1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * AMD Secure Encrypted Virtualization (SEV) guest driver interface 4 * 5 * Copyright (C) 2021 Advanced Micro Devices, Inc. 6 * 7 * Author: Brijesh Singh <brijesh.singh@amd.com> 8 */ 9 10 #include <linux/module.h> 11 #include <linux/kernel.h> 12 #include <linux/types.h> 13 #include <linux/mutex.h> 14 #include <linux/io.h> 15 #include <linux/platform_device.h> 16 #include <linux/miscdevice.h> 17 #include <linux/set_memory.h> 18 #include <linux/fs.h> 19 #include <crypto/aead.h> 20 #include <linux/scatterlist.h> 21 #include <linux/psp-sev.h> 22 #include <uapi/linux/sev-guest.h> 23 #include <uapi/linux/psp-sev.h> 24 25 #include <asm/svm.h> 26 #include <asm/sev.h> 27 28 #include "sev-guest.h" 29 30 #define DEVICE_NAME "sev-guest" 31 #define AAD_LEN 48 32 #define MSG_HDR_VER 1 33 34 struct snp_guest_crypto { 35 struct crypto_aead *tfm; 36 u8 *iv, *authtag; 37 int iv_len, a_len; 38 }; 39 40 struct snp_guest_dev { 41 struct device *dev; 42 struct miscdevice misc; 43 44 void *certs_data; 45 struct snp_guest_crypto *crypto; 46 struct snp_guest_msg *request, *response; 47 struct snp_secrets_page_layout *layout; 48 struct snp_req_data input; 49 u32 *os_area_msg_seqno; 50 u8 *vmpck; 51 }; 52 53 static u32 vmpck_id; 54 module_param(vmpck_id, uint, 0444); 55 MODULE_PARM_DESC(vmpck_id, "The VMPCK ID to use when communicating with the PSP."); 56 57 /* Mutex to serialize the shared buffer access and command handling. */ 58 static DEFINE_MUTEX(snp_cmd_mutex); 59 60 static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) 61 { 62 char zero_key[VMPCK_KEY_LEN] = {0}; 63 64 if (snp_dev->vmpck) 65 return !memcmp(snp_dev->vmpck, zero_key, VMPCK_KEY_LEN); 66 67 return true; 68 } 69 70 static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) 71 { 72 memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); 73 snp_dev->vmpck = NULL; 74 } 75 76 static inline u64 __snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 77 { 78 u64 count; 79 80 lockdep_assert_held(&snp_cmd_mutex); 81 82 /* Read the current message sequence counter from secrets pages */ 83 count = *snp_dev->os_area_msg_seqno; 84 85 return count + 1; 86 } 87 88 /* Return a non-zero on success */ 89 static u64 snp_get_msg_seqno(struct snp_guest_dev *snp_dev) 90 { 91 u64 count = __snp_get_msg_seqno(snp_dev); 92 93 /* 94 * The message sequence counter for the SNP guest request is a 64-bit 95 * value but the version 2 of GHCB specification defines a 32-bit storage 96 * for it. If the counter exceeds the 32-bit value then return zero. 97 * The caller should check the return value, but if the caller happens to 98 * not check the value and use it, then the firmware treats zero as an 99 * invalid number and will fail the message request. 100 */ 101 if (count >= UINT_MAX) { 102 dev_err(snp_dev->dev, "request message sequence counter overflow\n"); 103 return 0; 104 } 105 106 return count; 107 } 108 109 static void snp_inc_msg_seqno(struct snp_guest_dev *snp_dev) 110 { 111 /* 112 * The counter is also incremented by the PSP, so increment it by 2 113 * and save in secrets page. 114 */ 115 *snp_dev->os_area_msg_seqno += 2; 116 } 117 118 static inline struct snp_guest_dev *to_snp_dev(struct file *file) 119 { 120 struct miscdevice *dev = file->private_data; 121 122 return container_of(dev, struct snp_guest_dev, misc); 123 } 124 125 static struct snp_guest_crypto *init_crypto(struct snp_guest_dev *snp_dev, u8 *key, size_t keylen) 126 { 127 struct snp_guest_crypto *crypto; 128 129 crypto = kzalloc(sizeof(*crypto), GFP_KERNEL_ACCOUNT); 130 if (!crypto) 131 return