- Linux-kselftest-mirror - lists.linaro.org

Copie de : Bild: Investieren Sie einmal 250 $ und erhalten Sie ab 1000 $ pro Tag

by Galerie Raymond Dreyfus

Ceci est une copie du message que vous avez envoyé à Galerie Raymond Dreyfus via Galerie Raymond Dreyfus Ceci est un message expédié via http://www.raymond-dreyfus.com/ par : JosephZem <linux-kselftest(a)vger.kernel.org> TOP 3 Handelsroboter, die Menschen zu Millionaren machen http://bitcoin-obituaries.beersec.com/dayli-news-8902

3 years

1
0
0 0

[PATCH 3/6] selftests/sgx: Ignore OpenSSL 3.0 deprecated functions warning

by Jarkko Sakkinen

From: Kristen Carlson Accardi <kristen(a)linux.intel.com> OpenSSL 3.0 deprecates some of the functions used in the SGX selftests, causing build errors on new distros. For now ignore the warnings until support for the functions is no longer available and mark FIXME so that it can be clear this should be removed at some point. Signed-off-by: Kristen Carlson Accardi <kristen(a)linux.intel.com> Signed-off-by: Jarkko Sakkinen <jarkko(a)kernel.org> --- tools/testing/selftests/sgx/sigstruct.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c index 50c5ab1aa6fa..a07896a46364 100644 --- a/tools/testing/selftests/sgx/sigstruct.c +++ b/tools/testing/selftests/sgx/sigstruct.c @@ -17,6 +17,12 @@ #include "defines.h" #include "main.h" +/* + * FIXME: OpenSSL 3.0 has deprecated some functions. For now just ignore + * the warnings. + */ +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" + struct q1q2_ctx { BN_CTX *bn_ctx; BIGNUM *m; -- 2.37.2

3 years

2
2
0 0

[RFC V2 PATCH 0/8] selftests: KVM: SEV: selftests for fd-based private memory

by Vishal Annapurve

This series implements selftests executing SEV VMs to target the feature floated by Chao via: https://lore.kernel.org/linux-mm/20220706082016.2603916-12-chao.p.peng@linu… Below changes aim to test the fd based approach for guest private memory in context of SEV VMs executing on AMD SEV compatible platforms. sev_private_mem_test.c file adds selftest to access private memory from the guest via private/shared accesses and checking if the contents can be leaked to/accessed by vmm via shared memory view before/after conversions. To allow SEV/SEV-ES VMs to toggle the encryption bit during memory conversion, support is added for mapping guest pagetables to guest va ranges and passing the mapping information to guests via shared pages. This series has dependency on following patch series: 1) V7 series patches from Chao mentioned above. 2) https://lore.kernel.org/lkml/20220810152033.946942-1-pgonda@google.com/T/#u - Series posted by Peter containing patches from Michael and Sean 3) https://lore.kernel.org/lkml/Ywa9T+jKUpaHLu%2Fl@google.com/T/ - Series posted for similar selftests executing non-confidential VMs. Github link for the patches posted as part of this series: https://github.com/vishals4gh/linux/commits/sev_upm_selftests_rfcv2 Vishal Annapurve (8): selftests: kvm: x86_64: Add support for pagetable tracking kvm: Add HVA range operator arch: x86: sev: Populate private memory fd during LAUNCH_UPDATE_DATA selftests: kvm: sev: Support memslots with private memory selftests: kvm: Update usage of private mem lib for SEV VMs selftests: kvm: Support executing SEV VMs with private memory selftests: kvm: Refactor testing logic for private memory selftests: kvm: Add private memory test for SEV VMs arch/x86/kvm/svm/sev.c | 99 ++++++- include/linux/kvm_host.h | 8 + tools/testing/selftests/kvm/.gitignore | 1 + tools/testing/selftests/kvm/Makefile | 2 + .../selftests/kvm/include/kvm_util_base.h | 105 +++++++ .../kvm/include/x86_64/private_mem.h | 10 +- .../include/x86_64/private_mem_test_helper.h | 13 + .../selftests/kvm/include/x86_64/sev.h | 2 + tools/testing/selftests/kvm/lib/kvm_util.c | 78 ++++- .../selftests/kvm/lib/x86_64/private_mem.c | 189 ++++++++++-- .../kvm/lib/x86_64/private_mem_test_helper.c | 273 ++++++++++++++++++ .../selftests/kvm/lib/x86_64/processor.c | 32 ++ tools/testing/selftests/kvm/lib/x86_64/sev.c | 15 +- .../selftests/kvm/x86_64/private_mem_test.c | 246 +--------------- .../kvm/x86_64/sev_private_mem_test.c | 21 ++ virt/kvm/kvm_main.c | 87 +++++- 16 files changed, 880 insertions(+), 301 deletions(-) create mode 100644 tools/testing/selftests/kvm/include/x86_64/private_mem_test_helper.h create mode 100644 tools/testing/selftests/kvm/lib/x86_64/private_mem_test_helper.c create mode 100644 tools/testing/selftests/kvm/x86_64/sev_private_mem_test.c -- 2.37.2.672.g94769d06f0-goog

