From patchwork Fri Sep 29 13:33:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 146688 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:cae8:0:b0:403:3b70:6f57 with SMTP id r8csp4201759vqu; Fri, 29 Sep 2023 10:39:19 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGrSUm/Da/7sCxJQRxE1l/OTqsXaOfvzapbMzFS1UXQoN+uQKLZQQ2NTEbPQ/ohO1rhWm+h X-Received: by 2002:a9d:7b56:0:b0:6c4:aa6a:c4e7 with SMTP id f22-20020a9d7b56000000b006c4aa6ac4e7mr5298418oto.10.1696009158807; Fri, 29 Sep 2023 10:39:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696009158; cv=none; d=google.com; s=arc-20160816; b=RWvxUCnol8Pw1Nzib7HaW5dSIIcGoseUb5ltq6SOFZsPiV4llqO1aZtAWxvcGk2CK6 MniPN5Mruvf5z0p0DM6iJPueiZQQg1sPP2RqJHnWe5kThujAUptPHQNZqC3SmijsaZQK GwNL09zn2HQmAeVVvErGvbIVBTWChzkBri+vbQ6LpxVtAmC7SzEFe8gy3uQ+/dNAvID6 H4IZhUpBg2y5AJM2dZWLz9ZH1O2lTgq1Sk+6LYXSHpV6nLTPcxUux+zUkDetdJ/YXZ8b eEC1uK6/Me0sbpG6VsiLefUCKRmRmVVmEYaY6VnYwExHUF2zy56G4RxR2wKqxncbrM1N 4b2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=mkE5g6d4vsWIIAfJc7WURGplVW7QHWWFOxb2jmbnKZM=; fh=w3+VeJ/dzQrByU9Qp0AiGIVRS8FEMkjnVDPVuhTWyz0=; b=JMjmaIlJH51k10UGeDOP4Y7//AGC8t+/JDVhJ13ASwXuUBjeStVCc5G1ir1Hh8gX+B I9GoM7cWVpOCRE9st4AkhA2smsYrsbJklPlWzI4hT8KRB5AL/Qz5LZvX/0YJ/sUp8uzz 6cEIXHFF+b0OFZ9Uc5IWrnRatvv+i2r1eU5WBqOa4S3lg8Mj+X4pa0n58iTMEFSg/I4E U0qeZXuthrdb/+Fndxq5H9yyX6tHwPcF8Cvek7RViepZn78nQHe6/JXn/ZeIQmqKTOCF BqmMegIFw73g+lcXbquq5cJ9E+MlZEZXw/6IMDYTHQBdh9Bx3FIYhLMFd04oOlIYwOXX 54Fw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=bKq5bes3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from groat.vger.email (groat.vger.email. [2620:137:e000::3:5]) by mx.google.com with ESMTPS id a5-20020a655c85000000b0056fa1bc208esi7228546pgt.722.2023.09.29.10.39.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 10:39:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) client-ip=2620:137:e000::3:5; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=bKq5bes3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:5 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 5B0788374AF1; Fri, 29 Sep 2023 06:34:45 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233380AbjI2Ndo (ORCPT + 20 others); Fri, 29 Sep 2023 09:33:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233379AbjI2Ndj (ORCPT ); Fri, 29 Sep 2023 09:33:39 -0400 Received: from smtp-fw-9105.amazon.com (smtp-fw-9105.amazon.com [207.171.188.204]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8404E1B6; Fri, 29 Sep 2023 06:33:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695994416; x=1727530416; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=mkE5g6d4vsWIIAfJc7WURGplVW7QHWWFOxb2jmbnKZM=; b=bKq5bes3R/Bm8XM7o436g78R0rG2oSDSEkWiW8F2geKJTXYzNFtZaztg RBTLcKy8ucLQ7xU1ghZmbaX4zNhcIzU4ck0WZ0BnCB4DI6dKh73SoN/Aa CGoPsD/t6Cwwz0KoMkJ49kK65wd9f/PdKaHsajW2Ianab6V3IUBq9kizE s=; X-IronPort-AV: E=Sophos;i="6.03,187,1694736000"; d="scan'208";a="675347594" Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-e651a362.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-9105.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2023 13:33:29 +0000 Received: from EX19MTAUWB002.ant.amazon.com (iad55-ws-svc-p15-lb9-vlan2.iad.amazon.com [10.40.159.162]) by email-inbound-relay-iad-1d-m6i4x-e651a362.us-east-1.amazon.com (Postfix) with ESMTPS id 6A92080697; Fri, 29 Sep 2023 13:33:27 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 13:33:27 +0000 Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 13:33:24 +0000 From: Alexander Graf To: CC: , Greg Kroah-Hartman , Arnd Bergmann , Herbert Xu , Olivia Mackall , "Petre Eftime" , Erdem Meydanlli , Benjamin Herrenschmidt , David Woodhouse , "Michael S . Tsirkin" , Jason Wang , Xuan Zhuo Subject: [PATCH v2 1/2] misc: Add Nitro Secure Module driver Date: Fri, 29 Sep 2023 13:33:19 +0000 Message-ID: <20230929133320.74848-2-graf@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230929133320.74848-1-graf@amazon.com> References: <20230929133320.74848-1-graf@amazon.com> MIME-Version: 1.0 X-Originating-IP: [10.253.83.51] X-ClientProxiedBy: EX19D040UWA001.ant.amazon.com (10.13.139.22) To EX19D020UWC004.ant.amazon.com (10.13.138.149) X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Fri, 29 Sep 2023 06:34:45 