From patchwork Fri Oct 28 00:28:18 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kuppuswamy Sathyanarayanan X-Patchwork-Id: 12013 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp533205wru; Thu, 27 Oct 2022 17:29:45 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4eo9EqtBGhuvRltFgVbrsBaw2Ey+Mbibi6JMBgzPiXDDG4yHDXnlpvOBksVTy+1aU55Usp X-Received: by 2002:a05:6402:249b:b0:460:cb11:27d4 with SMTP id q27-20020a056402249b00b00460cb1127d4mr37892591eda.410.1666916985006; Thu, 27 Oct 2022 17:29:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666916985; cv=none; d=google.com; s=arc-20160816; b=m1PXXCycalhFhEh0g0tgNg+0I0LkFzSeE8s4n8eZ5ucrkT2W8hi3F5XVrCVOGKiH3u EnY+rx9E7oBkYs1r+WN4eV8NK/TLC35D8oj2Npj5QJtp4Tn5TwKIPVjkazzPyMeN+gRF Dv2v1O43FsG6g6H57Ebc4rKLgl3Twnhe4elo/NhwvgKEJRh/92OtEDFWxv1iPMpIWRri VIbrW9rnLjad08S8/eoqCnUDu1dTXzfccNhq3xmLOMbTscjhGcoOHsW6SkjQC/h/Uizz oqXrlA16IIB3PL5SEJnbnj2sUsVR8qJlluxtAYDpLq11Ol8OjyyfLKE/1i5Bu2d8p0qS cqzw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3m/PR8dxGD0fosR9941SeqhR1AXoPMJvouJSgtdCh8E=; b=ajoT9wRInEjLq+lQNroyB8Al2Ei7d15My5GoW/Dt8o6UI4Z5DuB+iNsYqmkeNemVB5 skotQaf8pKFWsiJvXCQsb50IhjRVr1NVCGKfBLrjuBN0SxBd8kwS7yUkvkt8EEsQ9kt4 9F0P8yheOz7jy0myCyQvsc4LvqFicxvYtJTVbKxL8cQB/VYfYMb2LaCNV8C6gICqBGO1 eDM8uHS3lGGSv+risJBqJyQU6nhzux/gddpBsS+Lx4POpFuicpNKc4GlXCxsVb+kzCGT ekKQ6+DqJn/0Fx60tHxWitnY+qwddVYg+3hvSgnqaI3NSRtyw21zHZ7bSL1UMt4UeHvF PQPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aCPmThjT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id wg5-20020a17090705c500b0073cd848ae8asi3351323ejb.321.2022.10.27.17.29.20; Thu, 27 Oct 2022 17:29:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=aCPmThjT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235349AbiJ1A2x (ORCPT + 99 others); Thu, 27 Oct 2022 20:28:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55188 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234875AbiJ1A2u (ORCPT ); Thu, 27 Oct 2022 20:28:50 -0400 Received: from mga12.intel.com (mga12.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6047DA23C9; Thu, 27 Oct 2022 17:28:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1666916929; x=1698452929; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=E/px89SlN8R/Q6i8x8L/Ox07Fnsic7ucBa7xkZ8zshE=; b=aCPmThjTe2jfP8n/yvT6WdHDMFvqASk5BEgW0YopfC8ew2Ohdx3qPBAL IDnIzJ8XKroiGvdRheVg4oJBwSsEfsadHWi37P4LPOfxdtzGy2khxgqfB pKuWtZ2v0xTNUiH497imBaQIHNeTz8gSpGUV995DlUKgXGgfisjRIFiIy IFlv+zdK0QhAyVl+Ty0B7g49Bor711e2MHaO+dHfujwrQ0fm/1mWsGaVh bhq6CkvSvDwPQWRPTsltHPTkkDo89Em0NSxt9qRCXp6MvAVcFwLNPAXXG Qr+y5pSCMnEh/G4bMVfh/A2IV4t8wXy40HU23tUlNF31GTmWvDRF6FdCm w==; X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="288091258" X-IronPort-AV: E=Sophos;i="5.95,219,1661842800"; d="scan'208";a="288091258" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2022 17:28:48 -0700 X-IronPort-AV: E=McAfee;i="6500,9779,10513"; a="627356156" X-IronPort-AV: E=Sophos;i="5.95,219,1661842800"; d="scan'208";a="627356156" Received: from ortizseb-mobl.amr.corp.intel.com (HELO skuppusw-desk1.amr.corp.intel.com) ([10.212.153.115]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2022 17:28:48 -0700 From: Kuppuswamy Sathyanarayanan To: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan , Jonathan Corbet Cc: "H . Peter Anvin" , Greg Kroah-Hartman , Kuppuswamy Sathyanarayanan , "Kirill A . Shutemov" , Tony Luck , Kai Huang , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org Subject: [PATCH v16 1/3] x86/tdx: Add a wrapper to get TDREPORT from the TDX Module Date: Thu, 27 Oct 2022 17:28:18 -0700 Message-Id: <20221028002820.3303030-2-sathyanarayanan.kuppuswamy@linux.intel.