3 years

1
8
0 0

[PATCH v3 0/2] begin KTAP spec v2 process

by frowand.list＠gmail.com

From: Frank Rowand <frank.rowand(a)sony.com> The process to create version 2 of the KTAP Specification is documented in email discussions. I am attempting to capture this information at https://elinux.org/Test_Results_Format_Notes#KTAP_version_2 I am already not following the suggested process, which says: "...please try to follow this principal of one major topic per email thread." I think that is ok in this case because the two patches are related and (hopefully) not controversial. Changes since patch version 2: - correct version 1 change text - version 1 patch 2/2 had not yet been applied when I created version 2, refresh version 2 patch 2/2 for new context Changes since patch version 1: - drop patch 2/2. Jonathan Corbet has already applied this patch into version 1 of the Specification - add new patch 2/2 Frank Rowand (2): ktap_v2: change version to 2-rc in KTAP specification ktap_v2: change "version 1" to "version 2" in examples Documentation/dev-tools/ktap.rst | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) -- Frank Rowand <frank.rowand(a)sony.com>

3 years

4
7
0 0

[PATCH bpf-next v7 00/24] Introduce eBPF support for HID devices

by Benjamin Tissoires

Hi, here comes the v7 of the HID-BPF series. Again, for a full explanation of HID-BPF, please refer to the last patch in this series (24/24). This version sees some minor improvements compared to v6, only focusing on the reviews I got. I also wanted to mention that I have started working on the userspace side to "see" how the BPF programs would look when automatically loaded. See the udev-hid-bpf project[0] for the code. The idea is to define the HID-BPF userspace programs so we can reuse the same semantic in the kernel. I am quite happy with the results: this looks pretty similar to a kernel module in term of design. The .bpf.c file is a standalone compilation unit, and instead of having a table of ids, the filename is used (based on the modalias). This allows to have a "probe" like function that we can run to decide if the program needs to be attached or not. All in all, the end result is that we can write the bpf program, compile it locally, and send the result to the user. The user needs to drop the .bpf.o in a local folder, and udev-hid-bpf will pick it up the next time the device is plugged in. No other operations is required. Next step will be to drop the same source file in the kernel source tree, and have some magic to automatically load the compiled program when the device is loaded. Cheers, Benjamin [0] https://gitlab.freedesktop.org/bentiss/udev-hid-bpf (warning: probably not the best rust code ever) Benjamin Tissoires (24): selftests/bpf: fix config for CLS_BPF bpf/verifier: allow kfunc to read user provided context bpf/verifier: do not clear meta in check_mem_size selftests/bpf: add test for accessing ctx from syscall program type bpf/verifier: allow kfunc to return an allocated mem selftests/bpf: Add tests for kfunc returning a memory pointer bpf: prepare for more bpf syscall to be used from kernel and user space. libbpf: add map_get_fd_by_id and map_delete_elem in light skeleton HID: core: store the unique system identifier in hid_device HID: export hid_report_type to uapi HID: convert defines