diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 071d6939d04bb2276493459ed1f74bdf6a3d613c..18473bc7d4ddac89c178ec1e8da555825265b72e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -869,10 +869,6 @@ static int handle_io(struct pt_regs *regs, struct ve_info *ve) if (!ret) return -EIO; - regs->ax &= ~mask; - regs->ax |= tdx_fuzz(ret || tdx_fuzz_err(TDX_FUZZ_PORT_IN_ERR) ? - UINT_MAX : regs->r11, TDX_FUZZ_PORT_IN) & mask; - return ve_instr_len(ve); } diff --git a/drivers/platform/x86/intel/tdx/intel_tdx_attest.c b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c index 7e4d2661247b0d3b02a619a3b1f5417bc5270a67..4bfafbd7f277ac2a944d28fbe58d0cffd43c5693 100644 --- a/drivers/platform/x86/intel/tdx/intel_tdx_attest.c +++ b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c @@ -30,6 +30,8 @@ /* Used in Quote memory allocation */ #define QUOTE_SIZE (2 * PAGE_SIZE) +/* Used in Get Quote request memory allocation */ +#define GET_QUOTE_MAX_SIZE (4 * PAGE_SIZE) /* Get Quote timeout in msec */ #define GET_QUOTE_TIMEOUT (5000) @@ -46,6 +48,11 @@ static void *tdreport_data; /* DMA handle used to allocate and free tdquote DMA buffer */ dma_addr_t tdquote_dma_handle; +struct tdx_gen_quote { + void *buf __user; + size_t len; +}; + static void attestation_callback_handler(void) { complete(&attestation_done); @@ -57,6 +64,7 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, void __user *argp = (void __user *)arg; long ret = 0; u64 rtmr; + struct tdx_gen_quote tdquote_req; mutex_lock(&attestation_lock); @@ -78,8 +86,20 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, ret = -EFAULT; break; case TDX_CMD_GEN_QUOTE: + reinit_completion(&attestation_done); + /* Copy TDREPORT data from user buffer */ - if (copy_from_user(tdquote_data, argp, TDX_TDREPORT_LEN)) { + if (copy_from_user(&tdquote_req, argp, sizeof(struct tdx_gen_quote))) { + ret = -EFAULT; + break; + } + + if (tdquote_req.len <= 0 || tdquote_req.len > GET_QUOTE_MAX_SIZE) { + ret = -EINVAL; + break; + } + + if (copy_from_user(tdquote_data, tdquote_req.buf, tdquote_req.len)) { ret = -EFAULT; break; } @@ -99,7 +119,10 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, break; } - if (copy_to_user(argp, tdquote_data, QUOTE_SIZE)) + /* ret will be positive if completed. */ + ret = 0; + + if (copy_to_user(tdquote_req.buf, tdquote_data, tdquote_req.len)) ret = -EFAULT; break; @@ -182,7 +205,7 @@ static int __init tdx_attest_init(void) /* Allocate DMA buffer to get TDQUOTE data from the VMM */ tdquote_data = dma_alloc_coherent(tdx_attest_device.this_device, - QUOTE_SIZE, &handle, + GET_QUOTE_MAX_SIZE, &handle, GFP_KERNEL | __GFP_ZERO); if (!tdquote_data) { ret = -ENOMEM; @@ -216,7 +239,7 @@ static void __exit tdx_attest_exit(void) { mutex_lock(&attestation_lock); - dma_free_coherent(tdx_attest_device.this_device, QUOTE_SIZE, + dma_free_coherent(tdx_attest_device.this_device, GET_QUOTE_MAX_SIZE, tdquote_data, tdquote_dma_handle); free_pages((unsigned long)tdreport_data, 0); misc_deregister(&tdx_attest_device); diff --git a/tools/tdx/attest/tdx-attest-test.c b/tools/tdx/attest/tdx-attest-test.c index bde20722b26191a72459abe909c242d048b5924b..136caf1479fd4328062640e00f609cf6ab07b46d 100644 --- a/tools/tdx/attest/tdx-attest-test.c +++ b/tools/tdx/attest/tdx-attest-test.c @@ -58,6 +58,11 @@ struct get_quote_blob_t { uint8_t trans_len[4]; uint8_t p_buf[4 * 4 * 1024 - 28]; }; + +struct get_quote_ioctl_arg_t { + void *p_blob; + size_t len; +}; #pragma pack(pop) struct tdx_report_t { @@ -192,7 +197,11 @@ static int gen_quote(int devfd, bool dump_data) /* Serialization to match qgs protobuf format */ qgs__message__request__pack(&request, p_get_quote_blob->p_buf); - ret = ioctl(devfd, TDX_CMD_GEN_QUOTE, p_get_quote_blob); + struct get_quote_ioctl_arg_t arg; + arg.p_blob = p_get_quote_blob; + arg.len = sizeof(*p_get_quote_blob); + + ret = ioctl(devfd, TDX_CMD_GEN_QUOTE, &arg); if (ret < 0) { printf("TDX_CMD_GEN_QUOTE ioctl() %d failed.\n", ret); goto done;