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20221028002820.3303030-1-sathyanarayanan.kuppuswamy@linux.intel.com> References: <20221028002820.3303030-1-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_PASS, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1747889144681023117?= X-GMAIL-MSGID: =?utf-8?q?1747889144681023117?= To support TDX attestation, the TDX guest driver exposes an IOCTL interface to allow userspace to get the TDREPORT from the TDX module via TDG.MR.TDREPORT TDCALL. In order to get the TDREPORT in the TDX guest driver, instead of using a low level function like __tdx_module_call(), add a tdx_mcall_get_report() wrapper function to handle it. This is a preparatory patch for adding attestation support. Signed-off-by: Kuppuswamy Sathyanarayanan --- Changes since v15: * None Changes since v14: * Instead of exporting __tdx_module_call(), added a new wrapper. * Rebased on top of v6.1-rc1 arch/x86/coco/tdx/tdx.c | 31 +++++++++++++++++++++++++++++++ arch/x86/include/asm/tdx.h | 2 ++ 2 files changed, 33 insertions(+) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 928dcf7a20d9..6cae239aee14 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,6 +5,8 @@ #define pr_fmt(fmt) "tdx: " fmt #include +#include +#include #include #include #include @@ -15,6 +17,7 @@ /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -98,6 +101,34 @@ static inline void tdx_module_call(u64 fn, u64 rcx, u64 rdx, u64 r8, u64 r9, panic("TDCALL %lld failed (Buggy TDX module!)\n", fn); } +/** + * tdx_mcall_get_report() - Wrapper for TDG.MR.REPORT TDCALL. + * @reportdata: Address of the input buffer which contains + * user-defined REPORTDATA to be included into + * TDREPORT. + * @tdreport: Address of the output buffer to store TDREPORT. + * @subtype: Subtype of TDREPORT. + * + * Generate TDREPORT using "TDG.MR.REPORT" TDCALL. Refer to section + * 22.3.3 TDG.MR.REPORT leaf in the TDX Module 1.0 specification + * for detailed information. It is used in the TDX guest driver + * module to get the TDREPORT. + * + * Return 0 on success or -EIO on TDCALL failure. + */ +int tdx_mcall_get_report(u8 *reportdata, u8 *tdreport, u8 subtype) +{ + u64 ret; + + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), + virt_to_phys(reportdata), subtype, 0, NULL); + if (ret) + return -EIO; + + return 0; +} +EXPORT_SYMBOL_GPL(tdx_mcall_get_report); + static u64 get_cc_mask(void) { struct tdx_module_output out; diff --git a/arch/x86/include/asm/tdx.h b/arch/x86/include/asm/tdx.h index 020c81a7c729..eb979d9b8c37 100644 --- a/arch/x86/include/asm/tdx.h +++ b/arch/x86/include/asm/tdx.h @@ -67,6 +67,8 @@ void tdx_safe_halt(void); bool tdx_early_handle_ve(struct pt_regs *regs); +int tdx_mcall_get_report(u8 *reportdata, u8 *tdreport, u8 subtype); + #else static inline void tdx_early_init(void) { };