lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <YyQv0JS6dDcn364X@kroah.com>
Date:   Fri, 16 Sep 2022 10:12:00 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Sathyanarayanan Kuppuswamy 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        Shuah Khan <shuah@...nel.org>,
        "H . Peter Anvin" <hpa@...or.com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>,
        Andi Kleen <ak@...ux.intel.com>,
        Kai Huang <kai.huang@...el.com>,
        Wander Lairson Costa <wander@...hat.com>,
        Isaku Yamahata <isaku.yamahata@...il.com>,
        marcelo.cerri@...onical.com, tim.gardner@...onical.com,
        khalid.elmously@...onical.com, philip.cox@...onical.com,
        linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
        linux-doc@...r.kernel.org
Subject: Re: [PATCH v13 1/3] x86/tdx: Add TDX Guest attestation interface
 driver

On Thu, Sep 15, 2022 at 08:22:37AM -0700, Sathyanarayanan Kuppuswamy wrote:
> Hi,
> 
> On 9/15/22 4:09 AM, Greg Kroah-Hartman wrote:
> > On Fri, Sep 09, 2022 at 12:27:06PM -0700, Kuppuswamy Sathyanarayanan wrote:
> >> +static int __init tdx_guest_init(void)
> >> +{
> >> +	int ret;
> >> +
> >> +	if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST))
> >> +		return -EIO;
> >> +
> >> +	ret = misc_register(&tdx_misc_dev);
> >> +	if (ret) {
> >> +		pr_err("misc device registration failed\n");
> >> +		return ret;
> >> +	}
> >> +
> >> +	return 0;
> >> +}
> >> +device_initcall(tdx_guest_init)
> > 
> > As mentioned elsewhere, make this a normal module_init() format and only
> > load the module if the hardware is present.  Don't just always be
> 
> This feature needs to be enabled by default for all valid TDX guests.

Why?  What is so needed by userspace to require this brand new char
device node just to use TDX?

> If TDX support is enabled and the guest is a valid TDX guest, the
> "X86 FEATURE TDX GUEST" feature flag will be set. So looking for
> "if(!cpu feature enabled(X86 FEATURE TDX GUEST))" will ensure that
> the interface is only created in a valid TDX guest.

Yes, but that's not the point.  We don't just "build all drivers into
the kernel and only bind to hardware we actually have".  That's not how
Linux works, sorry.

> Even if we make it into a separate driver and use module init(), we'll
> have to use the same "if(!cpu feature enabled(X86 FEATURE TDX GUEST))"
> check to create and load the device. This approach was used in earlier
> versions of this driver. We later changed it to initcall because it
> appeared to be a roundabout approach.

Sorry, no, do it properly, have it be autoloaded only on the systems
that have the cpu feature.

> Let me know if you still suggest to use module_init() model.

Yes, it is a requirement.  Do you want every driver to try to copy what
you are doing here?

> Following is the sample implementation with module_init() and this code
> will be compiled with CONFIG_INTEL_TDX_GUEST=y.
> 
> +static struct platform_driver tdx_attest_driver = {
> +	.probe		= tdx_attest_probe,
> +	.remove		= tdx_attest_remove,
> +	.driver		= {
> +		.name	= DRIVER_NAME,
> +	},
> +};
> +
> +static int __init tdx_attest_init(void)
> +{
> +	int ret;
> +
> +	/* Make sure we are in a valid TDX platform */
> +	if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST))
> +		return -EIO;
> +
> +	ret = platform_driver_register(&tdx_attest_driver);
> +	if (ret) {
> +		pr_err("failed to register driver, err=%d\n", ret);
> +		return ret;
> +	}
> +
> +	pdev = platform_device_register_simple(DRIVER_NAME, -1, NULL, 0);
> +	if (IS_ERR(pdev)) {
> +		ret = PTR_ERR(pdev);
> +		pr_err("failed to allocate device, err=%d\n", ret);
> +		platform_driver_unregister(&tdx_attest_driver);
> +		return ret;
> +	}
> +
> +	return 0;
> +}
> +
> +static void __exit tdx_attest_exit(void)
> +{
> +	platform_device_unregister(pdev);
> +	platform_driver_unregister(&tdx_attest_driver);
> +}
> +
> +module_init(tdx_attest_init);
> +module_exit(tdx_attest_exit);

Sorry, no, this too is not ok as you are not telling userspace if it
needs to load your driver or not automatically.  Please do this
properly.

Basic issues like this shouldn't be showing up in v13 of a patch series.
Please take the time and start over and go and get a lot of internal
review before sending anything out again.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