Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp697700rwd; Thu, 8 Jun 2023 06:40:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7QXSRn3dp8rekDyk3JW8ngkdox3SkcuTkYJdlthFDb8xh7VCeu/LEOY0pN+ERvzXh/O6Ut X-Received: by 2002:a05:6a21:32a3:b0:10a:ee1b:fdc4 with SMTP id yt35-20020a056a2132a300b0010aee1bfdc4mr6963578pzb.47.1686231603098; Thu, 08 Jun 2023 06:40:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686231603; cv=none; d=google.com; s=arc-20160816; b=jr711Tjuoa8iU15v9M7+hFBoUSUBoQuKfcORpxh42T9dBvJ4dtB4yf2ZmloOaCcJog DnZxDlBJyevMgfwaUWP+rwOrL2U8fnVx0/kA3GZIcxaBIE9O+f89S0xKZPFAFUBD7760 gxIjq+9gDLH69Uzy/vYGF9+9V7eeGE/VbAbxuI/azyolir3rW8TevCsZgVaKfUDjOudu CzBs78oDKx9vumtB/ln/2cxu8IG6EsQgT30wMMAggAGZ0klDRKi1/QOpwwqeTp8xbM/d NIG5MEKIf3sR1/ITc9g0pIqARzqE5CDiTmE3Mr2ouactWWOOeC4i5cG4cjUQQtvR/iMJ uplQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:references:cc:to:from:subject :message-id:date:content-transfer-encoding:mime-version :dkim-signature; bh=qI3qHTxTeVbv2r/IpKpF+xaCljvN8cUvyeoUSrAiHfc=; b=TMp7m+00pyPOCBSAUuCTRofKYYyIKMZ4qCEuZKIf211xwI4cOM7lIptffJKZgsfnOZ sNYFBMNGDPSWX5sRpd2Soc5ttfOiYzRwiubp2JH/U86sIFukgWtBXvuu/z7TxutVJkPh fqlg+VTBuMmMmaIbaXisCAVOCNFdxwyvAUKmcz2AJMqmx1gqeu090mTulZm3jvyuDdnf ztqRF2X1NYbOk82hU9/vsriu4QsLuLkPmu+gYTC9mgwHjyUdHGMWUd+0wX/yzpMoBDy4 e09ulbkDmOy2uhlAmew6J7Chve3d4sq/K9CmZUR4jzGBjh7PWsbNUE9ltFdmf87Y3sWw Vrkw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aRGDROIV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u129-20020a637987000000b0053f89d7b39esi998783pgc.346.2023.06.08.06.39.50; Thu, 08 Jun 2023 06:40:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=aRGDROIV; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236242AbjFHNPH (ORCPT + 99 others); Thu, 8 Jun 2023 09:15:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46598 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231626AbjFHNPE (ORCPT ); Thu, 8 Jun 2023 09:15:04 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4713C26BA; Thu, 8 Jun 2023 06:15:02 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id CB04264D66; Thu, 8 Jun 2023 13:15:01 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5F299C433D2; Thu, 8 Jun 2023 13:14:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1686230101; bh=VZtE+VKW+h1XVbj7XPV90Ykm87bzkFCpoZemhzMDyWU=; h=Date:Subject:From:To:Cc:References:In-Reply-To:From; b=aRGDROIVouRmiayC6Nknzppxq6tJrvGSc2gaxay2aW7MxkSL0B71zmfWVNXEJaTty +UaDZzgmzuXGhMvyr3+oW1ByxxBz+QGK11W4mkfSSUB6Fs90sVwDJdyRrHruadbBuv K0ojAJDtChTOHvwdqpy0JjWQZqrtKjf07eX7aBqlXjYxSH1ls/incQ2rRxyrwElyiq Vt3b4hbadxxO0ga1JAJW4vgWMeJBjpWNqFArgc3Mlf8ja12S9bO0mF3pKCtg5WO+8C HYDan+fkM5g8OBb+Puxwe2IqcD2uhF9zojS6owr5kbe0oaWKm6obC6TmI039EWdKWa Z6+b3anVTb9fw== Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 08 Jun 2023 16:14:56 +0300 Message-Id: Subject: Re: [PATCH] tpm: factor out the user space mm from tpm_vtpm_set_locality() From: "Jarkko Sakkinen" To: "Stefan Berger" , Cc: "Jason Gunthorpe" , "Alejandro Cabrera" , "Jarkko Sakkinen" , , "Stefan Berger" , X-Mailer: aerc 0.14.0 References: <20230530205001.1302975-1-jarkko@kernel.org> <8f15feb5-7c6e-5a16-d9b4-008b7b45b01a@linux.ibm.com> <324df0fa5ad1f0508c5f62c25dd1f8d297d78813.camel@kernel.org> <0438f5e3-ca42-343b-e79e-5f7976ec8a62@linux.ibm.com> In-Reply-To: <0438f5e3-ca42-343b-e79e-5f7976ec8a62@linux.ibm.