Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp129909imj; Thu, 14 Feb 2019 16:58:50 -0800 (PST) X-Google-Smtp-Source: AHgI3IZETwVs2xdNr8B3Fv1Zz4hNO8ojEtYBvHaZOdfvq2xiNog2jrjslQ61j/XZ6Urj0TtmBsCh X-Received: by 2002:a62:1bd4:: with SMTP id b203mr6973957pfb.144.1550192330834; Thu, 14 Feb 2019 16:58:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550192330; cv=none; d=google.com; s=arc-20160816; b=aNYPOlU3RiX3S2iBSv4arDFMud5erb2fE9Vio290rM9s7pzT04TIaubEUWs51RCAfC +crNIWcc2qJOYziVVPYnHRJ5CKhedANKBcTomQrij/hDUMzw9hQmN5u5S7197fKrxn1o XM25fhMUfYrKtjSIy0WCiBntPjFc8fNKIER2TzJG51rfizXfhtT1KTqZX/BJv23hHk3J XpsISrkIgbuIw2ik1YIw341FVujjmiHz85MlprEK9WiLgxOX2hdYDLGIFYXVbY1kd4mj psWjqfu3eg1eonr16NSXR4cxinsBN/JQNraO5YwTPD1pW8D4ZzB5LhByAB/aSUSfxMIW a07g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=uR7QMXNd1yKBGiu/lg/ms8J+Ju4uZnkZopHIfNz3114=; b=EOaKmf46ntNB2VCAig+zShwQwCi1HyO9f36QOX2sSXq6CnhUjaXlCs2zsSAUfvwycE 0ibYwwoii7Twekr8R/sWyccUXEhwWd7wcReiGciCakDX1pr+jeSRXET7mGOPaYEucqDu 9JlI0RtBEVe3gWI9oG1fFlXA6gcU79HbJVNANgxZEzD5IFJ81HGp/YA8/6kA9K3y/9MK oC/8F5yVdBARuBpN/EnxEgabL/dmS2GJQF9wnxueSNQa8Pc9gqA5Dy0AhNd646OQT/x/ T/q7csfJ2aMioNjwdMDCS1YT9iZ26qSdKnx2Qob1dDSduzB5TSJzWt3f07bD4ahAnhnH B8eQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p5si3839696pgl.180.2019.02.14.16.58.34; Thu, 14 Feb 2019 16:58:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2502879AbfBNQ5a (ORCPT + 99 others); Thu, 14 Feb 2019 11:57:30 -0500 Received: from mail-it1-f195.google.com ([209.85.166.195]:36030 "EHLO mail-it1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2502866AbfBNQ52 (ORCPT ); Thu, 14 Feb 2019 11:57:28 -0500 Received: by mail-it1-f195.google.com with SMTP id h6so14723181itl.1 for ; Thu, 14 Feb 2019 08:57:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=uR7QMXNd1yKBGiu/lg/ms8J+Ju4uZnkZopHIfNz3114=; b=ZYkk80vZi1gmwrLzIY3z6WFtAhYZTJnVdWJK0GubuS5QZaHt72/iUXEuoq4NMZlrRA wdHXtkIE0KM1ZchKweq+dfo98RO91SsQZosEuveTz8Fty0hgNyH0/iNNK7VfTljZxW/Z jpY216/Mm8fjccQ24QdfeYQNozmQZ+Yw4Az5zDWdcQNg7TQLIN5iB3gbj0gk9O5SsarI DupTK2Wnhq+7D9NX1WVdHSVtC6MdzUkRaPUrhVTj4o2Pix76IWO4aWUK/k4X08M6MegF ELJMafZFk6deM5HS221EyVUMmikPPwIxydG9oZMMPrUMoZA1C5KJCsOEuWIp5URcn08b iUtg== X-Gm-Message-State: AHQUAubJsoGJI6PESES+rNgZfNdMSGmuOL/6rrxOi4n9EFacWeJuclVo YVPdfDHw1oHJNl4ExmTdKOl51ObkmSBbLwwt56Xb3Q== X-Received: by 2002:a24:29c8:: with SMTP id p191mr1273351itp.115.1550163446737; Thu, 14 Feb 2019 08:57:26 -0800 (PST) MIME-Version: 1.0 References: <20190213192329.680-1-brijesh.singh@amd.com> In-Reply-To: <20190213192329.680-1-brijesh.singh@amd.com> From: Nathaniel McCallum Date: Thu, 14 Feb 2019 10:57:15 -0600 Message-ID: Subject: Re: [PATCH] crypto: ccp: introduce SEV_GET_ID2 command To: "Singh, Brijesh" Cc: "linux-crypto@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "Natarajan, Janakarajan" , Herbert Xu , "Hook, Gary" , "Lendacky, Thomas" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org I'm a little concerned that this immediately disables SEV_GET_ID. IMHO, we should continue to support both for a period of time. One justification for immediate disablement would be that if keeping it around is likely to enabled incorrect or insecure userspace behavior with a firmware change. Given that this value is passed directly to the AMD server, I don't think either of these is the case and it can probably be worked around on the server side. On Wed, Feb 13, 2019 at 1:24 PM Singh, Brijesh wrote: > > The current definition and implementation of the SEV_GET_ID command > does not provide the length of the unique ID returned by the firmware. > As per the firmware specification, the firmware may return an ID > length that is not restricted to 64 bytes as assumed by the SEV_GET_ID > command. > > Introduce the SEV_GET_ID2 command to allow for querying and returing > the length of the ID. Deprecate the SEV_GET_ID in the favor of > SEV_GET_ID2. > > Cc: Janakarajan Natarajan > Cc: Herbert Xu > Cc: Gary Hook > Cc: Tom Lendacky > Signed-off-by: Brijesh Singh > --- > drivers/crypto/ccp/psp-dev.c | 65 +++++++++++++++++++++++++----------- > include/uapi/linux/psp-sev.h | 18 +++++++--- > 2 files changed, 60 insertions(+), 23 deletions(-) > > diff --git a/drivers/crypto/ccp/psp-dev.c b/drivers/crypto/ccp/psp-dev.c > index