From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 69B05C77B7C
	for <linux-mm@archiver.kernel.org>; Wed, 19 Apr 2023 22:18:04 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 43AB8900009; Wed, 19 Apr 2023 18:17:55 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 3C409900003; Wed, 19 Apr 2023 18:17:55 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 216DC900009; Wed, 19 Apr 2023 18:17:55 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 11BCD900003
	for <linux-mm@kvack.org>; Wed, 19 Apr 2023 18:17:55 -0400 (EDT)
Received: from smtpin16.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay01.hostedemail.com (Postfix) with ESMTP id D09C71C66A2
	for <linux-mm@kvack.org>; Wed, 19 Apr 2023 22:17:54 +0000 (UTC)
X-FDA: 80699554068.16.570AFE1
Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180])
	by imf28.hostedemail.com (Postfix) with ESMTP id 011DDC000E
	for <linux-mm@kvack.org>; Wed, 19 Apr 2023 22:17:52 +0000 (UTC)
Authentication-Results: imf28.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b="nK5/1WGS";
	dmarc=none;
	spf=pass (imf28.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=atishp@rivosinc.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1681942673;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=qOzd/WhvlpjJ956p72hZNImrff40bav5pGpgVf1jDCE=;
	b=eZrC2V49f6arVLp2AD/rYKKa/mbmB6jzMhAXMBqC5dJpuNHiZnfQOBDJlp3cKq+7oFU65W
	kcTMDhHk9EvUp56h61u+W1uQyUqs1HQgEsd48Dv6+Yk1nuTGxC26Pvw2Fav+KzA9lMNPaj
	o+8LweLHs1CMKxORJG0KAmEEfo7oYfM=
ARC-Authentication-Results: i=1;
	imf28.hostedemail.com;
	dkim=pass header.d=rivosinc-com.20221208.gappssmtp.com header.s=20221208 header.b="nK5/1WGS";
	dmarc=none;
	spf=pass (imf28.hostedemail.com: domain of atishp@rivosinc.com designates 209.85.214.180 as permitted sender) smtp.mailfrom=atishp@rivosinc.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1681942673; a=rsa-sha256;
	cv=none;
	b=YKlNB7uJEI2EUXUwIwtRqPtpT0uHBt9zJOFvj2XD+YtGpalF6J/IYQq0M9jEImedXah4ls
	rithdWL35q+M+StrOGo3y40pTLIt+6jIMndM3wiuWLfU23I4YtwyZrWi3zH+D2MEcCWUdE
	S7CCvIsS5We/0SJ2lAAr5C5xWegh2CU=
Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1a6ebc66ca4so4209805ad.3
        for <linux-mm@kvack.org>; Wed, 19 Apr 2023 15:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=rivosinc-com.20221208.gappssmtp.com; s=20221208; t=1681942672; x=1684534672;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=qOzd/WhvlpjJ956p72hZNImrff40bav5pGpgVf1jDCE=;
