From patchwork Fri Oct 13 10:20:46 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Borislav Petkov X-Patchwork-Id: 10004041 X-Patchwork-Delegate: herbert@gondor.apana.org.au Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 989DF602B3 for ; Fri, 13 Oct 2017 10:21:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 88B4F28727 for ; Fri, 13 Oct 2017 10:21:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7DC7A2900F; Fri, 13 Oct 2017 10:21:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 2A5A528727 for ; Fri, 13 Oct 2017 10:21:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757593AbdJMKVD (ORCPT ); Fri, 13 Oct 2017 06:21:03 -0400 Received: from mx2.suse.de ([195.135.220.15]:37528 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751480AbdJMKVB (ORCPT ); Fri, 13 Oct 2017 06:21:01 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id C61ECAD65; Fri, 13 Oct 2017 10:20:58 +0000 (UTC) Date: Fri, 13 Oct 2017 12:20:46 +0200 From: Borislav Petkov To: Brijesh Singh Cc: Paolo Bonzini , Radim =?utf-8?B?S3LEjW3DocWZ?= , Herbert Xu , Gary Hook , Tom Lendacky , linux-crypto@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [Part2 PATCH v5.1 12.7/31] crypto: ccp: Implement SEV_PEK_CSR ioctl command Message-ID: <20171013102046.ey3mfobd7fum46pf@pd.tnic> References: <20171004131412.13038-13-brijesh.singh@amd.com> <20171007010607.78088-1-brijesh.singh@amd.com> <20171007010607.78088-7-brijesh.singh@amd.com> <20171012195331.bdzwqzyrjc6fi5lj@pd.tnic> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP On Thu, Oct 12, 2017 at 11:13:44PM -0500, Brijesh Singh wrote: > As per the spec, its perfectly legal to pass input.address = 0x0 and > input.length = 0x0. If userspace wants to query CSR length then it will > fill all the fields with. In response, FW will return error > (LENGTH_TO_SMALL) and input.length will be filled with the expected > length. Several command work very similar (e.g PEK_CSR, > PEK_CERT_EXPORT). A typical usage from userspace will be: > > - query the length of the blob (call command with all fields set to zero) > - SEV FW will response with expected length > - userspace allocate the blob and retries the command.  Ok, let's make that a clearer and more precise by explicitly checking the query case: + /* Userspace wants to query CSR length */ + if (!input.address && !input.length) + goto cmd; and commenting why we're doing this. The rest is cleanups. diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c index e3ee68afd068..e10f507f9a60 100644 --- a/drivers/crypto/ccp/psp-dev.c +++ b/drivers/crypto/ccp/psp-dev.c @@ -299,36 +299,37 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp) struct sev_user_data_pek_csr input; struct sev_data_pek_csr *data; int do_shutdown = 0; + void *blob = NULL; int ret, state; - void *blob; - if (copy_from_user(&input, (void __user *)(uintptr_t)argp->data, - sizeof(struct sev_user_data_pek_csr))) + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) return -EFAULT; data = kzalloc(sizeof(*data), GFP_KERNEL); if (!data) return -ENOMEM; - /* allocate a temporary physical contigous buffer to store the CSR blob */ - blob = NULL; - if (input.address) { - if (!access_ok(VERIFY_WRITE, input.address, input.length) || - input.length > SEV_FW_BLOB_MAX_SIZE) { - ret = -EFAULT; - goto e_free; - } + /* Userspace wants to query CSR length */ + if (!input.address && !input.length) + goto cmd; - blob = kmalloc(input.length, GFP_KERNEL); - if (!blob) { - ret = -ENOMEM; - goto e_free; - } + /* allocate a physically contiguous buffer to store the CSR blob */ + if (!access_ok(VERIFY_WRITE, input.address, input.length) || + input.length > SEV_FW_BLOB_MAX_SIZE) { + ret = -EFAULT; + goto e_free; + } - data->address = __psp_pa(blob); - data->len = input.length; + blob = kmalloc(input.length, GFP_KERNEL); + if (!blob) { + ret = -ENOMEM; + goto e_free; } + data->address = __psp_pa(blob); + data->len = input.length; + +cmd: ret = sev_platform_get_state(&state, &argp->error); if (ret) goto e_free_blob; @@ -349,25 +350,26 @@ static int sev_ioctl_pek_csr(struct sev_issue_cmd *argp) do_shutdown = 1; } - ret = sev_handle_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error); + /* + * If we query the CSR length, FW responded with the expected length. + */ input.length = data->len; - /* copy blob to userspace */ - if (blob && - copy_to_user((void __user *)(uintptr_t)input.address, - blob, input.length)) { - ret = -EFAULT; - goto e_shutdown; + if (blob) { + if (copy_to_user((void __user *)input.address, blob, input.length)) { + ret = -EFAULT; + goto e_shutdown; + } } - if (copy_to_user((void __user *)(uintptr_t)argp->data, &input, - sizeof(struct sev_user_data_pek_csr))) + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) ret = -EFAULT; e_shutdown: if (do_shutdown) - sev_handle_cmd(SEV_CMD_SHUTDOWN, 0, NULL); + sev_do_cmd(SEV_CMD_SHUTDOWN, 0, NULL); e_free_blob: kfree(blob); e_free: