crypto: ccp - create a generic psp-dev file

	    ccp-dmaengine.o

ccp-$(CONFIG_CRYPTO_DEV_CCP_DEBUGFS) += ccp-debugfs.o

ccp-$(CONFIG_PCI) += sp-pci.o

ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += sev-dev.o

ccp-$(CONFIG_CRYPTO_DEV_SP_PSP) += psp-dev.o \

                                   sev-dev.o

obj-$(CONFIG_CRYPTO_DEV_CCP_CRYPTO) += ccp-crypto.o

ccp-crypto-objs := ccp-crypto-main.o \

// SPDX-License-Identifier: GPL-2.0-only

/*

 * AMD Platform Security Processor (PSP) interface

 *

 * Copyright (C) 2016,2019 Advanced Micro Devices, Inc.

 *

 * Author: Brijesh Singh <brijesh.singh@amd.com>

 */

#include <linux/kernel.h>

#include <linux/irqreturn.h>

#include "sp-dev.h"

#include "psp-dev.h"

#include "sev-dev.h"

struct psp_device *psp_master;

static struct psp_device *psp_alloc_struct(struct sp_device *sp)

{

	struct device *dev = sp->dev;

	struct psp_device *psp;

	psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);

	if (!psp)

		return NULL;

	psp->dev = dev;

	psp->sp = sp;

	snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);

	return psp;

}

static irqreturn_t psp_irq_handler(int irq, void *data)

{

	struct psp_device *psp = data;

	unsigned int status;

	/* Read the interrupt status: */

	status = ioread32(psp->io_regs + psp->vdata->intsts_reg);

	/* invoke subdevice interrupt handlers */

	if (status) {

		if (psp->sev_irq_handler)

			psp->sev_irq_handler(irq, psp->sev_irq_data, status);

	}

	/* Clear the interrupt status by writing the same value we read. */

	iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);

	return IRQ_HANDLED;

}

static int psp_check_sev_support(struct psp_device *psp)

{

	unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg);

	/*

	 * Check for a access to the registers.  If this read returns

	 * 0xffffffff, it's likely that the system is running a broken

	 * BIOS which disallows access to the device. Stop here and

	 * fail the PSP initialization (but not the load, as the CCP

	 * could get properly initialized).

	 */

	if (val == 0xffffffff) {

		dev_notice(psp->dev, "psp: unable to access the device: you might be running a broken BIOS.\n");

		return -ENODEV;

	}

	if (!(val & 1)) {

		/* Device does not support the SEV feature */

		dev_dbg(psp->dev, "psp does not support SEV\n");

		return -ENODEV;

	}

	return 0;

}

int psp_dev_init(struct sp_device *sp)

{

	struct device *dev = sp->dev;

	struct psp_device *psp;

	int ret;

	ret = -ENOMEM;

	psp = psp_alloc_struct(sp);

	if (!psp)

		goto e_err;

	sp->psp_data = psp;

	psp->vdata = (struct psp_vdata *)sp->dev_vdata->psp_vdata;

	if (!psp->vdata) {

		ret = -ENODEV;

		dev_err(dev, "missing driver data\n");

		goto e_err;

	}

	psp->io_regs = sp->io_map;

	ret = psp_check_sev_support(psp);

	if (ret)

		goto e_disable;

	/* Disable and clear interrupts until ready */

	iowrite32(0, psp->io_regs + psp->vdata->inten_reg);

	iowrite32(-1, psp->io_regs + psp->vdata->intsts_reg);

	/* Request an irq */

	ret = sp_request_psp_irq(psp->sp, psp_irq_handler, psp->name, psp);

	if (ret) {

		dev_err(dev, "psp: unable to allocate an IRQ\n");

		goto e_err;

	}

	ret = sev_dev_init(psp);

	if (ret)

		goto e_irq;

	if (sp->set_psp_master_device)

		sp->set_psp_master_device(sp);

	/* Enable interrupt */

	iowrite32(-1, psp->io_regs + psp->vdata->inten_reg);

	dev_notice(dev, "psp enabled\n");

	return 0;

e_irq:

	sp_free_psp_irq(psp->sp, psp);

e_err:

	sp->psp_data = NULL;

	dev_notice(dev, "psp initialization failed\n");

	return ret;

e_disable:

	sp->psp_data = NULL;

	return ret;

}

void psp_dev_destroy(struct sp_device *sp)

{

	struct psp_device *psp = sp->psp_data;

	if (!psp)

		return;

	sev_dev_destroy(psp);

	sp_free_psp_irq(sp, psp);

}

void psp_set_sev_irq_handler(struct psp_device *psp, psp_irq_handler_t handler,

			     void *data)

{

	psp->sev_irq_data = data;

	psp->sev_irq_handler = handler;