        b=nK5/1WGSlykOrMrz6zLE7ByOwHsNX7ku+LU2VBvTADuPSy3LTEvEYN/5idyeMAH9v6
         lDrCh9vx2uQPGrR2xDDmRNujTPNDyyzCxzk4mY1KxzUuZQGhhSyvWuaw1bMwsQMloPyl
         7AP1+xv6gUZEztUQTM1GZJONZkurrJQmSw8oo0Vlacs0NCnY8W0HIEeaXUNTT9FXPkDs
         BnQUvSJIxGIi32I9gl3+IkxfURT26aMcR2YDE4SZvKgasSWBzWeQlJS8HIQa8AHGBoBy
         oAuh9qhu2Ya7h80HYOyhHTVyAo19NM+J4mD7HNvy+vl3b7n5pBV/07agfGWnPCRxQI9a
         znow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1681942672; x=1684534672;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=qOzd/WhvlpjJ956p72hZNImrff40bav5pGpgVf1jDCE=;
        b=YEkxF6mxtfGOf/4t9WqiLJuAmIpkpnWNsi1fWmVdyc+iEiGe8PA85/Yy6IowdLNvQu
         O8dZ86LAjLzL+hERLR/F73bo1J6X2RBkwROTZ7y/M1NXe/8QihYb5N9PZZ/cac6AdwsU
         5Gg7k1DmIVGfCv7R+z2NRctfPvDhuFkdlm0Q2NAjpGNh03PjmIKWaBfvDxqVONJVr0aO
         Pwsm7PAbdfDJZSrtoh77hwKTo7hyjxcjHKgxGNur5f4cLgiP/hqcgK9EPKfY394cy9z2
         nBsscBmF0qZEDMuqDHejc/lBFlaykJeSSFYRqFydfzeZgzD4MR+7rBt8Zfbh700PAk7S
         tFVQ==
X-Gm-Message-State: AAQBX9fg9/NLCkGQ+1yXquiDrT2lhfbP8VDI367sN6jeXD8QN1hwwImJ
	O7DJQUcL3OpMxIiuOmqt4XC9bQ==
X-Google-Smtp-Source: AKy350YH91pAUPM41j7LqluKiXzQ7Ynx9OMjbtDndSOQdeDLatwEyjhoPFWqpUQdaJ4OsOf4sEQSuA==
X-Received: by 2002:a17:902:9004:b0:1a5:2621:34cd with SMTP id a4-20020a170902900400b001a5262134cdmr5755075plp.39.1681942671881;
        Wed, 19 Apr 2023 15:17:51 -0700 (PDT)
Received: from atishp.ba.rivosinc.com ([66.220.2.162])
        by smtp.gmail.com with ESMTPSA id jn11-20020a170903050b00b00196807b5189sm11619190plb.292.2023.04.19.15.17.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 19 Apr 2023 15:17:51 -0700 (PDT)
From: Atish Patra <atishp@rivosinc.com>
To: linux-kernel@vger.kernel.org
Cc: Atish Patra <atishp@rivosinc.com>,
	Alexandre Ghiti <alex@ghiti.fr>,
	Andrew Jones <ajones@ventanamicro.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Anup Patel <anup@brainfault.org>,
	Atish Patra <atishp@atishpatra.org>,
	=?UTF-8?q?Bj=C3=B6rn=20T=C3=B6pel?= <bjorn@rivosinc.com>,
	Suzuki K Poulose <suzuki.poulose@arm.com>,
	Will Deacon <will@kernel.org>,
	Marc Zyngier <maz@kernel.org>,
	Sean Christopherson <seanjc@google.com>,
	linux-coco@lists.linux.dev,
	Dylan Reid <dylan@rivosinc.com>,
	abrestic@rivosinc.com,
	Samuel Ortiz <sameo@rivosinc.com>,
	Christoph Hellwig <hch@infradead.org>,
	Conor Dooley <conor.dooley@microchip.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Guo Ren <guoren@kernel.org>,
	Heiko Stuebner <heiko@sntech.de>,