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778394227533661017 X-GMAIL-MSGID: 1778394499828293814 When running Linux inside a Nitro Enclave, the hypervisor provides a special virtio device called "NSM". This device has 2 main functions: 1) Provide attestation reports 2) Modify PCR state 3) Provide entropy This patch adds the core NSM driver that exposes a /dev/nsm device node which user space can use to request attestation documents and influence PCR states. A follow up patch will add a hwrng driver to feed its entropy into the kernel. Originally-by: Petre Eftime Signed-off-by: Alexander Graf --- v1 -> v2: - Remove boilerplate - Add uapi header --- MAINTAINERS | 10 + drivers/misc/Kconfig | 11 + drivers/misc/Makefile | 1 + drivers/misc/nsm.c | 448 +++++++++++++++++++++++++++++++++++++++ include/linux/nsm.h | 35 +++ include/uapi/linux/nsm.h | 24 +++ 6 files changed, 529 insertions(+) create mode 100644 drivers/misc/nsm.c create mode 100644 include/linux/nsm.h create mode 100644 include/uapi/linux/nsm.h diff --git a/MAINTAINERS b/MAINTAINERS index b19995690904..d54bf3ea2b9d 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -15098,6 +15098,16 @@ F: include/linux/nitro_enclaves.h F: include/uapi/linux/nitro_enclaves.h F: samples/nitro_enclaves/ +NITRO SECURE MODULE (NSM) +M: Alexander Graf +L: linux-kernel@vger.kernel.org +L: The AWS Nitro Enclaves Team +S: Supported +W: https://aws.amazon.com/ec2/nitro/nitro-enclaves/ +F: drivers/misc/nsm.c +F: include/linux/nsm.h +F: include/uapi/linux/nsm.h + NOHZ, DYNTICKS SUPPORT M: Frederic Weisbecker M: Thomas Gleixner diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig index cadd4a820c03..7b1ed309d469 100644 --- a/drivers/misc/Kconfig +++ b/drivers/misc/Kconfig @@ -562,6 +562,17 @@ config TPS6594_PFSM This driver can also be built as a module. If so, the module will be called tps6594-pfsm. +config NSM + tristate "Nitro (Enclaves) Security Module support" + depends on VIRTIO + help + This driver provides support for the Nitro Security Module + in AWS EC2 Nitro based Enclaves. The driver exposes a /dev/nsm + device user space can use to communicate with the hypervisor. + + To compile this driver as a module, choose M here. + The module will be called nsm. + source "drivers/misc/c2port/Kconfig" source "drivers/misc/eeprom/Kconfig" source "drivers/misc/cb710/Kconfig" diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile index f2a4d1ff65d4..ea6ea5bbbc9c 100644 --- a/drivers/misc/Makefile +++ b/drivers/misc/Makefile @@ -67,3 +67,4 @@ obj-$(CONFIG_TMR_MANAGER) += xilinx_tmr_manager.o obj-$(CONFIG_TMR_INJECT) += xilinx_tmr_inject.o obj-$(CONFIG_TPS6594_ESM) += tps6594-esm.o obj-$(CONFIG_TPS6594_PFSM) += tps6594-pfsm.o +obj-$(CONFIG_NSM) += nsm.o diff --git a/drivers/misc/nsm.c b/drivers/misc/nsm.c new file mode 100644 index 000000000000..69bd98473b54 --- /dev/null +++ b/drivers/misc/nsm.c @@ -0,0 +1,448 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Amazon Nitro Secure Module driver. + * + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define NSM_DEV_NAME "nsm" +#define NSM_REQUEST_MAX_SIZE 0x1000 +#define NSM_RESPONSE_MAX_SIZE 0x3000 + +/* Timeout for NSM virtqueue respose in milliseconds. */ +#define NSM_DEFAULT_TIMEOUT_MSECS (120000) /* 2 minutes */ + +/* The name of the NSM device virtqueue */ +const char *NSM_VQ_NAME = "nsm.vq.0"; + +/* NSM device ID */ +static const struct virtio_device_id nsm_id_table[] = { + { VIRTIO_ID_NITRO_SEC_MOD, VIRTIO_DEV_ANY_ID }, + { 0 }, +}; + +/* Virtio MMIO device definition */ +struct virtio_mmio_device { + struct virtio_device vdev; + struct platform_device *pdev; + + void __iomem *base; + unsigned long version; + + /* a list of queues so we can dispatch IRQs */ + spinlock_t lock; + struct list_head virtqueues; +}; + +/* Virtqueue list entry */ +struct virtio_mmio_vq_info { + /* The actual virtqueue */ + struct virtqueue *vq; + + /* The list node for the virtqueues list */ + struct list_head node; +}; + +static struct virtio_device *nsm_vdev; +static struct nsm_hwrng *nsm_hwrng; +static struct mutex nsm_lock; +static wait_queue_head_t nsm_waitqueue; +static bool nsm_device_notified; + +/* Get the virtqueue */ +static struct virtqueue *nsm_get_vq(struct