Google Git
Sign in
linux / linux / kernel / git / gregkh / tty / 19dba097071ec4fd6486b9f0d52d12a3c5743d44 / . / drivers / misc / nsm.c
blob: 0eaa3b4484bda7e72f0a2be9435becb7fbb0c88f [file] [log] [blame]
// SPDX-License-Identifier: GPL-2.0
/*
* Amazon Nitro Secure Module driver.
*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* The Nitro Secure Module implements commands via CBOR over virtio.
* This driver exposes a raw message ioctls on /dev/nsm that user
* space can use to issue these commands.
*/
#include <linux/file.h>
#include <linux/fs.h>
#include <linux/interrupt.h>
#include <linux/hw_random.h>
#include <linux/miscdevice.h>
#include <linux/module.h>
#include <linux/mutex.h>
#include <linux/slab.h>
#include <linux/string.h>
#include <linux/uaccess.h>
#include <linux/uio.h>
#include <linux/virtio_config.h>
#include <linux/virtio_ids.h>
#include <linux/virtio.h>
#include <linux/wait.h>
#include <uapi/linux/nsm.h>
/* Timeout for NSM virtqueue respose in milliseconds. */
#define NSM_DEFAULT_TIMEOUT_MSECS (120000) /* 2 minutes */
/* Maximum length input data */
struct nsm_data_req {
u32 len;
u8 data[NSM_REQUEST_MAX_SIZE];
};
/* Maximum length output data */
struct nsm_data_resp {
u32 len;
u8 data[NSM_RESPONSE_MAX_SIZE];
};
/* Full NSM request/response message */
struct nsm_msg {
struct nsm_data_req req;
struct nsm_data_resp resp;
};
struct nsm {
struct virtio_device *vdev;
struct virtqueue *vq;
struct mutex lock;
struct completion cmd_done;
struct miscdevice misc;
struct hwrng hwrng;
struct work_struct misc_init;
struct nsm_msg msg;
};
/* NSM device ID */
static const struct virtio_device_id id_table[] = {
{ VIRTIO_ID_NITRO_SEC_MOD, VIRTIO_DEV_ANY_ID },
{ 0 },
};
static struct nsm *file_to_nsm(struct file *file)
{
return container_of(file->private_data, struct nsm, misc);
}
static struct nsm *hwrng_to_nsm(struct hwrng *rng)
{
return container_of(rng, struct nsm, hwrng);
}
#define CBOR_TYPE_MASK 0xE0
#define CBOR_TYPE_MAP 0xA0
#define CBOR_TYPE_TEXT 0x60
#define CBOR_TYPE_ARRAY 0x40
#define CBOR_HEADER_SIZE_SHORT 1
#define CBOR_SHORT_SIZE_MAX_VALUE 23
#define CBOR_LONG_SIZE_U8 24
#define CBOR_LONG_SIZE_U16 25
#define CBOR_LONG_SIZE_U32 26
#define CBOR_LONG_SIZE_U64 27
static bool cbor_object_is_array(const u8 *cbor_object, size_t cbor_object_size)
{
if (cbor_object_size == 0 || cbor_object == NULL)
return false;
return (cbor_object[0] & CBOR_TYPE_MASK) == CBOR_TYPE_ARRAY;
}
static int cbor_object_get_array(u8 *cbor_object, size_t cbor_object_size, u8 **cbor_array)
{
u8 cbor_short_size;
void *array_len_p;
u64 array_len;
u64 array_offset;
if (!cbor_object_is_array(cbor_object, cbor_object_size))
return -EFAULT;
cbor_short_size = (cbor_object[0] & 0x1F);
/* Decoding byte array length */
array_offset = CBOR_HEADER_SIZE_SHORT;
if (cbor_short_size >= CBOR_LONG_SIZE_U8)
array_offset += BIT(cbor_short_size - CBOR_LONG_SIZE_U8);
if (cbor_object_size < array_offset)
return -EFAULT;
array_len_p = &cbor_object[1];
switch (cbor_short_size) {
case CBOR_SHORT_SIZE_MAX_VALUE: /* short encoding */
array_len = cbor_short_size;
break;
case CBOR_LONG_SIZE_U8:
array_len = *(u8 *)array_len_p;
break;
case CBOR_LONG_SIZE_U16:
array_len = be16_to_cpup((__be16 *)array_len_p);
break;
case CBOR_LONG_SIZE_U32:
array_len = be32_to_cpup((__be32 *)array_len_p);
break;
case CBOR_LONG_SIZE_U64:
array_len = be64_to_cpup((__be64 *)array_len_p);
break;
}
if (cbor_object_size < array_offset)
return -EFAULT;
if (cbor_object_size - array_offset < array_len)
return -EFAULT;
if (array_len > INT_MAX)
return -EFAULT;
*cbor_array = cbor_object + array_offset;
return array_len;
}
/* Copy the request of a raw message to kernel space */
static int fill_req_raw(struct nsm *nsm, struct nsm_data_req *req,
struct nsm_raw *raw)
