Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp6092916rwb; Mon, 14 Nov 2022 14:17:16 -0800 (PST) X-Google-Smtp-Source: AA0mqf7sagEMYSJ8pmuyu7V9ACsywIx/J0SZKZrpvx7aqrtup4naylK75WjxtpmvlhmaMJhbN7em X-Received: by 2002:a05:6402:289e:b0:460:7413:5d46 with SMTP id eg30-20020a056402289e00b0046074135d46mr12826159edb.47.1668464236574; Mon, 14 Nov 2022 14:17:16 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668464236; cv=none; d=google.com; s=arc-20160816; b=CZkTFGaUmGbdhnzZFtbUvjnQ50Bi+Ky9OSUiBx/0QFd/aBnIngnThsJac5dcKb1O3/ LTZgblg0Dwh4JX6jQ9ThlhbuwNHBlZkL0wS2GAwOhrU6J67HGCf43fQXeaYDVhg7esyk +qTwCTKHEV3VZ6pAtg/UEh91+zgo6KK194fWkwCiVPn7qjVAnyD3zE0XyrqI42FxzysO yBWqp84vh7HkmBsuMMVvg1gFgC+00dyRfniR8JekvDFWjNNeOdikj1IMEGIDWC2rJQcH 3aJrBPrtuGRtQgogMiielZKe1coqzY2q1aX/45ZE9DYl8pjvkJHjSwZ3EAPP8wTA+tei xJhQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=u5c3d/R+hycXfam13b38ezR7QlhNG6bgVdrzTMUaN84=; b=bavX3OpwRhj4pbG/gJtf0d3S8SIoVJWHLd4RbX0ErgmMj1yPRDqvi4v4XPXrJHMVIk jWHcgjmlAyftqdow9AxYL98NO65dLJ61UMNn7HO8yllupbeN7tmQaqj6jIuoZQLSjDNj D1hF15J1sxWIL+doauULXFr/vDsKb1dY3/GuR9WDiz9/VDPOZfGWUPcbvZa6nLCcNXum G9mWqqL4x3g/D4vVY2onhU21TrUkexC2RNho+a0ZU4cL98OCz1ikS3G+DwPkL21ypYLn ktXXDbBtFSCs3Mg0WgCfdGKpLlNh5LTRfIE9hFeXHy6EkRVLugjhpChKO3pX//rR1n4g x8pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=gLgG3OpN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hc31-20020a170907169f00b007ae8a4b03d7si10119975ejc.973.2022.11.14.14.16.54; Mon, 14 Nov 2022 14:17:16 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=gLgG3OpN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237113AbiKNVMG (ORCPT + 88 others); Mon, 14 Nov 2022 16:12:06 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237580AbiKNVMD (ORCPT ); Mon, 14 Nov 2022 16:12:03 -0500 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67189B08 for ; Mon, 14 Nov 2022 13:12:02 -0800 (PST) Received: by mail-lf1-x12b.google.com with SMTP id s8so4278583lfc.8 for ; Mon, 14 Nov 2022 13:12:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=u5c3d/R+hycXfam13b38ezR7QlhNG6bgVdrzTMUaN84=; b=gLgG3OpNKby3lv5oeGlMTQIBqbd4rH+hf5lU9WR9tNVSZhRpz8Eg+IiiKlc5MmvGud jqZKDAXH6MxopShoaNjBJIU6NrYJTcIFmDf50fztvHW3i88Hn+h8rFsjBuLSS8Huh4Tw Wb76NZ8CKNxc3c/Kayxyjg9WhaYMPp9jcDs5kvGrsnZ+tTyhuKYf8ANzuEEeNE5q/Cms T1+S0GxM1LplONxje+wQ9NsRyhavaQf/LRyRsRRKSgIAEJ+myBf+MgVjK7lQgcnK7++b pYknsRlYqNh6ArZsj0KEtYqVZ74/f+v6kypIxZ0qzTN3XMp6J6hzcBNIIgrNLn/Gx5hY wqzg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=u5c3d/R+hycXfam13b38ezR7QlhNG6bgVdrzTMUaN84=; b=ZzcWbunHiOEhxP6oDWsaOWsG8ljvAnjjFnjYDK46bC4b7MAMSt1l48o1PeCtBHsWtz /J/8YQ5leK+qKgh8VzrAnpDnQ9AwYKUwLg6Pbil9rmeokNAiB3FHyJLgEnkweh5dwpj0 WsHoquNwvh8WoHykp0sOyBMz0Y2/y8GbLITKXniMJl0iJtMeZFQO/pMtPwDihwOdM43Y p+AlkhqTedEebbDTXu2iGQIrnY6KqRSp3jAwjnJTaYNOLN/D6lGEnuhlGi1j5P1TymTW IcEjlbJfmbzjW8zhFmkSY6dtNA3abdlDuFe5dTz0TcAhnMGTK2UXMJ0anUCtHsCuZsO5 PBiw== X-Gm-Message-State: ANoB5pmPUgqbj35b426rnMQipCaaZvDe8e4mn8pEXxU3Qky2FiSdxQa2 QuxSZhnTMeyhrPHOnEThncRGdeqnhH1crc8eyUVayA== X-Received: by 2002:a05:6512:2033:b0:4b0:8a8f:8e28 with SMTP id s19-20020a056512203300b004b08a8f8e28mr4329430lfs.682.1668460320419; Mon, 14 Nov 2022 13:12:00 -0800 (PST) MIME-Version: 1.0 References: <20221103152318.88354-1-pgonda@google.com> In-Reply-To: From: Peter Gonda Date: Mon, 14 Nov 2022 14:11:48 -0700 Message-ID: Subject: Re: [PATCH V4] virt: sev: Prevent IV reuse in SNP guest driver To: Borislav Petkov Cc: thomas.lendacky@amd.com, Dionna Glaze , Michael Roth , Haowen Bai , Yang Yingliang , Marc Orr , David Rientjes , Ashish Kalra , linux-kernel@vger.kernel.org, kvm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Nov 11, 2022 at 9:46 AM Borislav Petkov wrote: > > On Thu, Nov 03, 2022 at 08:23:18AM -0700, Peter Gonda wrote: > > The ASP