This patch fixes a bunch of sparse warnings in sev-dev where the
__user marking is incorrectly handled.
Reported-by: kbuild test robot <[email protected]>
Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
Fixes: 76a2b524a4b1 ("crypto: ccp - introduce SEV_GET_ID2 command")
Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
Signed-off-by: Herbert Xu <[email protected]>
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 439cd737076e..aa576529283b 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -376,6 +376,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
struct sev_device *sev = psp_master->sev_data;
struct sev_user_data_pek_csr input;
struct sev_data_pek_csr *data;
+ void __user *input_address;
void *blob = NULL;
int ret;
@@ -394,7 +395,8 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
goto cmd;
/* allocate a physically contiguous buffer to store the CSR blob */
- if (!access_ok(input.address, input.length) ||
+ input_address = (void __user *)input.address;
+ if (!access_ok(input_address, input.length) ||
input.length > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
@@ -427,7 +429,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
}
if (blob) {
- if (copy_to_user((void __user *)input.address, blob, input.length))
+ if (copy_to_user(input_address, blob, input.length))
ret = -EFAULT;
}
@@ -438,7 +440,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
return ret;
}
-void *psp_copy_user_blob(u64 __user uaddr, u32 len)
+void *psp_copy_user_blob(u64 uaddr, u32 len)
{
if (!uaddr || !len)
return ERR_PTR(-EINVAL);
@@ -447,7 +449,7 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len)
if (len > SEV_FW_BLOB_MAX_SIZE)
return ERR_PTR(-EINVAL);
- return memdup_user((void __user *)(uintptr_t)uaddr, len);
+ return memdup_user((void __user *)uaddr, len);
}
EXPORT_SYMBOL_GPL(psp_copy_user_blob);
@@ -622,6 +624,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
{
struct sev_user_data_get_id2 input;
struct sev_data_get_id *data;
+ void __user *input_address;
void *id_blob = NULL;
int ret;
@@ -633,9 +636,10 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
return -EFAULT;
/* Check if we have write access to the userspace buffer */
+ input_address = (void __user *)input.address;
if (input.address &&
input.length &&
- !access_ok(input.address, input.length))
+ !access_ok(input_address, input.length))
return -EFAULT;
data = kzalloc(sizeof(*data), GFP_KERNEL);
@@ -667,8 +671,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
}
if (id_blob) {
- if (copy_to_user((void __user *)input.address,
- id_blob, data->len)) {
+ if (copy_to_user(input_address, id_blob, data->len)) {
ret = -EFAULT;
goto e_free;
}
@@ -727,6 +730,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
struct sev_user_data_pdh_cert_export input;
void *pdh_blob = NULL, *cert_blob = NULL;
struct sev_data_pdh_cert_export *data;
+ void __user *input_cert_chain_address;
+ void __user *input_pdh_cert_address;
int ret;
/* If platform is not in INIT state then transition it to INIT. */
@@ -752,16 +757,19 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
!input.cert_chain_address)
goto cmd;
+ input_pdh_cert_address = (void __user *)input.pdh_cert_address;
+ input_cert_chain_address = (void __user *)input.cert_chain_address;
+
/* Allocate a physically contiguous buffer to store the PDH blob. */
if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
+ !access_ok(input_pdh_cert_address, input.pdh_cert_len)) {
ret = -EFAULT;
goto e_free;
}
/* Allocate a physically contiguous buffer to store the cert chain blob. */
if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.cert_chain_address, input.cert_chain_len)) {
+ !access_ok(input_cert_chain_address, input.cert_chain_len)) {
ret = -EFAULT;
goto e_free;
}
@@ -797,7 +805,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
}
if (pdh_blob) {
- if (copy_to_user((void __user *)input.pdh_cert_address,
+ if (copy_to_user(input_pdh_cert_address,
pdh_blob, input.pdh_cert_len)) {
ret = -EFAULT;
goto e_free_cert;
@@ -805,7 +813,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
}
if (cert_blob) {
- if (copy_to_user((void __user *)input.cert_chain_address,
+ if (copy_to_user(input_cert_chain_address,
cert_blob, input.cert_chain_len))
ret = -EFAULT;
}
diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
index 7fbc8679145c..49d155cd2dfe 100644
--- a/include/linux/psp-sev.h
+++ b/include/linux/psp-sev.h
@@ -597,7 +597,7 @@ int sev_guest_df_flush(int *error);
*/
int sev_guest_decommission(struct sev_data_decommission *data, int *error);
-void *psp_copy_user_blob(u64 __user uaddr, u32 len);
+void *psp_copy_user_blob(u64 uaddr, u32 len);
#else /* !CONFIG_CRYPTO_DEV_SP_PSP */
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
+ Tom.