	Jiri Slaby <jirislaby@kernel.org>,
	kvm-riscv@lists.infradead.org,
	kvm@vger.kernel.org,
	linux-mm@kvack.org,
	linux-riscv@lists.infradead.org,
	Mayuresh Chitale <mchitale@ventanamicro.com>,
	Palmer Dabbelt <palmer@dabbelt.com>,
	Paolo Bonzini <pbonzini@redhat.com>,
	Paul Walmsley <paul.walmsley@sifive.com>,
	Rajnesh Kanwal <rkanwal@rivosinc.com>,
	Uladzislau Rezki <urezki@gmail.com>
Subject: [RFC 10/48] RISC-V: KVM: Implement static memory region measurement
Date: Wed, 19 Apr 2023 15:16:38 -0700
Message-Id: <20230419221716.3603068-11-atishp@rivosinc.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20230419221716.3603068-1-atishp@rivosinc.com>
References: <20230419221716.3603068-1-atishp@rivosinc.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Rspam-User: 
X-Rspamd-Server: rspam02
X-Rspamd-Queue-Id: 011DDC000E
X-Stat-Signature: qf4kctwdtufhrwedjcche86idkch3rts
X-HE-Tag: 1681942672-868887
X-HE-Meta: U2FsdGVkX1/NX1MsKFzStLd+oh9LlZjLKv2vMSETOsbxzx8cKJi+UzmijNJ/bZdd/hnoY0fZ/YK/qAMDPAtD807ObjupnbCzwgTCuvym+VI/PzAYj3C6KJyIT8lrNBliGkMY/k+IvNFjvZtxzlVHj2kcbagakQ3zeFZpeTYP2F2yRkdrMnfxzJSbykhfIe60b6MhAX4vj9E+FE0Ci8F8nVjS7Zk1buJ/Nxfh9L1bGlJk9MkBhdBemoSjoCz6HRmoqS+fr8sfAqIM/MH82S8bnue7CM5C+THPXKaMpNZiZT2Uoc+epQhLzNstMsiqn8XR9Nc96hMILBr1BE/CuO2Swf1s1i5sKUjgdoesi9drDpFAG7qqd3bNBhr4aOFTDUWMtOGRoePULBsoiEelko21aal9mzy7mhgCYSQPe09mdM+rKx2mtw01VBMfOejP5bHitTMdqYqWBywXCFUgzDrL7+rnLKOMMOKFxwQgzc04WIQkRenPjdbaNLxn/PygPlPyR5G7e6t4wkJlzdvJLUA7qfV83JjRPtKrQ2R1uJ5VgnwicEgptBfw6WKOFRzvdqIr+zDDEx61amvesA2vWNTUgRF314cwg8Dj387kbzIlkQmO9syyJa+nZfKEyrUIUPKJAeuaP8pcfTslwVMUq8GwWHSighAhOfS2Fln+zUT7h5WBOc5e734ymnlPbeOZhWZ0gSdgsv6D9o0mm3Dsr0FQqqgu6f+/YBNUZ5BjTS+CL9nWYQAbC2GGDaIGNO5LGRBWkmsXbHliK9WZNCPeylcIpcfPi5cXS2kmikqXQZTE1nJLTjy9PK+s2Rn2/EnSYAVmDYaq8kiA5VhJvTN7yqkcEiS2BxGEEQjuRfOUY38qQWuA0vimD/NE+l9b62VKQfquSynBsS0j4/MkhaJSj0umzC9CZ3K/j5dx56CQUNeRV9ANpJQaHTDtc+a+PE8yX72kXmxji9SS5jIShqxc7Mi
 D2FidvTn
 eypN3nZtUnbImeN6kIu7/eLW4zQVvGYNSZNzDT/y1/0dTcQMWA3yTVT20BJg6sbzMtSXrBdRcLQ0dh4FK8vwYyXJ2jqmqOEVx7smokkIHQkXoKJFqoWoSRJNInFr1Oth4z7Tg6vyw8qJf25BKewfa4S33VBaPYqpjhS3qmDWY/UMKQfmBY0XaHzDFbi93aTbP5dW9SBFfaY6/7t0iqDRD/M/7GM9sm5AeDRW9/sqzvt/4kxryF9lnxc0bB8Fw3176+jfkkX++t45SL38KvIDSpt82olhw3Ro7phjQ04k3y3Eoz12flFGQnn6Z6PGvbAFjcSFbg2BVH4YXidBiCjoCgxE0UIbI35mPipNm2WqgL11rJQ1ONbIp/CPYbCWOKm2h3F7Idv+XSmWBczxXd4y0tUa/tzx8MHAMl4EDDUnPJt2WdNFqBE6xB5aT2oQh4iNpj3xT3+dZcpuAU/ZIGk/qOuPyFQ==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