b16be8a11d92..b510900a9a83 100644 > --- a/drivers/crypto/ccp/psp-dev.c > +++ b/drivers/crypto/ccp/psp-dev.c > @@ -584,40 +584,63 @@ static int sev_ioctl_do_pek_import(struct sev_issue_cmd *argp) > > static int sev_ioctl_do_get_id(struct sev_issue_cmd *argp) > { > + struct sev_user_data_get_id2 input; > struct sev_data_get_id *data; > - u64 data_size, user_size; > - void *id_blob, *mem; > + void *id_blob = NULL; > int ret; > > - /* SEV GET_ID available from SEV API v0.16 and up */ > + /* SEV GET_ID is available from SEV API v0.16 and up */ > if (!SEV_VERSION_GREATER_OR_EQUAL(0, 16)) > return -ENOTSUPP; > > - /* SEV FW expects the buffer it fills with the ID to be > - * 8-byte aligned. Memory allocated should be enough to > - * hold data structure + alignment padding + memory > - * where SEV FW writes the ID. > - */ > - data_size = ALIGN(sizeof(struct sev_data_get_id), 8); > - user_size = sizeof(struct sev_user_data_get_id); > + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input))) > + return -EFAULT; > > - mem = kzalloc(data_size + user_size, GFP_KERNEL); > - if (!mem) > + /* Check if we have write access to the userspace buffer */ > + if (input.address && > + input.length && > + !access_ok(input.address, input.length)) > + return -EFAULT; > + > + data = kzalloc(sizeof(*data), GFP_KERNEL); > + if (!data) > return -ENOMEM; > > - data = mem; > - id_blob = mem + data_size; > + if (input.address && input.length) { > + id_blob = kmalloc(input.length, GFP_KERNEL); > + if (!id_blob) { > + kfree(data); > + return -ENOMEM; > + } > > - data->address = __psp_pa(id_blob); > - data->len = user_size; > + data->address = __psp_pa(id_blob); > + data->len = input.length; > + } > > ret = __sev_do_cmd_locked(SEV_CMD_GET_ID, data, &argp->error); > - if (!ret) { > - if (copy_to_user((void __user *)argp->data, id_blob, data->len)) > + > + /* > + * Firmware will return the length of the ID value (either the minimum > + * required length or the actual length written), return it to the user. > + */ > + input.length = data->len; > + > + if (copy_to_user((void __user *)argp->data, &input, sizeof(input))) { > + ret = -EFAULT; > + goto e_free; > + } > + > + if (id_blob) { > + if (copy_to_user((void __user *)input.address, > + id_blob, data->len)) { > ret = -EFAULT; > + goto e_free; > + } > } > > - kfree(mem); > +e_free: > + kfree(id_blob); > + kfree(data); > > return ret; > } > @@ -760,6 +783,10 @@ static long sev_ioctl(struct file *file, unsigned int ioctl, unsigned long arg) > ret = sev_ioctl_do_pdh_export(&input); > break; > case SEV_GET_ID: > + /* SEV_GET_ID is deprecated */ > + ret = -ENOTSUPP; > + break; > + case SEV_GET_ID2: > ret = sev_ioctl_do_get_id(&input); > break; > default: > diff --git a/include/uapi/linux/psp-sev.h b/include/uapi/linux/psp-sev.h > index ac8c60bcc83b..43521d500c2b 100644 > --- a/include/uapi/linux/psp-sev.h > +++ b/include/uapi/linux/psp-sev.h > @@ -6,8 +6,7 @@ > * > * Author: Brijesh Singh > * > - * SEV spec 0.14 is available at: > - * http://support.amd.com/TechDocs/55766_SEV-KM%20API_Specification.pdf > + * SEV API specification is available at: https://developer.amd.com/sev/ > * > * This program is free software; you can redistribute it and/or modify > * it under the terms of the GNU General Public License version 2 as > @@ -30,7 +29,8 @@ enum { > SEV_PDH_GEN, > SEV_PDH_CERT_EXPORT, > SEV_PEK_CERT_IMPORT, > - SEV_GET_ID, > + SEV_GET_ID, /* This command is deprecated, use SEV_GET_ID2 */ > + SEV_GET_ID2, > > SEV_MAX, > }; > @@ -125,7 +125,7 @@ struct sev_user_data_pdh_cert_export { > } __packed; > > /** > - * struct sev_user_data_get_id - GET_ID command parameters > + * struct sev_user_data_get_id - GET_ID command parameters (deprecated) > * > * @socket1: Buffer to pass unique ID of first socket > * @socket2: Buffer to pass unique ID of second socket > @@ -135,6 +135,16 @@ struct sev_user_data_get_id { > __u8 socket2[64]; /* Out */ > } __packed; > > +/** > + * struct sev_user_data_get_id2 - GET_ID command parameters > + * @address: Buffer to store unique ID > + * @length: length of the unique ID > + */ > +struct sev_user_data_get_id2 { > + __u64 address; /* In */ > + __u32 length; /* In/Out */ > +} __packed; > + > /** > * struct sev_issue_cmd - SEV ioctl parameters > * > -- > 2.17.1 >