virtio_device *vdev) +{ + struct virtio_mmio_device *vm_dev = + container_of(vdev, struct virtio_mmio_device, vdev); + struct virtio_mmio_vq_info *info; + + list_for_each_entry(info, &vm_dev->virtqueues, node) + return info->vq; + + return NULL; +} + +/* Copy an entire message from user-space to kernel-space */ +static int message_memdup_from_user(struct nsm_kernel_message *dst, + struct nsm_message *src) +{ + struct nsm_message shallow_copy; + + if (!src || !dst) + return -EINVAL; + + /* The destination's request and response buffers should be NULL. */ + if (dst->request.iov_base || dst->response.iov_base) + return -EINVAL; + + /* First, make a shallow copy to be able to read the inner pointers */ + if (copy_from_user(&shallow_copy, src, sizeof(shallow_copy)) != 0) + return -EINVAL; + + /* Verify the user input size. */ + if (shallow_copy.request.iov_len > NSM_REQUEST_MAX_SIZE) + return -EMSGSIZE; + + /* Allocate kernel memory for the user request */ + dst->request.iov_len = shallow_copy.request.iov_len; + dst->request.iov_base = kmalloc(dst->request.iov_len, GFP_KERNEL); + if (!dst->request.iov_base) + return -ENOMEM; + + /* Copy the request content */ + if (copy_from_user(dst->request.iov_base, + shallow_copy.request.iov_base, dst->request.iov_len) != 0) { + kfree(dst->request.iov_base); + return -EFAULT; + } + + /* Allocate kernel memory for the response, up to a fixed limit */ + dst->response.iov_len = shallow_copy.response.iov_len; + if (dst->response.iov_len > NSM_RESPONSE_MAX_SIZE) + dst->response.iov_len = NSM_RESPONSE_MAX_SIZE; + + dst->response.iov_base = kmalloc(dst->response.iov_len, GFP_KERNEL); + if (!dst->response.iov_base) { + kfree(dst->request.iov_base); + return -ENOMEM; + } + + return 0; +} + +/* Copy a message back to user-space */ +static int message_copy_to_user(struct nsm_message *user_msg, + struct nsm_kernel_message *kern_msg) +{ + struct nsm_message shallow_copy; + + if (!kern_msg || !user_msg) + return -EINVAL; + + /* + * First, do a shallow copy of the user-space message. This is needed in + * order to get the request block data, which we do not need to copy but + * must preserve in the message sent back to user-space. + */ + if (copy_from_user(&shallow_copy, user_msg, sizeof(shallow_copy)) != 0) + return -EINVAL; + + /* Do not exceed the capacity of the user-provided response buffer */ + shallow_copy.response.iov_len = kern_msg->response.iov_len; + + /* Only the response content must be copied back to user-space */ + if (copy_to_user(shallow_copy.response.iov_base, + kern_msg->response.iov_base, + shallow_copy.response.iov_len) != 0) + return -EINVAL; + + if (copy_to_user(user_msg, &shallow_copy, sizeof(shallow_copy)) != 0) + return -EFAULT; + + return 0; +} + +/* Virtqueue interrupt handler */ +static void nsm_vq_callback(struct virtqueue *vq) +{ + nsm_device_notified = true; + wake_up(&nsm_waitqueue); +} + +/* Forward a message to the NSM device and wait for the response from it */ +int nsm_communicate_with_device(struct virtio_device *vdev, + struct nsm_kernel_message *message) +{ + struct virtqueue *vq = NULL; + struct scatterlist sg_in, sg_out; + unsigned int len; + void *queue_buf; + bool kicked; + int rc; + + if (!vdev) + return -EINVAL; + + if (!message) + return -EINVAL; + + vq = nsm_get_vq(vdev); + if (!vq) + return -ENXIO; + + /* Verify if buffer memory is valid. */ + if (!virt_addr_valid(message->request.iov_base) || + !virt_addr_valid(((u8 *)message->request.iov_base) + + message->request.iov_len - 1) || + !virt_addr_valid(message->response.iov_base) || + !virt_addr_valid(((u8 *)message->response.iov_base) + + message->response.iov_len - 1)) + return -EINVAL; + + /* Initialize scatter-gather lists with request and response buffers. */ + sg_init_one(&sg_out, message->request.iov_base, + message->request.iov_len); + sg_init_one(&sg_in, message->response.iov_base, + message->response.iov_len); + + mutex_lock(&nsm_lock); + + /* Add the request buffer (read by the device). */ + rc = virtqueue_add_outbuf(vq, &sg_out, 1, message->request.iov_base, + GFP_KERNEL); + if (rc) { + mutex_unlock(&nsm_lock); + return rc; + } + + /* Add the response buffer (written by the device). */ + rc = virtqueue_add_inbuf(vq, &sg_in, 