Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp7545391ybi; Tue, 9 Jul 2019 00:04:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqzk0gUS2lHwuBqmRltbSn2zDuy0lU4uozPClX6sBNOQsGV296S4dLv6BKT+JuczoNACAU20 X-Received: by 2002:a17:90a:974b:: with SMTP id i11mr23766580pjw.21.1562655877265; Tue, 09 Jul 2019 00:04:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1562655877; cv=none; d=google.com; s=arc-20160816; b=hY2nB+CF1Ciud4yi8vG+f3QYmtUjWeqsWSZXINy0l1kELG9ScwUBQTFPc3VxyNnjGF /ywsVvZal6HAe0Bgvj/exIVsQlz+PmKDAgqhi3u+aMUI9bc1625wpzvPlbIlgpD9szMG bV3Gv+IxF17Hgo2I5aF/JolBeX9YniORDvXHo8fullVcGThPhrnEBySu8TQHfcFDQWmv Xkgw3RG8AbXEA3X0BgUxZbc8HjoMJLDEmdm8wECyMexafJum25FAYPkEI9aMCfWgCvUa MGzRxiek2U8xErbjDITMidUX5H7CAwzIIXkS3muniUMuKzMSIt6uYFl2dtN1jXxlj0dN dTlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=8chQ+xCDfWyHiMLd66byg5KO/gfXH9gGO2RNNVTCalM=; b=eRlDIhV/r0eHQpaBE55OOwinqjaYj+o2/r7Sg0ts0yfF06RbuMvKzRXGtyJTWzNjry hNCQYeK7y+HtdKAIusrJu+2kjWl4YvfxDxl0Zapq6lV5sDRrs5ZCHrHIzuH1bdgdD5Um crtuFhVC0GCvK2L78WXzWyd81lcjjzGqjaoV3ihdSEzwrMwWqMO++KOOgzX31nxCo0y4 xFcHxtpnuMjRgafjHeLcj9d8mwFT2SH+IYTANgSLAbWMMsACLjmjU7ZssQqCQFW5vDL+ UYUKYlMvau8p5OyU4lhPIja6Gf1EMZspGE8RF9hQ9PGTDdTKvvTfNrM/RMnzjLKSJ9Xt hJxQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FqERsOeK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 188si24194006pgd.404.2019.07.09.00.04.21; Tue, 09 Jul 2019 00:04:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=FqERsOeK; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726241AbfGIHEA (ORCPT + 99 others); Tue, 9 Jul 2019 03:04:00 -0400 Received: from mail-lf1-f68.google.com ([209.85.167.68]:43034 "EHLO mail-lf1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725818AbfGIHEA (ORCPT ); Tue, 9 Jul 2019 03:04:00 -0400 Received: by mail-lf1-f68.google.com with SMTP id c19so7001362lfm.10 for ; Tue, 09 Jul 2019 00:03:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=8chQ+xCDfWyHiMLd66byg5KO/gfXH9gGO2RNNVTCalM=; b=FqERsOeKsbYL1hDU92erKcsqSB1n/vAR7oF6mwlHmjMymElPV/dSjJn/XSlHSfZEwl FiJa2Qy+MbE0ZcRhYzxULeOxF+5amdUoNaUDvzBiG1ygbeOoXtJt4r+y4dSA6n3rKTtX ahxZEns92uGy9H/iigIR/zg4sIsdA3LKqGbPUloh86uxiIRheCYx1r9BDkztOgbK6+j1 drSe44wrIRt1WYt5yoAQLhVI2ZpPP58F+Mf5uIrl/Ie3prj3FyR9nsR4qHG+KzjLnak1 Ts4jHuNI5+q0idxZC1kHvKIXskrUQe/brL4cELfjcUGeJU9GsDJ47tE9mooBwA32FKaG 0b7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=8chQ+xCDfWyHiMLd66byg5KO/gfXH9gGO2RNNVTCalM=; b=VcZF6klJJppK3PJcnsjo3ljMz2eW9b63vnq3NRaEdMpR13NKjFb9Wns2V4otPHab8Z B/IdjaKbdGT6WryXAIgfK2JtyFdxdYiJqdef5u1AvLMvfud+upTpSgLBaV4FJfsIKJuE XuShO0FhKFxNXwty0HuV1np+x1Xxvvgm0Rq/0FVP0nkV6iQHpPWmCFD7gUxurN3iTF7z wmEBP8bcOeI3o09x6Ccfq61eV32+4PXWr/xsQmuZn6vYhHKcgajGVfACmkT6yxd4mzze ln/i/vvMREIzdvs7ODlUYJRYmWOj7rruCJjy2PJ5stYeVcnpx2IwMMi50TnjEmclOXfN eBtA== X-Gm-Message-State: APjAAAXoTjuwTTqY5U1p9cG/b4xXXb+0vO2DPAQ3JTV4i+mbCNj9LX5o wBgZXrKK2JSn/STc2KOGUILFhA== X-Received: by 2002:ac2:5609:: with SMTP id v9mr10278057lfd.27.1562655838100; Tue, 09 Jul 2019 00:03:58 -0700 (PDT) Received: from jax (h-84-105.A175.priv.bahnhof.se. [79.136.84.105]) by smtp.gmail.com with ESMTPSA id t23sm4092662ljd.98.2019.07.09.00.03.56 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Tue, 09 Jul 2019 00:03:57 -0700 (PDT) Date: Tue, 9 Jul 2019 09:03:55 +0200 From: Jens Wiklander To: Sumit Garg Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, corbet@lwn.net, dhowells@redhat.com, jejb@linux.ibm.com, Jarkko Sakkinen , Mimi Zohar , jmorris@namei.org, serge@hallyn.com, Ard Biesheuvel , Daniel Thompson , linux-doc@vger.kernel.org, Linux Kernel Mailing List , tee-dev@lists.linaro.org Subject: Re: [RFC 3/7] tee: add private login method for kernel clients Message-ID: <20190709070354.GA5791@jax> References: <1560421833-27414-1-git-send-email-sumit.garg@linaro.org> <1560421833-27414-4-git-send-email-sumit.garg@linaro.org> <20190708153908.GA28253@jax> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.9.4 (2018-02-28) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 09, 2019 at 11:26:19AM +0530, Sumit Garg wrote: > Thanks Jens for your comments. > > On Mon, 8 Jul 2019 at 21:09, Jens Wiklander wrote: > > > > Hi Sumit, > > > > On Thu, Jun 13, 2019 at 04:00:29PM +0530, Sumit Garg wrote: > > > There are use-cases where user-space shouldn't be allowed to communicate > > > directly with a TEE device which is dedicated to provide a specific > > > service for a kernel client. So add a private login method for kernel > > > clients and disallow user-space to open-session using this login method. > > > > > > Signed-off-by: Sumit Garg > > > --- > > > drivers/tee/tee_core.c | 6 ++++++ > > > include/uapi/linux/tee.h | 2 ++ > > > 2 files changed, 8 insertions(+) > > > > > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c > > > index 0f16d9f..4581bd1 100644 > > > --- a/drivers/tee/tee_core.c > > > +++ b/drivers/tee/tee_core.c > > > @@ -334,6 +334,12 @@ static int tee_ioctl_open_session(struct tee_context *ctx, > > > goto out; > > > } > > > > > > + if (arg.clnt_login == TEE_IOCTL_LOGIN_REE_KERNEL) { > > TEE_IOCTL_LOGIN_REE_KERNEL is defined as 0x80000000 which is in the > > range specified and implementation defined by the GP spec. I wonder if > > we shouldn't filter the entire implementation defined range instead of > > just this value. > > Agree. Will rather check for entire implementation defined range: > 0x80000000 - 0xFFFFFFFF. > > > > > > + pr_err("login method not allowed for user-space client\n"); > > pr_debug(), if it's needed at all. > > > > Ok will use pr_debug() instead. > > > > + rc = -EPERM; > > > + goto out; > > > + } > > > + > > > rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params); > > > if (rc) > > > goto out; > > > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h > > > index 4b9eb06..f33c69c 100644 > > > --- a/include/uapi/linux/tee.h > > > +++ b/include/uapi/linux/tee.h > > > @@ -172,6 +172,8 @@ struct tee_ioctl_buf_data { > > > #define TEE_IOCTL_LOGIN_APPLICATION 4 > > > #define TEE_IOCTL_LOGIN_USER_APPLICATION 5 > > > #define TEE_IOCTL_LOGIN_GROUP_APPLICATION 6 > > > +/* Private login method for REE kernel clients */ > > It's worth noting that this is filtered by the TEE framework, compared > > to everything else which is treated opaquely. > > > > IIUC, you are referring to login filter in optee_os. Change to prevent > filter for this login method is part of this PR [1]. > > [1] https://github.com/OP-TEE/optee_os/pull/3082 No, I was referring to the changes in tee_ioctl_open_session() above. It's relevant for user space to know since it will be prevented from using that range of login identifiers. This will restrict the user space API, but I think the risk of breakage is minimal as OP-TEE is the only in-tree driver registering in the TEE framework. I'm not aware of any out-of-tree drivers registering. Thanks, Jens > > -Sumit > > > > +#define TEE_IOCTL_LOGIN_REE_KERNEL 0x80000000 > > > > > > /** > > > * struct tee_ioctl_param - parameter > > > -- > > > 2.7.4 > > > > > > > Thanks, > > Jens