NULL; 132 133 crypto->tfm = crypto_alloc_aead("gcm(aes)", 0, 0); 134 if (IS_ERR(crypto->tfm)) 135 goto e_free; 136 137 if (crypto_aead_setkey(crypto->tfm, key, keylen)) 138 goto e_free_crypto; 139 140 crypto->iv_len = crypto_aead_ivsize(crypto->tfm); 141 crypto->iv = kmalloc(crypto->iv_len, GFP_KERNEL_ACCOUNT); 142 if (!crypto->iv) 143 goto e_free_crypto; 144 145 if (crypto_aead_authsize(crypto->tfm) > MAX_AUTHTAG_LEN) { 146 if (crypto_aead_setauthsize(crypto->tfm, MAX_AUTHTAG_LEN)) { 147 dev_err(snp_dev->dev, "failed to set authsize to %d\n", MAX_AUTHTAG_LEN); 148 goto e_free_iv; 149 } 150 } 151 152 crypto->a_len = crypto_aead_authsize(crypto->tfm); 153 crypto->authtag = kmalloc(crypto->a_len, GFP_KERNEL_ACCOUNT); 154 if (!crypto->authtag) 155 goto e_free_auth; 156 157 return crypto; 158 159 e_free_auth: 160 kfree(crypto->authtag); 161 e_free_iv: 162 kfree(crypto->iv); 163 e_free_crypto: 164 crypto_free_aead(crypto->tfm); 165 e_free: 166 kfree(crypto); 167 168 return NULL; 169 } 170 171 static void deinit_crypto(struct snp_guest_crypto *crypto) 172 { 173 crypto_free_aead(crypto->tfm); 174 kfree(crypto->iv); 175 kfree(crypto->authtag); 176 kfree(crypto); 177 } 178 179 static int enc_dec_message(struct snp_guest_crypto *crypto, struct snp_guest_msg *msg, 180 u8 *src_buf, u8 *dst_buf, size_t len, bool enc) 181 { 182 struct snp_guest_msg_hdr *hdr = &msg->hdr; 183 struct scatterlist src[3], dst[3]; 184 DECLARE_CRYPTO_WAIT(wait); 185 struct aead_request *req; 186 int ret; 187 188 req = aead_request_alloc(crypto->tfm, GFP_KERNEL); 189 if (!req) 190 return -ENOMEM; 191 192 /* 193 * AEAD memory operations: 194 * +------ AAD -------+------- DATA -----+---- AUTHTAG----+ 195 * | msg header | plaintext | hdr->authtag | 196 * | bytes 30h - 5Fh | or | | 197 * | | cipher | | 198 * +------------------+------------------+----------------+ 199 */ 200 sg_init_table(src, 3); 201 sg_set_buf(&src[0], &hdr->algo, AAD_LEN); 202 sg_set_buf(&src[1], src_buf, hdr->msg_sz); 203 sg_set_buf(&src[2], hdr->authtag, crypto->a_len); 204 205 sg_init_table(dst, 3); 206 sg_set_buf(&dst[0], &hdr->algo, AAD_LEN); 207 sg_set_buf(&dst[1], dst_buf, hdr->msg_sz); 208 sg_set_buf(&dst[2], hdr->authtag, crypto->a_len); 209 210 aead_request_set_ad(req, AAD_LEN); 211 aead_request_set_tfm(req, crypto->tfm); 212 aead_request_set_callback(req, 0, crypto_req_done, &wait); 213 214 aead_request_set_crypt(req, src, dst, len, crypto->iv); 215 ret = crypto_wait_req(enc ? crypto_aead_encrypt(req) : crypto_aead_decrypt(req), &wait); 216 217 aead_request_free(req); 218 return ret; 219 } 220 221 static int __enc_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 222 void *plaintext, size_t len) 223 { 224 struct snp_guest_crypto *crypto = snp_dev->crypto; 225 struct snp_guest_msg_hdr *hdr = &msg->hdr; 226 227 memset(crypto->iv, 0, crypto->iv_len); 228 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 229 230 return enc_dec_message(crypto, msg, plaintext, msg->payload, len, true); 231 } 232 233 static int dec_payload(struct snp_guest_dev *snp_dev, struct snp_guest_msg *msg, 234 void *plaintext, size_t len) 235 { 236 struct snp_guest_crypto *crypto = snp_dev->crypto; 237 struct snp_guest_msg_hdr *hdr = &msg->hdr; 238 239 /* Build IV with response buffer sequence number */ 240 memset(crypto->iv, 0, crypto->iv_len); 241 memcpy(crypto->iv, &hdr->msg_seqno, sizeof(hdr->msg_seqno)); 242 243 return enc_dec_message(crypto, msg, msg->payload, plaintext, len, false); 244 } 245 246 static int verify_and_dec_payload(struct snp_guest_dev *snp_dev, void *payload, u32 sz) 247 { 248 struct snp_guest_crypto *crypto = snp_dev->crypto; 249 struct snp_guest_msg *resp = snp_dev->response; 250 struct snp_guest_msg *req = snp_dev->request; 251 struct snp_guest_msg_hdr *req_hdr = &req->hdr; 252 struct snp_guest_msg_hdr *resp_hdr = &resp->hdr; 253 254 dev_dbg(snp_dev->dev, "response [seqno %lld type %d version %d sz %d]\n", 255 resp_hdr->msg_seqno, resp_hdr->msg_type, resp_hdr->msg_version, resp_hdr->msg_sz); 256 257 /* Verify that the sequence counter is incremented by 1 */ 258 if (unlikely(resp_hdr->msg_seqno != (req_hdr->msg_seqno + 1))) 259 return -EBADMSG; 260 261 /* Verify response message type and version number. */ 262 if (resp_hdr->msg_type != (req_hdr->msg_type + 1) || 263 resp_hdr->msg_version != req_hdr->msg_version) 264 return -EBADMSG; 265 266 /* 267 * If the message size is greater than our buffer length then return 268 * an error. 269 */ 270 if (unlikely((resp_hdr->msg_sz + crypto->a_len) > sz)) 271 return -EBADMSG; 272 273 /* Decrypt the payload */ 274 return dec_payload(snp_dev, resp, payload, resp_hdr->msg_sz + crypto->a_len); 275 } 276 277 static int enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type, 278 void *payload, size_t sz) 279 { 280 struct snp_guest_msg *req = snp_dev->request; 281 struct snp_guest_msg_hdr *hdr = &req->hdr; 282 283 memset(req, 0, sizeof(*req)); 284 285 hdr->algo = SNP_AEAD_AES_256_GCM; 286 hdr->hdr_version = MSG_HDR_VER; 287 hdr->hdr_sz = sizeof(*hdr); 288 hdr->msg_type = type; 289 hdr->msg_version = version; 290 hdr->msg_seqno = seqno; 291 hdr->msg_vmpck = vmpck_id; 292 hdr->msg_sz = sz; 293 294 /* Verify the sequence number is non-zero */ 295 if (!hdr->msg_seqno) 296 return -ENOSR; 297 298 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n", 299 hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz); 300 301 return __enc_payload(snp_dev, req, payload, sz); 302 } 303 304 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver, 305 u8 type, void *req_buf, size_t req_sz, void *resp_buf, 306 u32 resp_sz, __u64 *fw_err) 307 { 308 unsigned long err; 309 u64 seqno; 310 int rc; 311 312 /* Get message sequence and verify that its a non-zero */ 313 seqno = snp_get_msg_seqno(snp_dev); 314 if (!seqno) 315 return -EIO; 316 317 memset(snp_dev->response, 0, sizeof(struct snp_guest_msg)); 318 319 /* Encrypt the userspace provided payload */ 320 rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz); 321 if (rc) 322 return rc; 323 324 /* Call firmware to process the request */ 325 rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err); 326 if (fw_err) 327 *fw_err = err; 328 329 if (rc) 330 return rc; 331 332 /* 333 * The verify_and_dec_payload() will fail only if the hypervisor is 334 * actively modifying the message header or corrupting the encrypted payload. 335 * This hints that hypervisor is acting in a bad faith. Disable the VMPCK so that 336 * the key cannot be used for any communication. The key is disabled to ensure 337 * that AES-GCM does not use the same IV while encrypting the request payload. 338 */ 339 rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz); 340 if (rc) { 341 dev_alert(snp_dev->dev, 342 "Detected unexpected decode failure, disabling the vmpck_id %d\n", 343 vmpck_id); 344 snp_disable_vmpck(snp_dev); 345 return rc; 346 } 347 348 /* Increment to new message sequence after payload decryption was successful. */ 349 snp_inc_msg_seqno(snp_dev); 350 351 return 0; 352 } 353 354 static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 355 { 356 struct snp_guest_crypto *crypto = snp_dev->crypto; 357 struct snp_report_resp *resp; 358 struct snp_report_req req; 359 int rc, resp_len; 360 361 lockdep_assert_held(&snp_cmd_mutex); 362 363 if (!arg->req_data || !arg->resp_data) 364 return -EINVAL; 365 366 if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) 367 return -EFAULT; 368 369 /* 370 * The intermediate response buffer is used while decrypting the 371 * response payload. Make sure that it has enough space to cover the 372 * authtag. 