and an SNP guest use a series of AES-GCM keys called VMPCKs to > > ASP? > > That must be the AMD Secure Processor or so but pls write it out. > > > communicate securely with each other. The IV to this scheme is a > > sequence number that both the ASP and the guest track. Currently this > > sequence number in a guest request must exactly match the sequence > > number tracked by the ASP. This means that if the guest sees an error > > from the host during a request it can only retry that exact request or > > disable the VMPCK to prevent an IV reuse. AES-GCM cannot tolerate IV > > reuse see: > > https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/docum= ents/bcm/comments/800-38-series-drafts/gcm/joux_comments.pdf > > Right, how stable will that link be? > > IOW, perhaps quote the paper name and authors so that people can find it > on their own. > > > To handle userspace querying the cert_data length handle_guest_request(= ) > > now: saves the number of pages required by the host, retries the reques= t > > This needs to sound like this: > > "In order to address this, save the number of pages ..." > > IOW, as the docs say: > > "Describe your changes in imperative mood, e.g. "make xyzzy do frotz" > instead of "[This patch] makes xyzzy do frotz" or "[I] changed xyzzy > to do frotz", as if you are giving orders to the codebase to change > its behaviour." Thanks for detailed review. Working on cleaning up the text for a V5. > > > without requesting the extended data, then returns the number of pages > > required. > > > > Fixes: fce96cf044308 ("virt: Add SEV-SNP guest driver") > > I'm guessing this needs to go to stable? > > > Signed-off-by: Peter Gonda > > Reported-by: Peter Gonda > > Cc: Dionna Glaze > > Cc: Borislav Petkov > > Cc: Tom Lendacky > > Cc: Michael Roth > > Cc: Haowen Bai > > Cc: Yang Yingliang > > Cc: Marc Orr > > Cc: David Rientjes > > Cc: Ashish Kalra > > Cc: linux-kernel@vger.kernel.org > > Cc: kvm@vger.kernel.org > > --- > > Tested by placing each of the guest requests: attestation quote, > > extended attestation quote, and get key. Then tested the extended > > attestation quote certificate length querying. > > > > V4 > > * As suggested by Dionna moved the extended request retry logic into > > the driver. > > * Due to big change in patch dropped any reviewed-by tags. > > > > --- > > drivers/virt/coco/sev-guest/sev-guest.c | 70 +++++++++++++++++++------ > > 1 file changed, 53 insertions(+), 17 deletions(-) > > > > diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coc= o/sev-guest/sev-guest.c > > index f422f9c58ba79..7dd6337ebdd5b 100644 > > --- a/drivers/virt/coco/sev-guest/sev-guest.c > > +++ b/drivers/virt/coco/sev-guest/sev-guest.c > > @@ -41,7 +41,7 @@ struct snp_guest_dev { > > struct device *dev; > > struct miscdevice misc; > > > > - void *certs_data; > > + u8 (*certs_data)[SEV_FW_BLOB_MAX_SIZE]; > > struct snp_guest_crypto *crypto; > > struct snp_guest_msg *request, *response; > > struct snp_secrets_page_layout *layout; > > @@ -67,8 +67,27 @@ static bool is_vmpck_empty(struct snp_guest_dev *snp= _dev) > > return true; > > } > > > > +/* > > + * If we receive an error from the host or ASP we have two options. We= can > > Please use passive voice in your commit message: no "we" or "I", etc, > and describe your changes in imperative mood. > > Bottom line is: personal pronouns are ambiguous in text, especially with > so many parties/companies/etc developing the kernel so let's avoid them > please. > > > + * either retry the exact same encrypted request or we can discontinue= using the > > + * VMPCK. > > + * > > + * This is because in the current encryption scheme GHCB v2 uses AES-G= CM to > > + * encrypt the requests. The IV for this scheme is the sequence