1, message->response.iov_base, + GFP_KERNEL); + if (rc) + goto cleanup; + + nsm_device_notified = false; + kicked = virtqueue_kick(vq); + if (!kicked) { + /* Cannot kick the virtqueue. */ + rc = -EIO; + goto cleanup; + } + + /* If the kick succeeded, wait for the device's response. */ + rc = wait_event_timeout(nsm_waitqueue, + nsm_device_notified == true, + msecs_to_jiffies(NSM_DEFAULT_TIMEOUT_MSECS)); + if (!rc) { + rc = -ETIMEDOUT; + goto cleanup; + } + + queue_buf = virtqueue_get_buf(vq, &len); + if (!queue_buf || (queue_buf != message->request.iov_base)) { + pr_err("NSM device received wrong request buffer."); + rc = -ENODATA; + goto cleanup; + } + + queue_buf = virtqueue_get_buf(vq, &len); + if (!queue_buf || (queue_buf != message->response.iov_base)) { + pr_err("NSM device received wrong response buffer."); + rc = -ENODATA; + goto cleanup; + } + + /* Make sure the response length doesn't exceed the buffer capacity. */ + if (len < message->response.iov_len) + message->response.iov_len = len; + + rc = 0; + +cleanup: + if (rc) { + /* Clean the virtqueue. */ + while (virtqueue_get_buf(vq, &len) != NULL) + ; + } + + mutex_unlock(&nsm_lock); + return rc; +} +EXPORT_SYMBOL_GPL(nsm_communicate_with_device); + +static long nsm_dev_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + struct nsm_kernel_message message; + int status = 0; + + if (cmd != NSM_IOCTL_REQUEST) + return -EINVAL; + + /* The kernel message structure must be cleared */ + memset(&message, 0, sizeof(message)); + + /* Copy the message from user-space to kernel-space */ + status = message_memdup_from_user(&message, (struct nsm_message *)arg); + if (status != 0) + return status; + + /* Communicate with the NSM device */ + status = nsm_communicate_with_device(nsm_vdev, &message); + + if (status != 0) + goto out; + + /* Copy the response back to user-space */ + status = message_copy_to_user((struct nsm_message *)arg, &message); + +out: + /* At this point, everything succeeded, so clean up and finish. */ + kfree(message.request.iov_base); + kfree(message.response.iov_base); + + return status; +} + +static int nsm_dev_file_open(struct inode *node, struct file *file) +{ + pr_debug("NSM device file opened.\n"); + return 0; +} + +static int nsm_dev_file_close(struct inode *inode, struct file *file) +{ + pr_debug("NSM device file closed.\n"); + return 0; +} + +/* Supported driver operations */ +static const struct file_operations nsm_dev_fops = { + .open = nsm_dev_file_open, + .release = nsm_dev_file_close, + .unlocked_ioctl = nsm_dev_ioctl, +}; + +/* Driver configuration */ +static struct miscdevice nsm_driver_miscdevice = { + .minor = MISC_DYNAMIC_MINOR, + .name = NSM_DEV_NAME, + .fops = &nsm_dev_fops, + .mode = 0666 +}; + +static int nsm_device_init_vq(struct virtio_device *vdev) +{ + struct virtqueue *vq = virtio_find_single_vq(vdev, + nsm_vq_callback, NSM_VQ_NAME); + if (IS_ERR(vq)) + return PTR_ERR(vq); + + return 0; +} + +/* Handler for probing the NSM device */ +static int nsm_device_probe(struct virtio_device *vdev) +{ + int rc; + + if (nsm_vdev) + return -EEXIST; + + nsm_vdev = vdev; + + rc = nsm_device_init_vq(vdev); + if (rc) { + pr_err("NSM device queue failed to initialize: %d.\n", rc); + return rc; + } + + rc = misc_register(&nsm_driver_miscdevice); + if (rc) { + pr_err("NSM misc device registration error: %d.\n", rc); + vdev->config->del_vqs(vdev); + return rc; + } + + if (nsm_hwrng) + nsm_hwrng->probe(vdev); + + pr_debug("NSM device has been probed.\n"); + return 0; +} + +/* Handler for removing the NSM device */ +static void nsm_device_remove(struct virtio_device *vdev) +{ + if (vdev != nsm_vdev) + return; + + if (nsm_hwrng) + nsm_hwrng->remove(vdev); + + vdev->config->del_vqs(vdev); + misc_deregister(&nsm_driver_miscdevice); + nsm_vdev = NULL; + pr_debug("NSM device has been removed.