| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Sep 2022 10:12:00 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@...ux.intel.com>
Cc: Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
Shuah Khan <shuah@...nel.org>,
"H . Peter Anvin" <hpa@...or.com>,
"Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
Tony Luck <tony.luck@...el.com>,
Andi Kleen <ak@...ux.intel.com>,
Kai Huang <kai.huang@...el.com>,
Wander Lairson Costa <wander@...hat.com>,
Isaku Yamahata <isaku.yamahata@...il.com>,
marcelo.cerri@...onical.com, tim.gardner@...onical.com,
khalid.elmously@...onical.com, philip.cox@...onical.com,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-doc@...r.kernel.org
Subject: Re: [PATCH v13 1/3] x86/tdx: Add TDX Guest attestation interface
driver
On Thu, Sep 15, 2022 at 08:22:37AM -0700, Sathyanarayanan Kuppuswamy wrote:
> Hi,
>
> On 9/15/22 4:09 AM, Greg Kroah-Hartman wrote:
> > On Fri, Sep 09, 2022 at 12:27:06PM -0700, Kuppuswamy Sathyanarayanan wrote:
> >> +static int __init tdx_guest_init(void)
> >> +{
> >> + int ret;
> >> +
> >> + if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST))
> >> + return -EIO;
> >> +
> >> + ret = misc_register(&tdx_misc_dev);
> >> + if (ret) {
> >> + pr_err("misc device registration failed\n");
> >> + return ret;
> >> + }
> >> +
> >> + return 0;
> >> +}
> >> +device_initcall(tdx_guest_init)
> >
> > As mentioned elsewhere, make this a normal module_init() format and only
> > load the module if the hardware is present. Don't just always be
>
> This feature needs to be enabled by default for all valid TDX guests.
Why? What is so needed by userspace to require this brand new char
device node just to use TDX?
> If TDX support is enabled and the guest is a valid TDX guest, the
> "X86 FEATURE TDX GUEST" feature flag will be set. So looking for
> "if(!cpu feature enabled(X86 FEATURE TDX GUEST))" will ensure that
> the interface is only created in a valid TDX guest.
Yes, but that's not the point. We don't just "build all drivers into
the kernel and only bind to hardware we actually have". That's not how
Linux works, sorry.
> Even if we make it into a separate driver and use module init(), we'll
> have to use the same "if(!cpu feature enabled(X86 FEATURE TDX GUEST))"
> check to create and load the device. This approach was used in earlier
> versions of this driver. We later changed it to initcall because it
> appeared to be a roundabout approach.
Sorry, no, do it properly, have it be autoloaded only on the systems
that have the cpu feature.
> Let me know if you still suggest to use module_init() model.
Yes, it is a requirement. Do you want every driver to try to copy what
you are doing here?
> Following is the sample implementation with module_init() and this code
> will be compiled with CONFIG_INTEL_TDX_GUEST=y.
>
> +static struct platform_driver tdx_attest_driver = {
> + .probe = tdx_attest_probe,
> + .remove = tdx_attest_remove,
> + .driver = {
> + .name = DRIVER_NAME,
> + },
> +};
> +
> +static int __init tdx_attest_init(void)
> +{
> + int ret;
> +
> + /* Make sure we are in a valid TDX platform */
> + if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST))
> + return -EIO;
> +
> + ret = platform_driver_register(&tdx_attest_driver);
> + if (ret) {
> + pr_err("failed to register driver, err=%d\n", ret);
> + return ret;
> + }
> +
> + pdev = platform_device_register_simple(DRIVER_NAME, -1, NULL, 0);
> + if (IS_ERR(pdev)) {
> + ret = PTR_ERR(pdev);
> + pr_err("failed to allocate device, err=%d\n", ret);
> + platform_driver_unregister(&tdx_attest_driver);
> + return ret;
> + }
> +
> + return 0;
> +}
> +
> +static void __exit tdx_attest_exit(void)
> +{
> + platform_device_unregister(pdev);
> + platform_driver_unregister(&tdx_attest_driver);
> +}
> +
> +module_init(tdx_attest_init);
> +module_exit(tdx_attest_exit);
Sorry, no, this too is not ok as you are not telling userspace if it
needs to load your driver or not automatically. Please do this
properly.
Basic issues like this shouldn't be showing up in v13 of a patch series.
Please take the time and start over and go and get a lot of internal
review before sending anything out again.
thanks,
greg k-h
Powered by blists - more mailing lists