Re: [PATCH 04/12] KVM: SVM: Add support for KVM_SEV_RECEIVE_START command
From: Steve Rutherford
Date: Mon Mar 09 2020 - 21:41:44 EST
On Wed, Feb 12, 2020 at 5:16 PM Ashish Kalra <Ashish.Kalra@xxxxxxx> wrote:
>
> From: Brijesh Singh <brijesh.singh@xxxxxxx>
>
> The command is used to create the encryption context for an incoming
> SEV guest. The encryption context can be later used by the hypervisor
> to import the incoming data into the SEV guest memory space.
>
> Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> Cc: Ingo Molnar <mingo@xxxxxxxxxx>
> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: "Radim KrÄmÃÅ" <rkrcmar@xxxxxxxxxx>
> Cc: Joerg Roedel <joro@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: x86@xxxxxxxxxx
> Cc: kvm@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> Signed-off-by: Ashish Kalra <ashish.kalra@xxxxxxx>
> ---
> .../virt/kvm/amd-memory-encryption.rst | 29 +++++++
> arch/x86/kvm/svm.c | 81 +++++++++++++++++++
> include/uapi/linux/kvm.h | 9 +++
> 3 files changed, 119 insertions(+)
>
> diff --git a/Documentation/virt/kvm/amd-memory-encryption.rst b/Documentation/virt/kvm/amd-memory-encryption.rst
> index f22f09ad72bd..4b882fb681fa 100644
> --- a/Documentation/virt/kvm/amd-memory-encryption.rst
> +++ b/Documentation/virt/kvm/amd-memory-encryption.rst
> @@ -297,6 +297,35 @@ issued by the hypervisor to delete the encryption context.
>
> Returns: 0 on success, -negative on error
>
> +13. KVM_SEV_RECEIVE_START
> +------------------------
> +
> +The KVM_SEV_RECEIVE_START command is used for creating the memory encryption
> +context for an incoming SEV guest. To create the encryption context, the user must
> +provide a guest policy, the platform public Diffie-Hellman (PDH) key and session
> +information.
> +
> +Parameters: struct kvm_sev_receive_start (in/out)
> +
> +Returns: 0 on success, -negative on error
> +
> +::
> +
> + struct kvm_sev_receive_start {
> + __u32 handle; /* if zero then firmware creates a new handle */
> + __u32 policy; /* guest's policy */
> +
> + __u64 pdh_uaddr; /* userspace address pointing to the PDH key */
> + __u32 dh_len;
> +
> + __u64 session_addr; /* userspace address which points to the guest session information */
> + __u32 session_len;
> + };
> +
> +On success, the 'handle' field contains a new handle and on error, a negative value.
> +
> +For more details, see SEV spec Section 6.12.
> +
> References
> ==========
>
> diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
> index c55c1865f9e0..3b766f386c84 100644
> --- a/arch/x86/kvm/svm.c
> +++ b/arch/x86/kvm/svm.c
> @@ -7407,6 +7407,84 @@ static int sev_send_finish(struct kvm *kvm, struct kvm_sev_cmd *argp)
> return ret;
> }
>
> +static int sev_receive_start(struct kvm *kvm, struct kvm_sev_cmd *argp)
> +{
> + struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info;
> + struct sev_data_receive_start *start;
> + struct kvm_sev_receive_start params;
> + int *error = &argp->error;
> + void *session_data;
> + void *pdh_data;
> + int ret;
> +
> + if (!sev_guest(kvm))
> + return -ENOTTY;
> +
> + /* Get parameter from the userspace */
> + if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data,
> + sizeof(struct kvm_sev_receive_start)))
> + return -EFAULT;
> +
> + /* some sanity checks */
> + if (!params.pdh_uaddr || !params.pdh_len ||
> + !params.session_uaddr || !params.session_len)
> + return -EINVAL;
> +
> + pdh_data = psp_copy_user_blob(params.pdh_uaddr, params.pdh_len);
> + if (IS_ERR(pdh_data))
> + return PTR_ERR(pdh_data);
> +
> + session_data = psp_copy_user_blob(params.session_uaddr,
> + params.session_len);
> + if (IS_ERR(session_data)) {
> + ret = PTR_ERR(session_data);
> + goto e_free_pdh;
> + }
> +
> + ret = -ENOMEM;
> + start = kzalloc(sizeof(*start), GFP_KERNEL);
> + if (!start)
> + goto e_free_session;
> +
> + start->handle = params.handle;
> + start->policy = params.policy;
> + start->pdh_cert_address = __psp_pa(pdh_data);
> + start->pdh_cert_len = params.pdh_len;
> + start->session_address = __psp_pa(session_data);
> + start->session_len = params.session_len;
> +
> + /* create memory encryption context */
Set ret to a different value here, since otherwise this will look like -ENOMEM.
> + ret = __sev_issue_cmd(argp->sev_fd, SEV_CMD_RECEIVE_START, start,
> + error);
> + if (ret)
> + goto e_free;
> +
> + /* Bind ASID to this guest */
Ideally, set ret to another distinct value, since the error spaces for
these commands overlap, so you won't be sure which had the problem.
You also wouldn't be sure if one succeeded and the other failed vs
both failing.
> + ret = sev_bind_asid(kvm, start->handle, error);
> + if (ret)
> + goto e_free;
> +
> + params.handle = start->handle;
> + if (copy_to_user((void __user *)(uintptr_t)argp->data,
> + ¶ms, sizeof(struct kvm_sev_receive_start))) {
> + ret = -EFAULT;
> + sev_unbind_asid(kvm, start->handle);
> + goto e_free;
> + }
> +
> + sev->handle = start->handle;
> + sev->fd = argp->sev_fd;
> +
> +e_free:
> + kfree(start);
> +e_free_session:
> + kfree(session_data);
> +e_free_pdh:
> + kfree(pdh_data);
> +
> + return ret;
> +}
> +
> static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
> {
> struct kvm_sev_cmd sev_cmd;
> @@ -7457,6 +7535,9 @@ static int svm_mem_enc_op(struct kvm *kvm, void __user *argp)
> case KVM_SEV_SEND_FINISH:
> r = sev_send_finish(kvm, &sev_cmd);
> break;
> + case KVM_SEV_RECEIVE_START:
> + r = sev_receive_start(kvm, &sev_cmd);
> + break;
> default:
> r = -EINVAL;
> goto out;
> diff --git a/include/uapi/linux/kvm.h b/include/uapi/linux/kvm.h
> index d9dc81bb9c55..74764b9db5fa 100644
> --- a/include/uapi/linux/kvm.h
> +++ b/include/uapi/linux/kvm.h
> @@ -1579,6 +1579,15 @@ struct kvm_sev_send_update_data {
> __u32 trans_len;
> };
>
> +struct kvm_sev_receive_start {
> + __u32 handle;
> + __u32 policy;
> + __u64 pdh_uaddr;
> + __u32 pdh_len;
> + __u64 session_uaddr;
> + __u32 session_len;
> +};
> +
> #define KVM_DEV_ASSIGN_ENABLE_IOMMU (1 << 0)
> #define KVM_DEV_ASSIGN_PCI_2_3 (1 << 1)
> #define KVM_DEV_ASSIGN_MASK_INTX (1 << 2)
> --
> 2.17.1
>