}

void psp_clear_sev_irq_handler(struct psp_device *psp)

{

	psp_set_sev_irq_handler(psp, NULL, NULL);

}

struct psp_device *psp_get_master_device(void)

{

	struct sp_device *sp = sp_get_psp_master_device();

	return sp ? sp->psp_data : NULL;

}

void psp_pci_init(void)

{

	psp_master = psp_get_master_device();

	if (!psp_master)

		return;

	sev_pci_init();

}

void psp_pci_exit(void)

{

	if (!psp_master)

		return;

	sev_pci_exit();

}

/* SPDX-License-Identifier: GPL-2.0-only */

/*

 * AMD Platform Security Processor (PSP) interface driver

 *

 * Copyright (C) 2017-2019 Advanced Micro Devices, Inc.

 *

 * Author: Brijesh Singh <brijesh.singh@amd.com>

 */

#ifndef __PSP_DEV_H__

#define __PSP_DEV_H__

#include <linux/device.h>

#include <linux/list.h>

#include <linux/bits.h>

#include <linux/interrupt.h>

#include "sp-dev.h"

#define PSP_CMDRESP_RESP		BIT(31)

#define PSP_CMDRESP_ERR_MASK		0xffff

#define MAX_PSP_NAME_LEN		16

extern struct psp_device *psp_master;

typedef void (*psp_irq_handler_t)(int, void *, unsigned int);

struct psp_device {

	struct list_head entry;

	struct psp_vdata *vdata;

	char name[MAX_PSP_NAME_LEN];

	struct device *dev;

	struct sp_device *sp;

	void __iomem *io_regs;

	psp_irq_handler_t sev_irq_handler;

	void *sev_irq_data;

	void *sev_data;

};

void psp_set_sev_irq_handler(struct psp_device *psp, psp_irq_handler_t handler,

			     void *data);

void psp_clear_sev_irq_handler(struct psp_device *psp);

struct psp_device *psp_get_master_device(void);

#endif /* __PSP_DEV_H */

#include <asm/smp.h>

#include "sp-dev.h"

#include "psp-dev.h"

#include "sev-dev.h"

#define DEVICE_NAME		"sev"

static DEFINE_MUTEX(sev_cmd_mutex);

static struct sev_misc_dev *misc_dev;

static struct psp_device *psp_master;

static int psp_cmd_timeout = 100;

module_param(psp_cmd_timeout, int, 0644);

static inline bool sev_version_greater_or_equal(u8 maj, u8 min)

{

	if (psp_master->api_major > maj)

		return true;

	if (psp_master->api_major == maj && psp_master->api_minor >= min)

		return true;

	return false;

}

static struct psp_device *psp_alloc_struct(struct sp_device *sp)

{

	struct device *dev = sp->dev;

	struct psp_device *psp;

	struct sev_device *sev = psp_master->sev_data;

	psp = devm_kzalloc(dev, sizeof(*psp), GFP_KERNEL);

	if (!psp)

		return NULL;

	psp->dev = dev;

	psp->sp = sp;

	if (sev->api_major > maj)

		return true;

	snprintf(psp->name, sizeof(psp->name), "psp-%u", sp->ord);

	if (sev->api_major == maj && sev->api_minor >= min)

		return true;

	return psp;

	return false;

}

static irqreturn_t psp_irq_handler(int irq, void *data)

static void sev_irq_handler(int irq, void *data, unsigned int status)

{

	struct psp_device *psp = data;

	unsigned int status;

	struct sev_device *sev = data;

	int reg;

	/* Read the interrupt status: */

	status = ioread32(psp->io_regs + psp->vdata->intsts_reg);

	/* Check if it is command completion: */

	if (!(status & PSP_CMD_COMPLETE))

		goto done;

	if (!(status & SEV_CMD_COMPLETE))

		return;

	/* Check if it is SEV command completion: */

	reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);

	reg = ioread32(sev->io_regs + sev->psp->vdata->cmdresp_reg);

	if (reg & PSP_CMDRESP_RESP) {

		psp->sev_int_rcvd = 1;

		wake_up(&psp->sev_int_queue);

		sev->int_rcvd = 1;

		wake_up(&sev->int_queue);

	}

done:

	/* Clear the interrupt status by writing the same value we read. */

	iowrite32(status, psp->io_regs + psp->vdata->intsts_reg);

	return IRQ_HANDLED;

}

static int sev_wait_cmd_ioc(struct psp_device *psp,

static int sev_wait_cmd_ioc(struct sev_device *sev,

			    unsigned int *reg, unsigned int timeout)