\n"); +} + +int nsm_register_hwrng(struct nsm_hwrng *_nsm_hwrng) +{ + if (nsm_hwrng) + return -EEXIST; + + nsm_hwrng = _nsm_hwrng; + if (nsm_vdev) + nsm_hwrng->probe(nsm_vdev); + + return 0; +} +EXPORT_SYMBOL_GPL(nsm_register_hwrng); + +void nsm_unregister_hwrng(struct nsm_hwrng *_nsm_hwrng) +{ + if (_nsm_hwrng != nsm_hwrng) + return; + + if (nsm_vdev) + nsm_hwrng->remove(nsm_vdev); + nsm_hwrng = NULL; +} +EXPORT_SYMBOL_GPL(nsm_unregister_hwrng); + +/* NSM device configuration structure */ +static struct virtio_driver virtio_nsm_driver = { + .feature_table = 0, + .feature_table_size = 0, + .feature_table_legacy = 0, + .feature_table_size_legacy = 0, + .driver.name = KBUILD_MODNAME, + .driver.owner = THIS_MODULE, + .id_table = nsm_id_table, + .probe = nsm_device_probe, + .remove = nsm_device_remove, +}; + +static int __init nsm_driver_init(void) +{ + int rc; + + mutex_init(&nsm_lock); + init_waitqueue_head(&nsm_waitqueue); + + rc = register_virtio_driver(&virtio_nsm_driver); + if (rc) + pr_err("NSM driver initialization error: %d.\n", rc); + + return rc; +} + +static void __exit nsm_driver_exit(void) +{ + unregister_virtio_driver(&virtio_nsm_driver); + mutex_destroy(&nsm_lock); + pr_debug("NSM driver exited.\n"); +} + +module_init(nsm_driver_init); +module_exit(nsm_driver_exit); + +MODULE_DEVICE_TABLE(virtio, nsm_id_table); +MODULE_DESCRIPTION("Virtio NSM driver"); +MODULE_LICENSE("GPL"); diff --git a/include/linux/nsm.h b/include/linux/nsm.h new file mode 100644 index 000000000000..82753de5485e --- /dev/null +++ b/include/linux/nsm.h @@ -0,0 +1,35 @@ +/* SPDX-License-Identifier: GPL-2.0 + * + * Amazon Nitro Secure Module driver. + * + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + */ + +#ifndef __LINUX_NSM_H +#define __LINUX_NSM_H + +#include +#include + +#define NSM_RESPONSE_MAX_SIZE 0x3000 + +struct nsm_hwrng { + int (*probe)(struct virtio_device *dev); + void (*remove)(struct virtio_device *dev); +}; + +int nsm_register_hwrng(struct nsm_hwrng *nsm_hwrng); +void nsm_unregister_hwrng(struct nsm_hwrng *nsm_hwrng); + +/* Copy of NSM message in kernel-space */ +struct nsm_kernel_message { + /* Copy of user request in kernel memory */ + struct kvec request; + /* Copy of user response in kernel memory */ + struct kvec response; +}; + +int nsm_communicate_with_device(struct virtio_device *dev, + struct nsm_kernel_message *message); + +#endif /* __LINUX_NSM_H */ diff --git a/include/uapi/linux/nsm.h b/include/uapi/linux/nsm.h new file mode 100644 index 000000000000..794791631ffb --- /dev/null +++ b/include/uapi/linux/nsm.h @@ -0,0 +1,24 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +/* + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + */ + +#ifndef __UAPI_LINUX_NSM_H +#define __UAPI_LINUX_NSM_H + +#include +#include +#include + +/* NSM message from user-space */ +struct nsm_message { + /* Request from user */ + struct iovec request; + /* Response to user */ + struct iovec response; +}; + +#define NSM_MAGIC 0x0A +#define NSM_IOCTL_REQUEST _IOWR(NSM_MAGIC, 0, struct nsm_message) + +#endif /* __UAPI_LINUX_MISC_BCM_VK_H */ From patchwork Fri Sep 29 13:33:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexander Graf X-Patchwork-Id: 146625 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:cae8:0:b0:403:3b70:6f57 with SMTP id r8csp4113791vqu; Fri, 29 Sep 2023 08:22:12 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHBdWAHuHT0PXEhMouG6KXoWpI+D9Sk1lvURmmpDj7DQwoAo6tH9cm5EiTm/LG2sqoz6HRa X-Received: by 2002:a05:6e02:1c22:b0:351:4b68:ec3d with SMTP id m2-20020a056e021c2200b003514b68ec3dmr5282510ilh.16.1696000932316; Fri, 29 Sep 2023 08:22:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696000932; cv=none; d=google.com; s=arc-20160816; b=htrHMSaD/mEHWaCdZufPk4cSqTspUAVmuVo7gVAm5VE4EnTZJ+NPXxV701ZFL5FAOr tZMx2XvQCeci3e6ckPFQAcpsicMEBWda9pM1zCHdmtYaVEY0LqgDhnzXwG+URnciyPqG v2dnMLZZW2FmRNvNhqLSzCubL2tKYLb9PYlgxzB4sYwrg5PI4Amd4hgoiCP75XMS1qXZ e1zoTBR0S8GfB7Kl5IIeA33ELU1+HG/p5/nj5eSqPj9g+9gqGGF4OcK5zs6y90x6Whj2 Yj+2UVI9L8Nm0452mU+Xy8Hu56+dmemjbhLORrDYOIfYwMUCdclW2UqOOx/6Wi6Kfut8 UdtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HlrtmjAYtMpD45GTi8Unvnne1C2hagAVywVHoYiGXmw=; fh=w3+VeJ/dzQrByU9Qp0AiGIVRS8FEMkjnVDPVuhTWyz0=; b=b/HPVGOmY9WwmNRFB+1i0g+vCWg+9nodEtvdz+AFu4iJViX4W+JJb1s3rxSHX5RN02 2KG4Z2YoZvH3QV8zm2iq/K5+6GyL+Gk3cuplar1/N1wHJPgNrjXmSVf3o02v/NKx+xFr YOHBB3ky6rimNVAThxqjF8qEl8bjrzEhZLLW2J3T7FXdxl4bhfVH76i8Dp3kmTkkrNeh /g1rjEestEm6oYTLbf62Wx2bAt8QnCYH17p1FsPCdNnWfd5YQk6pI6kR/9/eOPdwXI1j cMI2WsmpCVWr7tkFiWaebK1hD0rbNodFUbCmWgIHcoQ4s+wXI02yegHv6Ajx+56rq3Fx 0j0w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=dgMVf7+N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id 1-20020a630101000000b005652a295669si21108816pgb.490.2023.09.29.08.22.11 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 Sep 2023 08:22:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@amazon.com header.s=amazon201209 header.b=dgMVf7+N; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=amazon.