On Thu, Jun 04, 2020 at 06:09:41PM +1000, Herbert Xu wrote:
> This patch fixes a bunch of sparse warnings in sev-dev where the
> __user marking is incorrectly handled.
>
> Reported-by: kbuild test robot <[email protected]>
> Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
> Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
> Fixes: 76a2b524a4b1 ("crypto: ccp - introduce SEV_GET_ID2 command")
> Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
> Signed-off-by: Herbert Xu <[email protected]>
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 439cd737076e..aa576529283b 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -376,6 +376,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_csr input;
> struct sev_data_pek_csr *data;
> + void __user *input_address;
> void *blob = NULL;
> int ret;
>
> @@ -394,7 +395,8 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> goto cmd;
>
> /* allocate a physically contiguous buffer to store the CSR blob */
> - if (!access_ok(input.address, input.length) ||
> + input_address = (void __user *)input.address;
> + if (!access_ok(input_address, input.length) ||
> input.length > SEV_FW_BLOB_MAX_SIZE) {
> ret = -EFAULT;
> goto e_free;
> @@ -427,7 +429,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (blob) {
> - if (copy_to_user((void __user *)input.address, blob, input.length))
> + if (copy_to_user(input_address, blob, input.length))
> ret = -EFAULT;
> }
>
> @@ -438,7 +440,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> return ret;
> }
>
> -void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> +void *psp_copy_user_blob(u64 uaddr, u32 len)
> {
> if (!uaddr || !len)
> return ERR_PTR(-EINVAL);
> @@ -447,7 +449,7 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> if (len > SEV_FW_BLOB_MAX_SIZE)
> return ERR_PTR(-EINVAL);
>
> - return memdup_user((void __user *)(uintptr_t)uaddr, len);
> + return memdup_user((void __user *)uaddr, len);
> }
> EXPORT_SYMBOL_GPL(psp_copy_user_blob);
>
> @@ -622,6 +624,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> {
> struct sev_user_data_get_id2 input;
> struct sev_data_get_id *data;
> + void __user *input_address;
> void *id_blob = NULL;
> int ret;
>
> @@ -633,9 +636,10 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> return -EFAULT;
>
> /* Check if we have write access to the userspace buffer */
> + input_address = (void __user *)input.address;
> if (input.address &&
> input.length &&
> - !access_ok(input.address, input.length))
> + !access_ok(input_address, input.length))
> return -EFAULT;
>
> data = kzalloc(sizeof(*data), GFP_KERNEL);
> @@ -667,8 +671,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> }
>
> if (id_blob) {
> - if (copy_to_user((void __user *)input.address,
> - id_blob, data->len)) {
> + if (copy_to_user(input_address, id_blob, data->len)) {
> ret = -EFAULT;
> goto e_free;
> }
> @@ -727,6 +730,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> struct sev_user_data_pdh_cert_export input;
> void *pdh_blob = NULL, *cert_blob = NULL;
> struct sev_data_pdh_cert_export *data;
> + void __user *input_cert_chain_address;
> + void __user *input_pdh_cert_address;
> int ret;
>
> /* If platform is not in INIT state then transition it to INIT. */
> @@ -752,16 +757,19 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> !input.cert_chain_address)
> goto cmd;
>
> + input_pdh_cert_address = (void __user *)input.pdh_cert_address;
> + input_cert_chain_address = (void __user *)input.cert_chain_address;
> +
> /* Allocate a physically contiguous buffer to store the PDH blob. */
> if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
> - !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
> + !access_ok(input_pdh_cert_address, input.pdh_cert_len)) {
> ret = -EFAULT;
> goto e_free;
> }
>
> /* Allocate a physically contiguous buffer to store the cert chain blob. */
> if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
> - !access_ok(input.cert_chain_address, input.cert_chain_len)) {
> + !access_ok(input_cert_chain_address, input.cert_chain_len)) {
> ret = -EFAULT;
> goto e_free;
> }
> @@ -797,7 +805,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (pdh_blob) {
> - if (copy_to_user((void __user *)input.pdh_cert_address,
> + if (copy_to_user(input_pdh_cert_address,
> pdh_blob, input.pdh_cert_len)) {
> ret = -EFAULT;
> goto e_free_cert;
> @@ -805,7 +813,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (cert_blob) {
> - if (copy_to_user((void __user *)input.cert_chain_address,
> + if (copy_to_user(input_cert_chain_address,
> cert_blob, input.cert_chain_len))
> ret = -EFAULT;
> }
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index 7fbc8679145c..49d155cd2dfe 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -597,7 +597,7 @@ int sev_guest_df_flush(int *error);
> */
> int sev_guest_decommission(struct sev_data_decommission *data, int *error);
>
> -void *psp_copy_user_blob(u64 __user uaddr, u32 len);
> +void *psp_copy_user_blob(u64 uaddr, u32 len);
>
> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */
>
> --
> Email: Herbert Xu <[email protected]>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Regards/Gruss,
Boris.
