lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 6 Jun 2023 17:24:48 +0200
From:   Janosch Frank <frankja@...ux.ibm.com>
To:     Steffen Eiden <seiden@...ux.ibm.com>, kvm@...r.kernel.org,
        linux-s390@...r.kernel.org, linux-kernel@...r.kernel.org,
        Viktor Mihajlovski <mihajlov@...ux.ibm.com>
Cc:     Claudio Imbrenda <imbrenda@...ux.ibm.com>,
        Nico Boehr <nrb@...ux.ibm.com>,
        Christian Borntraeger <borntraeger@...ux.ibm.com>,
        Heiko Carstens <hca@...ux.ibm.com>,
        Hendrik Brueckner <brueckner@...ux.ibm.com>
Subject: Re: [PATCH v3 4/6] s390/uvdevice: Add 'Lock Secret Store' UVC

On 6/6/23 13:37, Steffen Eiden wrote:
> Userspace can call the Lock Secret Store Ultravisor Call
> using IOCTLs on the uvdevice.
> During the handling of the new IOCTL nr the uvdevice will do some sanity
> checks first. Then, perform the Ultravisor command, and copy the
> return codes to userspace.
> If the Lock Secrets UV facility is not present, UV will return
> invalid command rc. This won't be fenced in the driver and does not
> result in a negative return value. This is also true for any other
> possible error code the UV can return.
> 
> Signed-off-by: Steffen Eiden <seiden@...ux.ibm.com>

[...]

> +/** uvio_lock_secrets() - perform a Lock Secret Store UVC
> + * @uv_ioctl: ioctl control block
> + *
> + * uvio_lock_secrets() performs the Lock Secret Store Ultravisor Call. It
> + * performs the UV-call and copies the return codes to the ioctl control block.
> + * After this call was dispatched successfully every following Add Secret UVC
> + * and Lock Secrets UVC will fail with return code 0x102.
> + *
> + * The argument address and size must be 0.
> + *
> + * If the List Secrets UV facility is not present, UV will return invalid
> + * command rc. This won't be fenced in the driver and does not result in a
> + * negative return value.

This is not "list secrets" though.

> + *
> + * Context: might sleep
> + *
> + * Return: 0 on success or a negative error code on error.
> + */
> +static int uvio_lock_secrets(struct uvio_ioctl_cb *ioctl)
> +{
> +	struct uv_cb_nodata uvcb = {
> +		.header.len = sizeof(uvcb),
> +		.header.cmd = UVC_CMD_LOCK_SECRETS,
> +	};
> +
> +	if (ioctl->argument_addr || ioctl->argument_len)
> +		return -EINVAL;
> +
> +	uv_call(0, (u64)&uvcb);
> +	ioctl->uv_rc = uvcb.header.rc;
> +	ioctl->uv_rrc = uvcb.header.rrc;
> +
> +	return 0;
> +}
> +
>   static int uvio_copy_and_check_ioctl(struct uvio_ioctl_cb *ioctl, void __user *argp,
>   				     unsigned long cmd)
>   {
> @@ -384,6 +420,9 @@ static long uvio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
>   	case UVIO_IOCTL_LIST_SECRETS_NR:
>   		ret = uvio_list_secrets(&uv_ioctl);
>   		break;
> +	case UVIO_IOCTL_LOCK_SECRETS_NR:
> +		ret = uvio_lock_secrets(&uv_ioctl);
> +		break;
>   	default:
>   		ret = -ENOIOCTLCMD;
>   		break;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