lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 25 Aug 2022 13:54:26 -0500
From:   Tom Lendacky <thomas.lendacky@....com>
To:     Peter Gonda <pgonda@...gle.com>,
        Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc:     Brijesh Singh <brijesh.singh@....com>,
        the arch/x86 maintainers <x86@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        "open list:X86 KVM CPUs" <kvm@...r.kernel.org>,
        linux-efi <linux-efi@...r.kernel.org>,
        platform-driver-x86@...r.kernel.org, linux-coco@...ts.linux.dev,
        Linux Memory Management List <linux-mm@...ck.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Joerg Roedel <jroedel@...e.de>,
        "H. Peter Anvin" <hpa@...or.com>, Ard Biesheuvel <ardb@...nel.org>,
        Paolo Bonzini <pbonzini@...hat.com>,
        Sean Christopherson <seanjc@...gle.com>,
        Vitaly Kuznetsov <vkuznets@...hat.com>,
        Jim Mattson <jmattson@...gle.com>,
        Andy Lutomirski <luto@...nel.org>,
        Dave Hansen <dave.hansen@...ux.intel.com>,
        Sergio Lopez <slp@...hat.com>,
        Peter Zijlstra <peterz@...radead.org>,
        Srinivas Pandruvada <srinivas.pandruvada@...ux.intel.com>,
        David Rientjes <rientjes@...gle.com>,
        Dov Murik <dovmurik@...ux.ibm.com>,
        Tobin Feldman-Fitzthum <tobin@....com>,
        Borislav Petkov <bp@...en8.de>,
        Michael Roth <michael.roth@....com>,
        Vlastimil Babka <vbabka@...e.cz>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Andi Kleen <ak@...ux.intel.com>,
        "Dr . David Alan Gilbert" <dgilbert@...hat.com>,
        brijesh.ksingh@...il.com, Tony Luck <tony.luck@...el.com>,
        Marc Orr <marcorr@...gle.com>,
        Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Subject: Re: [PATCH v12 43/46] virt: Add SEV-SNP guest driver

On 8/24/22 14:28, Peter Gonda wrote:
> On Wed, Aug 24, 2022 at 12:01 PM Dionna Amalie Glaze
> <dionnaglaze@...gle.com> wrote:
>>
>> Apologies for the necropost, but I noticed strange behavior testing my
>> own Golang-based wrapper around the /dev/sev-guest driver.
>>
>>> +
>>> +static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
>>> +                               u8 type, void *req_buf, size_t req_sz, void *resp_buf,
>>> +                               u32 resp_sz, __u64 *fw_err)
>>> +{
>>> +       unsigned long err;
>>> +       u64 seqno;
>>> +       int rc;
>>> +
>>> +       /* Get message sequence and verify that its a non-zero */
>>> +       seqno = snp_get_msg_seqno(snp_dev);
>>> +       if (!seqno)
>>> +               return -EIO;
>>> +
>>> +       memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
>>> +
>>> +       /* Encrypt the userspace provided payload */
>>> +       rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
>>> +       if (rc)
>>> +               return rc;
>>> +
>>> +       /* Call firmware to process the request */
>>> +       rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
>>> +       if (fw_err)
>>> +               *fw_err = err;
>>> +
>>> +       if (rc)
>>> +               return rc;
>>> +
>>
>> The fw_err is written back regardless of rc, so since err is
>> uninitialized, you can end up with garbage written back. I've worked
>> around this by only caring about fw_err when the result is -EIO, but
>> thought that I should bring this up.
> 
> I also noticed that we use a u64 in snp_guest_request_ioctl.fw_err and
> u32 in sev_issue_cmd.error when these should be errors from the
> sev_ret_code enum IIUC.

The reason for the u64 is that the Extended Guest Request can return a 
firmware error or a hypervisor error. To distinguish between the two, a 
firmware error is contained in the lower 32-bits, while a hypervisor error 
is contained in the upper 32-bits (e.g. when not enough contiguous pages 
of memory have been supplied).

Thanks,
Tom

> 
> We can fix snp_issue_guest_request() to set |fw_err| to zero when it
> returns 0 but what should we return to userspace if we encounter an
> error that prevents the FW from even being called? In ` crypto: ccp -
> Ensure psp_ret is always init'd in __sev_platform_init_locked()` we
> set the return to -1 so we could continue that convection here and
> better codify it in the sev_ret_code enum.
> 
>>
>> --
>> -Dionna Glaze, PhD (she/her)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