The sev_get_attestation_report is called by qemu-kvm to get sev attestation report. However, getting the sev attestation report is a general function, the need for host program to get the sev attestation report by interacting with /dev/sev device exists. Considering this need, it is more reasonable to move the main implementation of sev_get_attestation_report into sev_do_get_report defined in the ccp driver. Any host program getting the guest firmware handle can directly interact with the sev device based on sev_do_get_report to get the sev attestation report. In addition, after moving the general code of sev_get_attestation_report to the ccp, move the check for sev fd in __sev_issue_cmd to the sev_get_attestation_report function is necessary. Signed-off-by: Shirong Hao <shirong@xxxxxxxxxxxxxxxxx> --- arch/x86/kvm/svm/sev.c | 49 ++++--------------------------- drivers/crypto/ccp/sev-dev.c | 56 ++++++++++++++++++++++++++++++++++++ include/linux/psp-sev.h | 7 +++++ 3 files changed, 69 insertions(+), 43 deletions(-) diff --git a/arch/x86/kvm/svm/sev.c b/arch/x86/kvm/svm/sev.c index 7656a2c5662a..016acc96c5dc 100644 --- a/arch/x86/kvm/svm/sev.c +++ b/arch/x86/kvm/svm/sev.c @@ -1066,10 +1066,8 @@ static int sev_get_attestation_report(struct kvm *kvm, struct kvm_sev_cmd *argp) { void __user *report = (void __user *)(uintptr_t)argp->data; struct kvm_sev_info *sev = &to_kvm_svm(kvm)->sev_info; - struct sev_data_attestation_report data; struct kvm_sev_attestation_report params; - void __user *p; - void *blob = NULL; + struct fd f; int ret; if (!sev_guest(kvm)) @@ -1078,48 +1076,13 @@ static int sev_get_attestation_report(struct kvm *kvm, struct kvm_sev_cmd *argp) if (copy_from_user(¶ms, (void __user *)(uintptr_t)argp->data, sizeof(params))) return -EFAULT; - memset(&data, 0, sizeof(data)); - - /* User wants to query the blob length */ - if (!params.len) - goto cmd; - - p = (void __user *)(uintptr_t)params.uaddr; - if (p) { - if (params.len > SEV_FW_BLOB_MAX_SIZE) - return -EINVAL; - - blob = kmalloc(params.len, GFP_KERNEL_ACCOUNT); - if (!blob) - return -ENOMEM; - - data.address = __psp_pa(blob); - data.len = params.len; - memcpy(data.mnonce, params.mnonce, sizeof(params.mnonce)); - } -cmd: - data.handle = sev->handle; - ret = sev_issue_cmd(kvm, SEV_CMD_ATTESTATION_REPORT, &data, &argp->error); - /* - * If we query the session length, FW responded with expected data. - */ - if (!params.len) - goto done; - - if (ret) - goto e_free_blob; + f = fdget(sev->fd); + if (!f.file) + return -EBADF; - if (blob) { - if (copy_to_user(p, blob, params.len)) - ret = -EFAULT; - } + ret = sev_do_get_report(report, ¶ms, f.file, sev->handle, &argp->error); -done: - params.len = data.len; - if (copy_to_user(report, ¶ms, sizeof(params))) - ret = -EFAULT; -e_free_blob: - kfree(blob); + fdput(f); return ret; } diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c index e09925d86bf3..2f6b81742d28 100644 --- a/drivers/crypto/ccp/sev-dev.c +++ b/drivers/crypto/ccp/sev-dev.c @@ -22,6 +22,7 @@ #include <linux/firmware.h> #include <linux/gfp.h> #include <linux/cpufeature.h> +#include <linux/kvm.h> #include <asm/smp.h> @@ -384,6 +385,61 @@ static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp) return ret; } +int sev_do_get_report(void __user *report, struct kvm_sev_attestation_report *input, + struct file *filep, u32 handle, u32 *error) +{ + struct sev_data_attestation_report data; + void __user *p; + void *blob = NULL; + int ret; + + memset(&data, 0, sizeof(data)); + + /* User wants to query the blob length */ + if (!input->len) + goto cmd; + + p = (void __user *)(uintptr_t)input->uaddr; + if (p) { + if (input->len > SEV_FW_BLOB_MAX_SIZE) + return -EINVAL; + + blob = kmalloc(input->len, GFP_KERNEL_ACCOUNT); + if (!blob) + return -ENOMEM; + + data.address = __psp_pa(blob); + data.len = input->len; + memcpy(data.mnonce, input->mnonce, sizeof(input->mnonce)); + } +cmd: + data.handle = handle; + ret = sev_issue_cmd_external_user(filep, SEV_CMD_ATTESTATION_REPORT, &data, error); + + /* + * If we query the session length, FW responded with expected data. + */ + if (!input->len) + goto done; + + if (ret) + goto e_free_blob; + + if (blob) { + if (copy_to_user(p, blob, input->len)) + ret = -EFAULT; + } + +done: + input->len = data.len; + if (copy_to_user(report, input, sizeof(*input))) + ret = -EFAULT; +e_free_blob: + kfree(blob); + return ret; +} +EXPORT_SYMBOL_GPL(sev_do_get_report); + static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp, bool writable) { struct sev_device *sev = psp_master->sev_data; diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h index d48a7192e881..0cbf39a7d116 100644 --- a/include/linux/psp-sev.h +++ b/include/linux/psp-sev.h @@ -541,6 +541,9 @@ int sev_platform_init(int *error); */ int sev_platform_status(struct sev_user_data_status *status, int *error); +int sev_do_get_report(void __user *report, struct kvm_sev_attestation_report *input, + struct file *filep, u32 handle, u32 *error); + /** * sev_issue_cmd_external_user - issue SEV command by other driver with a file * handle. @@ -649,6 +652,10 @@ sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); } +static inline int +sev_do_get_report(void __user *report, struct kvm_sev_attestation_report *input, + struct file *filep, u32 handle, u32 *error) { return -ENODEV; } + #endif /* CONFIG_CRYPTO_DEV_SP_PSP */ #endif /* __PSP_SEV_H__ */ -- 2.27.0