Re: [RFC PATCH v1 31/38] coco: guest: arm64: Add support for fetching interface report and certificate chain from host

Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx> · Wed, 30 Jul 2025 15:46:30 +0100

On Mon, 28 Jul 2025 19:22:08 +0530
"Aneesh Kumar K.V (Arm)" <aneesh.kumar@xxxxxxxxxx> wrote:

> Fetch interface report and certificate chain from the host using RHI calls.
> 
> Signed-off-by: Aneesh Kumar K.V (Arm) <aneesh.kumar@xxxxxxxxxx>

Comments inline

> diff --git a/drivers/virt/coco/arm-cca-guest/rsi-da.c b/drivers/virt/coco/arm-cca-guest/rsi-da.c
> index 28ec946df1e2..47b379318e7c 100644
> --- a/drivers/virt/coco/arm-cca-guest/rsi-da.c
> +++ b/drivers/virt/coco/arm-cca-guest/rsi-da.c
> @@ -4,6 +4,7 @@
>   */
>  
>  #include <linux/pci.h>
> +#include <linux/mem_encrypt.h>
>  #include <asm/rsi_cmds.h>
>  
>  #include "rsi-da.h"
> @@ -50,6 +51,121 @@ rsi_rdev_get_interface_report(struct pci_dev *pdev, unsigned long vdev_id,
>  	return RSI_SUCCESS;
>  }
>  
> +static long rhi_get_report(int vdev_id, int da_object_type, void **report, int *report_size)
> +{
> +	int ret, enc_ret = 0;
> +	int nr_pages;
> +	int max_data_len;
> +	void *data_buf_shared, *data_buf_private;
> +	struct rsi_host_call *rhicall;
> +
> +	rhicall = kmalloc(sizeof(struct rsi_host_call), GFP_KERNEL);
> +	if (!rhicall)
> +		return -ENOMEM;
> +
> +	rhicall->imm = 0;
> +	rhicall->gprs[0] = RHI_DA_FEATURES;
> +
> +	ret = rsi_host_call(virt_to_phys(rhicall));
> +	if (ret != RSI_SUCCESS) {
> +		ret =  -EIO;

Extra space.

> +		goto err_out;
> +	}
> +
> +	if (rhicall->gprs[0] != 0x3) {
> +		ret =  -EIO;
> +		goto err_out;
> +	}
> +
> +	rhicall->imm = 0;
> +	rhicall->gprs[0] = RHI_DA_OBJECT_SIZE;
> +	rhicall->gprs[1] = vdev_id;
> +	rhicall->gprs[2] = da_object_type;
> +
> +	ret = rsi_host_call(virt_to_phys(rhicall));
> +	if (ret != RSI_SUCCESS) {
> +		ret =  -EIO;
> +		goto err_out;
> +	}
> +	if (rhicall->gprs[0] != RHI_DA_SUCCESS) {
> +		ret =  -EIO;
> +		goto err_out;
> +	}
> +	max_data_len = rhicall->gprs[1];
> +	*report_size = max_data_len;
> +
> +	/*
> +	 * We need to share this memory with hypervisor.
> +	 * So it should be multiple of sharing unit.
> +	 */
> +	max_data_len = ALIGN(max_data_len, PAGE_SIZE);
> +	nr_pages = max_data_len >> PAGE_SHIFT;
> +
> +	if (!max_data_len || nr_pages > MAX_ORDER_NR_PAGES) {
> +		ret = -ENOMEM;
> +		goto err_out;
> +	}
> +
> +	/*
> +	 * We need to share this memory with hypervisor.
> +	 * So it should be multiple of sharing unit.
> +	 */
> +	data_buf_shared = (void *)__get_free_pages(GFP_KERNEL, get_order(max_data_len));
> +	if (!data_buf_shared) {
> +		ret =  -ENOMEM;

extra space.  All of these seem to have one.  Not seeing a reason for it
though.

> +		goto err_out;
> +	}
> +
> +	data_buf_private = kmalloc(*report_size, GFP_KERNEL);
> +	if (!data_buf_private) {
> +		ret =  -ENOMEM;
> +		goto err_private_alloc;
> +	}
> +
> +	ret = set_memory_decrypted((unsigned long)data_buf_shared, nr_pages);
> +	if (ret) {
> +		ret =  -EIO;
> +		goto err_decrypt;
> +	}
> +
> +	rhicall->imm = 0;
> +	rhicall->gprs[0] = RHI_DA_OBJECT_READ;
> +	rhicall->gprs[1] = vdev_id;
> +	rhicall->gprs[2] = da_object_type;
> +	rhicall->gprs[3] = 0; /* offset within the data buffer */
> +	rhicall->gprs[4] = max_data_len;
> +	rhicall->gprs[5] = virt_to_phys(data_buf_shared);
> +	ret = rsi_host_call(virt_to_phys(rhicall));
> +	if (ret != RSI_SUCCESS || rhicall->gprs[0] != RHI_DA_SUCCESS) {
> +		ret =  -EIO;
> +		goto err_rhi_call;
> +	}
> +
> +	memcpy(data_buf_private, data_buf_shared, *report_size);
> +	enc_ret = set_memory_encrypted((unsigned long)data_buf_shared, nr_pages);
> +	if (!enc_ret)
> +		/* If we fail to mark it encrypted don't free it back */
> +		free_pages((unsigned long)data_buf_shared, get_order(max_data_len));
> +
> +	*report = data_buf_private;
> +	kfree(rhicall);
> +	return 0;
> +
> +err_rhi_call:
> +	enc_ret = set_memory_encrypted((unsigned long)data_buf_shared, nr_pages);
> +err_decrypt:
> +	kfree(data_buf_private);
> +err_private_alloc:
> +	if (!enc_ret)
> +		/* If we fail to mark it encrypted don't free it back */
> +		free_pages((unsigned long)data_buf_shared, get_order(max_data_len));
> +err_out:
I'd expect there to be nothing to do except return under an err_out label
So rename it.

> +	*report = NULL;
> +	*report_size = 0;
> +	kfree(rhicall);
> +	return ret;
> +}
> +
>  int rsi_device_lock(struct pci_dev *pdev)
>  {
>  	unsigned long ret;
> @@ -82,5 +198,20 @@ int rsi_device_lock(struct pci_dev *pdev)
>  		return -EOPNOTSUPP;
>  	}
>  
> +	/* Now make a host call to copy the interface report to guest. */
> +	ret = rhi_get_report(vdev_id, RHI_DA_OBJECT_INTERFACE_REPORT,
> +			     &dsm->interface_report, &dsm->interface_report_size);
> +	if (ret) {
> +		pci_err(pdev, "failed to get interface report from the host (%lu)\n", ret);
> +		return -EIO;
> +	}
> +
> +	ret = rhi_get_report(vdev_id, RHI_DA_OBJECT_CERTIFICATE,
> +			     &dsm->certificate, &dsm->certificate_size);
> +	if (ret) {
> +		pci_err(pdev, "failed to get device certificate from the host (%lu)\n", ret);
> +		return -EIO;
> +	}
> +

>  	return ret;
return 0;

>  }