Received: by 2002:a05:7412:2a8c:b0:e2:908c:2ebd with SMTP id u12csp2236103rdh; Tue, 26 Sep 2023 17:47:16 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEDgX9w9puvJOcADBKQOth435v6ypc4uZ7NE2unkVlsHUhuDhh6n0WHNkihpoIw5JwEryBF X-Received: by 2002:a05:6808:2196:b0:3a7:7d4:4f91 with SMTP id be22-20020a056808219600b003a707d44f91mr797720oib.14.1695775636307; Tue, 26 Sep 2023 17:47:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1695775636; cv=none; d=google.com; s=arc-20160816; b=UiFregE02pR5pOXwr9/Oi1NGiejEG6gs2YlmNO01s6Jr1IrKYNC+G0aH6ltFHDSNf8 Cfh6T9a4ureRaPhClMJsMuT5rp+0n1cMOqrTfGg0XpDbUsRelO8C75/+TquWzxNCcpRk LeQIChhNlKjrgzyzq0jlXHx2SDg3i6G0m+Ztnu5QS/LScDOhsXrlIgazbXCST3cT1gDA auqTneLG4VkxHD3U1sHjRHVCuszEzi6oIR5DMf1+8AUiCynGQsB49LCiSwBRtSmYixqh d/+bRhSkGZ/jiVW7aRQleXMTBT4ADn6e4o/0mKodxIrtXgnWFR5rJYpMbwVCf0vunTqb 7kSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=0I47wdzmNknsoXtXVPXH/wlSpDg9MP5Oi6LifpdKr1A=; fh=YUWZLIgR3XDJZZctZ42bTsEgBE4TlgNlH2Ubbe+yTDA=; b=loQts1hiSupL2k1GOiOtgyysLJDNDIyDluCcgmzx6e+GwkjHY/Llf+Zgv7/Ei4s1c0 BNEJfFy0SzXnyLBFA6RpzVU8zfFTCALzSaGt4rGetRwedlEMrpSgtdLFQH3pVmifhY5e 3XiyMmH5HR1EZ6xrSqBFmPyjXwWce+rrjzXYbKMiJAKCe7YbFYOYFZvKnb9XHpDYma7/ m2riper/FgctVtxkM8EByQSijrGjqVNHx9/4VXrcoCpzD1mKYzU6AC2B9ScgnTqTdm+4 mLF0LcsXriiEOVEon9xPn9nvE6nc/bechBZqIBIP/8X5S4OstM72xW2PLemQYiob7bhf 9otA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SJOojPok; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id by6-20020a056a00400600b0068fc2f7cef3si13341157pfb.358.2023.09.26.17.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 26 Sep 2023 17:47:16 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=SJOojPok; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id CF06A817ABC5; Tue, 26 Sep 2023 11:52:02 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235619AbjIZSwC (ORCPT + 99 others); Tue, 26 Sep 2023 14:52:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235600AbjIZSwA (ORCPT ); Tue, 26 Sep 2023 14:52:00 -0400 Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62F02EB for ; Tue, 26 Sep 2023 11:51:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1695754313; x=1727290313; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=+wegRiDNb1yF2vfkhuGSgAT8xvEdawKiGzYPeZlEWX4=; b=SJOojPok+AKhuBqRJm/HN08r0MXUAsXTZwfuGibY4Wfh4g1WlqCRwbEW 7zsNyC1BWzTWW4TE+WBSw6MPlLFjeb6evu3yOkWLfBawOeLQ5YbvS5aIr OueCmf5WcoV2UFhCnxzDkWEFzh0V/1RHnU/eblcZoDSBHq3nh38KFVXLX liJPIop47IHDT1Rs9cpYyfP0sxjj5sHIFQMEkE2mRHvMk3iZ/GlCOQC5S BhEYWDcPqJm6wQ0MxbOJHivhCbW/smciy1rItTYCRwOq4Y7hQwvS0LzT9 3DfSjWnzV4KQL+sv/DmUPr8S/YCgSjaBJ53wxJ9kysH7QBfb0pHZ32RFs A==; X-IronPort-AV: E=McAfee;i="6600,9927,10845"; a="361023656" X-IronPort-AV: E=Sophos;i="6.03,178,1694761200"; d="scan'208";a="361023656" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmsmga106.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Sep 2023 11:51:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10845"; a="892314054" X-IronPort-AV: E=Sophos;i="6.03,178,1694761200"; d="scan'208";a="892314054" Received: from cchiu4-mobl.gar.corp.intel.com (HELO [10.212.145.91]) ([10.212.145.91]) by fmsmga001-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Sep 2023 11:50:46 -0700 Message-ID: <14b8f8f9-0dac-4745-ac81-4c52631784e7@linux.intel.com> Date: Tue, 26 Sep 2023 11:51:51 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH v4 3/6] virt: sevguest: Prep for kernel internal {get, get_ext}_report() Content-Language: en-US To: Dan Williams , linux-coco@lists.linux.dev Cc: Borislav Petkov , Tom Lendacky , Dionna Glaze , Brijesh Singh , peterz@infradead.org, linux-kernel@vger.kernel.org, x86@kernel.org, dave.hansen@linux.intel.com References: <169570181657.596431.6178773442587231200.stgit@dwillia2-xfh.jf.intel.com> <169570183602.596431.6477217304734993370.stgit@dwillia2-xfh.jf.intel.com> From: Kuppuswamy Sathyanarayanan In-Reply-To: <169570183602.596431.6477217304734993370.stgit@dwillia2-xfh.jf.intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 26 Sep 2023 11:52:03 -0700 (PDT) On 9/25/2023 9:17 PM, Dan Williams wrote: > In preparation for using the configs-tsm facility to convey attestation > blobs to userspace, switch to using the 'sockptr' api for copying > payloads to provided buffers where 'sockptr' handles user vs kernel > buffers. > > While configfs-tsm is meant to replace existing confidential computing > ioctl() implementations for attestation report retrieval the old ioctl() > path needs to stick around for a deprecation period. > > No behavior change intended. > > Cc: Borislav Petkov > Cc: Tom Lendacky > Cc: Dionna Glaze > Cc: Brijesh Singh > Signed-off-by: Dan Williams > --- Looks good to me. Reviewed-by: Kuppuswamy Sathyanarayanan > drivers/virt/coco/sev-guest/sev-guest.c | 50 ++++++++++++++++++++----------- > 