| blob | 2b83fb6dc1d76ba5e35b0ba5dd8cbcc1c53bc307 |
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright IBM Corp. 2022, 2024
4 * Author(s): Steffen Eiden <seiden@linux.ibm.com>
5 *
6 * This file provides a Linux misc device to give userspace access to some
7 * Ultravisor (UV) functions. The device only accepts IOCTLs and will only
8 * be present if the Ultravisor facility (158) is present.
9 *
10 * When userspace sends a valid IOCTL uvdevice will copy the input data to
11 * kernel space, do some basic validity checks to avoid kernel/system
12 * corruption. Any other check that the Ultravisor does will not be done by
13 * the uvdevice to keep changes minimal when adding new functionalities
14 * to existing UV-calls.
15 * After the checks uvdevice builds a corresponding
16 * Ultravisor Call Control Block, and sends the request to the Ultravisor.
17 * Then, it copies the response, including the return codes, back to userspace.
18 * It is the responsibility of the userspace to check for any error issued
19 * by UV and to interpret the UV response. The uvdevice acts as a communication
20 * channel for userspace to the Ultravisor.
21 */
23 #include <linux/module.h>
24 #include <linux/kernel.h>
25 #include <linux/miscdevice.h>
26 #include <linux/types.h>
27 #include <linux/stddef.h>
28 #include <linux/vmalloc.h>
29 #include <linux/slab.h>
30 #include <linux/cpufeature.h>
32 #include <asm/uvdevice.h>
33 #include <asm/uv.h>
35 #define BIT_UVIO_INTERNAL U32_MAX
36 /* Mapping from IOCTL-nr to UVC-bit */
44 };
50 };
53 {
62 }
63 }
65 /**
66 * uvio_uvdev_info() - Get information about the uvdevice
67 *
68 * @uv_ioctl: ioctl control block
69 *
70 * Lists all IOCTLs that are supported by this uvdevice
71 *
72 * Return: 0 on success or a negative error code on error
73 */
75 {
85 }
89 {
107 }
113 {
129 }
132 {
151 }
153 /**
154 * uvio_attestation() - Perform a Retrieve Attestation Measurement UVC.
155 *
156 * @uv_ioctl: ioctl control block
157 *
158 * uvio_attestation() does a Retrieve Attestation Measurement Ultravisor Call.
159 * It verifies that the given userspace addresses are valid and request sizes
160 * are sane. Every other check is made by the Ultravisor (UV) and won't result
161 * in a negative return value. It copies the input to kernelspace, builds the
162 * request, sends the UV-call, and copies the result to userspace.
163 *
164 * The Attestation Request has two input and two outputs.
165 * ARCB and User Data are inputs for the UV generated by userspace.
166 * Measurement and Additional Data are outputs for userspace generated by UV.
167 *
168 * The Attestation Request Control Block (ARCB) is a cryptographically verified
169 * and secured request to UV and User Data is some plaintext data which is
170 * going to be included in the Attestation Measurement calculation.
171 *
172 * Measurement is a cryptographic measurement of the callers properties,
173 * optional data configured by the ARCB and the user data. If specified by the
174 * ARCB, UV will add some Additional Data to the measurement calculation.
175 * This Additional Data is then returned as well.
176 *
177 * If the Retrieve Attestation Measurement UV facility is not present,
178 * UV will return invalid command rc. This won't be fenced in the driver
179 * and does not result in a negative return value.
180 *
181 * Context: might sleep
182 *
183 * Return: 0 on success or a negative error code on error
184 */
186 {
217 }
233 uvio_attest);
234 out:
241 }
243 /**
244 * uvio_add_secret() - Perform an Add Secret UVC
245 *
246 * @uv_ioctl: ioctl control block
247 *
248 * uvio_add_secret() performs the Add Secret Ultravisor Call.
249 *
250 * The given userspace argument address and size are verified to be
251 * valid but every other check is made by the Ultravisor
252 * (UV). Therefore UV errors won't result in a negative return
253 * value. The request is then copied to kernelspace, the UV-call is
254 * performed and the results are copied back to userspace.
255 *
256 * The argument has to point to an Add Secret Request Control Block
257 * which is an encrypted and cryptographically verified request that
258 * inserts a protected guest's secrets into the Ultravisor for later
259 * use.
260 *
261 * If the Add Secret UV facility is not present, UV will return
262 * invalid command rc. This won't be fenced in the driver and does not
263 * result in a negative return value.
264 *
265 * Context: might sleep
266 *
267 * Return: 0 on success or a negative error code on error
268 */
270 {
275 };
298 out:
301 }
303 /*
304 * Do the actual secret list creation. Calls the list secrets UVC until there
305 * is no more space in the user buffer, or the list ends.
306 */
308 {
336 }
338 /**
339 * uvio_list_secrets() - Perform a List Secret UVC
340 *
341 * @uv_ioctl: ioctl control block
342 *
343 * uvio_list_secrets() performs the List Secret Ultravisor Call. It verifies
344 * that the given userspace argument address is valid and its size is sane.
345 * Every other check is made by the Ultravisor (UV) and won't result in a
346 * negative return value. It builds the request, performs the UV-call, and
347 * copies the result to userspace.
348 *
349 * The argument specifies the location for the result of the UV-Call.
350 *
351 * Argument length must be a multiple of a page.
352 * The list secrets IOCTL will call the list UVC multiple times and fill
353 * the provided user-buffer with list elements until either the list ends or
354 * the buffer is full. The list header is merged over all list header from the
355 * individual UVCs.
356 *
357 * If the List Secrets UV facility is not present, UV will return invalid
358 * command rc. This won't be fenced in the driver and does not result in a
359 * negative return value.
360 *
361 * Context: might sleep
362 *
363 * Return: 0 on success or a negative error code on error
364 */
366 {
382 }
384 /**
385 * uvio_lock_secrets() - Perform a Lock Secret Store UVC
386 *
387 * @ioctl: ioctl control block
388 *
389 * uvio_lock_secrets() performs the Lock Secret Store Ultravisor Call. It
390 * performs the UV-call and copies the return codes to the ioctl control block.
391 * After this call was dispatched successfully every following Add Secret UVC
392 * and Lock Secrets UVC will fail with return code 0x102.
393 *
394 * The argument address and size must be 0.
395 *
396 * If the Lock Secrets UV facility is not present, UV will return invalid
397 * command rc. This won't be fenced in the driver and does not result in a
398 * negative return value.
399 *
400 * Context: might sleep
401 *
402 * Return: 0 on success or a negative error code on error
403 */
405 {
409 };
419 }
421 /**
422 * uvio_retr_secret() - Perform a retrieve secret UVC
423 *
424 * @uv_ioctl: ioctl control block.
425 *
426 * uvio_retr_secret() performs the Retrieve Secret Ultravisor Call.
427 * The first two bytes of the argument specify the index of the secret to be
428 * retrieved. The retrieved secret is copied into the argument buffer if there
429 * is enough space.
430 * The argument length must be at least two bytes and at max 8192 bytes.
431 *
432 * Context: might sleep
433 *
434 * Return: 0 on success or a negative error code on error
435 */
437 {
442 };
469 err:
472 }
476 {
495 }
497 /*
498 * IOCTL entry point for the Ultravisor device.
499 */
501 {
533 }
541 }
546 };
552 };
555 {
557 }
560 {
563 }