of HID class requests into a proper enum HID: Kconfig: split HID support and hid-core compilation HID: initial BPF implementation selftests/bpf: add tests for the HID-bpf initial implementation HID: bpf: allocate data memory for device_event BPF programs selftests/bpf/hid: add test to change the report size HID: bpf: introduce hid_hw_request() selftests/bpf: add tests for bpf_hid_hw_request HID: bpf: allow to change the report descriptor selftests/bpf: add report descriptor fixup tests selftests/bpf: Add a test for BPF_F_INSERT_HEAD samples/bpf: add new hid_mouse example HID: bpf: add Surface Dial example Documentation: add HID-BPF docs Documentation/hid/hid-bpf.rst | 512 +++++++++ Documentation/hid/index.rst | 1 + drivers/Makefile | 2 +- drivers/hid/Kconfig | 20 +- drivers/hid/Makefile | 2 + drivers/hid/bpf/Kconfig | 18 + drivers/hid/bpf/Makefile | 11 + drivers/hid/bpf/entrypoints/Makefile | 93 ++ drivers/hid/bpf/entrypoints/README | 4 + drivers/hid/bpf/entrypoints/entrypoints.bpf.c | 66 ++ .../hid/bpf/entrypoints/entrypoints.lskel.h | 682 ++++++++++++ drivers/hid/bpf/hid_bpf_dispatch.c | 553 ++++++++++ drivers/hid/bpf/hid_bpf_dispatch.h | 28 + drivers/hid/bpf/hid_bpf_jmp_table.c | 577 ++++++++++ drivers/hid/hid-core.c | 49 +- include/linux/bpf.h | 9 +- include/linux/btf.h | 10 + include/linux/hid.h | 38 +- include/linux/hid_bpf.h | 148 +++ include/uapi/linux/hid.h | 26 +- include/uapi/linux/hid_bpf.h | 25 + kernel/bpf/btf.c | 91 +- kernel/bpf/syscall.c | 10 +- kernel/bpf/verifier.c | 65 +- net/bpf/test_run.c | 23 + samples/bpf/.gitignore | 2 + samples/bpf/Makefile | 27 + samples/bpf/hid_mouse.bpf.c | 134 +++ samples/bpf/hid_mouse.c | 147 +++ samples/bpf/hid_surface_dial.bpf.c | 161 +++ samples/bpf/hid_surface_dial.c | 212 ++++ tools/include/uapi/linux/hid.h | 62 ++ tools/include/uapi/linux/hid_bpf.h | 25 + tools/lib/bpf/skel_internal.h | 23 + tools/testing/selftests/bpf/Makefile | 5 +- tools/testing/selftests/bpf/config | 5 +- tools/testing/selftests/bpf/prog_tests/hid.c | 990 ++++++++++++++++++ .../selftests/bpf/prog_tests/kfunc_call.c | 76 ++ tools/testing/selftests/bpf/progs/hid.c | 206 ++++ .../selftests/bpf/progs/kfunc_call_test.c | 125 +++ 40 files changed, 5184 insertions(+), 79 deletions(-) create mode 100644 Documentation/hid/hid-bpf.rst create mode 100644 drivers/hid/bpf/Kconfig create mode 100644 drivers/hid/bpf/Makefile create mode 100644 drivers/hid/bpf/entrypoints/Makefile create mode 100644 drivers/hid/bpf/entrypoints/README create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.bpf.c create mode 100644 drivers/hid/bpf/entrypoints/entrypoints.lskel.h create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.c create mode 100644 drivers/hid/bpf/hid_bpf_dispatch.h create mode 100644 drivers/hid/bpf/hid_bpf_jmp_table.c create mode 100644 include/linux/hid_bpf.h create mode 100644 include/uapi/linux/hid_bpf.h create mode 100644 samples/bpf/hid_mouse.bpf.c create mode 100644 samples/bpf/hid_mouse.c create mode 100644 samples/bpf/hid_surface_dial.bpf.c create mode 100644 samples/bpf/hid_surface_dial.c create mode 100644 tools/include/uapi/linux/hid.h create mode 100644 tools/include/uapi/linux/hid_bpf.h create mode 100644 tools/testing/selftests/bpf/prog_tests/hid.c create mode 100644 tools/testing/selftests/bpf/progs/hid.c -- 2.36.1

3 years

6
44
0 0

kselftest/next kselftest-lkdtm: 3 runs, 1 regressions (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0)

by kernelci.org bot

kselftest/next kselftest-lkdtm: 3 runs, 1 regressions (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0) Regressions Summary ------------------- platform | arch | lab | compiler | defconfig | regressions ----------------+------+---------------+----------+------------------------------+------------ imx6q-sabrelite | arm | lab-collabora | gcc-10 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/job/kselftest/branch/next/kernel/linux-kselftest-… Test: kselftest-lkdtm Tree: kselftest Branch: next Describe: linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0 URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git SHA: 997fdfc6b9c041be39ecb9a156cdeeea1a9a4379 Test Regressions ---------------- platform | arch | lab | compiler | defconfig | regressions ----------------+------+---------------+----------+------------------------------+------------ imx6q-sabrelite | arm | lab-collabora | gcc-10 | multi_v7_defconfig+kselftest | 1 Details: https://kernelci.org/test/plan/id/630d58c57d995ddce035565d Results: 0 PASS, 1 FAIL, 0 SKIP Full config: multi_v7_defconfig+kselftest Compiler: gcc-10 (arm-linux-gnueabihf-gcc (Debian 10.2.1-6) 10.2.1 20210110) Plain log: https://storage.kernelci.org//kselftest/next/linux-kselftest-next-6.0-rc2-5… HTML log: https://storage.kernelci.org//kselftest/next/linux-kselftest-next-6.0-rc2-5… Rootfs: http://storage.kernelci.org/images/rootfs/debian/bullseye-kselftest/2022082… * kselftest-lkdtm.login: https://kernelci.org/test/case/id/630d58c57d995ddce035565e failing since 7 days (last pass: v6.0-rc1-1-gf1227dc7d0411, first fail: linux-kselftest-next-6.0-rc2-1-gab7039dbcc61)

3 years

1
0
0 0

kselftest/next build: 8 builds: 0 failed, 8 passed (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0)

by kernelci.org bot

kselftest/next build: 8 builds: 0 failed, 8 passed (linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0) Full Build Summary: https://kernelci.org/build/kselftest/branch/next/kernel/linux-kselftest-nex… Tree: kselftest Branch: next Git Describe: linux-kselftest-next-6.0-rc2-5-g997fdfc6b9c0 Git Commit: 997fdfc6b9c041be39ecb9a156cdeeea1a9a4379 Git URL: https://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest.git Built: 4 unique architectures ================================================================================ Detailed per-defconfig build reports: -------------------------------------------------------------------------------- defconfig+kselftest (arm64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- defconfig+kselftest+arm64-chromebook (arm64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- i386_defconfig+kselftest (i386, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- multi_v7_defconfig+kselftest (arm, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, gcc-10) — PASS, 0 errors, 0 warnings, 0 section mismatches -------------------------------------------------------------------------------- x86_64_defconfig+kselftest (x86_64, clang-15) — PASS, 0 errors, 0 warnings, 0 section mismatches --- For more info write to <info(a)kernelci.org>

