From 30f4a6273124b4b7cb1a78ca2bbd478d288286a6 Mon Sep 17 00:00:00 2001
From: chench <chench@hygon.cn>
Date: Tue, 30 Sep 2025 11:19:10 +0800
Subject: [PATCH 1/3] crypto: ccp: optimize TDM kernel driver

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/ID0NRB
CVE: NA

---------------------------

1.Before using the TDM feature, a probe command is sent to the PSP to
confirm its support status.However, when the psp firmware is not
loaded, the probe command cannot be supported, so it should be set
to an unsupported state.
2.optimize TDM driver to avoid warning

Signed-off-by: chench <chench@hygon.cn>
---
 drivers/crypto/ccp/hygon/tdm-dev.c | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/drivers/crypto/ccp/hygon/tdm-dev.c b/drivers/crypto/ccp/hygon/tdm-dev.c
index 9ff6a8906686..7a677ea5ab70 100644
--- a/drivers/crypto/ccp/hygon/tdm-dev.c
+++ b/drivers/crypto/ccp/hygon/tdm-dev.c
@@ -24,6 +24,7 @@
 #include <linux/kallsyms.h>
 #include <linux/ftrace.h>
 #include "tdm-dev.h"
+#include "psp-dev.h"
 
 #ifdef pr_fmt
 #undef pr_fmt
@@ -533,8 +534,12 @@ int psp_check_tdm_support(void)
 {
 	int ret = 0;
 	struct tdm_version version;
+	struct psp_device *psp = psp_master;
 
-	if (boot_cpu_data.x86_vendor == X86_VENDOR_HYGON) {
+	if (!psp)
+		goto end;
+
+	if (is_vendor_hygon() && (psp->capability & PSP_CAPABILITY_SEV)) {
 		if (tdm_support)
 			goto end;
 
@@ -671,8 +676,7 @@ int psp_create_measure_task(struct addr_range_info *range, struct measure_data *
 		}
 
 		paddr_range_info->count = info_index;
-		addr_range_info_len = paddr_range_info->count * sizeof(struct addr_info) +
-			sizeof(struct addr_range_info);
+		addr_range_info_len = paddr_range_info->count * sizeof(struct addr_info);
 	} else {
 		/*check if physics address valid*/
 		ret = tdm_verify_phy_addr_valid(range);
@@ -680,8 +684,7 @@ int psp_create_measure_task(struct addr_range_info *range, struct measure_data *
 			pr_err("range address is abnormal!\n");
 			goto end;
 		}
-		addr_range_info_len = range->count * sizeof(struct addr_info) +
-			sizeof(struct addr_range_info);
+		addr_range_info_len = range->count * sizeof(struct addr_info);
 	}
 
 	tdm_cmdresp_data = kzalloc(TDM_C2P_CMD_SIZE, GFP_KERNEL);
@@ -704,10 +707,14 @@ int psp_create_measure_task(struct addr_range_info *range, struct measure_data *
 		goto free_cmdresp;
 	}
 
-	if (flag & TASK_CREATE_VADDR)
-		memcpy(&create_cmd->range_info, paddr_range_info, addr_range_info_len);
-	else
-		memcpy(&create_cmd->range_info, range, addr_range_info_len);
+	if (flag & TASK_CREATE_VADDR) {
+		create_cmd->range_info.count = paddr_range_info->count;
+		memcpy(&create_cmd->range_info.addr[0], &paddr_range_info->addr[0],
+			addr_range_info_len);
+	} else {
+		create_cmd->range_info.count = range->count;
+		memcpy(&create_cmd->range_info.addr[0], &range->addr[0], addr_range_info_len);
+	}
 
 	ret = tdm_do_cmd(0, (void *)create_cmd, &error);
 	if (ret && ret != -EIO) {
@@ -1306,7 +1313,7 @@ int tdm_get_report(uint32_t task_id, struct task_selection_2b *selection,
 		*length = needed_length;
 		ret = -DYN_ERR_SIZE_SMALL;
 	} else {
-		memcpy(report_buffer, report_resp, needed_length);
+		memcpy(report_buffer, (uint8_t *)report_resp, needed_length);
 	}
 
 free_cmdresp:
-- 
Gitee


From 36835e53f8b95e2e54cd9edbbc149d5043539763 Mon Sep 17 00:00:00 2001
From: chench <chench@hygon.cn>
Date: Tue, 30 Sep 2025 11:37:27 +0800
Subject: [PATCH 2/3] crypto: ccp: add "tdm_guard" as kernel and module
 parameter

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/ID0NRB
CVE: NA

---------------------------

The parameter 'tdm_guard' has been implemented to provide runtime
control over the TDM guard feature.

