| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAMkAt6oKQ3CnmNdrJLMWreExkN56t9vs=B883_JD+HtiNYw9HA@mail.gmail.com>
Date: Wed, 24 Aug 2022 13:28:47 -0600
From: Peter Gonda <pgonda@...gle.com>
To: Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc: Brijesh Singh <brijesh.singh@....com>,
"the arch/x86 maintainers" <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
"open list:X86 KVM CPUs" <kvm@...r.kernel.org>,
linux-efi <linux-efi@...r.kernel.org>,
platform-driver-x86@...r.kernel.org, linux-coco@...ts.linux.dev,
Linux Memory Management List <linux-mm@...ck.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
"H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
Paolo Bonzini <pbonzini@...hat.com>,
Sean Christopherson <seanjc@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
Jim Mattson <jmattson@...gle.com>,
Andy Lutomirski <luto@...nel.org>,
Dave Hansen <dave.hansen@...ux.intel.com>,
Sergio Lopez <slp@...hat.com>,
Peter Zijlstra <peterz@...radead.org>,
Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
David Rientjes <rientjes@...gle.com>,
Dov Murik <dovmurik@...ux.ibm.com>,
Tobin Feldman-Fitzthum <tobin@....com>,
Borislav Petkov <bp@...en8.de>,
Michael Roth <michael.roth@....com>,
Vlastimil Babka <vbabka@...e.cz>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Andi Kleen <ak@...ux.intel.com>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
brijesh.ksingh@...il.com, Tony Luck <tony.luck@...el.com>,
Marc Orr <marcorr@...gle.com>,
Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@...ux.intel.com>
Subject: Re: [PATCH v12 43/46] virt: Add SEV-SNP guest driver
On Wed, Aug 24, 2022 at 12:01 PM Dionna Amalie Glaze
<dionnaglaze@...gle.com> wrote:
>
> Apologies for the necropost, but I noticed strange behavior testing my
> own Golang-based wrapper around the /dev/sev-guest driver.
>
> > +
> > +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
> > + u8 type, void *req_buf, size_t req_sz, void *resp_buf,
> > + u32 resp_sz, __u64 *fw_err)
> > +{
> > + unsigned long err;
> > + u64 seqno;
> > + int rc;
> > +
> > + /* Get message sequence and verify that its a non-zero */
> > + seqno = snp_get_msg_seqno(snp_dev);
> > + if (!seqno)
> > + return -EIO;
> > +
> > + memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
> > +
> > + /* Encrypt the userspace provided payload */
> > + rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
> > + if (rc)
> > + return rc;
> > +
> > + /* Call firmware to process the request */
> > + rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
> > + if (fw_err)
> > + *fw_err = err;
> > +
> > + if (rc)
> > + return rc;
> > +
>
> The fw_err is written back regardless of rc, so since err is
> uninitialized, you can end up with garbage written back. I've worked
> around this by only caring about fw_err when the result is -EIO, but
> thought that I should bring this up.
I also noticed that we use a u64 in snp_guest_request_ioctl.fw_err and
u32 in sev_issue_cmd.error when these should be errors from the
sev_ret_code enum IIUC.
We can fix snp_issue_guest_request() to set |fw_err| to zero when it
returns 0 but what should we return to userspace if we encounter an
error that prevents the FW from even being called? In ` crypto: ccp -
Ensure psp_ret is always init'd in __sev_platform_init_locked()` we
set the return to -1 so we could continue that convection here and
better codify it in the sev_ret_code enum.
>
> --
> -Dionna Glaze, PhD (she/her)
Powered by blists - more mailing lists