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed May 31, 2023 at 8:01 PM EEST, Stefan Berger wrote: > > > On 5/31/23 12:32, Jarkko Sakkinen wrote: > > On Wed, 2023-05-31 at 11:20 -0400, Stefan Berger wrote: > >> > >> On 5/30/23 16:50, Jarkko Sakkinen wrote: > >>> From: Jarkko Sakkinen > >>> > >>> vtpm_proxy_fops_set_locality() causes kernel buffers to be passed to > >>> copy_from_user() and copy_to_user(). > >> > >> And what is the problem with that? Is it not working? > > It is API contract and also clearly documented in the kernel documentat= ion. > > First, vtpm_proxy_fops_set_locality() does not exist > > This may be the function that is simulating a client sending a SET_LOCAL= ITY command: > > static int vtpm_proxy_request_locality(struct tpm_chip *chip, int localit= y) > { > struct tpm_buf buf; > int rc; > const struct tpm_header *header; > struct proxy_dev *proxy_dev =3D dev_get_drvdata(&chip->dev); > > if (chip->flags & TPM_CHIP_FLAG_TPM2) > rc =3D tpm_buf_init(&buf, TPM2_ST_SESSIONS, > TPM2_CC_SET_LOCALITY); > else > rc =3D tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, > TPM_ORD_SET_LOCALITY); > if (rc) > return rc; > tpm_buf_append_u8(&buf, locality); > > proxy_dev->state |=3D STATE_DRIVER_COMMAND; > > rc =3D tpm_transmit_cmd(chip, &buf, 0, "attempting to set locality"); > > proxy_dev->state &=3D ~STATE_DRIVER_COMMAND; > > if (rc < 0) { > locality =3D rc; > goto out; > } > > header =3D (const struct tpm_header *)buf.data; > rc =3D be32_to_cpu(header->return_code); > if (rc) > locality =3D -1; > > out: > tpm_buf_destroy(&buf); > > return locality; > } > > There is nothing wrong with the buffer being passed into the tpm_transmit= _cmd function, which then causes the 'server side' to pick up the command (= =3D swtpm picks up the command): > > /** > * vtpm_proxy_fops_read - Read TPM commands on 'server side' > * > * @filp: file pointer > * @buf: read buffer > * @count: number of bytes to read > * @off: offset > * > * Return: > * Number of bytes read or negative error code > */ > static ssize_t vtpm_proxy_fops_read(struct file *filp, char __user *buf, > size_t count, loff_t *off) > { > struct proxy_dev *proxy_dev =3D filp->private_data; > size_t len; > int sig, rc; > > sig =3D wait_event_interruptible(proxy_dev->wq, > proxy_dev->req_len !=3D 0 || > !(proxy_dev->state & STATE_OPENED_FLAG)); > if (sig) > return -EINTR; > > mutex_lock(&proxy_dev->buf_lock); > > if (!(proxy_dev->state & STATE_OPENED_FLAG)) { > mutex_unlock(&proxy_dev->buf_lock); > return -EPIPE; > } > > len =3D proxy_dev->req_len; > > if (count < len || len > sizeof(proxy_dev->buffer)) { > mutex_unlock(&proxy_dev->buf_lock); > pr_debug("Invalid size in recv: count=3D%zd, req_len=3D%zd\n", > count, len); > return -EIO; > } > > rc =3D copy_to_user(buf, proxy_dev->buffer, len); > memset(proxy_dev->buffer, 0, len); > proxy_dev->req_len =3D 0; > > if (!rc) > proxy_dev->state |=3D STATE_WAIT_RESPONSE_FLAG; > > mutex_unlock(&proxy_dev->buf_lock); > > if (rc) > return -EFAULT; > > return len; > } > > This is swtpm picking up this command with its user buffer. > > So, I am not sure at this point what is wrong. > > Stefan The answer was below but in short it is that you have a function that expects __user * and you don't pass user tagged memory. Even tho it is a bug, I think cc to stable is not necessary given that it is not known to blow up anything. The main problem is that we have code that does not work according to the expectations. BR, Jarkko