3 years

1
0
0 0

[PATCH v2] kunit: fix assert_type for comparison macros

by Sander Vanheule

When replacing KUNIT_BINARY_*_MSG_ASSERTION() macros with KUNIT_BINARY_INT_ASSERTION(), the assert_type parameter was not always correctly transferred. Specifically, the following errors were introduced: - KUNIT_EXPECT_LE_MSG() uses KUNIT_ASSERTION - KUNIT_ASSERT_LT_MSG() uses KUNIT_EXPECTATION - KUNIT_ASSERT_GT_MSG() uses KUNIT_EXPECTATION A failing KUNIT_EXPECT_LE_MSG() test thus prevents further tests from running, while failing KUNIT_ASSERT_{LT,GT}_MSG() tests do not prevent further tests from running. This is contrary to the documentation, which states that failing KUNIT_EXPECT_* macros allow further tests to run, while failing KUNIT_ASSERT_* macros should prevent this. Revert the KUNIT_{ASSERTION,EXPECTATION} switches to fix the behaviour for the affected macros. Fixes: 40f39777ce4f ("kunit: decrease macro layering for integer asserts") Signed-off-by: Sander Vanheule <sander(a)svanheule.net> --- include/kunit/test.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/kunit/test.h b/include/kunit/test.h index c958855681cc..840a2c375065 100644 --- a/include/kunit/test.h +++ b/include/kunit/test.h @@ -826,7 +826,7 @@ do { \ #define KUNIT_EXPECT_LE_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_ASSERTION, \ + KUNIT_EXPECTATION, \ left, <=, right, \ fmt, \ ##__VA_ARGS__) @@ -1116,7 +1116,7 @@ do { \ #define KUNIT_ASSERT_LT_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_EXPECTATION, \ + KUNIT_ASSERTION, \ left, <, right, \ fmt, \ ##__VA_ARGS__) @@ -1157,7 +1157,7 @@ do { \ #define KUNIT_ASSERT_GT_MSG(test, left, right, fmt, ...) \ KUNIT_BINARY_INT_ASSERTION(test, \ - KUNIT_EXPECTATION, \ + KUNIT_ASSERTION, \ left, >, right, \ fmt, \ ##__VA_ARGS__) -- 2.37.2

3 years

3
2
0 0

[PATCH v2] selftests/bpf: Fix bind{4,6} tcp/socket header type conflict

by James Hilliard

There is a potential for us to hit a type conflict when including netinet/tcp.h with sys/socket.h, we can remove these as they are not actually needed. Fixes errors like: In file included from /usr/include/netinet/tcp.h:91, from progs/bind4_prog.c:10: /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:34:23: error: conflicting types for 'int8_t'; have 'char' 34 | typedef __INT8_TYPE__ int8_t; | ^~~~~~ In file included from /usr/include/x86_64-linux-gnu/sys/types.h:155, from /usr/include/x86_64-linux-gnu/bits/socket.h:29, from /usr/include/x86_64-linux-gnu/sys/socket.h:33, from progs/bind4_prog.c:9: /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:24:18: note: previous declaration of 'int8_t' with type 'int8_t' {aka 'signed char'} 24 | typedef __int8_t int8_t; | ^~~~~~ /home/buildroot/opt/cross/lib/gcc/bpf/13.0.0/include/stdint.h:43:24: error: conflicting types for 'int64_t'; have 'long int' 43 | typedef __INT64_TYPE__ int64_t; | ^~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdint-intn.h:27:19: note: previous declaration of 'int64_t' with type 'int64_t' {aka 'long long int'} 27 | typedef __int64_t int64_t; | ^~~~~~~ make: *** [Makefile:537: /home/buildroot/bpf-next/tools/testing/selftests/bpf/bpf_gcc/bind4_prog.o] Error 1 Signed-off-by: James Hilliard <james.hilliard1(a)gmail.com> --- Changes v1 -> v2: - just remove netinet/tcp.h and sys/socket.h --- tools/testing/selftests/bpf/progs/bind4_prog.c | 2 -- tools/testing/selftests/bpf/progs/bind6_prog.c | 2 -- 2 files changed, 4 deletions(-) diff --git a/tools/testing/selftests/bpf/progs/bind4_prog.c b/tools/testing/selftests/bpf/progs/bind4_prog.c index 474c6a62078a..a487f60b73ac 100644 --- a/tools/testing/selftests/bpf/progs/bind4_prog.c +++ b/tools/testing/selftests/bpf/progs/bind4_prog.c @@ -6,8 +6,6 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> #include <linux/if.h> #include <errno.h> diff --git a/tools/testing/selftests/bpf/progs/bind6_prog.c b/tools/testing/selftests/bpf/progs/bind6_prog.c index c19cfa869f30..d62cd9e9cf0e 100644 --- a/tools/testing/selftests/bpf/progs/bind6_prog.c +++ b/tools/testing/selftests/bpf/progs/bind6_prog.c @@ -6,8 +6,6 @@ #include <linux/bpf.h> #include <linux/in.h> #include <linux/in6.h> -#include <sys/socket.h> -#include <netinet/tcp.h> #include <linux/if.h> #include <errno.h> -- 2.34.1

