| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f6214e86-019e-6b34-194d-c2b36001a19a@amd.com>
Date: Thu, 18 Nov 2021 11:43:23 -0600
From: Brijesh Singh <brijesh.singh@....com>
To: Peter Gonda <pgonda@...gle.com>
Cc: brijesh.singh@....com, x86@...nel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <Thomas.Lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill@...temov.name>,
Andi Kleen <ak@...ux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
tony.luck@...el.com, marcorr@...gle.com,
sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH v7 44/45] virt: sevguest: Add support to derive key
On 11/18/21 10:43 AM, Peter Gonda wrote:
...
>> + u8 buf[89];
>
> Could we document this magic number?
>
Yes, I will document from where this number came.
>> +
>> + if (!arg->req_data || !arg->resp_data)
>> + return -EINVAL;
>> +
>> + /* Copy the request payload from userspace */
>> + if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
>> + return -EFAULT;
>> +
>> + /* Message version must be non-zero */
>> + if (!req.msg_version)
>> + return -EINVAL;
>> +
>> + /*
>> + * The intermediate response buffer is used while decrypting the
>> + * response payload. Make sure that it has enough space to cover the
>> + * authtag.
>> + */
>> + resp_len = sizeof(resp.data) + crypto->a_len;
>> + if (sizeof(buf) < resp_len)
>> + return -ENOMEM;
>> +
>> + /* Issue the command to get the attestation report */
>> + rc = handle_guest_request(snp_dev, SVM_VMGEXIT_GUEST_REQUEST, req.msg_version,
>> + SNP_MSG_KEY_REQ, &req.data, sizeof(req.data), buf, resp_len,
>> + &arg->fw_err);
>> + if (rc)
>> + goto e_free;
>
> Should we check the first 32 bits of |data| here since that is a
> status field? If we see 16h here we could return -EINVAL, or better to
> let userspace deal with that error handling?
>
I was trying to avoid looking into a response structure to keep the
flexibility; e.g if SNP firmware changes a response format then we don't
need to have any changes in the driver. The userspace should be able to
deal with it and it can check the "status" or a new field etc.
thanks
Powered by blists - more mailing lists