lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <7d3f1877-8762-34f4-f1bb-c5c2924c2b77@intel.com>
Date:   Thu, 27 Apr 2023 12:56:52 -0700
From:   Dave Hansen <dave.hansen@...el.com>
To:     Sathyanarayanan Kuppuswamy 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Dionna Amalie Glaze <dionnaglaze@...gle.com>
Cc:     Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Dave Hansen <dave.hansen@...ux.intel.com>, x86@...nel.org,
        Shuah Khan <shuah@...nel.org>,
        Jonathan Corbet <corbet@....net>,
        "H . Peter Anvin" <hpa@...or.com>,
        "Kirill A . Shutemov" <kirill.shutemov@...ux.intel.com>,
        Tony Luck <tony.luck@...el.com>,
        Wander Lairson Costa <wander@...hat.com>,
        Erdem Aktas <erdemaktas@...gle.com>,
        Chong Cai <chongc@...gle.com>, Qinkun Bao <qinkun@...che.org>,
        Guorui Yu <GuoRui.Yu@...ux.alibaba.com>,
        Du Fan <fan.du@...el.com>, linux-kernel@...r.kernel.org,
        linux-kselftest@...r.kernel.org, linux-doc@...r.kernel.org
Subject: Re: [PATCH v2 3/3] selftests/tdx: Test GetQuote TDX attestation
 feature

On 4/27/23 12:10, Sathyanarayanan Kuppuswamy wrote:
>> Shouldn't req be zeroed before populating reportdata? We wouldn't want
>> uninitialized memory to leave the guest. I know this is just a test,
> There are only two members in struct tdx_report_req (reportdata and tdreport).
> The reportdata has already been updated here, and the tdreport will be updated
> by the kernel on output. Since TDX_CMD_GET_REPORT0 IOCTL handler uses an
> intermediate kernel buffer to the TDREPORT and copies the generated report back
> to this user buffer, this uninitialized tdreport data never leaves the guest.

Is that really even relevant?

I mean, we could implement the whole thing with get_user_pages() and
then just pass the physical address of the reportdata and tdreport down
to the TDX module.

It doesn't matter either way.  The data is going from guest userspace to
the guest kernel to the TDX module, all of which are trusted.

It's a selftest.  I'd just leave it alone.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