3 years

3
5
0 0

[PATCH v11 1/3] x86/tdx: Add TDX Guest attestation interface driver

by Kuppuswamy Sathyanarayanan

Attestation is used to verify the TDX guest trustworthiness to other entities before provisioning secrets to the guest. For example, a key server may request for attestation before releasing the encryption keys to mount the encrypted rootfs or secondary drive. During the TDX guest launch, the initial contents (including the firmware image) and configuration of the guest are recorded by the Intel TDX module in build time measurement register (MRTD). After TDX guest is created, run-time measurement registers (RTMRs) can be used by the guest software to extend the measurements. TDX supports 4 RTMR registers, and TDG.MR.RTMR.EXTEND TDCALL is used to update the RTMR registers securely. RTMRs are mainly used to record measurements related to sections like the kernel image, command line parameters, initrd, ACPI tables, firmware data, configuration firmware volume (CFV) of TDVF, etc. For complete details, please refer to TDX Virtual Firmware design specification, sec titled "TD Measurement". At TDX guest runtime, the Intel TDX module reuses the Intel SGX attestation infrastructure to provide support for attesting to these measurements as described below. The attestation process consists of two steps: TDREPORT generation and Quote generation. TDREPORT (TDREPORT_STRUCT) is a fixed-size data structure generated by the TDX module which contains guest-specific information (such as build and boot measurements), platform security version, and the MAC to protect the integrity of the TDREPORT. The guest kernel uses TDCALL[TDG.MR.REPORT] to get the TDREPORT from the TDX module. A user-provided 64-Byte REPORTDATA is used as input and included in the TDREPORT. Typically it can be some nonce provided by attestation service so the TDREPORT can be verified uniquely. More details about the TDREPORT can be found in Intel TDX Module specification, section titled "TDG.MR.REPORT Leaf". TDREPORT by design can only be verified on the local platform as the MAC key is bound to the platform. To support remote verification of the TDREPORT, TDX leverages Intel SGX Quote Enclave (QE) to verify the TDREPORT locally and convert it to a remote verifiable Quote. After getting the TDREPORT, the second step of the attestation process is to send it to the QE to generate the Quote. TDX doesn't support SGX inside the guest, so the QE can be deployed in the host, or in another legacy VM with SGX support. QE checks the integrity of TDREPORT and if it is valid, a certified quote signing key is used to sign the Quote. How to send the TDREPORT to QE and receive the Quote is implementation and deployment specific. Implement a basic guest misc driver to allow userspace to get the TDREPORT. After getting TDREPORT, the userspace attestation software can choose whatever communication channel available (i.e. vsock or hypercall) to send the TDREPORT to QE and receive the Quote. Also note that explicit access permissions are not enforced in this driver because the quote and measurements are not a secret. However the access permissions of the device node can be used to set any desired access policy. The udev default is usually root access only. Operations like getting TDREPORT or Quote generation involves sending a blob of data as input and getting another blob of data as output. It was considered to use a sysfs interface for this, but it doesn't fit well into the