From 4ef2ee71431252a94862861493510db9e1a24f8a Mon Sep 17 00:00:00 2001 From: zhiminghufighting Date: Mon, 22 Aug 2022 18:15:13 -0400 Subject: [PATCH 1/3] tdx: fix hang issue caused by kernel rebased to 5.19 ANBZ: #523 This change fix tdx guest kernel hang at boot phsase after kernel version rebased to 5.19. Intel-SIG: Skip some tdx fuzz code in handle_io input parameter. Signed-off-by: zhiminghufighting Reviewed-by: Artie Ding --- arch/x86/coco/tdx/tdx.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 071d6939d04b..18473bc7d4dd 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -869,10 +869,6 @@ static int handle_io(struct pt_regs *regs, struct ve_info *ve) if (!ret) return -EIO; - regs->ax &= ~mask; - regs->ax |= tdx_fuzz(ret || tdx_fuzz_err(TDX_FUZZ_PORT_IN_ERR) ? - UINT_MAX : regs->r11, TDX_FUZZ_PORT_IN) & mask; - return ve_instr_len(ve); } -- Gitee From de3033790cd868f31738e0f573e2669adee72cd6 Mon Sep 17 00:00:00 2001 From: zhiminghufighting Date: Mon, 22 Aug 2022 21:30:08 -0400 Subject: [PATCH 2/3] platform/x86: intel_tdx_attest: adjust tdx get quote structure ANBZ: #523 commit a2f44be026eac302481544bf2ab65c76adcf208f intel-github. The input parameter of TDX_CMD_GEN_QUOTE ioctl is changed to the struct tdx_gen_quote, which contains the user pointer of a message buffer and its buffer size. Copy the message buffer as the parameter of tdvmcall[GetQuote] to host VMM. Upon receiving the notify event, the overridden data is already saved in shared message buffer. Copy it back to userspace. Intel-SIG: commit a2f44be026ea platform/x86: Changed the structure of input parameter of TDX_CMD_GEN_QUOTE, align the data structure with Intel DCAP Quote generation sample code. Signed-off-by: Chenyi Qiang Signed-off-by: zhiminghufighting Reviewed-by: Artie Ding --- .../platform/x86/intel/tdx/intel_tdx_attest.c | 31 ++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/drivers/platform/x86/intel/tdx/intel_tdx_attest.c b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c index 7e4d2661247b..4bfafbd7f277 100644 --- a/drivers/platform/x86/intel/tdx/intel_tdx_attest.c +++ b/drivers/platform/x86/intel/tdx/intel_tdx_attest.c @@ -30,6 +30,8 @@ /* Used in Quote memory allocation */ #define QUOTE_SIZE (2 * PAGE_SIZE) +/* Used in Get Quote request memory allocation */ +#define GET_QUOTE_MAX_SIZE (4 * PAGE_SIZE) /* Get Quote timeout in msec */ #define GET_QUOTE_TIMEOUT (5000) @@ -46,6 +48,11 @@ static void *tdreport_data; /* DMA handle used to allocate and free tdquote DMA buffer */ dma_addr_t tdquote_dma_handle; +struct tdx_gen_quote { + void *buf __user; + size_t len; +}; + static void attestation_callback_handler(void) { complete(&attestation_done); @@ -57,6 +64,7 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, void __user *argp = (void __user *)arg; long ret = 0; u64 rtmr; + struct tdx_gen_quote tdquote_req; mutex_lock(&attestation_lock); @@ -78,8 +86,20 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, ret = -EFAULT; break; case TDX_CMD_GEN_QUOTE: + reinit_completion(&attestation_done); + /* Copy TDREPORT data from user buffer */ - if (copy_from_user(tdquote_data, argp, TDX_TDREPORT_LEN)) { + if (copy_from_user(&tdquote_req, argp, sizeof(struct tdx_gen_quote))) { + ret = -EFAULT; + break; + } + + if (tdquote_req.len <= 0 || tdquote_req.len > GET_QUOTE_MAX_SIZE) { + ret = -EINVAL; + break; + } + + if (copy_from_user(tdquote_data, tdquote_req.buf, tdquote_req.len)) { ret = -EFAULT; break; } @@ -99,7 +119,10 @@ static long tdx_attest_ioctl(struct file *file, unsigned int cmd, break; } - if (copy_to_user(argp, tdquote_data, QUOTE_SIZE)) + /* ret will be positive if completed. */ + ret = 0; + + if (copy_to_user(tdquote_req.buf, tdquote_data, tdquote_req.len)) ret = -EFAULT; break; @@ -182,7 +205,7 @@ static int __init tdx_attest_init(void) /* Allocate DMA buffer to get TDQUOTE data from the VMM */ tdquote_data = dma_alloc_coherent(tdx_attest_device.this_device, - QUOTE_SIZE, &handle, + GET_QUOTE_MAX_SIZE, &handle, GFP_KERNEL | __GFP_ZERO); if (!tdquote_data) { ret = -ENOMEM; @@ -216,7 +239,7 @@ static void __exit tdx_attest_exit(void) { mutex_lock(&attestation_lock); - dma_free_coherent(tdx_attest_device.this_device, QUOTE_SIZE, + dma_free_coherent(tdx_attest_device.this_device, GET_QUOTE_MAX_SIZE, tdquote_data, tdquote_dma_handle); free_pages((unsigned long)tdreport_data, 0); misc_deregister(&tdx_attest_device); -- Gitee From 8b6429cf22ede62b1b27e79fc933d57fcb330d50 Mon Sep 17 00:00:00 2001 From: zhiminghufighting Date: Mon, 22 Aug 2022 21:37:57 -0400 Subject: [PATCH 3/3] tools/tdx: Adjust ioctl data structure for sample attestation user app ANBZ: #523 TDX guest attest driver change the ioctl input data structure and the sample code as a user space app also needs to adjust the input data structure to tdx ioctl. Signed-off-by: zhiminghufighting Reviewed-by: Artie Ding --- tools/tdx/attest/tdx-attest-test.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tools/tdx/attest/tdx-attest-test.c b/tools/tdx/attest/tdx-attest-test.c index bde20722b261..136caf1479fd 100644 --- a/tools/tdx/attest/tdx-attest-test.c +++ b/tools/tdx/attest/tdx-attest-test.c @@ -58,6 +58,11 @@ struct get_quote_blob_t { uint8_t trans_len[4]; uint8_t p_buf[4 * 4 * 1024 - 28]; }; + +struct get_quote_ioctl_arg_t { + void *p_blob; + size_t len; +}; #pragma pack(pop) struct tdx_report_t { @@ -192,7 +197,11 @@ static int gen_quote(int devfd, bool dump_data) /* Serialization to match qgs protobuf format */ qgs__message__request__pack(&request, p_get_quote_blob->p_buf); - ret = ioctl(devfd, TDX_CMD_GEN_QUOTE, p_get_quote_blob); + struct get_quote_ioctl_arg_t arg; + arg.p_blob = p_get_quote_blob; + arg.len = sizeof(*p_get_quote_blob); + + ret = ioctl(devfd, TDX_CMD_GEN_QUOTE, &arg); if (ret < 0) { printf("TDX_CMD_GEN_QUOTE ioctl() %d failed.\n", ret); goto done; -- Gitee