1 file changed, 33 insertions(+), 17 deletions(-) > > diff --git a/drivers/virt/coco/sev-guest/sev-guest.c b/drivers/virt/coco/sev-guest/sev-guest.c > index 97dbe715e96a..c3c9e9ea691f 100644 > --- a/drivers/virt/coco/sev-guest/sev-guest.c > +++ b/drivers/virt/coco/sev-guest/sev-guest.c > @@ -19,6 +19,7 @@ > #include > #include > #include > +#include > #include > #include > > @@ -470,7 +471,13 @@ static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, > return 0; > } > > -static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) > +struct snp_req_resp { > + sockptr_t req_data; > + sockptr_t resp_data; > +}; > + > +static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg, > + struct snp_req_resp *io) > { > struct snp_guest_crypto *crypto = snp_dev->crypto; > struct snp_report_resp *resp; > @@ -479,10 +486,10 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io > > lockdep_assert_held(&snp_cmd_mutex); > > - if (!arg->req_data || !arg->resp_data) > + if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) > return -EINVAL; > > - if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) > + if (copy_from_sockptr(&req, io->req_data, sizeof(req))) > return -EFAULT; > > /* > @@ -501,7 +508,7 @@ static int get_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_io > if (rc) > goto e_free; > > - if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) > + if (copy_to_sockptr(io->resp_data, resp, sizeof(*resp))) > rc = -EFAULT; > > e_free: > @@ -550,22 +557,25 @@ static int get_derived_key(struct snp_guest_dev *snp_dev, struct snp_guest_reque > return rc; > } > > -static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) > +static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg, > + struct snp_req_resp *io) > + > { > struct snp_guest_crypto *crypto = snp_dev->crypto; > struct snp_ext_report_req req; > struct snp_report_resp *resp; > int ret, npages = 0, resp_len; > + sockptr_t certs_address; > > lockdep_assert_held(&snp_cmd_mutex); > > - if (!arg->req_data || !arg->resp_data) > + if (sockptr_is_null(io->req_data) || sockptr_is_null(io->resp_data)) > return -EINVAL; > > - if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) > + if (copy_from_sockptr(&req, io->req_data, sizeof(req))) > return -EFAULT; > > - /* userspace does not want certificate data */ > + /* caller does not want certificate data */ > if (!req.certs_len || !req.certs_address) > goto cmd; > > @@ -573,8 +583,13 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques > !IS_ALIGNED(req.certs_len, PAGE_SIZE)) > return -EINVAL; > > - if (!access_ok((const void __user *)req.certs_address, req.certs_len)) > - return -EFAULT; > + if (sockptr_is_kernel(io->resp_data)) { > + certs_address = KERNEL_SOCKPTR((void *)req.certs_address); > + } else { > + certs_address = USER_SOCKPTR((void __user *)req.certs_address); > + if (!access_ok(certs_address.user, req.certs_len)) > + return -EFAULT; > + } > > /* > * Initialize the intermediate buffer with all zeros. This buffer > @@ -604,21 +619,19 @@ static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_reques > if (arg->vmm_error == SNP_GUEST_VMM_ERR_INVALID_LEN) { > req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT; > > - if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req))) > + if (copy_to_sockptr(io->req_data, &req, sizeof(req))) > ret = -EFAULT; > } > > if (ret) > goto e_free; > > - if (npages && > - copy_to_user((void __user *)req.certs_address, snp_dev->certs_data, > - req.certs_len)) { > + if (npages && copy_to_sockptr(certs_address, snp_dev->certs_data, req.certs_len)) { > ret = -EFAULT; > goto e_free; > } > > - if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp))) > + if (copy_to_sockptr(io->resp_data, resp, sizeof(*resp))) > ret = -EFAULT; > > e_free: > @@ -631,6 +644,7 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long > struct snp_guest_dev *snp_dev = to_snp_dev(file); > void __user *argp = (void __user *)arg; > struct snp_guest_request_ioctl input; > + struct snp_req_resp io; > int ret = -ENOTTY; > > if (copy_from_user(&input, argp, sizeof(input))) > @@ -651,15 +665,17 @@ static long snp_guest_ioctl(struct file *file, unsigned int ioctl, unsigned long > return -ENOTTY; > } > > + io.req_data = USER_SOCKPTR((void __user *)input.req_data); > + io.resp_data = USER_SOCKPTR((void __user *)input.resp_data); > switch (ioctl) { > case SNP_GET_REPORT: > - ret = get_report(snp_dev, &input); > + ret = get_report(snp_dev, &input, &io); > break; > case SNP_GET_DERIVED_KEY: > ret = get_derived_key(snp_dev, &input); > break; > case SNP_GET_EXT_REPORT: > - ret = get_ext_report(snp_dev, &input); > + ret = get_ext_report(snp_dev, &input, &io); > break; > default: > break; > > -- Sathyanarayanan Kuppuswamy Linux Kernel Developer