As kernel boot parameter:
While CONFIG_TDM_KERNEL_GUARD=y enables the feature by default, specifying:
1. 'tdm_guard=on' maintains the protection
2. 'tdm_guard=off' disables the guard mechanism"

As module parameter:
1. 'modprobe tdm-kernel-guard tdm_guard=on' open the protection
2. 'modprobe tdm-kernel-guard tdm_guard=off' close the guard mechanism"

Signed-off-by: niuyongwen <niuyongwen@hygon.cn>
Signed-off-by: chench <chench@hygon.cn>
---
 drivers/crypto/ccp/hygon/tdm-kernel-guard.c | 40 ++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/drivers/crypto/ccp/hygon/tdm-kernel-guard.c b/drivers/crypto/ccp/hygon/tdm-kernel-guard.c
index c3afe888ea04..0e52d5d385e4 100644
--- a/drivers/crypto/ccp/hygon/tdm-kernel-guard.c
+++ b/drivers/crypto/ccp/hygon/tdm-kernel-guard.c
@@ -23,8 +23,33 @@
 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 
 static int eh_obj = -1;
+static char *tdm_guard;
 module_param(eh_obj, int, 0644);
-MODULE_PARM_DESC(eh_obj, "security enhance object for TDM");
+MODULE_PARM_DESC(eh_obj,
+	"Bitmap of kernel targets protected by Hygon TDM(bit0: SCT, bit1: IDT, default: both)");
+module_param(tdm_guard, charp, 0644);
+MODULE_PARM_DESC(tdm_guard,
+	"Enable TDM protection for selected targets(on=enable, off=disable, default:off)");
+
+static bool tdm_guard_enabled;
+
+static int __init __maybe_unused parse_tdm_guard(char *str)
+{
+	if (!str)
+		return 0;
+
+	if (!strncmp(str, "off", 3)) {
+		tdm_guard_enabled = false;
+		pr_info("Hygon TDM Guard: Disabled(cmdline)\n");
+	} else if (!strncmp(str, "on", 2)) {
+		tdm_guard_enabled = true;
+		pr_info("Hygon TDM Guard: Enabled(cmdline)\n");
+	}
+
+	return 0;
+}
+
+__setup("tdm_guard=", parse_tdm_guard);
 
 /* Objects are protected by TDM now
  *   SCT: 0
@@ -292,6 +317,16 @@ static int __init kernel_security_enhance_init(void)
 		goto end;
 	}
 
+	if (tdm_guard) {
+		if (!strncmp(tdm_guard, "off", 3))
+			tdm_guard_enabled = false;
+		else if (!strncmp(tdm_guard, "on", 2))
+			tdm_guard_enabled = true;
+	}
+
+	if (tdm_guard_enabled == false)
+		goto end;
+
 	asm("sidt %0":"=m"(idtr));
 
 	if (!psp_check_tdm_support())
@@ -327,6 +362,9 @@ static void __exit kernel_security_enhance_exit(void)
 {
 	int i = 0;
 
+	if (tdm_guard_enabled == false)
+		return;
+
 	if (!psp_check_tdm_support())
 		return;
 
-- 
Gitee


From a3a8db08e69973f014e1468a2ad56ed42a9bf837 Mon Sep 17 00:00:00 2001
From: chench <chench@hygon.cn>
Date: Tue, 30 Sep 2025 11:59:01 +0800
Subject: [PATCH 3/3] crypto: ccp: optimize PSP driver code logic to reduce
 modifications to native code

hygon inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/ID0NRB
CVE: NA

---------------------------

Optimize PSP driver code logic to reduce modifications to native code

Signed-off-by: chench <chench@hygon.cn>
---
 drivers/crypto/ccp/hygon/psp-dev.c | 2 ++
 drivers/crypto/ccp/psp-dev.c       | 3 ---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/drivers/crypto/ccp/hygon/psp-dev.c b/drivers/crypto/ccp/hygon/psp-dev.c
index 1c554e4d08b8..96480ee66b2d 100644
--- a/drivers/crypto/ccp/hygon/psp-dev.c
+++ b/drivers/crypto/ccp/hygon/psp-dev.c
@@ -380,6 +380,8 @@ int hygon_psp_additional_setup(struct sp_device *sp)
 	if (!hygon_psp_hooks.sev_dev_hooks_installed)
 		return -ENODEV;
 
+	init_waitqueue_head(&psp_int_queue);
+
 	if (!psp_misc) {
 		struct miscdevice *misc;
 
diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c
index a5f0a816b2de..04fae268b33e 100644
--- a/drivers/crypto/ccp/psp-dev.c
+++ b/drivers/crypto/ccp/psp-dev.c
@@ -217,9 +217,6 @@ int psp_dev_init(struct sp_device *sp)
 	if (ret)
 		goto e_irq;
 
-	if (is_vendor_hygon())
-		init_waitqueue_head(&psp_int_queue);
-
 	/**
 	 * hygon_psp_additional_setup() needs to wait for
 	 * sev_dev_install_hooks() to complete before it can be called.
-- 
Gitee