{

	int ret;

	ret = wait_event_timeout(psp->sev_int_queue,

			psp->sev_int_rcvd, timeout * HZ);

	ret = wait_event_timeout(sev->int_queue,

			sev->int_rcvd, timeout * HZ);

	if (!ret)

		return -ETIMEDOUT;

	*reg = ioread32(psp->io_regs + psp->vdata->cmdresp_reg);

	*reg = ioread32(sev->io_regs + sev->psp->vdata->cmdresp_reg);

	return 0;

}

static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)

{

	struct psp_device *psp = psp_master;

	struct sev_device *sev;

	unsigned int phys_lsb, phys_msb;

	unsigned int reg, ret = 0;

	if (!psp)

	if (!psp || !psp->sev_data)

		return -ENODEV;

	if (psp_dead)

		return -EBUSY;

	sev = psp->sev_data;

	/* Get the physical address of the command buffer */

	phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0;

	phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0;

	dev_dbg(psp->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",

	dev_dbg(sev->dev, "sev command id %#x buffer 0x%08x%08x timeout %us\n",

		cmd, phys_msb, phys_lsb, psp_timeout);

	print_hex_dump_debug("(in):  ", DUMP_PREFIX_OFFSET, 16, 2, data,

			     sev_cmd_buffer_len(cmd), false);

	iowrite32(phys_lsb, psp->io_regs + psp->vdata->cmdbuff_addr_lo_reg);

	iowrite32(phys_msb, psp->io_regs + psp->vdata->cmdbuff_addr_hi_reg);

	iowrite32(phys_lsb, sev->io_regs + psp->vdata->cmdbuff_addr_lo_reg);

	iowrite32(phys_msb, sev->io_regs + psp->vdata->cmdbuff_addr_hi_reg);

	psp->sev_int_rcvd = 0;

	sev->int_rcvd = 0;

	reg = cmd;

	reg <<= PSP_CMDRESP_CMD_SHIFT;

	reg |= PSP_CMDRESP_IOC;

	iowrite32(reg, psp->io_regs + psp->vdata->cmdresp_reg);

	reg <<= SEV_CMDRESP_CMD_SHIFT;

	reg |= SEV_CMDRESP_IOC;

	iowrite32(reg, sev->io_regs + psp->vdata->cmdresp_reg);

	/* wait for command completion */

	ret = sev_wait_cmd_ioc(psp, &reg, psp_timeout);

	ret = sev_wait_cmd_ioc(sev, &reg, psp_timeout);

	if (ret) {

		if (psp_ret)

			*psp_ret = 0;

		dev_err(psp->dev, "sev command %#x timed out, disabling PSP \n", cmd);

		dev_err(sev->dev, "sev command %#x timed out, disabling PSP\n", cmd);

		psp_dead = true;

		return ret;

		*psp_ret = reg & PSP_CMDRESP_ERR_MASK;

	if (reg & PSP_CMDRESP_ERR_MASK) {

		dev_dbg(psp->dev, "sev command %#x failed (%#010x)\n",

		dev_dbg(sev->dev, "sev command %#x failed (%#010x)\n",

			cmd, reg & PSP_CMDRESP_ERR_MASK);

		ret = -EIO;

	}

static int __sev_platform_init_locked(int *error)

{

	struct psp_device *psp = psp_master;

	struct sev_device *sev;

	int rc = 0;

	if (!psp)

	if (!psp || !psp->sev_data)

		return -ENODEV;

	if (psp->sev_state == SEV_STATE_INIT)

	sev = psp->sev_data;

	if (sev->state == SEV_STATE_INIT)

		return 0;

	rc = __sev_do_cmd_locked(SEV_CMD_INIT, &psp->init_cmd_buf, error);

	rc = __sev_do_cmd_locked(SEV_CMD_INIT, &sev->init_cmd_buf, error);

	if (rc)

		return rc;

	psp->sev_state = SEV_STATE_INIT;

	sev->state = SEV_STATE_INIT;

	/* Prepare for first SEV guest launch after INIT */

	wbinvd_on_all_cpus();

	if (rc)

		return rc;

	dev_dbg(psp->dev, "SEV firmware initialized\n");

	dev_dbg(sev->dev, "SEV firmware initialized\n");

	return rc;

}

static int __sev_platform_shutdown_locked(int *error)

{

	struct sev_device *sev = psp_master->sev_data;

	int ret;

	ret = __sev_do_cmd_locked(SEV_CMD_SHUTDOWN, NULL, error);

	if (ret)

		return ret;

	psp_master->sev_state = SEV_STATE_UNINIT;

	dev_dbg(psp_master->dev, "SEV firmware shutdown\n");

	sev->state = SEV_STATE_UNINIT;

	dev_dbg(sev->dev, "SEV firmware shutdown\n");

	return ret;

}

static int sev_get_platform_state(int *state, int *error)

