lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <64dce778240af_5ea6e29419@dwillia2-xfh.jf.intel.com.notmuch>
Date:   Wed, 16 Aug 2023 08:12:56 -0700
From:   Dan Williams <dan.j.williams@...el.com>
To:     Tom Lendacky <thomas.lendacky@....com>,
        Dan Williams <dan.j.williams@...el.com>,
        <linux-coco@...ts.linux.dev>
CC:     Kuppuswamy Sathyanarayanan 
        <sathyanarayanan.kuppuswamy@...ux.intel.com>,
        Dionna Amalie Glaze <dionnaglaze@...gle.com>,
        James Bottomley <James.Bottomley@...senpartnership.com>,
        Peter Gonda <pgonda@...gle.com>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Samuel Ortiz <sameo@...osinc.com>, <peterz@...radead.org>,
        <x86@...nel.org>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 2/5] tsm: Introduce a shared ABI for attestation
 reports

Tom Lendacky wrote:
> > +static ssize_t privlevel_store(struct device *dev,
> > +			       struct device_attribute *attr, const char *buf,
> > +			       size_t len)
> > +{
> > +	unsigned int val;
> > +	int rc;
> > +
> > +	rc = kstrtouint(buf, 0, &val);
> > +	if (rc)
> > +		return rc;
> > +
> > +	guard(rwsem_write)(&tsm_rwsem);
> > +	if (tsm_report.desc.privlevel == val)
> > +		return len;
> > +	tsm_report.desc.privlevel = val;
> > +	tsm_report.write_generation++;
> 
> So I'm wondering if this use of write_generation helps or not. Since it 
> isn't incremented if the levels are the same, that might present race 
> conditions.
> 
> What if user A requests vmpl 2 and privlevel is already 2, then 
> write_generation is not incremented. But before user A can read back the 
> generation value user B can request vmpl 3 and cause write_generation to 
> be incremented.
> 
> This may not be a problem for VMPL, since that can be checked in the 
> returned attestation report, but it could be for the report format. If the 
> extended format is requested but changed to default, then the additional 
> certs might not be returned and the guest may think there aren't any...?
> 
> Maybe incrementing the write_generation no matter what is best.

True, and good eye. If write_generation does not always increment once
per write there is no way to assume the state of the parameters. Will
fix.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