Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp479831ybh; Thu, 12 Mar 2020 05:40:43 -0700 (PDT) X-Google-Smtp-Source: ADFU+vugVS4kA4YBu4ymxpYE28DXh/vL6WV33XPU1P6CovHFonC0U7H0I/88TcGoJ/7ed4YWwlr9 X-Received: by 2002:a05:6808:301:: with SMTP id i1mr2445344oie.19.1584016843043; Thu, 12 Mar 2020 05:40:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1584016843; cv=none; d=google.com; s=arc-20160816; b=Mu0dd0vjZ1YFNyJP0a9CuWhmc+hJDkyIr/SqWad8s/wVhNOdMHD0yypTHiFutxjPQT fIDyLE+I25XKXH0C8k/hmY2yzw9T3CmtcVScZkezplmsYHJ4xgEcyZXAComTmQlBmE60 b7ePmIMAoLdrRTpG3l3nYlOdHz0oEzGT7fhHMs9tiCQJQ9c3/BC6D1N16KEFJar+U4Ep R+TLKk1DE/YoiQiPyRrVTwS2TkqzxOWIevT2DSzTKXdX2ptIWRXeONYNaDgAtUQStWd5 OJYLsP97H/riPO281L3m5RjBZct7DD3EsQAc6NdRQrWk0WThtyFoDMtvCtf2Rx5nDtkL zELw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=C+ggAMCrW//XLWezlKsXEnB8hILtiVL+on8u7qtrmcc=; b=GdU3Ivytqd5LzZl4Fgw+2rNPPBHZdZTi3w7U3jn61G8CiMaMMPL8vtByb5xh6DzJH9 MleEeKmftJx+SWVUNqiJjAAVxQWsIO8Lu8gmH6ohOzaFFEL601w/RJFJPILIImgz++Xw GM2ggp5VzsyjFGhgK3WAFpiUuyZCiGc5iBvdSd/HyAHtpLogKdJkfHV0ZoH9ZTQmjoz0 t9qrEi+EPA8dn3wuujWoU4MoUbKlNtaw5zvQFbqP8pkO3IcdORawtpICc494N+zVnFed E1xFy3JcAzHpnwqBo23cC/+muLJfVM76J51coLLE9lVE3BTZrGG40BBKvCUHdywhD2nz MqXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t2si6702otb.284.2020.03.12.05.40.31; Thu, 12 Mar 2020 05:40:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726822AbgCLMkO (ORCPT + 99 others); Thu, 12 Mar 2020 08:40:14 -0400 Received: from helcar.hmeau.com ([216.24.177.18]:60016 "EHLO fornost.hmeau.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725978AbgCLMkO (ORCPT ); Thu, 12 Mar 2020 08:40:14 -0400 Received: from gwarestrin.me.apana.org.au ([192.168.0.7] helo=gwarestrin.arnor.me.apana.org.au) by fornost.hmeau.com with smtp (Exim 4.89 #2 (Debian)) id 1jCN85-000244-Er; Thu, 12 Mar 2020 23:40:02 +1100 Received: by gwarestrin.arnor.me.apana.org.au (sSMTP sendmail emulation); Thu, 12 Mar 2020 23:40:01 +1100 Date: Thu, 12 Mar 2020 23:40:01 +1100 From: Herbert Xu To: Connor Kuehl Cc: thomas.lendacky@amd.com, davem@davemloft.net, gary.hook@amd.com, erdemaktas@google.com, rientjes@google.com, brijesh.singh@amd.com, npmccallum@redhat.com, bsd@redhat.com, linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 1/1] crypto: ccp: use file mode for sev ioctl permissions Message-ID: <20200312124001.GG28885@gondor.apana.org.au> References: <20200306172010.1213899-1-ckuehl@redhat.com> <20200306172010.1213899-2-ckuehl@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20200306172010.1213899-2-ckuehl@redhat.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Fri, Mar 06, 2020 at 09:20:10AM -0800, Connor Kuehl wrote: > Instead of using CAP_SYS_ADMIN which is restricted to the root user, > check the file mode for write permissions before executing commands that > can affect the platform. This allows for more fine-grained access > control to the SEV ioctl interface. This would allow a SEV-only user > or group the ability to administer the platform without requiring them > to be root or granting them overly powerful permissions. > > For example: > > chown root:root /dev/sev > chmod 600 /dev/sev > setfacl -m g:sev:r /dev/sev > setfacl -m g:sev-admin:rw /dev/sev > > In this instance, members of the "sev-admin" group have the ability to > perform all ioctl calls (including the ones that modify platform state). > Members of the "sev" group only have access to the ioctls that do not > modify the platform state. > > This also makes opening "/dev/sev" more consistent with how file > descriptors are usually handled. By only checking for CAP_SYS_ADMIN, > the file descriptor could be opened read-only but could still execute > ioctls that modify the platform state. This patch enforces that the file > descriptor is opened with write privileges if it is going to be used to > modify the platform state. > > This flexibility is completely opt-in, and if it is not desirable by > the administrator then they do not need to give anyone else access to > /dev/sev. > > Signed-off-by: Connor Kuehl > --- > drivers/crypto/ccp/sev-dev.c | 33 +++++++++++++++++---------------- > 1 file changed, 17 insertions(+), 16 deletions(-) Patch applied. Thanks. -- Email: Herbert Xu Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt