| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Mar 2022 10:47:20 -0600
From: Brijesh Singh <brijesh.singh@....com>
To: Borislav Petkov <bp@...en8.de>
Cc: brijesh.singh@....com, x86@...nel.org,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-efi@...r.kernel.org, platform-driver-x86@...r.kernel.org,
linux-coco@...ts.linux.dev, linux-mm@...ck.org,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>, Peter Gonda <pgonda@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
brijesh.ksingh@...il.com, tony.luck@...el.com, marcorr@...gle.com,
sathyanarayanan.kuppuswamy@...ux.intel.com
Subject: Re: [PATCH v11 44/45] virt: sevguest: Add support to get extended
report
Hi Boris,
On 3/3/22 09:28, Borislav Petkov wrote:
> On Thu, Feb 24, 2022 at 10:56:24AM -0600, Brijesh Singh wrote:
>> +static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
>> +{
>> + struct snp_guest_crypto *crypto = snp_dev->crypto;
>> + struct snp_ext_report_req req = {0};
>> + struct snp_report_resp *resp;
>> + int ret, npages = 0, resp_len;
>> +
>> + lockdep_assert_held(&snp_cmd_mutex);
>> +
>> + if (!arg->req_data || !arg->resp_data)
>> + return -EINVAL;
>> +
>> + if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
>> + return -EFAULT;
>> +
>> + if (req.certs_len) {
>> + if (req.certs_len > SEV_FW_BLOB_MAX_SIZE ||
>> + !IS_ALIGNED(req.certs_len, PAGE_SIZE))
>> + return -EINVAL;
>> + }
>> +
>> + if (req.certs_address && req.certs_len) {
>> + if (!access_ok(req.certs_address, req.certs_len))
>> + return -EFAULT;
>> +
>> + /*
>> + * Initialize the intermediate buffer with all zeros. This buffer
>> + * is used in the guest request message to get the certs blob from
>> + * the host. If host does not supply any certs in it, then copy
>> + * zeros to indicate that certificate data was not provided.
>> + */
>> + memset(snp_dev->certs_data, 0, req.certs_len);
>> +
>> + npages = req.certs_len >> PAGE_SHIFT;
>> + }
>
> I think all those checks should be made more explicit. This makes the
> code a lot more readable and straight-forward (pasting the full excerpt
> because the incremental diff ontop is less readable):
>
> ...
>
> if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
> return -EFAULT;
>
> if (!req.certs_len || !req.certs_address)
> return -EINVAL;
>
> if (req.certs_len > SEV_FW_BLOB_MAX_SIZE ||
> !IS_ALIGNED(req.certs_len, PAGE_SIZE))
> return -EINVAL;
>
I did not fail on !req.cert_len, because my read of the GHCB spec says
that additional data (certificate blob) is optional. A user could call
SNP_GET_EXT_REPORT without asking for the extended certificate. In this
case, SNP_GET_EXT_REPORT == SNP_GET_REPORT.
Text from the GHCB spec section 4.1.8
---------------
https://developer.amd.com/wp-content/resources/56421.pdf
The SNP Extended Guest Request NAE event is very similar to the SNP
Guest Request NAE event. The difference is related to the additional
data that can be returned based on the guest request. Any SNP Guest
Request that does not support returning additional data must execute as
if invoked as an SNP Guest Request.
--------------
> if (!access_ok(req.certs_address, req.certs_len))
> return -EFAULT;
>
> /*
> * Initialize the intermediate buffer with all zeros. This buffer
> * is used in the guest request message to get the certs blob from
> * the host. If host does not supply any certs in it, then copy
> * zeros to indicate that certificate data was not provided.
> */
> memset(snp_dev->certs_data, 0, req.certs_len);
>
> npages = req.certs_len >> PAGE_SHIFT;
>
Powered by blists - more mailing lists