mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/chenhuacai/linux-loongson
synced 2025-08-27 15:36:48 +00:00
88caf544c9
Version 2 of GHCB specification added support for the SNP Guest Request
Message NAE event. The event allows for an SEV-SNP guest to make
requests to the SEV-SNP firmware through the hypervisor using the
SNP_GUEST_REQUEST API defined in the SEV-SNP firmware specification.
This is used by guests primarily to request attestation reports from
firmware. There are other request types are available as well, but the
specifics of what guest requests are being made generally does not
affect how they are handled by the hypervisor, which only serves as a
proxy for the guest requests and firmware responses.
Implement handling for these events.
When an SNP Guest Request is issued, the guest will provide its own
request/response pages, which could in theory be passed along directly
to firmware. However, these pages would need special care:
- Both pages are from shared guest memory, so they need to be
protected from migration/etc. occurring while firmware reads/writes
to them. At a minimum, this requires elevating the ref counts and
potentially needing an explicit pinning of the memory. This places
additional restrictions on what type of memory backends userspace
can use for shared guest memory since there would be some reliance
on using refcounted pages.
- The response page needs to be switched to Firmware-owned state
before the firmware can write to it, which can lead to potential
host RMP #PFs if the guest is misbehaved and hands the host a
guest page that KVM is writing to for other reasons (e.g. virtio
buffers).
Both of these issues can be avoided completely by using
separately-allocated bounce pages for both the request/response pages
and passing those to firmware instead. So that's the approach taken
here.
Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
Co-developed-by: Alexey Kardashevskiy <aik@amd.com>
Signed-off-by: Alexey Kardashevskiy <aik@amd.com>
Co-developed-by: Ashish Kalra <ashish.kalra@amd.com>
Signed-off-by: Ashish Kalra <ashish.kalra@amd.com>
Reviewed-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Liam Merwick <liam.merwick@oracle.com>
[mdr: ensure FW command failures are indicated to guest, drop extended
request handling to be re-written as separate patch, massage commit]
Signed-off-by: Michael Roth <michael.roth@amd.com>
Message-ID: <20240701223148.3798365-2-michael.roth@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
100 lines
2.5 KiB
C
100 lines
2.5 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only WITH Linux-syscall-note */
|
|
/*
|
|
* Userspace interface for AMD SEV and SNP guest driver.
|
|
*
|
|
* Copyright (C) 2021 Advanced Micro Devices, Inc.
|
|
*
|
|
* Author: Brijesh Singh <brijesh.singh@amd.com>
|
|
*
|
|
* SEV API specification is available at: https://developer.amd.com/sev/
|
|
*/
|
|
|
|
#ifndef __UAPI_LINUX_SEV_GUEST_H_
|
|
#define __UAPI_LINUX_SEV_GUEST_H_
|
|
|
|
#include <linux/types.h>
|
|
|
|
#define SNP_REPORT_USER_DATA_SIZE 64
|
|
|
|
struct snp_report_req {
|
|
/* user data that should be included in the report */
|
|
__u8 user_data[SNP_REPORT_USER_DATA_SIZE];
|
|
|
|
/* The vmpl level to be included in the report */
|
|
__u32 vmpl;
|
|
|
|
/* Must be zero filled */
|
|
__u8 rsvd[28];
|
|
};
|
|
|
|
struct snp_report_resp {
|
|
/* response data, see SEV-SNP spec for the format */
|
|
__u8 data[4000];
|
|
};
|
|
|
|
struct snp_derived_key_req {
|
|
__u32 root_key_select;
|
|
__u32 rsvd;
|
|
__u64 guest_field_select;
|
|
__u32 vmpl;
|
|
__u32 guest_svn;
|
|
__u64 tcb_version;
|
|
};
|
|
|
|
struct snp_derived_key_resp {
|
|
/* response data, see SEV-SNP spec for the format */
|
|
__u8 data[64];
|
|
};
|
|
|
|
struct snp_guest_request_ioctl {
|
|
/* message version number (must be non-zero) */
|
|
__u8 msg_version;
|
|
|
|
/* Request and response structure address */
|
|
__u64 req_data;
|
|
__u64 resp_data;
|
|
|
|
/* bits[63:32]: VMM error code, bits[31:0] firmware error code (see psp-sev.h) */
|
|
union {
|
|
__u64 exitinfo2;
|
|
struct {
|
|
__u32 fw_error;
|
|
__u32 vmm_error;
|
|
};
|
|
};
|
|
};
|
|
|
|
struct snp_ext_report_req {
|
|
struct snp_report_req data;
|
|
|
|
/* where to copy the certificate blob */
|
|
__u64 certs_address;
|
|
|
|
/* length of the certificate blob */
|
|
__u32 certs_len;
|
|
};
|
|
|
|
#define SNP_GUEST_REQ_IOC_TYPE 'S'
|
|
|
|
/* Get SNP attestation report */
|
|
#define SNP_GET_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x0, struct snp_guest_request_ioctl)
|
|
|
|
/* Get a derived key from the root */
|
|
#define SNP_GET_DERIVED_KEY _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x1, struct snp_guest_request_ioctl)
|
|
|
|
/* Get SNP extended report as defined in the GHCB specification version 2. */
|
|
#define SNP_GET_EXT_REPORT _IOWR(SNP_GUEST_REQ_IOC_TYPE, 0x2, struct snp_guest_request_ioctl)
|
|
|
|
/* Guest message request EXIT_INFO_2 constants */
|
|
#define SNP_GUEST_FW_ERR_MASK GENMASK_ULL(31, 0)
|
|
#define SNP_GUEST_VMM_ERR_SHIFT 32
|
|
#define SNP_GUEST_VMM_ERR(x) (((u64)x) << SNP_GUEST_VMM_ERR_SHIFT)
|
|
#define SNP_GUEST_FW_ERR(x) ((x) & SNP_GUEST_FW_ERR_MASK)
|
|
#define SNP_GUEST_ERR(vmm_err, fw_err) (SNP_GUEST_VMM_ERR(vmm_err) | \
|
|
SNP_GUEST_FW_ERR(fw_err))
|
|
|
|
#define SNP_GUEST_VMM_ERR_INVALID_LEN 1
|
|
#define SNP_GUEST_VMM_ERR_BUSY 2
|
|
|
|
#endif /* __UAPI_LINUX_SEV_GUEST_H_ */
|