Message-ID: <4741f088-82dd-3bca-626f-37cb70621f34@amd.com>
Date:   Mon, 13 Mar 2023 07:49:36 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.7.1
Subject: Re: [PATCH v2] x86/mm: Fix use of uninitialized buffer in
 sme_enable()
To:     Nikita Zhandarovich <n.zhandarovich@fintech.ru>,
        Dave Hansen <dave.hansen@linux.intel.com>
Cc:     Andy Lutomirski <luto@kernel.org>,
        Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
        "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>,
        linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org
References: <20230306160656.14844-1-n.zhandarovich@fintech.ru>
Content-Language: en-US
From:   Tom Lendacky <thomas.lendacky@amd.com>
In-Reply-To: <20230306160656.14844-1-n.zhandarovich@fintech.ru>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dHFuaWJ2TGp6WUxCMFFHNjJUcGl1dDB4UWFZYzN5Y1dyUENmQTJmR09ZdU11?=
 =?utf-8?B?K3QvZnpwMWszeFJ0cmN4eE9QMlJZNURYUVhZekNEc1NQSUJnYksraWtsdEN1?=
 =?utf-8?B?SFA2aUZTS3JYV1lFdVF4ZU5PbEdWL1l3aXllaUU0TFV6RTROQWlNWGVlNkU4?=
 =?utf-8?B?RTk2QlNCcnBtVkRNTU1DTGkwd1U1MEdVYmszK0ZUN2c1T1JXdlNPSEQ5YWpR?=
 =?utf-8?B?Sm5LdFYrbjZ3RlFUek9zYmhMMjZTUVFrS1M0QTBwMTZwMEVsWUtvblRrRXRE?=
 =?utf-8?B?MlRTL09IVjFnT0c1NjdFT0JlTlBRT1orb1gvM3dIcmp6M1hkUFR1MkhQWVpT?=
 =?utf-8?B?VVVHTlpUVkw3QTZrS3MrZGZBSkdDa2ZiKzl3aC9qSy9OWHVsNjlxckR5cStu?=
 =?utf-8?B?M2IyR1dwbUZYNU40THZlZmEzNlZSWTNyalo3TVRwWTRFZmdTMEs5ZGNLSExI?=
 =?utf-8?B?QWpCZHJhYng0VnlZT2sxL3lFcE9uY1I1K1BqQnNiamNaMlRnTGdFMnFpL0xU?=
 =?utf-8?B?OW1KYjNYTEU5bzc3anU0NHJDUGZQM3lYUGMzOUQwR1lXZWtla3pnUFFQRnVJ?=
 =?utf-8?B?ZjVENndjVi9jbVpYTGI5aU5ySnZWODlsSUdMNGs5SlN6M2ZwbGZRNVBMeFlP?=
 =?utf-8?B?WjV5Nk4yS2JQYjZJNVBySnhqZ2JWRG1jelhTKytHbUZxbjJtbXpKaTJDTVJn?=
 =?utf-8?B?UHI0YkJJa3pST05EeU1maGR5c1VVTmVWVy9vRER0amlYYXhHaCtZSUp1YTJP?=
 =?utf-8?B?empBb2REWWVXMHdZOUVwMENEV0dtMlA4UUpaZXAxWGhqYmlEbnhoeHppNW1m?=
 =?utf-8?B?T0pBeHhyTjdaOUIrZGl5ZGhoaVVkTkRaaEE2am1iN0hqVkczRGhub1VrNnU4?=
 =?utf-8?B?NzBGcWYwN0FsS0JndDZpOE9TaUErdjUvZE9zRGVSL29VVVR6dkZKU1pHVkZr?=
 =?utf-8?B?bnZGUmpQc2czbFRmek0yVHJobDRtMjZCMFQ4N3JUdDZPdlUxUUMyUFlaOVc5?=
 =?utf-8?B?YU9jT2d6MWVtaVg4YXpNOFJ5U283L0E0dWJGOWMyOC9UYk5nWEpRNzFoMXls?=
 =?utf-8?B?dkNhZlBERjJzbSttMXBESXZReWM4WVBzdlByRmtqMFp6b2FYaVAybEpWdmQ4?=
 =?utf-8?B?SitzT1lxRDBZc09DakY0TDQxUEo2c1hsR2Y5a3ZtekoxczVmeUdJQ1RobGRt?=
 =?utf-8?B?K1pLcDZQSWt0U1hEVjZ1SVBrMVNERTZFVEluM1JhbENjVTNJRUszQnNIZ0lC?=
 =?utf-8?B?NFc1SWw0NW9JZFh3Z1J2aEdvT3FHTlFWSVFwcTBSQTlSTjFORkdHdHlTajR1?=
 =?utf-8?B?VzY3cXlWWFZ2b002anUzeGR6K2hkSExOSjlQRlQ3Ukl5bndZUVgxY0ZPdEp4?=
 =?utf-8?B?d1owZnEzVWdBVEdSekgrR2ZyOXNwdXNIV0FEb3YwOGs4Vk0zZ1dVaWVucUVt?=
 =?utf-8?B?N05CQkJvaW90OHN3MkxFbFhDL3ZtVklYRG1XOU16Sk5xMm1ONTZ6WlIwZnYw?=