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer, HRB 36809, AG Nürnberg
On 6/4/20 3:09 AM, Herbert Xu wrote:
> This patch fixes a bunch of sparse warnings in sev-dev where the
> __user marking is incorrectly handled.
>
> Reported-by: kbuild test robot <[email protected]>
> Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
> Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
> Fixes: 76a2b524a4b1 ("crypto: ccp - introduce SEV_GET_ID2 command")
> Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
> Signed-off-by: Herbert Xu <[email protected]>
Reviewed-by: Brijesh Singh <[email protected]>
thanks
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 439cd737076e..aa576529283b 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -376,6 +376,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> struct sev_device *sev = psp_master->sev_data;
> struct sev_user_data_pek_csr input;
> struct sev_data_pek_csr *data;
> + void __user *input_address;
> void *blob = NULL;
> int ret;
>
> @@ -394,7 +395,8 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> goto cmd;
>
> /* allocate a physically contiguous buffer to store the CSR blob */
> - if (!access_ok(input.address, input.length) ||
> + input_address = (void __user *)input.address;
> + if (!access_ok(input_address, input.length) ||
> input.length > SEV_FW_BLOB_MAX_SIZE) {
> ret = -EFAULT;
> goto e_free;
> @@ -427,7 +429,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (blob) {
> - if (copy_to_user((void __user *)input.address, blob, input.length))
> + if (copy_to_user(input_address, blob, input.length))
> ret = -EFAULT;
> }
>
> @@ -438,7 +440,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
> return ret;
> }
>
> -void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> +void *psp_copy_user_blob(u64 uaddr, u32 len)
> {
> if (!uaddr || !len)
> return ERR_PTR(-EINVAL);
> @@ -447,7 +449,7 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len)
> if (len > SEV_FW_BLOB_MAX_SIZE)
> return ERR_PTR(-EINVAL);
>
> - return memdup_user((void __user *)(uintptr_t)uaddr, len);
> + return memdup_user((void __user *)uaddr, len);
> }
> EXPORT_SYMBOL_GPL(psp_copy_user_blob);
>
> @@ -622,6 +624,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> {
> struct sev_user_data_get_id2 input;
> struct sev_data_get_id *data;
> + void __user *input_address;
> void *id_blob = NULL;
> int ret;
>
> @@ -633,9 +636,10 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> return -EFAULT;
>
> /* Check if we have write access to the userspace buffer */
> + input_address = (void __user *)input.address;
> if (input.address &&
> input.length &&
> - !access_ok(input.address, input.length))
> + !access_ok(input_address, input.length))
> return -EFAULT;
>
> data = kzalloc(sizeof(*data), GFP_KERNEL);
> @@ -667,8 +671,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
> }
>
> if (id_blob) {
> - if (copy_to_user((void __user *)input.address,
> - id_blob, data->len)) {
> + if (copy_to_user(input_address, id_blob, data->len)) {
> ret = -EFAULT;
> goto e_free;
> }
> @@ -727,6 +730,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> struct sev_user_data_pdh_cert_export input;
> void *pdh_blob = NULL, *cert_blob = NULL;
> struct sev_data_pdh_cert_export *data;
> + void __user *input_cert_chain_address;
> + void __user *input_pdh_cert_address;
> int ret;
>
> /* If platform is not in INIT state then transition it to INIT. */
> @@ -752,16 +757,19 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> !input.cert_chain_address)
> goto cmd;
>
> + input_pdh_cert_address = (void __user *)input.pdh_cert_address;
> + input_cert_chain_address = (void __user *)input.cert_chain_address;
> +
> /* Allocate a physically contiguous buffer to store the PDH blob. */
> if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
