| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <661ea007d1844_4d5612948c@dwillia2-mobl3.amr.corp.intel.com.notmuch>
Date: Tue, 16 Apr 2024 08:57:59 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: Tom Lendacky <thomas.lendacky@....com>, Dan Williams
<dan.j.williams@...el.com>, <linux-kernel@...r.kernel.org>, <x86@...nel.org>,
<linux-coco@...ts.linux.dev>, <svsm-devel@...onut-svsm.dev>
CC: Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>,
Borislav Petkov <bp@...en8.de>, Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>, Andy Lutomirski <luto@...nel.org>, "Peter
Zijlstra" <peterz@...radead.org>, Michael Roth <michael.roth@....com>, Ashish
Kalra <ashish.kalra@....com>
Subject: Re: [PATCH v3 10/14] configfs-tsm: Allow the privlevel_floor
attribute to be updated
Tom Lendacky wrote:
> On 4/15/24 23:55, Dan Williams wrote:
> > Tom Lendacky wrote:
> >> With the introduction of an SVSM, Linux will be running at a non-zero
> >> VMPL. Any request for an attestation report at a higher priviledge VMPL
> >> than what Linux is currently running will result in an error. Allow for
> >> the privlevel_floor attribute to be updated dynamically so that the
> >> attribute may be set dynamically.
> >>
> >> Signed-off-by: Tom Lendacky <thomas.lendacky@....com>
> >> ---
> >> drivers/virt/coco/sev-guest/sev-guest.c | 5 ++++-
> >> include/linux/tsm.h | 2 +-
> >> 2 files changed, 5 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c
> >> index 1ff897913bf4..bba6531cb606 100644
> >> --- a/drivers/virt/coco/sev-guest/sev-guest.c
> >> +++ b/drivers/virt/coco/sev-guest/sev-guest.c
> >> @@ -885,7 +885,7 @@ static int sev_report_new(struct tsm_report *report, void *data)
> >> return 0;
> >> }
> >>
> >> -static const struct tsm_ops sev_tsm_ops = {
> >> +static struct tsm_ops sev_tsm_ops = {
> >> .name = KBUILD_MODNAME,
> >> .report_new = sev_report_new,
> >> };
> >> @@ -972,6 +972,9 @@ static int __init sev_guest_probe(struct platform_device *pdev)
> >> snp_dev->input.resp_gpa = __pa(snp_dev->response);
> >> snp_dev->input.data_gpa = __pa(snp_dev->certs_data);
> >>
> >> + /* Set the privlevel_floor attribute based on the current VMPL */
> >> + sev_tsm_ops.privlevel_floor = snp_get_vmpl();
> >
> > Why is this not vmpck_id?
>
> Good catch, this probably should be pulled out separately and submitted
> as a Fixes: against the current support. If you think it's important
> enough, I can do that and put this at the beginning of the series. Or I
> can just modify this to use the vmpck_id value. Any preference?
I dunno, you tell me. What breaks if privlevel_floor is mismatched vs
vmpl and/or vmpck_id? If it warrants a "Fixes:" it should probably be
broken out.
However, I *guess* it is just adding some sanity checking precision to
userspace requests and makes some input validation not catch errors when
userspace tries to generate reports from the wrong level, right? I.e.
privlevel_floor may be lower than expected, but userspace should not be
depending on that since the report generation will fail.
Powered by blists - more mailing lists