypto: ccp: Add the SNP_PLATFORM_STATUS command
authorBrijesh Singh <brijesh.singh@amd.com>
Fri, 26 Jan 2024 04:11:23 +0000 (22:11 -0600)
committerBorislav Petkov (AMD) <bp@alien8.de>
Mon, 29 Jan 2024 19:34:19 +0000 (20:34 +0100)
This command is used to query the SNP platform status. See the SEV-SNP
spec for more details.

Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
Link: https://lore.kernel.org/r/20240126041126.1927228-24-michael.roth@amd.com
Documentation/virt/coco/sev-guest.rst
drivers/crypto/ccp/sev-dev.c
include/uapi/linux/psp-sev.h

index 68b0d2363af820256c70ba2d5284244247ee979f..6d3d5d336e5f003b304dbe38358d2a8a63a18b9f 100644 (file)
@@ -67,6 +67,22 @@ counter (e.g. counter overflow), then -EIO will be returned.
                 };
         };
 
+The host ioctls are issued to a file descriptor of the /dev/sev device.
+The ioctl accepts the command ID/input structure documented below.
+
+::
+        struct sev_issue_cmd {
+                /* Command ID */
+                __u32 cmd;
+
+                /* Command request structure */
+                __u64 data;
+
+                /* Firmware error code on failure (see psp-sev.h) */
+                __u32 error;
+        };
+
+
 2.1 SNP_GET_REPORT
 ------------------
 
@@ -124,6 +140,17 @@ be updated with the expected value.
 
 See GHCB specification for further detail on how to parse the certificate blob.
 
+2.4 SNP_PLATFORM_STATUS
+-----------------------
+:Technology: sev-snp
+:Type: hypervisor ioctl cmd
+:Parameters (out): struct sev_user_data_snp_status
+:Returns (out): 0 on success, -negative on error
+
+The SNP_PLATFORM_STATUS command is used to query the SNP platform status. The
+status includes API major, minor version and more. See the SEV-SNP
+specification for further details.
+
 3. SEV-SNP CPUID Enforcement
 ============================
 
index 504a2216bded6799000485fdabd54a2862d1fd28..ae02efe2736cf7d0dd87cc30e1a4b3186dcc0b66 100644 (file)
@@ -1941,6 +1941,55 @@ e_free_pdh:
        return ret;
 }
 
+static int sev_ioctl_do_snp_platform_status(struct sev_issue_cmd *argp)
+{
+       struct sev_device *sev = psp_master->sev_data;
+       struct sev_data_snp_addr buf;
+       struct page *status_page;
+       void *data;
+       int ret;
+
+       if (!sev->snp_initialized || !argp->data)
+               return -EINVAL;
+
+       status_page = alloc_page(GFP_KERNEL_ACCOUNT);
+       if (!status_page)
+               return -ENOMEM;
+
+       data = page_address(status_page);
+
+       /*
+        * Firmware expects status page to be in firmware-owned state, otherwise
+        * it will report firmware error code INVALID_PAGE_STATE (0x1A).
+        */
+       if (rmp_mark_pages_firmware(__pa(data), 1, true)) {
+               ret = -EFAULT;
+               goto cleanup;
+       }
+
+       buf.address = __psp_pa(data);
+       ret = __sev_do_cmd_locked(SEV_CMD_SNP_PLATFORM_STATUS, &buf, &argp->error);
+
+       /*
+        * Status page will be transitioned to Reclaim state upon success, or
+        * left in Firmware state in failure. Use snp_reclaim_pages() to
+        * transition either case back to Hypervisor-owned state.
+        */
+       if (snp_reclaim_pages(__pa(data), 1, true))
+               return -EFAULT;
+
+       if (ret)
+               goto cleanup;
+
+       if (copy_to_user((void __user *)argp->data, data,
+                        sizeof(struct sev_user_data_snp_status)))
+               ret = -EFAULT;
+
+cleanup:
+       __free_pages(status_page, 0);
+       return ret;
+}
+
 static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
 {
        void __user *argp = (void __user *)arg;
@@ -1992,6 +2041,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg)
        case SEV_GET_ID2:
                ret = sev_ioctl_do_get_id2(&input);
                break;
+       case SNP_PLATFORM_STATUS:
+               ret = sev_ioctl_do_snp_platform_status(&input);
+               break;
        default:
                ret = -EINVAL;
                goto out;
index 207e34217528ab48137f8efa1f93b183b30b1243..f1e2c55a92b4326ee5def7298261b723cde7c576 100644 (file)
@@ -28,6 +28,7 @@ enum {
        SEV_PEK_CERT_IMPORT,
        SEV_GET_ID,     /* This command is deprecated, use SEV_GET_ID2 */
        SEV_GET_ID2,
+       SNP_PLATFORM_STATUS,
 
        SEV_MAX,
 };