Received: by 2002:ac2:464d:0:0:0:0:0 with SMTP id s13csp3245916lfo; Sun, 22 May 2022 23:46:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwMohnScCXgP2ieuvSsl/DpiC2gkeVGzovm7JnjNDuMVe774YlYyHmR7kinb+0ndOluowVb X-Received: by 2002:a17:903:1104:b0:15f:bce:1a0c with SMTP id n4-20020a170903110400b0015f0bce1a0cmr21038438plh.149.1653288392961; Sun, 22 May 2022 23:46:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1653288392; cv=none; d=google.com; s=arc-20160816; b=0bEdQWJjwAgU2Cb58FWuDtflRU0vCyfCVLa2QmkHNXVv2HDQupypxNf0w2Rq8LmHcC IngfDGVvnYO6LgFfGmRhRHg5YgeKjGB117MWIgdwknexFn4oHL/sNzqOckVQDq0GmW83 xY+aQ0WTzIAwf9LqjG0P3ACgOt4nHrHRd0OLjxkg6sy32yAKtEfMhiVlALlW/QnPdxYw 5/pt/pjHDkfuFB4ZoyN8nWuD0bjqo7KN0lMYjlbWJ8VZp81ff3pXKyGj0V3gTz01y6J3 ACXv1DFSO85bHstFM79KgHzXgFpj6D3QcOTR3g6HTlsrNdrz4ELGXVvjqw6zbt70AmU8 hv6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=L4SbZUHV57IOdhtxt7xLH6bNMt6ZWWMzVkJzxIHiEH0=; b=Km+387fIEc0gaA6nQjTlSPK8ZDJyIRWE8bVuAP/b5tYnPv2IsGGBoTys/e8jHRS5bB AzKRO5jP2wFq26PNGRQd1/VYk9LXMSrpXc04HESmrcHzAuBHVMVqW9sDWZRiq3zLGATY J4bUjgUzQ2DVm98yulsq7LakSR0zw2QU5nGUZ6k2aUlEQgxyHddSxo2IWADFIdrHmKxe jTFzc2CwTis7Z3bautBqSIAa89v7jIq78ppo/3hr/DAUmmJVCObs5T6Gapx68o6BjIFY Hfc8hCV/19+44I4Xc/uLIf4ezuldUujqfMidurOuhUWChItdbYpM/lbJLegW9bnjFwKN pvuw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=mKhLX5Tl; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id r8-20020a635148000000b003aa6731b2c4si9574662pgl.581.2022.05.22.23.46.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 May 2022 23:46:32 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=mKhLX5Tl; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id EB7845046A; Sun, 22 May 2022 23:16:50 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233111AbiEWBY7 (ORCPT + 99 others); Sun, 22 May 2022 21:24:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1349555AbiEWBYz (ORCPT ); Sun, 22 May 2022 21:24:55 -0400 Received: from mail-pg1-x534.google.com (mail-pg1-x534.google.com [IPv6:2607:f8b0:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13389387BB for ; Sun, 22 May 2022 18:24:49 -0700 (PDT) Received: by mail-pg1-x534.google.com with SMTP id x12so12380947pgj.7 for ; Sun, 22 May 2022 18:24:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=date:from:to:cc:subject:in-reply-to:message-id:references :mime-version; bh=L4SbZUHV57IOdhtxt7xLH6bNMt6ZWWMzVkJzxIHiEH0=; b=mKhLX5Tl0/hJE/WYln3le1t/gPQuRKOiDHXpUCFFlMUfiqaQJhiCx5ESuSoqzPiwxY FXa/cYM1iJaf72An99no6KGCCFyWV/Y2vRmv9AyIf1bZRVEt0Io5RGmKrwslo9UMVfbn V3ZRIolNVAS+vrRVoHgUVKsfwMQfVoH8KJlOmRHHVgYUnelmfQuTSvoSoYfQgPYexLSb 47m/RqFJLuZB/TU+1yL9seNjlqVFWx72k1DMQFHQm/IGAOMlqlsM6TwMN6E4Wcxdc2LN MZVGrcLrcF06ZuDyy5Ed6nFp/U+N3coelcUamn32psMV6ZgaQg6mqhYx6vEjvMjCWMeE E8LQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:in-reply-to:message-id :references:mime-version; bh=L4SbZUHV57IOdhtxt7xLH6bNMt6ZWWMzVkJzxIHiEH0=; b=HSi+X+hq5VHBUP6Y36zjzSHxntPQgHTBpHLzU8t/74I0PWpsm+sZkshTd05qw291iw FocJizdGmxl5zi/HnHtqGJivmCWAZhQ+8YChf3fWAR1tKtWYBobLNJf+r86ZqBdNWss6 yCePLDybLAUA9Ynkxwzj0ej5kqldCLCL3kMJ+iKYqlr1llecyong9aD/JKvZXp6bTQqn uiw6e0WR/cgCX1eb8kL+XQSFTG9WqRiHf1aVwmR54wz1OmTqwYtxLtyb4JW9+ZU6w7Gz XRFrsxKW5QYwzfZn8TwX/Y82Q0wH1ttAUyJNhq0Cj0jSxFrvLi0TWUUYnrGkSV9J96k2 vzlw== X-Gm-Message-State: AOAM533lkliOOLtRfyAySgU1d/hzRy4bVEDds8ZEbZzfqConK3VcHbRP AOM0rAgDjAD8F2OADMEmTLmWiw== X-Received: by 2002:a05:6a00:24c6:b0:518:7e6e:ee3c with SMTP id d6-20020a056a0024c600b005187e6eee3cmr10143984pfv.15.1653269088360; Sun, 22 May 2022 18:24:48 -0700 (PDT) Received: from [2620:15c:29:204:fa22:6f61:557f:9cd2] ([2620:15c:29:204:fa22:6f61:557f:9cd2]) by smtp.gmail.com with ESMTPSA id q6-20020a17090a1b0600b001df7612950dsm5900242pjq.7.2022.05.22.18.24.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 22 May 2022 18:24:47 -0700 (PDT) Date: Sun, 22 May 2022 18:24:47 -0700 (PDT) From: David Rientjes To: John Allen cc: herbert@gondor.apana.org.au, linux-crypto@vger.kernel.org, seanjc@google.com, Thomas.Lendacky@amd.com, Ashish.Kalra@amd.com, linux-kernel@vger.kernel.org, theflow@google.com, pgonda@google.com, stable@vger.kernel.org Subject: Re: [PATCH v4] crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak In-Reply-To: <20220518153126.265074-1-john.allen@amd.com> Message-ID: <81d016a4-891c-47e6-8a85-7cd9e5661729@google.com> References: <20220518153126.265074-1-john.allen@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-9.5 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE, USER_IN_DEF_DKIM_WL autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 18 May 2022, John Allen wrote: > For some sev ioctl interfaces, input may be passed that is less than or > equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP > firmware returns. In this case, kmalloc will allocate memory that is the > size of the input rather than the size of the data. Since PSP firmware > doesn't fully overwrite the buffer, the sev ioctl interfaces with the > issue may return uninitialized slab memory. > > Currently, all of the ioctl interfaces in the ccp driver are safe, but > to prevent future problems, change all ioctl interfaces that allocate > memory with kmalloc to use kzalloc and memset the data buffer to zero > in sev_ioctl_do_platform_status. > > Fixes: 38103671aad3 ("crypto: ccp: Use the stack and common buffer for status commands") > Fixes: e799035609e15 ("crypto: ccp: Implement SEV_PEK_CSR ioctl command") > Fixes: 76a2b524a4b1d ("crypto: ccp: Implement SEV_PDH_CERT_EXPORT ioctl command") > Fixes: d6112ea0cb344 ("crypto: ccp - introduce SEV_GET_ID2 command") > Cc: stable@vger.kernel.org > Reported-by: Andy Nguyen > Suggested-by: David Rientjes > Suggested-by: Peter Gonda > Signed-off-by: John Allen Acked-by: David Rientjes Thanks John!