Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp3020766iob; Mon, 16 May 2022 11:12:26 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyVXd46+tFw6ns4lX4l5Ylx4ZCscmnqFdHcMh1rF0D+awi3CpW6wKKgZbylOswxna2JDZBB X-Received: by 2002:aa7:c38a:0:b0:42a:ab63:c5a3 with SMTP id k10-20020aa7c38a000000b0042aab63c5a3mr9273987edq.303.1652724746570; Mon, 16 May 2022 11:12:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652724746; cv=none; d=google.com; s=arc-20160816; b=a3yR4dbrkiJba/UZukSfNdXkgA+64aq8LNwB5vlfYpgpA/BVHUwEapyCQRJqpKuLa4 TSDVfHTdxlg2lM3uZop8k3Z2Z+f3b6ViiTbbIWf0kITXGW5ekhYFN5NBHISpdW9Vymvv e+22UJNXilbWsV05a3HFYiIvGdbvLS/e90P14K7XXAzZlr76p77chS3DjIXE4Xk387qY OASs1TYvNTlOPj7eUqouUFh5mGAdxwizXgZbqEMI5aakdqk+E0RS8dInq2cwuZTPZ2Eb 2GboioG8MBcJP/z7t25vlx5jJfxP0xc3/58yed/4Zn/24Q1yWdLBTe0FCuDZtvb0+P7h 8knQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=lnCWwgYB3EALSRrRxrjPf1n9pXx9oCWVrfYCKzTAm98=; b=TKZMgJSDb9rGx4TeRPt9ab/TWyOx1T8DE9wpjzztKhCv27sxGuV3XQoAk6yRXaAvH7 aujC3xt0KLlLuPKqvjv4cjUJNL2Hu4qrsEB5w/zs2eQKGLA2YbgjLs1INwFQwP9cRmI6 obHRhZ60Tztgunl6d4bqFI6lCi0zB8PRdxCshhq0oNdnkmM9HBUiryFNnyAHNJobNnCV qBTdW4PpCCPX6ZeR1wCaPUnX2Rs58xfDiazugy54WLStkmpNonHtU9pWclpqdZ/5wo7d EF0qhBqkDzdkH7BJJth+5ZfYtrh22XHkoRxss8vpv+y6rgdYyB0AyUscdCYGoACqk5gB 4gZg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=LRFEmYRB; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id hr39-20020a1709073fa700b006fe59f97bc8si55262ejc.431.2022.05.16.11.11.48; Mon, 16 May 2022 11:12:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=LRFEmYRB; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344000AbiEPRNW (ORCPT + 99 others); Mon, 16 May 2022 13:13:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46176 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229525AbiEPRNV (ORCPT ); Mon, 16 May 2022 13:13:21 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F9B431DDD for ; Mon, 16 May 2022 10:13:19 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id l19so18932487ljb.7 for ; Mon, 16 May 2022 10:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=lnCWwgYB3EALSRrRxrjPf1n9pXx9oCWVrfYCKzTAm98=; b=LRFEmYRBoMXSpZQdOYrb+Vu4h9LTz3chVOrf4UH1KxU8nXFyvtdMu7pVYlJFVaoA28 vs10OOM/ZkZJYcxCryBaEMCHKHw2HXej4fFw+R8g/vQH/Y/Hw3LQV3RMmnh/nFofdw5M QLRqxjoSob5cyi20+56fFxCYH2VhvI4CFdKx6uPeBLPJ0viAMHWjXbYBPZMeCTULCpIW 3sbY5B7SkeYkKLThbwwHnq5GI1a/R5Ld6iVANi6Oe1cTdgoxY/kY2UvexkwLPJjyOMxx 8+XHyuaZ3BAP1DLSkwbh/P94twlCLQHB3OWlK2ri1tNa2KSct7PeXJjhIyWc4rroM4L7 pa5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=lnCWwgYB3EALSRrRxrjPf1n9pXx9oCWVrfYCKzTAm98=; b=NEzab9N7v35zVeE4qnIHaOY5+C4p9NzEjVaUM8+nXmUoMKRjP8q3mGg1vNc/5KMFAq D47J1JFnGyYQ8jrOTrCA0MnpB4+yn4UExoOmbngCgTg31xUApElBPb7A7TKyUsIW3ki/ H9LsfvWShCIBbmblSwRPmiGMhrJQreBiaXeoRkh9AXq4pQZzvLp/8JiUmwORSsBhIP05 DEoD3KQzs4itrIROYut/jFVkOIEeNXKAM1okoR3xd4bua4sXFSX4mNVnwEEK2RI6p6WP EffpztEIs6pNioRj5DmyznTqfV60wLQs/F/D+jIVLVFGT1XRSsKtycwjWRVV40ROR1B8 v6fw== X-Gm-Message-State: AOAM531onjXPzsaryNH3C9DIF62MSv7qozNjEZtr+MW7nRWwhYUFbN9R ImsCWtMHvIKh0xZzMipWHhAOdq1ihgTnxOZ9J8tvCw== X-Received: by 2002:a2e:bd09:0:b0:24b:9e3:30c6 with SMTP id n9-20020a2ebd09000000b0024b09e330c6mr11544182ljq.282.1652721197296; Mon, 16 May 2022 10:13:17 -0700 (PDT) MIME-Version: 1.0 References: <20220516154512.259759-1-john.allen@amd.com> In-Reply-To: From: Peter Gonda Date: Mon, 16 May 2022 10:13:05 -0700 Message-ID: Subject: Re: [PATCH v2] crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak To: "Kalra, Ashish" Cc: "Allen, John" , Herbert Xu , Linux Crypto Mailing List , Sean Christopherson , "Lendacky, Thomas" , LKML , Andy Nguyen , David Rientjes , "stable@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, May 16, 2022 at 9:02 AM Kalra, Ashish wrote: > > [AMD Official Use Only - General] > > Hello Peter, > > -----Original Message----- > From: Peter Gonda > Sent: Monday, May 16, 2022 10:53 AM > To: Allen, John > Cc: Herbert Xu ; Linux Crypto Mailing List <= linux-crypto@vger.kernel.org>; Sean Christopherson ; Len= dacky, Thomas ; Kalra, Ashish ; LKML ; Andy Nguyen ; = David Rientjes ; stable@vger.kernel.org > Subject: Re: [PATCH v2] crypto: ccp - Use kzalloc for sev ioctl interface= s to prevent kernel memory leak > > On Mon, May 16, 2022 at 8:46 AM John Allen wrote: > > > > For some sev ioctl interfaces, input may be passed that is less than > > or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP > > firmware returns. In this case, kmalloc will allocate memory that is > > the size of the input rather than the size of the data. Since PSP > > firmware doesn't fully overwrite the buffer, the sev ioctl interfaces > > with the issue may return uninitialized slab memory. > > > > Currently, all of the ioctl interfaces in the ccp driver are safe, but > > to prevent future problems, change all ioctl interfaces that allocate > > memory with kmalloc to use kzalloc. > > > > Fixes: e799035609e15 ("crypto: ccp: Implement SEV_PEK_CSR ioctl > > command") > > Fixes: 76a2b524a4b1d ("crypto: ccp: Implement SEV_PDH_CERT_EXPORT > > ioctl command") > > Fixes: d6112ea0cb344 ("crypto: ccp - introduce SEV_GET_ID2 command") > > Cc: stable@vger.kernel.org > > Reported-by: Andy Nguyen > > Suggested-by: David Rientjes > > Suggested-by: Peter Gonda > > Signed-off-by: John Allen > > --- > > v2: > > - Add fixes tags and CC stable@vger.kernel.org > > --- > > > >static int sev_ioctl_do_platform_status(struct sev_issue_cmd *argp) { st= ruct sev_user_data_status data; int ret; > > >ret =3D __sev_do_cmd_locked(SEV_CMD_PLATFORM_STATUS, &data, &argp->error= ); if (ret) return ret; > > >if (copy_to_user((void __user *)argp->data, &data, sizeof(data))) ret = =3D -EFAULT; > > >return ret; > >} > > >Would it be safer to memset @data here to all zeros too? > > It will be, but this command/function is safe as firmware will fill in th= e whole buffer here with the PLATFORM STATUS data retuned to the user. That does seem safe for now but I thought we decided it would be prudent to not trust the PSPs implementation here and clear all the buffers that eventually get sent to userspace? > > Thanks, > Ashish