diff options
Diffstat (limited to 'drivers/virt')
| -rw-r--r-- | drivers/virt/Kconfig | 1 | ||||
| -rw-r--r-- | drivers/virt/acrn/ioreq.c | 2 | ||||
| -rw-r--r-- | drivers/virt/acrn/mm.c | 61 | ||||
| -rw-r--r-- | drivers/virt/coco/sev-guest/sev-guest.c | 28 | ||||
| -rw-r--r-- | drivers/virt/vmgenid.c | 152 |
5 files changed, 179 insertions, 65 deletions
diff --git a/drivers/virt/Kconfig b/drivers/virt/Kconfig index 40129b6f0eca..d8c848cf09a6 100644 --- a/drivers/virt/Kconfig +++ b/drivers/virt/Kconfig @@ -16,7 +16,6 @@ if VIRT_DRIVERS config VMGENID tristate "Virtual Machine Generation ID driver" default y - depends on ACPI help Say Y here to use the hypervisor-provided Virtual Machine Generation ID to reseed the RNG when the VM is cloned. This is highly recommended if diff --git a/drivers/virt/acrn/ioreq.c b/drivers/virt/acrn/ioreq.c index 29e1ef1915fd..e94358239a4b 100644 --- a/drivers/virt/acrn/ioreq.c +++ b/drivers/virt/acrn/ioreq.c @@ -433,7 +433,7 @@ struct acrn_ioreq_client *acrn_ioreq_client_create(struct acrn_vm *vm, client->priv = priv; client->is_default = is_default; if (name) - strncpy(client->name, name, sizeof(client->name) - 1); + strscpy(client->name, name); rwlock_init(&client->range_lock); INIT_LIST_HEAD(&client->range_list); init_waitqueue_head(&client->wq); diff --git a/drivers/virt/acrn/mm.c b/drivers/virt/acrn/mm.c index fa5d9ca6be57..db8ff1d0ac23 100644 --- a/drivers/virt/acrn/mm.c +++ b/drivers/virt/acrn/mm.c @@ -12,6 +12,7 @@ #include <linux/io.h> #include <linux/mm.h> #include <linux/slab.h> +#include <linux/vmalloc.h> #include "acrn_drv.h" @@ -155,43 +156,82 @@ int acrn_vm_memseg_unmap(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) { struct vm_memory_region_batch *regions_info; - int nr_pages, i = 0, order, nr_regions = 0; + int nr_pages, i, order, nr_regions = 0; struct vm_memory_mapping *region_mapping; struct vm_memory_region_op *vm_region; struct page **pages = NULL, *page; void *remap_vaddr; int ret, pinned; u64 user_vm_pa; - unsigned long pfn; struct vm_area_struct *vma; if (!vm || !memmap) return -EINVAL; + /* Get the page number of the map region */ + nr_pages = memmap->len >> PAGE_SHIFT; + if (!nr_pages) + return -EINVAL; + mmap_read_lock(current->mm); vma = vma_lookup(current->mm, memmap->vma_base); if (vma && ((vma->vm_flags & VM_PFNMAP) != 0)) { + unsigned long start_pfn, cur_pfn; + spinlock_t *ptl; + bool writable; + pte_t *ptep; + if ((memmap->vma_base + memmap->len) > vma->vm_end) { mmap_read_unlock(current->mm); return -EINVAL; } - ret = follow_pfn(vma, memmap->vma_base, &pfn); + for (i = 0; i < nr_pages; i++) { + ret = follow_pte(vma, memmap->vma_base + i * PAGE_SIZE, + &ptep, &ptl); + if (ret) + break; + + cur_pfn = pte_pfn(ptep_get(ptep)); + if (i == 0) + start_pfn = cur_pfn; + writable = !!pte_write(ptep_get(ptep)); + pte_unmap_unlock(ptep, ptl); + + /* Disallow write access if the PTE is not writable. */ + if (!writable && + (memmap->attr & ACRN_MEM_ACCESS_WRITE)) { + ret = -EFAULT; + break; + } + + /* Disallow refcounted pages. */ + if (pfn_valid(cur_pfn) && + !PageReserved(pfn_to_page(cur_pfn))) { + ret = -EFAULT; + break; + } + + /* Disallow non-contiguous ranges. */ + if (cur_pfn != start_pfn + i) { + ret = -EINVAL; + break; + } + } mmap_read_unlock(current->mm); - if (ret < 0) { + + if (ret) { dev_dbg(acrn_dev.this_device, "Failed to lookup PFN at VMA:%pK.