373 */ 374 resp_len = sizeof(resp->data) + crypto->a_len; 375 resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 376 if (!resp) 377 return -ENOMEM; 378 379 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, 380 SNP_MSG_REPORT_REQ, &req, sizeof(req), resp->data, 381 resp_len, &arg->fw_err); 382 if (rc) 383 goto e_free; 384 385 if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) 386 rc = -EFAULT; 387 388 e_free: 389 kfree(resp); 390 return rc; 391 } 392 393 static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 394 { 395 struct snp_guest_crypto *crypto = snp_dev->crypto; 396 struct snp_derived_key_resp resp = {0}; 397 struct snp_derived_key_req req; 398 int rc, resp_len; 399 /* Response data is 64 bytes and max authsize for GCM is 16 bytes. */ 400 u8 buf[64 + 16]; 401 402 lockdep_assert_held(&snp_cmd_mutex); 403 404 if (!arg->req_data || !arg->resp_data) 405 return -EINVAL; 406 407 /* 408 * The intermediate response buffer is used while decrypting the 409 * response payload. Make sure that it has enough space to cover the 410 * authtag. 411 */ 412 resp_len = sizeof(resp.data) + crypto->a_len; 413 if (sizeof(buf) < resp_len) 414 return -ENOMEM; 415 416 if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) 417 return -EFAULT; 418 419 rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, arg->msg_version, 420 SNP_MSG_KEY_REQ, &req, sizeof(req), buf, resp_len, 421 &arg->fw_err); 422 if (rc) 423 return rc; 424 425 memcpy(resp.data, buf, sizeof(resp.data)); 426 if (copy_to_user((void __user *)arg->resp_data, &resp, sizeof(resp))) 427 rc = -EFAULT; 428 429 /* The response buffer contains the sensitive data, explicitly clear it. */ 430 memzero_explicit(buf, sizeof(buf)); 431 memzero_explicit(&resp, sizeof(resp)); 432 return rc; 433 } 434 435 static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) 436 { 437 struct snp_guest_crypto *crypto = snp_dev->crypto; 438 struct snp_ext_report_req req; 439 struct snp_report_resp *resp; 440 int ret, npages = 0, resp_len; 441 442 lockdep_assert_held(&snp_cmd_mutex); 443 444 if (!arg->req_data || !arg->resp_data) 445 return -EINVAL; 446 447 if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) 448 return -EFAULT; 449 450 /* userspace does not want certificate data */ 451 if (!req.certs_len || !req.certs_address) 452 goto cmd; 453 454 if (req.certs_len > SEV_FW_BLOB_MAX_SIZE || 455 !IS_ALIGNED(req.certs_len, PAGE_SIZE)) 456 return -EINVAL; 457 458 if (!access_ok((const void __user *)req.certs_address, req.certs_len)) 459 return -EFAULT; 460 461 /* 462 * Initialize the intermediate buffer with all zeros. This buffer 463 * is used in the guest request message to get the certs blob from 464 * the host. If host does not supply any certs in it, then copy 465 * zeros to indicate that certificate data was not provided. 466 */ 467 memset(snp_dev->certs_data, 0, req.certs_len); 468 npages = req.certs_len >> PAGE_SHIFT; 469 cmd: 470 /* 471 * The intermediate response buffer is used while decrypting the 472 * response payload. Make sure that it has enough space to cover the 473 * authtag. 