Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1281738rwi; Thu, 27 Oct 2022 13:45:29 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4J6oGnwIoVbQ7SUDJeAWaBF48C3GVnDU74UOcVYF44MjR1Uj5xIdSvux0Ac1Nyr2NPVL49 X-Received: by 2002:a05:6402:90e:b0:443:ec4b:2b03 with SMTP id g14-20020a056402090e00b00443ec4b2b03mr46580546edz.71.1666903529232; Thu, 27 Oct 2022 13:45:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666903529; cv=none; d=google.com; s=arc-20160816; b=UjwhbV3/nA7jja6uk7WWNbXYXNgEpGSt4sFro0Y8AINuq6U3O+19nvnDwsxd5VgQBD c3hL70YxbIvFna5IceMVr65zjajUDjR4J45Xbion995bWEMWgZEW+ULjSwuELFYKspQW HcdzP9OpFxZR6JJYHMCm6b2fqqYkvXhV7KC7M+WSbR9K30zPdBSHRc+E5ykHu3JTnfSh AYej6gtlbRAEhK02iynlE7h86jiCODf2D4EN79VZYbwkY/fsKqMnwdHRl1rzqx7VY5ly VICmzDSNGSYJUfEQa5RSgiMninPiQVUq5W+fKi4Vgv83r+skQ2sNfwHij62cFPz32Y5c 23HA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RJhLmmsZGJ8bUFvXGrjhxjigTY7tssuM34NIcqRQJks=; b=xf0v+Q+Z0em6az8quRSUhLD25sKfZI2YROwzRikh1PPKhOYP8WvfbKWhN5kc7gxMuu GFqxive9XR/4CRkAGYzA/aBqcIBLmCZr0c7c/AOWGisF2oBJFpfizQEpaqZYXuizRXF6 12s6ptjQ9C2Qr3cl2iuZ35cBz64j9W1IVGgr/9yzEpeQamwyMGmSDTDjFNrHLaVQ7GdS IyMMEChFIqqdFAIlONbRH64JytZimxFdoEjbxuIFEFsyaCnW//1n5Te5hw/jYzgrUCRE l0YIQyjpIpsxprm+X7ghpuQGJEH6nndEJdmDhPbe+qaKdn2Xg8vxrgCxMtT74T+hnFNG 3pSw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="ko4N/Pqi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e8-20020a170906c00800b007ad8bd5b636si2111938ejz.377.2022.10.27.13.45.02; Thu, 27 Oct 2022 13:45:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b="ko4N/Pqi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236911AbiJ0UbA (ORCPT + 99 others); Thu, 27 Oct 2022 16:31:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236595AbiJ0Ua5 (ORCPT ); Thu, 27 Oct 2022 16:30:57 -0400 Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 221726D85B for ; Thu, 27 Oct 2022 13:30:56 -0700 (PDT) Received: by mail-lj1-x236.google.com with SMTP id z24so5512956ljn.4 for ; Thu, 27 Oct 2022 13:30:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=RJhLmmsZGJ8bUFvXGrjhxjigTY7tssuM34NIcqRQJks=; b=ko4N/PqiVlcVf7rPdTn90/c1YL7CHD4kbLrdcKcGWYTUUSMtlKMiKyWHA+wDDKm3Ri 9e+QndcW1iHPHRjxD1ZSz74bPfh7+NQfvegupvFlxKBAE57swePOCKRNOtu8w+V5/LIh oxfHuONcO0Ik1awpXYSMKm5/Us+dUNf4euurzQPxHHKyJd0J2aZg6aMTq63yWe/zpUHR BdwcHWaYJTXY9nY7H0cZ5ZFnP+HjhVQMyXizdrg693dGmkkh+NZ1U3pB4zQGTKXjYAq1 O+7ty+Tq6vl57BKFDpOmZSjo8wIv9q+d+D2+wILbB19dg5S/gJyRJ3rpAwvrWr8JlqCE oGcw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=RJhLmmsZGJ8bUFvXGrjhxjigTY7tssuM34NIcqRQJks=; b=jh4Gb9S0hDhcty7PJe8E4P/MKI60NIPv+Dml59fVGDCgnY+t7o2GM9runqke88RlfG sJki7WlprVRYJmvmDMUEmDGFwdX2ZnvXuvX9ENtkbv7TB4ZfkqFnrZhU9JW3dU8K9uT6 hucp2avrGMKBqNh+3MeWKctbzwegCWgofTwB63XfTzvI/bobSsJah+fAIbFtyInIfxIY ux9EP+HL4yCNgMTB3k7yLZFnXv3mt25cV2liG4set30JuJ8y/8ihgKr62VDg0IoR8Qxk 4U0+ZoYrSTTw0J5dW/OWF42FSpBuuUFejQ6rUfCozMIFgH5wAvVntuOD3vQ3kThg4KtE OfFg== X-Gm-Message-State: ACrzQf2oOulhtS+Lh7AiGEQPlCtFNoUBcJ9/q0DEnEePU73QnhO0c1Qj egFq3jarqLnO5CNSsdFcIyw9F0nmcDAwd6RNUltuKw== X-Received: by 2002:a05:651c:1a0a:b0:26f:ef12:9a42 with SMTP id by10-20020a05651c1a0a00b0026fef129a42mr20984010ljb.457.1666902654247; Thu, 27 Oct 2022 13:30:54 -0700 (PDT) MIME-Version: 1.0 References: <20221027150558.722062-1-pgonda@google.com> <20221027150558.722062-2-pgonda@google.com> <10e7e8df-69ba-c1bc-1f94-c77fe64774ab@amd.com> In-Reply-To: From: Peter Gonda Date: Thu, 27 Oct 2022 14:30:42 -0600 Message-ID: Subject: Re: [PATCH V3 1/2] virt: sev: Prevent IV reuse in SNP guest driver To: Tom Lendacky Cc: Dionna Glaze , Borislav Petkov , Michael Roth , Haowen Bai , Yang Yingliang , Marc Orr , David Rientjes , Ashish Kalra , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 27, 2022 at 2:10 PM Peter Gonda wrote: > > On Thu, Oct 27, 2022 at 12:06 PM Tom Lendacky wrote: > > > > On 10/27/22 10:05, Peter Gonda wrote: > > > The ASP and an SNP guest use a series of AES-GCM keys called VMPCKs to > > > communicate securely with each other. The IV to this scheme is a > > > sequence number that both the ASP and the guest track. Currently this > > > sequence number in a guest request must exactly match the sequence > > > number tracked by the ASP. This means that if the guest sees an error > > > from the host during a request it can only retry that exact