To support attestation of any images loaded by the VMM, the COVH allows
measuring these memory regions. Currently, it will be used for the
kernel image, device tree and initrd images.

Signed-off-by: Atish Patra <atishp@rivosinc.com>
---
 arch/riscv/include/asm/kvm_cove.h |   6 ++
 arch/riscv/kvm/cove.c             | 110 ++++++++++++++++++++++++++++++
 2 files changed, 116 insertions(+)

diff --git a/arch/riscv/include/asm/kvm_cove.h b/arch/riscv/include/asm/kvm_cove.h
index 3bf1bcd..4ea1df1 100644
--- a/arch/riscv/include/asm/kvm_cove.h
+++ b/arch/riscv/include/asm/kvm_cove.h
@@ -127,6 +127,7 @@ void kvm_riscv_cove_vcpu_load(struct kvm_vcpu *vcpu);
 void kvm_riscv_cove_vcpu_put(struct kvm_vcpu *vcpu);
 void kvm_riscv_cove_vcpu_switchto(struct kvm_vcpu *vcpu, struct kvm_cpu_trap *trap);
 
+int kvm_riscv_cove_vm_measure_pages(struct kvm *kvm, struct kvm_riscv_cove_measure_region *mr);
 int kvm_riscv_cove_vm_add_memreg(struct kvm *kvm, unsigned long gpa, unsigned long size);
 int kvm_riscv_cove_gstage_map(struct kvm_vcpu *vcpu, gpa_t gpa, unsigned long hva);
 #else
@@ -147,6 +148,11 @@ static inline void kvm_riscv_cove_vcpu_put(struct kvm_vcpu *vcpu) {}
 static inline void kvm_riscv_cove_vcpu_switchto(struct kvm_vcpu *vcpu, struct kvm_cpu_trap *trap) {}
 static inline int kvm_riscv_cove_vm_add_memreg(struct kvm *kvm, unsigned long gpa,
 					       unsigned long size) {return -1; }
+static inline int kvm_riscv_cove_vm_measure_pages(struct kvm *kvm,
+						  struct kvm_riscv_cove_measure_region *mr)
+{
+	return -1;
+}
 static inline int kvm_riscv_cove_gstage_map(struct kvm_vcpu *vcpu,
 					    gpa_t gpa, unsigned long hva) {return -1; }
 #endif /* CONFIG_RISCV_COVE_HOST */
diff --git a/arch/riscv/kvm/cove.c b/arch/riscv/kvm/cove.c
index d001e36..5b4d9ba 100644
--- a/arch/riscv/kvm/cove.c
+++ b/arch/riscv/kvm/cove.c
@@ -27,6 +27,12 @@ static DEFINE_SPINLOCK(cove_fence_lock);
 
 static bool riscv_cove_enabled;
 
+static inline bool cove_is_within_region(unsigned long addr1, unsigned long size1,
+				       unsigned long addr2, unsigned long size2)
+{
+	return ((addr1 <= addr2) && ((addr1 + size1) >= (addr2 + size2)));
+}
+
 static void kvm_cove_local_fence(void *info)
 {
 	int rc;
@@ -192,6 +198,109 @@ int kvm_riscv_cove_vcpu_init(struct kvm_vcpu *vcpu)
 	return rc;
 }
 
