| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Mar 2022 10:04:41 +0100
From: Janosch Frank <frankja@...ux.ibm.com>
To: Steffen Eiden <seiden@...ux.ibm.com>, linux-s390@...r.kernel.org
Cc: Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Christian Borntraeger <borntraeger@...ux.ibm.com>,
Alexander Gordeev <agordeev@...ux.ibm.com>,
David Hildenbrand <david@...hat.com>,
Claudio Imbrenda <imbrenda@...ux.ibm.com>,
Shuah Khan <shuah@...nel.org>, Nico Boehr <nrb@...ux.ibm.com>,
linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
linux-kselftest@...r.kernel.org
Subject: Re: [PATCH v3 0/4] s390: Ultravisor device
On 3/4/22 15:11, Steffen Eiden wrote:
> This series adds an Ultravisor(UV) device letting the userspace send some
> Ultravisor calls to the UV. Currently two calls are supported.
> Query Ultravisor Information (QUI) and
> Receive Attestation Measurement (Attest[ation]).
>
> The UV device is implemented as a miscdevice accepting only IOCTLs.
> The IOCTL cmd specifies the UV call and the IOCTL arg the request
> and response data depending on the UV call.
> The device driver writes the UV response in the ioctl argument data.
>
> The 'uvdevice' does no checks on the request beside faulty userspace
> addresses, if sizes are in a sane range before allocating in kernel space,
> and other tests that prevent the system from corruption.
> Especially, no checks are made, that will be performed by the UV anyway
> (E.g. 'invalid command' in case of attestation on unsupported hardware).
> These errors are reported back to Userspace using the UV return code
> field.
>
> The first two patches introduce the new device as a module configured to be
> compiled directly into the kernel (y) similar to the s390 SCLP and CHSH
> miscdevice modules. Patch 3&4 introduce Kselftests which verify error
> paths of the ioctl.
Please fixup the commit message in the first patch and then push patches
#1 and #3 to devel so we get CI coverage.
For now I'd opt to not include the qui patches but please put them on a
branch. They might prove to be useful at a later time.
>
> v2->v3:
> The main change is that QUI is now introduced after Attestation as we
> might not want pick it. Also the Kselftest patch is splitted into
> Attestation and QUI so that they can be picked without requiring
> QUI support of the uvdevice.
>
> * dropped the Kconfig dependency
> * reorganized the series:
> - Patch 1 now covers the introduction of the uvdevice and Attestation
> - Patch 2 adds QUI to uvdevice
> - Patch 3/4 add Kselftests for Attestation and QUI
> * fixed some nits
> * added some comments
>
> v1->v2:
> * ioctl returns -ENOIOCTLCMD in case of a invalid ioctl command
> * streamlined reserved field test
> * default Kconfig is y instead of m
> * improved selftest documentation
>
> Steffen Eiden (4):
> drivers/s390/char: Add Ultravisor io device
> drivers/s390/char: Add Query Ultravisor Information to uvdevice
> selftests: drivers/s390x: Add uvdevice tests
> selftests: drivers/s390x: Add uvdevice QUI tests
>
> MAINTAINERS | 3 +
> arch/s390/include/asm/uv.h | 23 +-
> arch/s390/include/uapi/asm/uvdevice.h | 53 +++
> drivers/s390/char/Kconfig | 10 +
> drivers/s390/char/Makefile | 1 +
> drivers/s390/char/uvdevice.c | 320 ++++++++++++++++++
> tools/testing/selftests/Makefile | 1 +
> tools/testing/selftests/drivers/.gitignore | 1 +
> .../selftests/drivers/s390x/uvdevice/Makefile | 22 ++
> .../selftests/drivers/s390x/uvdevice/config | 1 +
> .../drivers/s390x/uvdevice/test_uvdevice.c | 281 +++++++++++++++
> 11 files changed, 715 insertions(+), 1 deletion(-)
> create mode 100644 arch/s390/include/uapi/asm/uvdevice.h
> create mode 100644 drivers/s390/char/uvdevice.c
> create mode 100644 tools/testing/selftests/drivers/s390x/uvdevice/Makefile
> create mode 100644 tools/testing/selftests/drivers/s390x/uvdevice/config
> create mode 100644 tools/testing/selftests/drivers/s390x/uvdevice/test_uvdevice.c
>
Powered by blists - more mailing lists