standard sysfs model for configuring values. It would be possible to do read/write on files, but it would need multiple file descriptors, which would be somewhat messy. IOCTLs seems to be the best fitting and simplest model for this use case. This is similar to AMD SEV platform, which also uses IOCTL interface to support attestation. Any distribution enabling TDX is also expected to need attestation. So enable it by default with TDX guest support. Reviewed-by: Tony Luck <tony.luck(a)intel.com> Reviewed-by: Andi Kleen <ak(a)linux.intel.com> Acked-by: Kirill A. Shutemov <kirill.shutemov(a)linux.intel.com> Acked-by: Kai Huang <kai.huang(a)intel.com> Acked-by: Wander Lairson Costa <wander(a)redhat.com> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy(a)linux.intel.com> --- Changes since v10: * Replaced TD/TD Guest usage with TDX Guest or Guest. * Removed unnecessary comments. * Added more validation to user input in tdx_get_report(). * Used u64_to_user_ptr when reading user u64 pointers. * Fixed commit log as per review comments. Changes since v9: * Dropped the cover letter. Since this patch set only adds TDREPORT support, the commit log itself has all the required details. * Dropped the Quote support and event IRQ support as per Dave's review suggestion. * Dropped attest.c and moved its contents to tdx.c * Updated commit log and comments to reflect latest changes. Changes since v8: * Please refer to https://lore.kernel.org/all/ \ 20220728034420.648314-1-sathyanarayanan.kuppuswamy(a)linux.intel.com/ arch/x86/coco/tdx/tdx.c | 114 ++++++++++++++++++++++++++++++++ arch/x86/include/uapi/asm/tdx.h | 51 ++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 arch/x86/include/uapi/asm/tdx.h diff --git a/arch/x86/coco/tdx/tdx.c b/arch/x86/coco/tdx/tdx.c index 928dcf7a20d9..0888bdf93a4e 100644 --- a/arch/x86/coco/tdx/tdx.c +++ b/arch/x86/coco/tdx/tdx.c @@ -5,16 +5,21 @@ #define pr_fmt(fmt) "tdx: " fmt #include <linux/cpufeature.h> +#include <linux/miscdevice.h> +#include <linux/mm.h> +#include <linux/io.h> #include <asm/coco.h> #include <asm/tdx.h> #include <asm/vmx.h> #include <asm/insn.h> #include <asm/insn-eval.h> #include <asm/pgtable.h> +#include <uapi/asm/tdx.h> /* TDX module Call Leaf IDs */ #define TDX_GET_INFO 1 #define TDX_GET_VEINFO 3 +#define TDX_GET_REPORT 4 #define TDX_ACCEPT_PAGE 6 /* TDX hypercall Leaf IDs */ @@ -34,6 +39,10 @@ #define VE_GET_PORT_NUM(e) ((e) >> 16) #define VE_IS_IO_STRING(e) ((e) & BIT(4)) +#define DRIVER_NAME "tdx-guest" + +static struct miscdevice tdx_misc_dev; + /* * Wrapper for standard use of __tdx_hypercall with no output aside from * return code. @@ -775,3 +784,108 @@ void __init tdx_early_init(void) pr_info("Guest detected\n"); } + +static long tdx_get_report(void __user *argp) +{ + u8 *reportdata, *tdreport; + struct tdx_report_req req; + long ret; + + if (copy_from_user(&req, argp, sizeof(req))) + return -EFAULT; + + /* + * Per TDX Module 1.0 specification, section titled + * "TDG.MR.REPORT", REPORTDATA length is fixed as + * TDX_REPORTDATA_LEN, TDREPORT length is fixed as + * TDX_REPORT_LEN, and TDREPORT subtype is fixed as + * 0. Also check for valid user pointers. + */ + if (!req.reportdata || !req.tdreport || req.subtype || + req.rpd_len != TDX_REPORTDATA_LEN || + req.tdr_len != TDX_REPORT_LEN) + return -EINVAL; + + reportdata = kmalloc(req.rpd_len, GFP_KERNEL); + if (!reportdata) + return -ENOMEM; + + tdreport = kzalloc(req.tdr_len, GFP_KERNEL); + if (!tdreport) { + kfree(reportdata); + return -ENOMEM; + } + + if (copy_from_user(reportdata, u64_to_user_ptr(req.reportdata), + req.rpd_len)) { + ret = -EFAULT; + goto out; + } + + /* + * Generate TDREPORT using "TDG.MR.REPORT" TDCALL. + * + * Get the TDREPORT using REPORTDATA as input. Refer to + * section 22.3.3 TDG.MR.REPORT leaf in the TDX Module 1.0 + * Specification for detailed information. + */ + ret = __tdx_module_call(TDX_GET_REPORT, virt_to_phys(tdreport), + virt_to_phys(reportdata), req.subtype, + 0, NULL); + if (ret) { + ret = -EIO; + goto out; + } + + if (copy_to_user(u64_to_user_ptr(req.tdreport), tdreport, req.tdr_len)) + ret = -EFAULT; + +out: + kfree(reportdata); + kfree(tdreport); + return ret; +} +static long tdx_guest_ioctl(struct file *file, unsigned int cmd, + unsigned long arg) +{ + void __user *argp = (void __user *)arg; + long ret = -EINVAL; + + switch (cmd) { + case TDX_CMD_GET_REPORT: + ret = tdx_get_report(argp); + break; + default: + pr_debug("cmd %d not supported\n", cmd); + break; + } + + return ret; +} + +static const struct file_operations tdx_guest_fops = { + .owner = THIS_MODULE, + .unlocked_ioctl = tdx_guest_ioctl, + .llseek = no_llseek, +}; + +static int __init tdx_guest_init(void) +{ + int ret; + + if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) + return -EIO; + + tdx_misc_dev.name = DRIVER_NAME; + tdx_misc_dev.minor = MISC_DYNAMIC_MINOR; + tdx_misc_dev.fops = &tdx_guest_fops; + + ret = misc_register(&tdx_misc_dev); + if (ret) { + pr_err("misc device registration failed\n"); + return ret; + } + + return 0; +} +device_initcall(tdx_guest_init) diff --git a/arch/x86/include/uapi/asm/tdx.h b/arch/x86/include/uapi/asm/tdx.h new file mode 100644 index 000000000000..c1667b20fe20 --- /dev/null +++ b/arch/x86/include/uapi/asm/tdx.h @@ -0,0 +1,51 @@ +/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */ +#ifndef _UAPI_ASM_X86_TDX_H +#define _UAPI_ASM_X86_TDX_H + +#include <linux/types.h> +#include <linux/ioctl.h> + +/* Length of the REPORTDATA used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORTDATA_LEN 64 + +/* Length of TDREPORT used in TDG.MR.REPORT TDCALL */ +#define TDX_REPORT_LEN 1024 + +/** + * struct tdx_report_req: Get TDREPORT using REPORTDATA as input. + * + * @subtype : Subtype of TDREPORT (fixed as 0 by TDX Module + * specification, but added a parameter to handle + * future extension). + * @reportdata : User-defined REPORTDATA to be included into + * TDREPORT. Typically it can be some nonce + * provided by attestation service, so the + * generated TDREPORT can be uniquely verified. + * @rpd_len : Length of the REPORTDATA (fixed as 64 bytes by + * the TDX Module specification, but parameter is + * added to handle future extension). + * @tdreport : TDREPORT output from TDCALL[TDG.MR.REPORT]. + * @tdr_len : Length of the TDREPORT (fixed as 1024 bytes by + * the TDX Module specification, but a parameter + * is added to accommodate future extension). + * + * Used in TDX_CMD_GET_REPORT IOCTL request. + */ +struct tdx_report_req { + __u8 subtype; + __u64 reportdata; + __u32 rpd_len; + __u64 tdreport; + __u32 tdr_len; +}; + +/* + * TDX_CMD_GET_REPORT - Get TDREPORT using TDCALL[TDG.MR.REPORT] + * + * Return 0 on success, -EIO on TDCALL execution failure, and + * standard errno on other general error cases. + * + */ +#define TDX_CMD_GET_REPORT _IOWR('T', 0x01, __u64) + +#endif /* _UAPI_ASM_X86_TDX_H */ -- 2.25.1

3 years

5
14
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

Linux-kselftest-mirror