+int kvm_riscv_cove_vm_measure_pages(struct kvm *kvm, struct kvm_riscv_cove_measure_region *mr)
+{
+	struct kvm_cove_tvm_context *tvmc = kvm->arch.tvmc;
+	int rc = 0, idx, num_pages;
+	struct kvm_riscv_cove_mem_region *conf;
+	struct page *pinned_page, *conf_page;
+	struct kvm_riscv_cove_page *cpage;
+
+	if (!tvmc)
+		return -EFAULT;
+
+	if (tvmc->finalized_done) {
+		kvm_err("measured_mr pages can not be added after finalize\n");
+		return -EINVAL;
+	}
+
+	num_pages = bytes_to_pages(mr->size);
+	conf = &tvmc->confidential_region;
+
+	if (!IS_ALIGNED(mr->userspace_addr, PAGE_SIZE) ||
+	    !IS_ALIGNED(mr->gpa, PAGE_SIZE) || !mr->size ||
+	    !cove_is_within_region(conf->gpa, conf->npages << PAGE_SHIFT, mr->gpa, mr->size))
+		return -EINVAL;
+
+	idx = srcu_read_lock(&kvm->srcu);
+
+	/*TODO: Iterate one page at a time as pinning multiple pages fail with unmapped panic
+	 * with a virtual address range belonging to vmalloc region for some reason.
+	 */
+	while (num_pages) {
+		if (signal_pending(current)) {
+			rc = -ERESTARTSYS;
+			break;
+		}
+
+		if (need_resched())
+			cond_resched();
+
+		rc = get_user_pages_fast(mr->userspace_addr, 1, 0, &pinned_page);
+		if (rc < 0) {
+			kvm_err("Pinning the userpsace addr %lx failed\n", mr->userspace_addr);
+			break;
+		}
+
+		/* Enough pages are not available to be pinned */
+		if (rc != 1) {
+			rc = -ENOMEM;
+			break;
+		}
+		conf_page = alloc_page(GFP_KERNEL | __GFP_ZERO);
+		if (!conf_page) {
+			rc = -ENOMEM;
+			break;
+		}
+
+		rc = cove_convert_pages(page_to_phys(conf_page), 1, true);
+		if (rc)
+			break;
+
+		/*TODO: Support other pages sizes */
+		rc = sbi_covh_add_measured_pages(tvmc->tvm_guest_id, page_to_phys(pinned_page),
+						 page_to_phys(conf_page), SBI_COVE_PAGE_4K,
+						 1, mr->gpa);
+		if (rc)
+			break;
+
+		/* Unpin the page now */
+		put_page(pinned_page);
+
+		cpage = kmalloc(sizeof(*cpage), GFP_KERNEL_ACCOUNT);
+		if (!cpage) {
+			rc = -ENOMEM;
+			break;
+		}
+
+		cpage->page = conf_page;
+		cpage->npages = 1;
+		cpage->gpa = mr->gpa;
+		cpage->hva = mr->userspace_addr;
+		cpage->is_mapped = true;
+		INIT_LIST_HEAD(&cpage->link);
+		list_add(&cpage->link, &tvmc->measured_pages);
+
+		mr->userspace_addr += PAGE_SIZE;
+		mr->gpa += PAGE_SIZE;
+		num_pages--;
+		conf_page = NULL;
+
+		continue;
+	}
+	srcu_read_unlock(&kvm->srcu, idx);
+
+	if (rc < 0) {
+		/* We don't to need unpin pages as it is allocated by the hypervisor itself */
+		cove_delete_page_list(kvm, &tvmc->measured_pages, false);
+		/* Free the last allocated page for which conversion/measurement failed */
+		kfree(conf_page);
+		kvm_err("Adding/Converting measured pages failed %d\n", num_pages);
+	}
+
+	return rc;
+}
+
 int kvm_riscv_cove_vm_add_memreg(struct kvm *kvm, unsigned long gpa, unsigned long size)
 {
 	int rc;
@@ -244,6 +353,7 @@ void kvm_riscv_cove_vm_destroy(struct kvm *kvm)
 	}
 
 	cove_delete_page_list(kvm, &tvmc->reclaim_pending_pages, false);
+	cove_delete_page_list(kvm, &tvmc->measured_pages, false);
 
 	/* Reclaim and Free the pages for tvm state management */
 	rc = sbi_covh_tsm_reclaim_pages(page_to_phys(tvmc->tvm_state.page), tvmc->tvm_state.npages);
-- 
2.25.1