> - !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
> + !access_ok(input_pdh_cert_address, input.pdh_cert_len)) {
> ret = -EFAULT;
> goto e_free;
> }
>
> /* Allocate a physically contiguous buffer to store the cert chain blob. */
> if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
> - !access_ok(input.cert_chain_address, input.cert_chain_len)) {
> + !access_ok(input_cert_chain_address, input.cert_chain_len)) {
> ret = -EFAULT;
> goto e_free;
> }
> @@ -797,7 +805,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (pdh_blob) {
> - if (copy_to_user((void __user *)input.pdh_cert_address,
> + if (copy_to_user(input_pdh_cert_address,
> pdh_blob, input.pdh_cert_len)) {
> ret = -EFAULT;
> goto e_free_cert;
> @@ -805,7 +813,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
> }
>
> if (cert_blob) {
> - if (copy_to_user((void __user *)input.cert_chain_address,
> + if (copy_to_user(input_cert_chain_address,
> cert_blob, input.cert_chain_len))
> ret = -EFAULT;
> }
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index 7fbc8679145c..49d155cd2dfe 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -597,7 +597,7 @@ int sev_guest_df_flush(int *error);
> */
> int sev_guest_decommission(struct sev_data_decommission *data, int *error);
>
> -void *psp_copy_user_blob(u64 __user uaddr, u32 len);
> +void *psp_copy_user_blob(u64 uaddr, u32 len);
>
> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */
>
On 6/4/20 4:04 AM, Borislav Petkov wrote:
> + Tom.
>
> On Thu, Jun 04, 2020 at 06:09:41PM +1000, Herbert Xu wrote:
>> This patch fixes a bunch of sparse warnings in sev-dev where the
>> __user marking is incorrectly handled.
>>
>> Reported-by: kbuild test robot <[email protected]>
>> Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
>> Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
>> Fixes: 76a2b524a4b1 ("crypto: ccp - introduce SEV_GET_ID2 command")
>> Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
>> Signed-off-by: Herbert Xu <[email protected]>
Acked-by: Tom Lendacky <[email protected]>
>>
>> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
>> index 439cd737076e..aa576529283b 100644
>> --- a/drivers/crypto/ccp/sev-dev.c
>> +++ b/drivers/crypto/ccp/sev-dev.c
>> @@ -376,6 +376,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
>> struct sev_device *sev = psp_master->sev_data;
>> struct sev_user_data_pek_csr input;
>> struct sev_data_pek_csr *data;
>> + void __user *input_address;
>> void *blob = NULL;
>> int ret;
>>
>> @@ -394,7 +395,8 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
>> goto cmd;
>>
>> /* allocate a physically contiguous buffer to store the CSR blob */
>> - if (!access_ok(input.address, input.length) ||
>> + input_address = (void __user *)input.address;
>> + if (!access_ok(input_address, input.length) ||
>> input.length > SEV_FW_BLOB_MAX_SIZE) {
>> ret = -EFAULT;
>> goto e_free;
>> @@ -427,7 +429,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
>> }
>>
>> if (blob) {
>> - if (copy_to_user((void __user *)input.address, blob, input.length))
>> + if (copy_to_user(input_address, blob, input.length))
>> ret = -EFAULT;
>> }
>>
>> @@ -438,7 +440,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
>> return ret;
>> }
>>
>> -void *psp_copy_user_blob(u64 __user uaddr, u32 len)
>> +void *psp_copy_user_blob(u64 uaddr, u32 len)
>> {
>> if (!uaddr || !len)
>> return ERR_PTR(-EINVAL);
>> @@ -447,7 +449,7 @@ void *psp_copy_user_blob(u64 __user uaddr, u32 len)
>> if (len > SEV_FW_BLOB_MAX_SIZE)
>> return ERR_PTR(-EINVAL);
>>
>> - return memdup_user((void __user *)(uintptr_t)uaddr, len);
>> + return memdup_user((void __user *)uaddr, len);
>> }
>> EXPORT_SYMBOL_GPL(psp_copy_user_blob);
>>
>> @@ -622,6 +624,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
>> {
>> struct sev_user_data_get_id2 input;