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id C20B585BE6F3; Fri, 29 Sep 2023 06:33:52 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233352AbjI2Ndl (ORCPT + 20 others); Fri, 29 Sep 2023 09:33:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52908 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233366AbjI2Ndi (ORCPT ); Fri, 29 Sep 2023 09:33:38 -0400 Received: from smtp-fw-80008.amazon.com (smtp-fw-80008.amazon.com [99.78.197.219]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B8EB1B3; Fri, 29 Sep 2023 06:33:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1695994415; x=1727530415; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=HlrtmjAYtMpD45GTi8Unvnne1C2hagAVywVHoYiGXmw=; b=dgMVf7+Nka1DVmNNV/vgGfGGkNF5x1TXtLvqE8YtOkQDVeq02nQCV/N1 6NOIxxQktdbgsX3k/zURPImah0BSe21yb7nA7M5VeOnJY0e2xw/ffLCuT N4bvRO8CpiiYvv+l3/l0pPx7oaQmi26fP9qrTdqNaJ6wmGWIn56g/qmDx 0=; X-IronPort-AV: E=Sophos;i="6.03,187,1694736000"; d="scan'208";a="32474738" Received: from pdx4-co-svc-p1-lb2-vlan3.amazon.com (HELO email-inbound-relay-pdx-1box-2bm6-32cf6363.us-west-2.amazon.com) ([10.25.36.214]) by smtp-border-fw-80008.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Sep 2023 13:33:32 +0000 Received: from EX19MTAUWA002.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-pdx-1box-2bm6-32cf6363.us-west-2.amazon.com (Postfix) with ESMTPS id 16639803BA; Fri, 29 Sep 2023 13:33:32 +0000 (UTC) Received: from EX19D020UWC004.ant.amazon.com (10.13.138.149) by EX19MTAUWA002.ant.amazon.com (10.250.64.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 13:33:29 +0000 Received: from dev-dsk-graf-1a-5ce218e4.eu-west-1.amazon.com (10.253.83.51) by EX19D020UWC004.ant.amazon.com (10.13.138.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.37; Fri, 29 Sep 2023 13:33:27 +0000 From: Alexander Graf To: CC: , Greg Kroah-Hartman , Arnd Bergmann , Herbert Xu , Olivia Mackall , "Petre Eftime" , Erdem Meydanlli , Benjamin Herrenschmidt , David Woodhouse , "Michael S . Tsirkin" , Jason Wang , Xuan Zhuo Subject: [PATCH v2 2/2] hwrng: Add support for Nitro Secure Module Date: Fri, 29 Sep 2023 13:33:20 +0000 Message-ID: <20230929133320.74848-3-graf@amazon.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230929133320.74848-1-graf@amazon.com> References: <20230929133320.74848-1-graf@amazon.com> MIME-Version: 1.0 X-Originating-IP: [10.253.83.51] X-ClientProxiedBy: EX19D040UWA001.ant.amazon.com (10.13.139.22) To EX19D020UWC004.ant.amazon.com (10.13.138.149) X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Fri, 29 Sep 2023 06:33:52 -0700 (PDT) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1778385873215933230 X-GMAIL-MSGID: 1778385873215933230 When running Linux inside a Nitro Enclave, the Nitro Secure Module provides a virtio message that can be used to receive entropy. This patch adds support to read that entropy on demand and expose it through the hwrng device. Originally-by: Petre Eftime Signed-off-by: Alexander Graf --- v1 -> v2: - Remove boilerplate --- MAINTAINERS | 1 + drivers/char/hw_random/Kconfig | 12 ++ drivers/char/hw_random/Makefile | 1 + drivers/char/hw_random/nsm-rng.c | 272 +++++++++++++++++++++++++++++++ 4 files changed, 286 insertions(+) create mode 100644 drivers/char/hw_random/nsm-rng.c diff --git a/MAINTAINERS b/MAINTAINERS index d54bf3ea2b9d..da9697639968 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -15104,6 +15104,7 @@ L: linux-kernel@vger.kernel.org L: The AWS Nitro Enclaves Team S: Supported W: https://aws.amazon.com/ec2/nitro/nitro-enclaves/ +F: drivers/char/hw_random/nsm-rng.c F: drivers/misc/nsm.c F: include/linux/nsm.h F: include/uapi/linux/nsm.h diff --git a/drivers/char/hw_random/Kconfig b/drivers/char/hw_random/Kconfig index 8de74dcfa18c..5d06e24cfdde 100644 --- a/drivers/char/hw_random/Kconfig +++ b/drivers/char/hw_random/Kconfig @@ -573,6 +573,18 @@ config HW_RANDOM_JH7110 To compile this driver as a module, choose M here. The module will be called jh7110-trng. +config HW_RANDOM_NSM + tristate "Nitro (Enclaves) Security Module support" + depends on NSM + help + This driver provides support for the Nitro Security Module + in AWS EC2 Nitro based Enclaves. The driver enables support + for reading RNG data as well as a generic communication + mechanism with the hypervisor. + + To compile this driver as a module, choose M here. + The module will be called nsm_rng. + endif # HW_RANDOM config UML_RANDOM diff --git a/drivers/char/hw_random/Makefile b/drivers/char/hw_random/Makefile index 32549a1186dc..7e33d1ed40f8 100644 --- a/drivers/char/hw_random/Makefile +++ b/drivers/char/hw_random/Makefile @@ -49,3 +49,4 @@ obj-$(CONFIG_HW_RANDOM_ARM_SMCCC_TRNG) += arm_smccc_trng.o obj-$(CONFIG_HW_RANDOM_CN10K) += cn10k-rng.o obj-$(CONFIG_HW_RANDOM_POLARFIRE_SOC) += mpfs-rng.o obj-$(CONFIG_HW_RANDOM_JH7110) += jh7110-trng.o +obj-$(CONFIG_HW_RANDOM_NSM) += nsm-rng.o diff --git a/drivers/char/hw_random/nsm-rng.c b/drivers/char/hw_random/nsm-rng.c new file mode 100644 index 000000000000..7e6576d536e6 --- /dev/null +++ b/drivers/char/hw_random/nsm-rng.c @@ -0,0 +1,272 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Amazon Nitro Secure Module HWRNG driver. + * + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + */ + +#include +#include +#include +#include +#include + +struct nsm_rng_info { + struct hwrng hwrng; + struct virtio_device *vdev; +}; + +#define CBOR_TYPE_MASK 0xE0 +#define CBOR_TYPE_MAP 0xA0 +#define CBOR_TYPE_TEXT 0x60 +#define CBOR_TYPE_ARRAY 0x40 +#define CBOR_HEADER_SIZE_SHORT 1 + +#define CBOR_SHORT_SIZE_MAX_VALUE 23 +#define CBOR_LONG_SIZE_U8 24 +#define CBOR_LONG_SIZE_U16 25 +#define CBOR_LONG_SIZE_U32 26 +#define CBOR_LONG_SIZE_U64 27 + +#define CBOR_HEADER_SIZE_U8 (CBOR_HEADER_SIZE_SHORT + sizeof(u8)) +#define CBOR_HEADER_SIZE_U16 (CBOR_HEADER_SIZE_SHORT + sizeof(u16)) +#define CBOR_HEADER_SIZE_U32 (CBOR_HEADER_SIZE_SHORT + sizeof(u32)) +#define CBOR_HEADER_SIZE_U64 (CBOR_HEADER_SIZE_SHORT + sizeof(u64)) + +static bool cbor_object_is_array(const u8 *cbor_object, size_t cbor_object_size) +{ + if (cbor_object_size == 0 || cbor_object == NULL) + return false; + + return (cbor_object[0] & CBOR_TYPE_MASK) == CBOR_TYPE_ARRAY; +} + +static int cbor_object_get_array(u8 *cbor_object, size_t cbor_object_size, u8 **cbor_array) +{ + u8 cbor_short_size; + u64 array_len; + u64 array_offset; + + if (!cbor_object_is_array(cbor_object, cbor_object_size)) + return -EFAULT; + + if (cbor_array == NULL) + return -EFAULT; + + cbor_short_size = (cbor_object[0] & 0x1F); + + /* Decoding byte array length */ + /* In short field encoding, the object header is 1 byte long and + * contains the type on the 3 MSB and the length on the LSB. + * If the length in the LSB is larger than 23, then the object + * uses long field encoding, and will contain the length over the + * next bytes in the object, depending on the value: + * 24 is u8, 25 is u16, 26 is u32 and 27 is u64. + */ + if (cbor_short_size <= CBOR_SHORT_SIZE_MAX_VALUE) { + /* short encoding */ + array_len = cbor_short_size; + array_offset = CBOR_HEADER_SIZE_SHORT; + } else if (cbor_short_size == CBOR_LONG_SIZE_U8) { + if (cbor_object_size < CBOR_HEADER_SIZE_U8) + return -EFAULT; + /* 1 byte */ + array_len = cbor_object[1]; + array_offset = CBOR_HEADER_SIZE_U8; + } else if (cbor_short_size == CBOR_LONG_SIZE_U16) { + if (cbor_object_size < CBOR_HEADER_SIZE_U16) + return -EFAULT; + /* 2 bytes */ + array_len = cbor_object[1] << 8 | cbor_object[2]; + array_offset = CBOR_HEADER_SIZE_U16; + } else if (cbor_short_size == CBOR_LONG_SIZE_U32) { + if (cbor_object_size < CBOR_HEADER_SIZE_U32) + return -EFAULT; + /* 4 bytes */ + array_len = cbor_object[1] << 24 | + cbor_object[2] << 16 | + cbor_object[3] << 8 | + cbor_object[4]; + array_offset = CBOR_HEADER_SIZE_U32; + } else if (cbor_short_size == CBOR_LONG_SIZE_U64) { + if (cbor_object_size < CBOR_HEADER_SIZE_U64) + return -EFAULT; + /* 8 bytes */ + array_len = (u64) cbor_object[1] << 56 | + (u64) cbor_object[2] << 48 | + (u64) cbor_object[3] << 40 | + (u64) cbor_object[4] << 32 | + (u64) cbor_object[5] << 