{

	struct sev_device *sev = psp_master->sev_data;

	int rc;

	rc = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS,

				 &psp_master->status_cmd_buf, error);

				 &sev->status_cmd_buf, error);

	if (rc)

		return rc;

	*state = psp_master->status_cmd_buf.state;

	*state = sev->status_cmd_buf.state;

	return rc;

}

static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp)

{

	struct sev_user_data_status *data = &psp_master->status_cmd_buf;

	struct sev_device *sev = psp_master->sev_data;

	struct sev_user_data_status *data = &sev->status_cmd_buf;

	int ret;

	ret = __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, data, &argp->error);

static int sev_ioctl_do_pek_pdh_gen(int cmd, struct sev_issue_cmd *argp)

{

	struct sev_device *sev = psp_master->sev_data;

	int rc;

	if (!capable(CAP_SYS_ADMIN))

		return -EPERM;

	if (psp_master->sev_state == SEV_STATE_UNINIT) {

	if (sev->state == SEV_STATE_UNINIT) {

		rc = __sev_platform_init_locked(&argp->error);

		if (rc)

			return rc;

static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)

{

	struct sev_device *sev = psp_master->sev_data;

	struct sev_user_data_pek_csr input;

	struct sev_data_pek_csr *data;

	void *blob = NULL;

	data->len = input.length;

cmd:

	if (psp_master->sev_state == SEV_STATE_UNINIT) {

	if (sev->state == SEV_STATE_UNINIT) {

		ret = __sev_platform_init_locked(&argp->error);

		if (ret)

			goto e_free_blob;

static int sev_get_api_version(void)

{

	struct sev_device *sev = psp_master->sev_data;

	struct sev_user_data_status *status;

	int error = 0, ret;

	status = &psp_master->status_cmd_buf;

	status = &sev->status_cmd_buf;

	ret = sev_platform_status(status, &error);

	if (ret) {

		dev_err(psp_master->dev,

		dev_err(sev->dev,

			"SEV: failed to get status. Error: %#x\n", error);

		return 1;

	}

	psp_master->api_major = status->api_major;

	psp_master->api_minor = status->api_minor;

	psp_master->build = status->build;

	psp_master->sev_state = status->state;

	sev->api_major = status->api_major;

	sev->api_minor = status->api_minor;

	sev->build = status->build;

	sev->state = status->state;

	return 0;

}

static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp)

{

	struct sev_device *sev = psp_master->sev_data;

	struct sev_user_data_pek_cert_import input;

	struct sev_data_pek_cert_import *data;

	void *pek_blob, *oca_blob;

	data->oca_cert_len = input.oca_cert_len;

	/* If platform is not in INIT state then transition it to INIT */

	if (psp_master->sev_state != SEV_STATE_INIT) {

	if (sev->state != SEV_STATE_INIT) {

		ret = __sev_platform_init_locked(&argp->error);

		if (ret)

			goto e_free_oca;

static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp)

{

	struct sev_device *sev = psp_master->sev_data;

	struct sev_user_data_pdh_cert_export input;

	void *pdh_blob = NULL, *cert_blob = NULL;

	struct sev_data_pdh_cert_export *data;

	int ret;

	/* If platform is not in INIT state then transition it to INIT. */

	if (psp_master->sev_state != SEV_STATE_INIT) {

	if (sev->state != SEV_STATE_INIT) {

		if (!capable(CAP_SYS_ADMIN))

			return -EPERM;

	struct sev_issue_cmd input;

	int ret = -EFAULT;

	if (!psp_master)

	if (!psp_master || !psp_master->sev_data)

		return -ENODEV;

	if (ioctl != SEV_ISSUE_CMD)

	misc_deregister(&misc_dev->misc);

}

static int sev_misc_init(struct psp_device *psp)

static int sev_misc_init(struct sev_device *sev)

{

	struct device *dev = psp->dev;

	struct device *dev = sev->dev;

	int ret;

	/*

		kref_get(&misc_dev->refcount);

	}

	init_waitqueue_head(&psp->sev_int_queue);

	psp->sev_misc = misc_dev;

	init_waitqueue_head(&sev->int_queue);

	sev->misc = misc_dev;

	dev_dbg(dev, "registered SEV device\n");

	return 0;

}

static int psp_check_sev_support(struct psp_device *psp)

int sev_dev_init(struct psp_device *psp)

{

	unsigned int val = ioread32(psp->io_regs + psp->vdata->feature_reg);

	/*

	 * Check for a access to the registers.  If this read returns

	 * 0xffffffff, it's likely that the system is running a broken

	 * BIOS which disallows access to the device. Stop here and

	 * fail the PSP initialization (but not the load, as the CCP

	 * could get properly initialized).

	 */