{
/* Verify the user input size. */
if (raw->request.len > sizeof(req->data))
return -EMSGSIZE;
/* Copy the request payload */
if (copy_from_user(req->data, u64_to_user_ptr(raw->request.addr),
raw->request.len))
return -EFAULT;
req->len = raw->request.len;
return 0;
}
/* Copy the response of a raw message back to user-space */
static int parse_resp_raw(struct nsm *nsm, struct nsm_data_resp *resp,
struct nsm_raw *raw)
{
/* Truncate any message that does not fit. */
raw->response.len = min_t(u64, raw->response.len, resp->len);
/* Copy the response content to user space */
if (copy_to_user(u64_to_user_ptr(raw->response.addr),
resp->data, raw->response.len))
return -EFAULT;
return 0;
}
/* Virtqueue interrupt handler */
static void nsm_vq_callback(struct virtqueue *vq)
{
struct nsm *nsm = vq->vdev->priv;
complete(&nsm->cmd_done);
}
/* Forward a message to the NSM device and wait for the response from it */
static int nsm_sendrecv_msg_locked(struct nsm *nsm)
{
struct device *dev = &nsm->vdev->dev;
struct scatterlist sg_in, sg_out;
struct nsm_msg *msg = &nsm->msg;
struct virtqueue *vq = nsm->vq;
unsigned int len;
void *queue_buf;
bool kicked;
int rc;
/* Initialize scatter-gather lists with request and response buffers. */
sg_init_one(&sg_out, msg->req.data, msg->req.len);
sg_init_one(&sg_in, msg->resp.data, sizeof(msg->resp.data));
init_completion(&nsm->cmd_done);
/* Add the request buffer (read by the device). */
rc = virtqueue_add_outbuf(vq, &sg_out, 1, msg->req.data, GFP_KERNEL);
if (rc)
return rc;
/* Add the response buffer (written by the device). */
rc = virtqueue_add_inbuf(vq, &sg_in, 1, msg->resp.data, GFP_KERNEL);
if (rc)
goto cleanup;
kicked = virtqueue_kick(vq);
if (!kicked) {
/* Cannot kick the virtqueue. */
rc = -EIO;
goto cleanup;
}
/* If the kick succeeded, wait for the device's response. */
if (!wait_for_completion_io_timeout(&nsm->cmd_done,
msecs_to_jiffies(NSM_DEFAULT_TIMEOUT_MSECS))) {
rc = -ETIMEDOUT;
goto cleanup;
}
queue_buf = virtqueue_get_buf(vq, &len);
if (!queue_buf || (queue_buf != msg->req.data)) {
dev_err(dev, "wrong request buffer.");
rc = -ENODATA;
goto cleanup;
}
queue_buf = virtqueue_get_buf(vq, &len);
if (!queue_buf || (queue_buf != msg->resp.data)) {
dev_err(dev, "wrong response buffer.");
rc = -ENODATA;
goto cleanup;
}
msg->resp.len = len;
rc = 0;
cleanup:
if (rc) {
/* Clean the virtqueue. */
while (virtqueue_get_buf(vq, &len) != NULL)
;
}
return rc;
}
static int fill_req_get_random(struct nsm *nsm, struct nsm_data_req *req)
{
/*
* 69 # text(9)
* 47657452616E646F6D # "GetRandom"
*/
const u8 request[] = { CBOR_TYPE_TEXT + strlen("GetRandom"),
'G', 'e', 't', 'R', 'a', 'n', 'd', 'o', 'm' };
memcpy(req->data, request, sizeof(request));
req->len = sizeof(request);
return 0;
}
static int parse_resp_get_random(struct nsm *nsm, struct nsm_data_resp *resp,
void *out, size_t max)
{
/*
* A1 # map(1)
* 69 # text(9) - Name of field
* 47657452616E646F6D # "GetRandom"
* A1 # map(1) - The field itself
* 66 # text(6)
* 72616E646F6D # "random"
* # The rest of the response is random data
*/
const u8 response[] = { CBOR_TYPE_MAP + 1,
CBOR_TYPE_TEXT + strlen("GetRandom"),
'G', 'e', 't', 'R', 'a', 'n', 'd', 'o', 'm',
CBOR_TYPE_MAP + 1,
CBOR_TYPE_TEXT + strlen("random"),
'r', 'a', 'n', 'd', 'o', 'm' };
struct device *dev = &nsm->vdev->dev;
u8 *rand_data = NULL;
u8 *resp_ptr = resp->data;
u64 resp_len = resp->len;
int rc;
if ((resp->len < sizeof(response) + 1) ||
(memcmp(resp_ptr, response, sizeof(response)) != 0)) {
dev_err(dev, "Invalid response for GetRandom");
return -EFAULT;
}
resp_ptr += sizeof(response);
resp_len -= sizeof(response);
rc = cbor_object_get_array(resp_ptr, resp_len, &rand_data);
if (rc < 0) {
dev_err(dev, "GetRandom: Invalid CBOR encoding\n");