request or > > > disable the VMPCK to prevent an IV reuse. AES-GCM cannot tolerate IV > > > reuse see: > > > https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf > > > > > > To handle userspace querying the cert_data length. Instead of requesting > > > the cert length from userspace use the size of the drivers allocated > > > shared buffer. Then copy that buffer to userspace, or give userspace an > > > error depending on the size of the buffer given by userspace. > > > > > > Fixes: fce96cf044308 ("virt: Add SEV-SNP guest driver") > > > Signed-off-by: Peter Gonda > > > Reported-by: Peter Gonda > > > Reviewed-by: Dionna Glaze > > > Cc: Borislav Petkov > > > Cc: Tom Lendacky > > > Cc: Michael Roth > > > Cc: Haowen Bai > > > Cc: Yang Yingliang > > > Cc: Marc Orr > > > Cc: David Rientjes > > > Cc: Ashish Kalra > > > Cc: linux-kernel@vger.kernel.org > > > Cc: kvm@vger.kernel.org > > > --- > > > drivers/virt/coco/sev-guest/sev-guest.c | 93 ++++++++++++++++--------- > > > 1 file changed, 62 insertions(+), 31 deletions(-) > > > > > > diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c > > > index f422f9c58ba7..8c54ea84bc57 100644 > > > --- a/drivers/virt/coco/sev-guest/sev-guest.c > > > +++ b/drivers/virt/coco/sev-guest/sev-guest.c > > > @@ -41,7 +41,7 @@ struct snp_guest_dev { > > > struct device *dev; > > > struct miscdevice misc; > > > > > > - void *certs_data; > > > + u8 (*certs_data)[SEV_FW_BLOB_MAX_SIZE]; > > > struct snp_guest_crypto *crypto; > > > struct snp_guest_msg *request, *response; > > > struct snp_secrets_page_layout *layout; > > > @@ -67,8 +67,27 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp_dev) > > > return true; > > > } > > > > > > +/* > > > + * If we receive an error from the host or ASP we have two options. We can > > > + * either retry the exact same encrypted request or we can discontinue using the > > > + * VMPCK. > > > + * > > > + * This is because in the current encryption scheme GHCB v2 uses AES-GCM to > > > + * encrypt the requests. The IV for this scheme is the sequence number. GCM > > > + * cannot tolerate IV reuse. > > > + * > > > + * The ASP FW v1.51 only increments the sequence numbers on a successful > > > + * guest<->ASP back and forth and only accepts messages at its exact sequence > > > + * number. > > > + * > > > + * So if we were to reuse the sequence number the encryption scheme is > > > + * vulnerable. If we encrypt the sequence number for a fresh IV the ASP will > > > + * reject our request. > > > + */ > > > static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) > > > { > > > + dev_alert(snp_dev->dev, "Disabling vmpck_id: %d to prevent IV reuse.\n", > > > + vmpck_id); > > > memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); > > > snp_dev->vmpck = NULL; > > > } > > > @@ -326,29 +345,29 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, in > > > if (fw_err) > > > *fw_err = err; > > > > > > - if (rc) > > > - return rc; > > > + if (rc) { > > > + dev_alert(snp_dev->dev, > > > + "Detected error from ASP request. rc: %d, fw_err: %llu\n", > > > + rc, *fw_err); > > > + goto disable_vmpck; > > > + } > > > > Realize that snp_issue_guest_request() will return -EIO in the case that > > the returned SW_EXITINFO2 value is SNP_GUEST_REQ_INVALID_LEN. So all the > > work you do below in get_ext_report() doesn't matter because you end up > > disabling the key here. > > > > So maybe this patch should be split up and parts of it added to the second > > patch (but that patch seems like it would still hit this issue because > > -EIO is still returned. > > > > Ack I see that. My testing didn't catch this since I realized I didn't > actually load any certificate data into the host. After doing so my > testing catches this bug. > > I agree with Dionna's comments on 2/2. My suggestion would be to keep > the constraint that either handle_guest_request() leaves the sequence > number in a good state or disables the VMPCK. After seeing her V4 > series I suggest we take this patch and follow up on the certificate > querying with the further changes to snp_issue_guest_request(). > Thoughts? Actually we want the V2 version of this patch, which forces userspace to use 4 pages and therefore doesn't let a short userspace request corrupt the sequence numbers.