474 */ 475 resp_len = sizeof(resp->data) + crypto->a_len; 476 resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT); 477 if (!resp) 478 return -ENOMEM; 479 480 snp_dev->input.data_npages = npages; 481 ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version, 482 SNP_MSG_REPORT_REQ, &req.data, 483 sizeof(req.data), resp->data, resp_len, &arg->fw_err); 484 485 /* If certs length is invalid then copy the returned length */ 486 if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) { 487 req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; 488 489 if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) 490 ret = -EFAULT; 491 } 492 493 if (ret) 494 goto e_free; 495 496 if (npages && 497 copy_to_user((void __user *)req.certs_address, snp_dev->certs_data, 498 req.certs_len)) { 499 ret = -EFAULT; 500 goto e_free; 501 } 502 503 if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) 504 ret = -EFAULT; 505 506 e_free: 507 kfree(resp); 508 return ret; 509 } 510 511 static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) 512 { 513 struct snp_guest_dev *snp_dev = to_snp_dev(file); 514 void __user *argp = (void __user *)arg; 515 struct snp_guest_request_ioctl input; 516 int ret = -ENOTTY; 517 518 if (copy_from_user(&input, argp, sizeof(input))) 519 return -EFAULT; 520 521 input.fw_err = 0xff; 522 523 /* Message version must be non-zero */ 524 if (!input.msg_version) 525 return -EINVAL; 526 527 mutex_lock(&snp_cmd_mutex); 528 529 /* Check if the VMPCK is not empty */ 530 if (is_vmpck_empty(snp_dev)) { 531 dev_err_ratelimited(snp_dev->dev, "VMPCK is disabled\n"); 532 mutex_unlock(&snp_cmd_mutex); 533 return -ENOTTY; 534 } 535 536 switch (ioctl) { 537 case SNP_GET_REPORT: 538 ret = get_report(snp_dev, &input); 539 break; 540 case SNP_GET_DERIVED_KEY: 541 ret = get_derived_key(snp_dev, &input); 542 break; 543 case SNP_GET_EXT_REPORT: 544 ret = get_ext_report(snp_dev, &input); 545 break; 546 default: 547 break; 548 } 549 550 mutex_unlock(&snp_cmd_mutex); 551 552 if (input.fw_err && copy_to_user(argp, &input, sizeof(input))) 553 return -EFAULT; 554 555 return ret; 556 } 557 558 static void free_shared_pages(void *buf, size_t sz) 559 { 560 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 561 int ret; 562 563 if (!buf) 564 return; 565 566 ret = set_memory_encrypted((unsigned long)buf, npages); 567 if (ret) { 568 WARN_ONCE(ret, "failed to restore encryption mask (leak it)\n"); 569 return; 570 } 571 572 __free_pages(virt_to_page(buf), get_order(sz)); 573 } 574 575 static void *alloc_shared_pages(struct device *dev, size_t sz) 576 { 577 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT; 578 struct page *page; 579 int ret; 580 581 page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz)); 582 if (!page) 583 return NULL; 584 585 ret = set_memory_decrypted((unsigned long)page_address(page), npages); 586 if (ret) { 587 dev_err(dev, "failed to mark page shared, ret=%d\n", ret); 588 __free_pages(page, get_order(sz)); 589 return NULL; 590 } 591 592 return page_address(page); 593 } 594 595 static const struct file_operations snp_guest_fops = { 596 .owner = THIS_MODULE, 597 .unlocked_ioctl = snp_guest_ioctl, 598 }; 599 600 static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno) 601 { 602 u8 *key = NULL; 603 604 switch (id) { 605 case 0: 606 *seqno = &layout->os_area.msg_seqno_0; 607 key = layout->vmpck0; 608 break; 609 case 1: 610 *seqno = &layout->os_area.msg_seqno_1; 611 key = layout->vmpck1; 612 break; 613 case 2: 614 *seqno = &layout->os_area.msg_seqno_2; 615 key = layout->vmpck2; 616 break; 617 case 3: 618 *seqno = &layout->os_area.msg_seqno_3; 619 key = layout->vmpck3; 620 break; 621 default: 622 break; 623 } 624 625 return key; 626 } 627 628 static int __init sev_guest_probe(struct