\n", (void *)memmap->vma_base); return ret; } return acrn_mm_region_add(vm, memmap->user_vm_pa, - PFN_PHYS(pfn), memmap->len, + PFN_PHYS(start_pfn), memmap->len, ACRN_MEM_TYPE_WB, memmap->attr); } mmap_read_unlock(current->mm); - /* Get the page number of the map region */ - nr_pages = memmap->len >> PAGE_SHIFT; pages = vzalloc(array_size(nr_pages, sizeof(*pages))); if (!pages) return -ENOMEM; @@ -235,12 +275,11 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) mutex_unlock(&vm->regions_mapping_lock); /* Calculate count of vm_memory_region_op */ - while (i < nr_pages) { + for (i = 0; i < nr_pages; i += 1 << order) { page = pages[i]; VM_BUG_ON_PAGE(PageTail(page), page); order = compound_order(page); nr_regions++; - i += 1 << order; } /* Prepare the vm_memory_region_batch */ @@ -257,8 +296,7 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) regions_info->vmid = vm->vmid; regions_info->regions_gpa = virt_to_phys(vm_region); user_vm_pa = memmap->user_vm_pa; - i = 0; - while (i < nr_pages) { + for (i = 0; i < nr_pages; i += 1 << order) { u32 region_size; page = pages[i]; @@ -274,7 +312,6 @@ int acrn_vm_ram_map(struct acrn_vm *vm, struct acrn_vm_memmap *memmap) vm_region++; user_vm_pa += region_size; - i += 1 << order; } /* Inform the ACRN Hypervisor to set up EPT mappings */ diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c index 87f241825bc3..654290a8e1ba 100644 --- a/drivers/virt/coco/sev-guest/sev-guest.c +++ b/drivers/virt/coco/sev-guest/sev-guest.c @@ -59,7 +59,7 @@ struct snp_guest_dev { */ struct snp_guest_msg secret_request, secret_response; - struct snp_secrets_page_layout *layout; + struct snp_secrets_page *secrets; struct snp_req_data input; union { struct snp_report_req report; @@ -743,26 +743,26 @@ static const struct file_operations snp_guest_fops = { .unlocked_ioctl = snp_guest_ioctl, }; -static u8 *get_vmpck(int id, struct snp_secrets_page_layout *layout, u32 **seqno) +static u8 *get_vmpck(int id, struct snp_secrets_page *secrets, u32 **seqno) { u8 *key = NULL; switch (id) { case 0: - *seqno = &layout->os_area.msg_seqno_0; - key = layout->vmpck0; + *seqno = &secrets->os_area.msg_seqno_0; + key = secrets->vmpck0; break; case 1: - *seqno = &layout->os_area.msg_seqno_1; - key = layout->vmpck1; + *seqno = &secrets->os_area.msg_seqno_1; + key = secrets->vmpck1; break; case 2: - *seqno = &layout->os_area.msg_seqno_2; - key = layout->vmpck2; + *seqno = &secrets->os_area.msg_seqno_2; + key = secrets->vmpck2; break; case 3: - *seqno = &layout->os_area.msg_seqno_3; - key = layout->vmpck3; + *seqno = &secrets->os_area.msg_seqno_3; + key = secrets->vmpck3; break; default: break; @@ -897,8 +897,8 @@ static void unregister_sev_tsm(void *data) static int __init sev_guest_probe(struct platform_device *pdev) { - struct snp_secrets_page_layout *layout; struct sev_guest_platform_data *data; + struct snp_secrets_page *secrets; struct device *dev = &pdev->dev; struct snp_guest_dev *snp_dev; struct miscdevice *misc; @@ -916,7 +916,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) if (!mapping) return -ENODEV; - layout = (__force void *)mapping; + secrets = (__force void *)mapping; ret = -ENOMEM; snp_dev = devm_kzalloc(&pdev->dev, sizeof(struct