 =?utf-8?B?bzlDWUV6Ri8zUTlST3MwR2Q5QkZSWm81UlIvUmRPOFF5MncwRUZWWnk4MStn?=
 =?utf-8?B?a2pEZlB1YXltdEp4Nnl4eXdWM0xZemRpUVJTQ0s0SDA4am12Qnh0MXZWUDYr?=
 =?utf-8?B?b0tUUXJYOHNERnVuQWd0akFYNGdPK2dPZ3Jnb3BLQ1h6c1NiMEFrbmRhUE5Q?=
 =?utf-8?B?WmJQaFFtaWxCSjg0RTd4SXJBVmZ2eXJ4RHZZQmljSFpyWUgwOHlsQ05VcDBM?=
 =?utf-8?B?cm5Oa2hWM1krMUlrUnptT0pBZzdTdWk0UDRUMytDQjVaOGZUQzBPc2srcndT?=
 =?utf-8?B?VWtkK2RwNjlZVEE1UTdVb3F3cHRSK1NZNnEzUVZhcnZKSjdUeDJXdW1BK3lN?=
 =?utf-8?B?TGpRQ0FsZzNjOUExNHRlUzdUVW9XM3ZLOExiQ0ZuUjRKRnlraFR4R1JkaGJz?=
 =?utf-8?B?L2xrT1FLWHNHYitEOHdwS2M3V3BIUTFqRFh4RXROaEpxQkFsK28veVkrSDA2?=
 =?utf-8?B?c0ZWRWszd1hRYnUvU2d3M2Z0bk5YUExaM1h3eHpUQkZ4SWVycWhmU28ybjJL?=
 =?utf-8?B?aWNlT2FzRi9LcGZBNmthOFVjVnBXR1QrNFAvYWpRbmx4NG0wZ2t2UkxMbEQ3?=
 =?utf-8?Q?ds7EJ0AuvH/OeJuoxPJ41Wbzu?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1af71c5a-30c3-4cf6-ce74-08db23c1686b
X-MS-Exchange-CrossTenant-AuthSource: DM4PR12MB5229.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Mar 2023 12:49:39.2331
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 5IJuVlG3xFr+RVD7cAiSC8e76OVt1DDpxMMzpSPe+GkiNVWghdplRoEyKsL5FmKToQC89lXK9iNKd8wGKzAM8w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR12MB8113
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 3/6/23 10:06, Nikita Zhandarovich wrote:
> cmdline_find_option() may fail before doing any initialization of
> buffer array. This may lead to unpredictable results when the same
> buffer is used later in calls to strncmp() function.
> Fix the issue by returning early if cmdline_find_option() returns -1.
> 
> Found by Linux Verification Center (linuxtesting.org) with static analysis
> tool SVACE.
> 
> Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>

Acked-by: Tom Lendacky <thomas.lendacky@amd.com>

> ---
> v2: per Borislav Petkov's <bp@alien8.de> remarks:
> - return early if cmdline_find_options() fails with -1 instead of zeroing out
> buffer;
> - use correct Fixes: commit hash
> 
>   arch/x86/mm/mem_encrypt_identity.c | 3 ++-
>   1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/arch/x86/mm/mem_encrypt_identity.c b/arch/x86/mm/mem_encrypt_identity.c
> index 88cccd65029d..c6efcf559d88 100644
> --- a/arch/x86/mm/mem_encrypt_identity.c
> +++ b/arch/x86/mm/mem_encrypt_identity.c
> @@ -600,7 +600,8 @@ void __init sme_enable(struct boot_params *bp)
>   	cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
>   				     ((u64)bp->ext_cmd_line_ptr << 32));
>   
> -	cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
> +	if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
> +		return;
>   
>   	if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
>   		sme_me_mask = me_mask;