From patchwork Fri Oct 13 15:01:39 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 10005023 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7332260216 for ; Fri, 13 Oct 2017 15:02:03 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 63F18290A1 for ; Fri, 13 Oct 2017 15:02:03 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 59038290A3; Fri, 13 Oct 2017 15:02:03 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BC015290A1 for ; Fri, 13 Oct 2017 15:02:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758426AbdJMPBu (ORCPT ); Fri, 13 Oct 2017 11:01:50 -0400 Received: from mx2.suse.de ([195.135.220.15]:59728 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758137AbdJMPBt (ORCPT ); Fri, 13 Oct 2017 11:01:49 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 40B7AABE5; Fri, 13 Oct 2017 15:01:47 +0000 (UTC) Date: Fri, 13 Oct 2017 17:01:39 +0200 From: Borislav Petkov To: Brijesh Singh Cc: Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Part2 PATCH v5.1 12.9/31] crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command Message-ID: <20171013150139.ocpvj2c6qlu2acfo@pd.tnic> References: <20171004131412.13038-13-brijesh.singh@amd.com> <20171007010607.78088-1-brijesh.singh@amd.com> <20171007010607.78088-9-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20171007010607.78088-9-brijesh.singh@amd.com> User-Agent: NeoMutt/20170113 (1.7.2) Sender: kvm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: kvm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Fri, Oct 06, 2017 at 08:06:07PM -0500, Brijesh Singh wrote: > The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its > certificate chain. The command is defined in SEV spec section 5.10. > > Cc: Paolo Bonzini > Cc: "Radim Krčmář" > Cc: Borislav Petkov > Cc: Herbert Xu > Cc: Gary Hook > Cc: Tom Lendacky > Cc: linux-crypto@vger.kernel.org > Cc: kvm@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Signed-off-by: Brijesh Singh > --- > drivers/crypto/ccp/psp-dev.c | 110 +++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 110 insertions(+) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index 861c44bf2910..0a069e3c7b8c 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -473,6 +473,112 @@ static int sev_ioctl_pek_cert_import(struct sev_issue_cmd *argp) > return ret; > } > > +static int sev_ioctl_pdh_cert_export(struct sev_issue_cmd *argp) > +{ > + struct sev_user_data_pdh_cert_export input; > + struct sev_data_pdh_cert_export *data; > + int ret, state, need_shutdown = 0; > + void *pdh_blob, *cert_blob; > + > + if (copy_from_user(&input, (void __user *)(uintptr_t)argp->data, > + sizeof(struct sev_user_data_pdh_cert_export))) > + return -EFAULT; > + > + data = kzalloc(sizeof(*data), GFP_KERNEL); > + if (!data) > + return -ENOMEM; > + > + pdh_blob = NULL; > + if (input.pdh_cert_address) { Here... > + if (!access_ok(VERIFY_WRITE, input.pdh_cert_address, input.pdh_cert_len) || > + (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE)) { > + ret = -EFAULT; > + goto e_free; > + } > + > + pdh_blob = kmalloc(input.pdh_cert_len, GFP_KERNEL); > + if (!pdh_blob) { > + ret = -ENOMEM; > + goto e_free; > + } > + > + data->pdh_cert_address = __psp_pa(pdh_blob); > + data->pdh_cert_len = input.pdh_cert_len; > + } > + > + cert_blob = NULL; > + if (input.cert_chain_address) { ... and here please check the full condition where userspace queries the cert length, like before. Otherwise, the usual cleanups: diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index 5e69add4fea9..331d028f9445 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -476,8 +476,7 @@ static int sev_ioctl_pdh_cert_export(struct sev_issue_cmd *argp) int ret, state, need_shutdown = 0; void *pdh_blob, *cert_blob; - if (copy_from_user(&input, (void __user *)(uintptr_t)argp->data, - sizeof(struct sev_user_data_pdh_cert_export))) + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) return -EFAULT; data = kzalloc(sizeof(*data), GFP_KERNEL); @@ -536,36 +535,37 @@ static int sev_ioctl_pdh_cert_export(struct sev_issue_cmd *argp) need_shutdown = 1; } - ret = sev_handle_cmd(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); + ret = sev_do_cmd(SEV_CMD_PDH_CERT_EXPORT, data, &argp->error); input.cert_chain_len = data->cert_chain_len; input.pdh_cert_len = data->pdh_cert_len; /* copy certificate length to userspace */ - if (copy_to_user((void __user *)(uintptr_t)argp->data, &input, - sizeof(struct sev_user_data_pdh_cert_export))) + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) ret = -EFAULT; if (ret) goto e_shutdown; /* copy PDH certificate to userspace */ - if (pdh_blob && - copy_to_user((void __user *)(uintptr_t)input.pdh_cert_address, - pdh_blob, input.pdh_cert_len)) { - ret = -EFAULT; - goto e_shutdown; + if (pdh_blob) { + if (copy_to_user((void __user *)input.pdh_cert_address, + pdh_blob, input.pdh_cert_len)) { + ret = -EFAULT; + goto e_shutdown; + } } /* copy certificate chain to userspace */ - if (cert_blob && - copy_to_user((void __user *)(uintptr_t)input.cert_chain_address, - cert_blob, input.cert_chain_len)) - ret = -EFAULT; + if (cert_blob) { + if (copy_to_user((void __user *)input.cert_chain_address, + cert_blob, input.cert_chain_len)) + ret = -EFAULT; + } e_shutdown: if (need_shutdown) - sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL); + sev_do_cmd(SEV_CMD_SHUTDOWN, 0, NULL); e_free_cert: kfree(cert_blob); e_free_pdh: @@ -616,10 +616,9 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) ret = sev_ioctl_pek_cert_import(&input); break; - case SEV_PDH_CERT_EXPORT: { + case SEV_PDH_CERT_EXPORT: ret = sev_ioctl_pdh_cert_export(&input); break; - } default: ret = -EINVAL;