Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp1158989iob; Thu, 28 Apr 2022 21:36:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzvEMkP2jC0WT+UUk01zdOhN9Yt9KbsWdF1xl55PHTZ0ynMCtEx5UORVXeOuBHBgE7VdTxk X-Received: by 2002:a05:6512:4003:b0:472:10b7:a309 with SMTP id br3-20020a056512400300b0047210b7a309mr13747059lfb.452.1651207017369; Thu, 28 Apr 2022 21:36:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1651207017; cv=none; d=google.com; s=arc-20160816; b=zOWPRC5v+V6FkJMs+v9ioSKi4fIXfjoEm6jCjbf4aYFAAHIOuKqqtBiKH3veWTeNaB Xf+G3xQ3J/IXkW7rCLal/+ki6X4A2JRyUiOoTWKfcAE/urhDDptgHY21Ly3GG/ToKe24 V8JSdksI6QDoJiwhpEhH+bRQ1KdNf61W2FY0qw9bou6gqCacaPcacBYttYIDiDZdw2H7 6Mkaau764+cqUO9mb70c7c38BCq9LrY+C5dpdt75iyNslpSnV2Sxu7lLLjRkAPG4sX2J WWJSj0PzWI+zLPCSlHTXBH/W3cwy/AWe2+1//4fBRT8+pUfRbf/+D7rHrE1AKvm2u77u s2PQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=EsNsg8EauWEL29++/mUUWJlPTSHzrfQjwpW0zMDmrLk=; b=mMr/DH161QEMe6SgL3Xsj72JmmikkViwHRtrcDDRhY4zhdrpJ5iqr8UZGvUzm39Cjq 8kY+692AXTwv8Qbgmd8sYCt8UvnR6+I7Z3yW81BDAyoznFjh9SuVOLZJxqdGoJV7vJPK BRB1a3mQeYsoJhLtjCjnl3mDEtWyODrHb8tVSChkiFuQDGvO1Z5Q0TiWNVetpajFwxNX xCNQHRKJbIMRcUGdoohCqWEOdj6zWK5R59e08EgWko8yxfcBzaQrqccFX+EEO8rmGHFE F6RewWu/sUpFXz+Aj187coDDcxarDIXxpvh4htCdOV2AGeo7nhEcWxNa/cnNbKbqX61R JMGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fkMdJCnD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o12-20020a2e9b4c000000b0024f0e089301si5646611ljj.279.2022.04.28.21.36.27; Thu, 28 Apr 2022 21:36:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fkMdJCnD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1350590AbiD1Rsg (ORCPT + 99 others); Thu, 28 Apr 2022 13:48:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1350586AbiD1Rsf (ORCPT ); Thu, 28 Apr 2022 13:48:35 -0400 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9A42685643 for ; Thu, 28 Apr 2022 10:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1651167919; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=EsNsg8EauWEL29++/mUUWJlPTSHzrfQjwpW0zMDmrLk=; b=fkMdJCnDslxlvNrBui21U51OsELAnD7pimEPvybt6mT44nBKB1VyFI3IUWZQHlrbDJpcg6 d6bZVUC5b3nfoJGwZfHtNhqhfuo0+8ZvGuzxoQVyZp8jk9gT9gTL2ITMfyRiZWqZ8bgdOi bf5cuWyYTP517ssiPhJ9oxcQyDxB+hM= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-168-3AaWlVDlMRWYASuPlPqqvA-1; Thu, 28 Apr 2022 13:45:16 -0400 X-MC-Unique: 3AaWlVDlMRWYASuPlPqqvA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id A521A800882; Thu, 28 Apr 2022 17:45:15 +0000 (UTC) Received: from fedora (unknown [10.22.33.56]) by smtp.corp.redhat.com (Postfix) with SMTP id 40423C2813D; Thu, 28 Apr 2022 17:45:13 +0000 (UTC) Date: Thu, 28 Apr 2022 14:45:12 -0300 From: Wander Lairson Costa To: Kuppuswamy Sathyanarayanan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H . Peter Anvin" , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Kai Huang , linux-kernel@vger.kernel.org Subject: Re: [PATCH v4 1/3] x86/tdx: Add TDX Guest attestation interface driver Message-ID: References: <20220422233418.1203092-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220422233418.1203092-2-sathyanarayanan.kuppuswamy@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220422233418.1203092-2-sathyanarayanan.kuppuswamy@linux.intel.com> X-Scanned-By: MIMEDefang 2.85 on 10.11.54.8 X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 22, 2022 at 04:34:16PM -0700, Kuppuswamy Sathyanarayanan wrote: [snip] > +static long tdx_get_tdreport(void __user *argp) > +{ > + void *report_buf = NULL, *tdreport_buf = NULL; > + long ret = 0, err; > + > + /* Allocate space for report data */ > + report_buf = kmalloc(TDX_REPORT_DATA_LEN, GFP_KERNEL); > + if (!report_buf) > + return -ENOMEM; > + > + /* > + * Allocate space for TDREPORT buffer (1024-byte aligned). > + * Full page alignment is more than enough. > + */ > + tdreport_buf = (void *)get_zeroed_page(GFP_KERNEL); Maybe we should add BUILD_BUG_ON(TDX_TDREPORT_LEN > PAGE_SIZE) > + if (!tdreport_buf) { > + ret = -ENOMEM; > + goto tdreport_failed; > + } > + > + /* Copy report data to kernel buffer */ > + if (copy_from_user(report_buf, argp, TDX_REPORT_DATA_LEN)) { > + ret = -EFAULT; > + goto tdreport_failed; > + } > + > + /* Generate TDREPORT using report data in report_buf */ > + err = tdx_mcall_tdreport(tdreport_buf, report_buf); > + if (err) { > + /* If failed, pass TDCALL error code back to user */ > + ret = put_user(err, (long __user *)argp); The assigment to ret is useless here > + ret = -EIO; > + goto tdreport_failed; > + } > + > + /* Copy TDREPORT data back to user buffer */ > + if (copy_to_user(argp, tdreport_buf, TDX_TDREPORT_LEN)) > + ret = -EFAULT; > + > +tdreport_failed: > + kfree(report_buf); > + if (tdreport_buf) > + free_pages((unsigned long)tdreport_buf, 0); > + > + return ret; > +} > + > +static long tdx_attest_ioctl(struct file *file, unsigned int cmd, > + unsigned long arg) > +{ > + void __user *argp = (void __user *)arg; > + long ret = 0; > + > + switch (cmd) { > + case TDX_CMD_GET_TDREPORT: > + ret = tdx_get_tdreport(argp); > + break; > + default: > + pr_err("cmd %d not supported\n", cmd); Shouldn't we add "ret = -EINVAL" here? > + break; > + } > + > + return ret; > +} > + > +static const struct file_operations tdx_attest_fops = { > + .owner = THIS_MODULE, > + .unlocked_ioctl = tdx_attest_ioctl, > + .llseek = no_llseek, > +}; > + > +static int tdx_attest_probe(struct platform_device *attest_pdev) > +{ > + struct device *dev = &attest_pdev->dev; > + long ret = 0; > + > + /* Only single device is allowed */ > + if (pdev) > + return -EBUSY; > + > + pdev = attest_pdev; > + > + miscdev.name = DRIVER_NAME; > + miscdev.minor = MISC_DYNAMIC_MINOR; > + miscdev.fops = &tdx_attest_fops; > + miscdev.parent = dev; > + > + ret = misc_register(&miscdev); > + if (ret) { > + pr_err("misc device registration failed\n"); > + goto failed; Why just not return error here? There is nothing to cleanup > + } > + > + pr_debug("module initialization success\n"); > + > + return 0; > + > +failed: > + misc_deregister(&miscdev); The only way to get here is if misc_register fails, so we don't need this call here. > + > + pr_debug("module initialization failed\n"); > + > + return ret; > +} > + > +static int tdx_attest_remove(struct platform_device *attest_pdev) > +{ > + misc_deregister(&miscdev); > + pr_debug("module is successfully removed\n"); > + return 0; > +} > + > +static struct platform_driver tdx_attest_driver = { > + .probe = tdx_attest_probe, > + .remove = tdx_attest_remove, > + .driver = { > + .name = DRIVER_NAME, > + }, > +}; > + > +static int __init tdx_attest_init(void) > +{ > + int ret; > + > + /* Make sure we are in a valid TDX platform */ > + if (!cpu_feature_enabled(X86_FEATURE_TDX_GUEST)) > + return -EIO; > + > + ret = platform_driver_register(&tdx_attest_driver); > + if (ret) { > + pr_err("failed to register driver, err=%d\n", ret); > + return ret; > + } > + > + pdev = platform_device_register_simple(DRIVER_NAME, -1, NULL, 0); pdev is assigned here and in the probe function. Is it correct? > + if (IS_ERR(pdev)) { > + ret = PTR_ERR(pdev); > + pr_err("failed to allocate device, err=%d\n", ret); > + platform_driver_unregister(&tdx_attest_driver); > + return ret; > + } > +