return rc;
}
rc = min_t(size_t, rc, max);
memcpy(out, rand_data, rc);
return rc;
}
/*
* HwRNG implementation
*/
static int nsm_rng_read(struct hwrng *rng, void *data, size_t max, bool wait)
{
struct nsm *nsm = hwrng_to_nsm(rng);
struct device *dev = &nsm->vdev->dev;
int rc = 0;
/* NSM always needs to wait for a response */
if (!wait)
return 0;
mutex_lock(&nsm->lock);
rc = fill_req_get_random(nsm, &nsm->msg.req);
if (rc != 0)
goto out;
rc = nsm_sendrecv_msg_locked(nsm);
if (rc != 0)
goto out;
rc = parse_resp_get_random(nsm, &nsm->msg.resp, data, max);
if (rc < 0)
goto out;
dev_dbg(dev, "RNG: returning rand bytes = %d", rc);
out:
mutex_unlock(&nsm->lock);
return rc;
}
static long nsm_dev_ioctl(struct file *file, unsigned int cmd,
unsigned long arg)
{
void __user *argp = u64_to_user_ptr((u64)arg);
struct nsm *nsm = file_to_nsm(file);
struct nsm_raw raw;
int r = 0;
if (cmd != NSM_IOCTL_RAW)
return -EINVAL;
if (_IOC_SIZE(cmd) != sizeof(raw))
return -EINVAL;
/* Copy user argument struct to kernel argument struct */
r = -EFAULT;
if (copy_from_user(&raw, argp, _IOC_SIZE(cmd)))
goto out;
mutex_lock(&nsm->lock);
/* Convert kernel argument struct to device request */
r = fill_req_raw(nsm, &nsm->msg.req, &raw);
if (r)
goto out;
/* Send message to NSM and read reply */
r = nsm_sendrecv_msg_locked(nsm);
if (r)
goto out;
/* Parse device response into kernel argument struct */
r = parse_resp_raw(nsm, &nsm->msg.resp, &raw);
if (r)
goto out;
/* Copy kernel argument struct back to user argument struct */
r = -EFAULT;
if (copy_to_user(argp, &raw, sizeof(raw)))
goto out;
r = 0;
out:
mutex_unlock(&nsm->lock);
return r;
}
static int nsm_device_init_vq(struct virtio_device *vdev)
{
struct virtqueue *vq = virtio_find_single_vq(vdev,
nsm_vq_callback, "nsm.vq.0");
struct nsm *nsm = vdev->priv;
if (IS_ERR(vq))
return PTR_ERR(vq);
nsm->vq = vq;
return 0;
}
static const struct file_operations nsm_dev_fops = {
.unlocked_ioctl = nsm_dev_ioctl,
.compat_ioctl = compat_ptr_ioctl,
};
/* Handler for probing the NSM device */
static int nsm_device_probe(struct virtio_device *vdev)
{
struct device *dev = &vdev->dev;
struct nsm *nsm;
int rc;
nsm = devm_kzalloc(&vdev->dev, sizeof(*nsm), GFP_KERNEL);
if (!nsm)
return -ENOMEM;
vdev->priv = nsm;
nsm->vdev = vdev;
rc = nsm_device_init_vq(vdev);
if (rc) {
dev_err(dev, "queue failed to initialize: %d.\n", rc);
goto err_init_vq;
}
mutex_init(&nsm->lock);
/* Register as hwrng provider */
nsm->hwrng = (struct hwrng) {
.read = nsm_rng_read,
.name = "nsm-hwrng",
.quality = 1000,
};
rc = hwrng_register(&nsm->hwrng);
if (rc) {
dev_err(dev, "RNG initialization error: %d.\n", rc);
goto err_hwrng;
}
/* Register /dev/nsm device node */
nsm->misc = (struct miscdevice) {
.minor = MISC_DYNAMIC_MINOR,
.name = "nsm",
.fops = &nsm_dev_fops,
.mode = 0666,
};
rc = misc_register(&nsm->misc);
if (rc) {
dev_err(dev, "misc device registration error: %d.\n", rc);
goto err_misc;
}
return 0;
err_misc:
hwrng_unregister(&nsm->hwrng);
err_hwrng:
vdev->config->del_vqs(vdev);
err_init_vq:
return rc;
}
/* Handler for removing the NSM device */
static void nsm_device_remove(struct virtio_device *vdev)
{
struct nsm *nsm = vdev->priv;
hwrng_unregister(&nsm->hwrng);
vdev->config->del_vqs(vdev);
misc_deregister(&nsm->misc);
}
/* NSM device configuration structure */
static struct virtio_driver virtio_nsm_driver = {
.feature_table = 0,
.feature_table_size = 0,
.feature_table_legacy = 0,
.feature_table_size_legacy = 0,
.driver.name = KBUILD_MODNAME,
.driver.owner = THIS_MODULE,
.id_table = id_table,
.probe = nsm_device_probe,
.remove = nsm_device_remove,
};
module_virtio_driver(virtio_nsm_driver);
MODULE_DEVICE_TABLE(virtio, id_table);
MODULE_DESCRIPTION("Virtio NSM driver");
MODULE_LICENSE("GPL");