>> struct sev_data_get_id *data;
>> + void __user *input_address;
>> void *id_blob = NULL;
>> int ret;
>>
>> @@ -633,9 +636,10 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
>> return -EFAULT;
>>
>> /* Check if we have write access to the userspace buffer */
>> + input_address = (void __user *)input.address;
>> if (input.address &&
>> input.length &&
>> - !access_ok(input.address, input.length))
>> + !access_ok(input_address, input.length))
>> return -EFAULT;
>>
>> data = kzalloc(sizeof(*data), GFP_KERNEL);
>> @@ -667,8 +671,7 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
>> }
>>
>> if (id_blob) {
>> - if (copy_to_user((void __user *)input.address,
>> - id_blob, data->len)) {
>> + if (copy_to_user(input_address, id_blob, data->len)) {
>> ret = -EFAULT;
>> goto e_free;
>> }
>> @@ -727,6 +730,8 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
>> struct sev_user_data_pdh_cert_export input;
>> void *pdh_blob = NULL, *cert_blob = NULL;
>> struct sev_data_pdh_cert_export *data;
>> + void __user *input_cert_chain_address;
>> + void __user *input_pdh_cert_address;
>> int ret;
>>
>> /* If platform is not in INIT state then transition it to INIT. */
>> @@ -752,16 +757,19 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
>> !input.cert_chain_address)
>> goto cmd;
>>
>> + input_pdh_cert_address = (void __user *)input.pdh_cert_address;
>> + input_cert_chain_address = (void __user *)input.cert_chain_address;
>> +
>> /* Allocate a physically contiguous buffer to store the PDH blob. */
>> if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
>> - !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
>> + !access_ok(input_pdh_cert_address, input.pdh_cert_len)) {
>> ret = -EFAULT;
>> goto e_free;
>> }
>>
>> /* Allocate a physically contiguous buffer to store the cert chain blob. */
>> if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
>> - !access_ok(input.cert_chain_address, input.cert_chain_len)) {
>> + !access_ok(input_cert_chain_address, input.cert_chain_len)) {
>> ret = -EFAULT;
>> goto e_free;
>> }
>> @@ -797,7 +805,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
>> }
>>
>> if (pdh_blob) {
>> - if (copy_to_user((void __user *)input.pdh_cert_address,
>> + if (copy_to_user(input_pdh_cert_address,
>> pdh_blob, input.pdh_cert_len)) {
>> ret = -EFAULT;
>> goto e_free_cert;
>> @@ -805,7 +813,7 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
>> }
>>
>> if (cert_blob) {
>> - if (copy_to_user((void __user *)input.cert_chain_address,
>> + if (copy_to_user(input_cert_chain_address,
>> cert_blob, input.cert_chain_len))
>> ret = -EFAULT;
>> }
>> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
>> index 7fbc8679145c..49d155cd2dfe 100644
>> --- a/include/linux/psp-sev.h
>> +++ b/include/linux/psp-sev.h
>> @@ -597,7 +597,7 @@ int sev_guest_df_flush(int *error);
>> */
>> int sev_guest_decommission(struct sev_data_decommission *data, int *error);
>>
>> -void *psp_copy_user_blob(u64 __user uaddr, u32 len);
>> +void *psp_copy_user_blob(u64 uaddr, u32 len);
>>
>> #else /* !CONFIG_CRYPTO_DEV_SP_PSP */
>>
>> --
>> Email: Herbert Xu <[email protected]>
>> Home Page: https://nam11.safelinks.protection.outlook.com/?url=http:%2F%2Fgondor.apana.org.au%2F~herbert%2F&data=02%7C01%7Cthomas.lendacky%40amd.com%7Cb8a1d59a9c134071943008d80866470a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637268582661190553&sdata=ePa5t%2BDK%2F0k9Hu573nxhLbRL15rR7yXVDek%2BiLn59q0%3D&reserved=0
>> PGP Key: https://nam11.safelinks.protection.outlook.com/?url=http:%2F%2Fgondor.apana.org.au%2F~herbert%2Fpubkey.txt&data=02%7C01%7Cthomas.lendacky%40amd.com%7Cb8a1d59a9c134071943008d80866470a%7C3dd8961fe4884e608e11a82d994e183d%7C0%7C0%7C637268582661190553&sdata=dWlePUyxRZVnH%2F6RgU%2FA8E3xwKxuJXCviXYLN1SF%2FQs%3D&reserved=0
>