snp_guest_dev), GFP_KERNEL); @@ -924,7 +924,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) goto e_unmap; ret = -EINVAL; - snp_dev->vmpck = get_vmpck(vmpck_id, layout, &snp_dev->os_area_msg_seqno); + snp_dev->vmpck = get_vmpck(vmpck_id, secrets, &snp_dev->os_area_msg_seqno); if (!snp_dev->vmpck) { dev_err(dev, "invalid vmpck id %d\n", vmpck_id); goto e_unmap; @@ -938,7 +938,7 @@ static int __init sev_guest_probe(struct platform_device *pdev) platform_set_drvdata(pdev, snp_dev); snp_dev->dev = dev; - snp_dev->layout = layout; + snp_dev->secrets = secrets; /* Allocate the shared page used for the request and response message. */ snp_dev->request = alloc_shared_pages(dev, sizeof(struct snp_guest_msg)); diff --git a/drivers/virt/vmgenid.c b/drivers/virt/vmgenid.c index b67a28da4702..66135eac3abf 100644 --- a/drivers/virt/vmgenid.c +++ b/drivers/virt/vmgenid.c @@ -2,14 +2,16 @@ /* * Copyright (C) 2022 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved. * - * The "Virtual Machine Generation ID" is exposed via ACPI and changes when a + * The "Virtual Machine Generation ID" is exposed via ACPI or DT and changes when a * virtual machine forks or is cloned. This driver exists for shepherding that * information to random.c. */ +#include <linux/acpi.h> +#include <linux/interrupt.h> #include <linux/kernel.h> #include <linux/module.h> -#include <linux/acpi.h> +#include <linux/platform_device.h> #include <linux/random.h> ACPI_MODULE_NAME("vmgenid"); @@ -21,19 +23,42 @@ struct vmgenid_state { u8 this_id[VMGENID_SIZE]; }; -static int vmgenid_add(struct acpi_device *device) +static void vmgenid_notify(struct device *device) +{ + struct vmgenid_state *state = device->driver_data; + u8 old_id[VMGENID_SIZE]; + + memcpy(old_id, state->this_id, sizeof(old_id)); + memcpy(state->this_id, state->next_id, sizeof(state->this_id)); + if (!memcmp(old_id, state->this_id, sizeof(old_id))) + return; + add_vmfork_randomness(state->this_id, sizeof(state->this_id)); +} + +static void setup_vmgenid_state(struct vmgenid_state *state, void *virt_addr) +{ + state->next_id = virt_addr; + memcpy(state->this_id, state->next_id, sizeof(state->this_id)); + add_device_randomness(state->this_id, sizeof(state->this_id)); +} + +#ifdef CONFIG_ACPI +static void vmgenid_acpi_handler(acpi_handle __always_unused handle, + u32 __always_unused event, void *dev) +{ + vmgenid_notify(dev); +} + +static int vmgenid_add_acpi(struct device *dev, struct vmgenid_state *state) { + struct acpi_device *device = ACPI_COMPANION(dev); struct acpi_buffer parsed = { ACPI_ALLOCATE_BUFFER }; - struct vmgenid_state *state; union acpi_object *obj; phys_addr_t phys_addr; acpi_status status; + void *virt_addr; int ret = 0; - state = devm_kmalloc(&device->dev, sizeof(*state), GFP_KERNEL); - if (!state) - return -ENOMEM; - status = acpi_evaluate_object(device->handle, "ADDR", NULL, &parsed); if (ACPI_FAILURE(status)) { ACPI_EXCEPTION((AE_INFO, status, "Evaluating ADDR")); @@ -49,55 +74,108 @@ static int vmgenid_add(struct acpi_device *device) phys_addr = (obj->package.elements[0].integer.value << 0) | (obj->package.elements[1].integer.value << 32); - state->next_id = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB); - if (IS_ERR(state->next_id)) { - ret = PTR_ERR(state->next_id); + + virt_addr = devm_memremap(&device->dev, phys_addr, VMGENID_SIZE, MEMREMAP_WB); + if (IS_ERR(virt_addr)) { + ret = PTR_ERR(virt_addr); goto out; } + setup_vmgenid_state(state, virt_addr); - memcpy(state->this_id, state->next_id, sizeof(state->this_id)); - add_device_randomness(state->this_id, sizeof(state->this_id)); - - device->driver_data = state; + status = acpi_install_notify_handler(device->handle, ACPI_DEVICE_NOTIFY, + vmgenid_acpi_handler, dev); + if (ACPI_FAILURE(status)) { + ret = -ENODEV; + goto out; + } + dev->driver_data = state; out: ACPI_FREE(parsed.pointer); return ret; } +#else +static int vmgenid_add_acpi(struct device *dev, struct vmgenid_state *state) +{ + return -EINVAL; +} +#endif -static void vmgenid_notify(struct acpi_device *device, u32 event) +static irqreturn_t vmgenid_of_irq_handler(int __always_unused irq, void *dev) { - struct vmgenid_state *state = acpi_driver_data(device); - char *envp[] = { "NEW_VMGENID=1", NULL }; - u8 old_id[VMGENID_SIZE]; + vmgenid_notify(dev); + return IRQ_HANDLED; +} - memcpy(old_id, state->this_id, sizeof(old_id)); - memcpy(state->this_id, state->next_id, sizeof(state->this_id)); - if (!memcmp(old_id, state->this_id, sizeof(old_id))) - return; - add_vmfork_randomness(state->this_id, sizeof(state->this_id)); - kobject_uevent_env(&device->dev.kobj, KOBJ_CHANGE, envp); +static int vmgenid_add_of(struct platform_device *pdev, + struct vmgenid_state *state) +{ + void *virt_addr; + int ret; + + virt_addr = devm_platform_get_and_ioremap_resource(pdev, 0, NULL); + if (IS_ERR(virt_addr)) + return PTR_ERR(virt_addr); + + setup_vmgenid_state(state, virt_addr); + + ret = platform_get_irq(pdev, 0); + if (ret < 0) + return ret; + + ret = devm_request_irq(&pdev->dev, ret, vmgenid_of_irq_handler, + IRQF_SHARED, "vmgenid", &pdev->dev); + if (ret < 0) + return ret; + + pdev->dev.driver_data = state; + return 0; } -static const struct acpi_device_id vmgenid_ids[] = { +static int vmgenid_add(struct platform_device *pdev) +{ + struct device *dev = &pdev->dev; + struct vmgenid_state *state; + int ret; + + state = devm_kmalloc(dev, sizeof(*state), GFP_KERNEL); + if (!state) + return -ENOMEM; + + if (dev->of_node) + ret = vmgenid_add_of(pdev, state); + else + ret = vmgenid_add_acpi(dev, state); + + if (ret < 0) + devm_kfree(dev, state); + return ret; +} + +static const struct of_device_id vmgenid_of_ids[] = { + { .compatible = "microsoft,vmgenid", }, + { }, +}; +MODULE_DEVICE_TABLE(of, vmgenid_of_ids); + +static const struct acpi_device_id vmgenid_acpi_ids[] = { { "VMGENCTR", 0 }, { "VM_GEN_COUNTER", 0 }, { } }; - -static struct acpi_driver vmgenid_driver = { - .name = "vmgenid", - .ids = vmgenid_ids, - .owner = THIS_MODULE, - .ops = { - .add = vmgenid_add, - .notify = vmgenid_notify - } +MODULE_DEVICE_TABLE(acpi, vmgenid_acpi_ids); + +static struct platform_driver vmgenid_plaform_driver = { + .probe = vmgenid_add, + .driver = { + .name = "vmgenid", + .acpi_match_table = vmgenid_acpi_ids, + .of_match_table = vmgenid_of_ids, + }, }; -module_acpi_driver(vmgenid_driver); +module_platform_driver(vmgenid_plaform_driver) -MODULE_DEVICE_TABLE(acpi, vmgenid_ids); MODULE_DESCRIPTION("Virtual Machine Generation ID"); MODULE_LICENSE("GPL v2"); MODULE_AUTHOR("Jason A. Donenfeld <Jason@zx2c4.com>"); |