number= . GCM > > + * cannot tolerate IV reuse. > > + * > > + * The ASP FW v1.51 only increments the sequence numbers on a successf= ul > > + * guest<->ASP back and forth and only accepts messages at its exact s= equence > > + * number. > > + * > > + * So if we were to reuse the sequence number the encryption scheme is > > + * vulnerable. If we encrypt the sequence number for a fresh IV the AS= P will > > + * reject our request. > > + */ > > static void snp_disable_vmpck(struct snp_guest_dev *snp_dev) > > { > > + dev_alert(snp_dev->dev, "Disabling vmpck_id: %d to prevent IV reu= se.\n", > > + vmpck_id); > > memzero_explicit(snp_dev->vmpck, VMPCK_KEY_LEN); > > snp_dev->vmpck =3D NULL; > > } > > @@ -323,32 +342,49 @@ static int handle_guest_request(struct snp_guest_= dev *snp_dev, u64 exit_code, in > > > > /* Call firmware to process the request */ > > rc =3D snp_issue_guest_request(exit_code, &snp_dev->input, &err); > > + > > + /* > > + * If the extended guest request fails due to having to small of = a > > "... too small... " > > > + * certificate data buffer retry the same guest request without t= he > > + * extended data request. > > + */ > > + if (exit_code =3D=3D SVM_VMGEXIT_EXT_GUEST_REQUEST && > > + err =3D=3D SNP_GUEST_REQ_INVALID_LEN) { > > + const unsigned int certs_npages =3D snp_dev->input.data_n= pages; > > + > > + exit_code =3D SVM_VMGEXIT_GUEST_REQUEST; > > + rc =3D snp_issue_guest_request(exit_code, &snp_dev->input= , &err); > > + > > + err =3D SNP_GUEST_REQ_INVALID_LEN; > > Huh, why are we overwriting err here? > > > + snp_dev->input.data_npages =3D certs_npages; > > + } > > + > > if (fw_err) > > *fw_err =3D err; > > > > - if (rc) > > - return rc; > > + if (rc) { > > + dev_alert(snp_dev->dev, > > + "Detected error from ASP request. rc: %d, fw_er= r: %llu\n", > > + rc, *fw_err); > > + goto disable_vmpck; > > + } > > > > - /* > > - * The verify_and_dec_payload() will fail only if the hypervisor = is > > - * actively modifying the message header or corrupting the encryp= ted payload. > > - * This hints that hypervisor is acting in a bad faith. Disable t= he VMPCK so that > > - * the key cannot be used for any communication. The key is disab= led to ensure > > - * that AES-GCM does not use the same IV while encrypting the req= uest payload. > > - */ > > rc =3D verify_and_dec_payload(snp_dev, resp_buf, resp_sz); > > if (rc) { > > dev_alert(snp_dev->dev, > > - "Detected unexpected decode failure, disabling = the vmpck_id %d\n", > > - vmpck_id); > > - snp_disable_vmpck(snp_dev); > > - return rc; > > + "Detected unexpected decode failure from ASP. r= c: %d\n", > > + rc); > > + goto disable_vmpck; > > } > > > > /* Increment to new message sequence after payload decryption was= successful. */ > > snp_inc_msg_seqno(snp_dev); > > > > return 0; > > + > > +disable_vmpck: > > + snp_disable_vmpck(snp_dev); > > + return rc; > > } > > > > static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_= request_ioctl *arg) > > @@ -676,7 +712,7 @@ static int __init sev_guest_probe(struct platform_d= evice *pdev) > > if (!snp_dev->response) > > goto e_free_request; > > > > - snp_dev->certs_data =3D alloc_shared_pages(dev, SEV_FW_BLOB_MAX_S= IZE); > > + snp_dev->certs_data =3D alloc_shared_pages(dev, sizeof(*snp_dev->= certs_data)); > > What's that change for? > > I went searching for that ->certs_data only ot realize that it is an > array of size of SEV_FW_BLOB_MAX_SIZE elems. Do you want this change reverted? I liked the extra readability of the sizeof(*snp_dev->certs_data) but its unnecessary for this change. > > Thx. > > -- > Regards/Gruss, > Boris. > > SUSE Software Solutions Germany GmbH > GF: Ivo Totev, Andrew Myers, Andrew McDonald, Martje Boudien Moerman > (HRB 36809, AG N=C3=BCrnberg)