platform_device *pdev) 629 { 630 struct snp_secrets_page_layout *layout; 631 struct sev_guest_platform_data *data; 632 struct device *dev = &pdev->dev; 633 struct snp_guest_dev *snp_dev; 634 struct miscdevice *misc; 635 void __iomem *mapping; 636 int ret; 637 638 if (!dev->platform_data) 639 return -ENODEV; 640 641 data = (struct sev_guest_platform_data *)dev->platform_data; 642 mapping = ioremap_encrypted(data->secrets_gpa, PAGE_SIZE); 643 if (!mapping) 644 return -ENODEV; 645 646 layout = (__force void *)mapping; 647 648 ret = -ENOMEM; 649 snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); 650 if (!snp_dev) 651 goto e_unmap; 652 653 ret = -EINVAL; 654 snp_dev->vmpck = get_vmpck(vmpck_id, layout, &snp_dev->os_area_msg_seqno); 655 if (!snp_dev->vmpck) { 656 dev_err(dev, "invalid vmpck id %d\n", vmpck_id); 657 goto e_unmap; 658 } 659 660 /* Verify that VMPCK is not zero. */ 661 if (is_vmpck_empty(snp_dev)) { 662 dev_err(dev, "vmpck id %d is null\n", vmpck_id); 663 goto e_unmap; 664 } 665 666 platform_set_drvdata(pdev, snp_dev); 667 snp_dev->dev = dev; 668 snp_dev->layout = layout; 669 670 /* Allocate the shared page used for the request and response message. */ 671 snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 672 if (!snp_dev->request) 673 goto e_unmap; 674 675 snp_dev->response = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); 676 if (!snp_dev->response) 677 goto e_free_request; 678 679 snp_dev->certs_data = alloc_shared_pages(dev, SEV_FW_BLOB_MAX_SIZE); 680 if (!snp_dev->certs_data) 681 goto e_free_response; 682 683 ret = -EIO; 684 snp_dev->crypto = init_crypto(snp_dev, snp_dev->vmpck, VMPCK_KEY_LEN); 685 if (!snp_dev->crypto) 686 goto e_free_cert_data; 687 688 misc = &snp_dev->misc; 689 misc->minor = MISC_DYNAMIC_MINOR; 690 misc->name = DEVICE_NAME; 691 misc->fops = &snp_guest_fops; 692 693 /* initial the input address for guest request */ 694 snp_dev->input.req_gpa = __pa(snp_dev->request); 695 snp_dev->input.resp_gpa = __pa(snp_dev->response); 696 snp_dev->input.data_gpa = __pa(snp_dev->certs_data); 697 698 ret = misc_register(misc); 699 if (ret) 700 goto e_free_cert_data; 701 702 dev_info(dev, "Initialized SEV guest driver (using vmpck_id %d)\n", vmpck_id); 703 return 0; 704 705 e_free_cert_data: 706 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 707 e_free_response: 708 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 709 e_free_request: 710 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 711 e_unmap: 712 iounmap(mapping); 713 return ret; 714 } 715 716 static int __exit sev_guest_remove(struct platform_device *pdev) 717 { 718 struct snp_guest_dev *snp_dev = platform_get_drvdata(pdev); 719 720 free_shared_pages(snp_dev->certs_data, SEV_FW_BLOB_MAX_SIZE); 721 free_shared_pages(snp_dev->response, sizeof(struct snp_guest_msg)); 722 free_shared_pages(snp_dev->request, sizeof(struct snp_guest_msg)); 723 deinit_crypto(snp_dev->crypto); 724 misc_deregister(&snp_dev->misc); 725 726 return 0; 727 } 728 729 /* 730 * This driver is meant to be a common SEV guest interface driver and to 731 * support any SEV guest API. As such, even though it has been introduced 732 * with the SEV-SNP support, it is named "sev-guest". 733 */ 734 static struct platform_driver sev_guest_driver = { 735 .remove = __exit_p(sev_guest_remove), 736 .driver = { 737 .name = "sev-guest", 738 }, 739 }; 740 741 module_platform_driver_probe(sev_guest_driver, sev_guest_probe); 742 743 MODULE_AUTHOR("Brijesh Singh <brijesh.singh@amd.com>"); 744 MODULE_LICENSE("GPL"); 745 MODULE_VERSION("1.0.0"); 746 MODULE_DESCRIPTION("AMD SEV Guest Driver"); 747