24 | + (u64) cbor_object[6] << 16 | + (u64) cbor_object[7] << 8 | + (u64) cbor_object[8]; + array_offset = CBOR_HEADER_SIZE_U64; + } + + if (cbor_object_size < array_offset) + return -EFAULT; + + if (cbor_object_size - array_offset < array_len) + return -EFAULT; + + if (array_len > INT_MAX) + return -EFAULT; + + *cbor_array = cbor_object + array_offset; + return array_len; +} + +static int nsm_rng_read(struct hwrng *rng, void *data, size_t max, bool wait) +{ + struct nsm_rng_info *nsm_rng_info = (struct nsm_rng_info *)rng; + struct nsm_kernel_message message = {}; + int rc = 0; + u8 *resp_ptr = NULL; + u64 resp_len = 0; + u8 *rand_data = NULL; + /* + * 69 # text(9) + * 47657452616E646F6D # "GetRandom" + */ + const u8 request[] = { CBOR_TYPE_TEXT + strlen("GetRandom"), + 'G', 'e', 't', 'R', 'a', 'n', 'd', 'o', 'm' }; + /* + * A1 # map(1) + * 69 # text(9) - Name of field + * 47657452616E646F6D # "GetRandom" + * A1 # map(1) - The field itself + * 66 # text(6) + * 72616E646F6D # "random" + * # The rest of the response should be a byte array + */ + const u8 response[] = { CBOR_TYPE_MAP + 1, + CBOR_TYPE_TEXT + strlen("GetRandom"), + 'G', 'e', 't', 'R', 'a', 'n', 'd', 'o', 'm', + CBOR_TYPE_MAP + 1, + CBOR_TYPE_TEXT + strlen("random"), + 'r', 'a', 'n', 'd', 'o', 'm' }; + + /* NSM always needs to wait for a response */ + if (!wait) + return 0; + + /* Set request message */ + message.request.iov_len = sizeof(request); + message.request.iov_base = kmalloc(message.request.iov_len, GFP_KERNEL); + if (message.request.iov_base == NULL) + goto out; + memcpy(message.request.iov_base, request, sizeof(request)); + + /* Allocate space for response */ + message.response.iov_len = NSM_RESPONSE_MAX_SIZE; + message.response.iov_base = kmalloc(message.response.iov_len, GFP_KERNEL); + if (message.response.iov_base == NULL) + goto out; + + /* Send/receive message */ + rc = nsm_communicate_with_device(nsm_rng_info->vdev, &message); + if (rc != 0) + goto out; + + resp_ptr = (u8 *) message.response.iov_base; + resp_len = message.response.iov_len; + + if (resp_len < sizeof(response) + 1) { + pr_err("NSM RNG: Received short response from NSM: Possible error message or invalid response"); + rc = -EFAULT; + goto out; + } + + if (memcmp(resp_ptr, response, sizeof(response)) != 0) { + pr_err("NSM RNG: Invalid response header: Possible error message or invalid response"); + rc = -EFAULT; + goto out; + } + + resp_ptr += sizeof(response); + resp_len -= sizeof(response); + + if (!cbor_object_is_array(resp_ptr, resp_len)) { + /* not a byte array */ + pr_err("NSM RNG: Invalid response type: Expecting a byte array response"); + rc = -EFAULT; + goto out; + } + + rc = cbor_object_get_array(resp_ptr, resp_len, &rand_data); + if (rc < 0) { + pr_err("NSM RNG: Invalid CBOR encoding\n"); + goto out; + } + + max = max > INT_MAX ? INT_MAX : max; + rc = rc > max ? max : rc; + memcpy(data, rand_data, rc); + + pr_debug("NSM RNG: returning rand bytes = %d\n", rc); +out: + kfree(message.request.iov_base); + kfree(message.response.iov_base); + return rc; +} + +static struct nsm_rng_info nsm_rng_info = { + .hwrng = { + .read = nsm_rng_read, + .name = "nsm-hwrng", + .quality = 1000, + }, +}; + +static int nsm_rng_probe(struct virtio_device *vdev) +{ + int rc; + + if (nsm_rng_info.vdev) + return -EEXIST; + + nsm_rng_info.vdev = vdev; + rc = devm_hwrng_register(&vdev->dev, &nsm_rng_info.hwrng); + + if (rc) { + pr_err("NSM RNG initialization error: %d.\n", rc); + return rc; + } + + return 0; +} + +static void nsm_rng_remove(struct virtio_device *vdev) +{ + hwrng_unregister(&nsm_rng_info.hwrng); + nsm_rng_info.vdev = NULL; +} + +struct nsm_hwrng nsm_hwrng = { + .probe = nsm_rng_probe, + .remove = nsm_rng_remove, +}; + +static int __init nsm_rng_init(void) +{ + return nsm_register_hwrng(&nsm_hwrng); +} + +static void __exit nsm_rng_exit(void) +{ + nsm_unregister_hwrng(&nsm_hwrng); +} + +module_init(nsm_rng_init); +module_exit(nsm_rng_exit); + +#ifdef MODULE +static const struct virtio_device_id nsm_id_table[] = { + { VIRTIO_ID_NITRO_SEC_MOD, VIRTIO_DEV_ANY_ID }, + { 0 }, +}; +#endif + +MODULE_DEVICE_TABLE(virtio, nsm_id_table); +MODULE_DESCRIPTION("Virtio NSM RNG driver"); +MODULE_LICENSE("GPL");