Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp7750456rwl; Fri, 30 Dec 2022 14:02:30 -0800 (PST) X-Google-Smtp-Source: AMrXdXvb3XqBdXerFGtavl+gWmP4O/qOcmn6Tfpb68qbQ48jl0ZvCDb2V9/17QDYiLqazYveVQn9 X-Received: by 2002:a05:6a00:a1d:b0:581:73c4:f0bb with SMTP id p29-20020a056a000a1d00b0058173c4f0bbmr16931560pfh.2.1672437749742; Fri, 30 Dec 2022 14:02:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672437749; cv=none; d=google.com; s=arc-20160816; b=D6Aw2iw0s7cHEVNXvUYnEZxCT2/8unSDlBrA3M9LAHurtFu2/LT1i8yyBa594Z7ivp Zm1TBOPyNAnkzuLvVofsK3OokRAngcc1Hfnh8AQ8zpvCVoPBU+vq5ivmX59xAoJgkcfX EURn3xkmKV+1CJQQMm3pcmIxTYYURdpWagtm4nSQI4V98TlX7jnHZLqVnOjcqk2wzvq7 MWcPbyubXHpENPbNWTg1KlbhlTfslM8d04Wacb151tx9W8iffYI3UcdfFxaVN8Bhg4dv 60C+WhoC4KqdDHqU5VXfuNqBb4KxA2oLWXxgCkReHMhl8Ee/Mpp7foDcucdY7KrtQTxU XXmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=DQYLGAH0uGXo3xlMz5nVls5ASt4VNqU9CWQhF48EYvw=; b=aSIq1wGO5Illv0qDsnbDKiCVGJRVQuOAKrlOAywvOjESArDpXri8zQ2gBHs5f6kr8W eMm+vCl2Spw65KtbI30n5+QHGGDMWzcPLyTOevPuHPqHIuwyiv8zWEbl7IxFNKaeLlRx jXjDiO1ZLRlxWIem3UW8hCc47wkoVYTbEXI0ptCHNsPAlkIbQUfD9Jy3JrO5WRIvxEEj uSrxMQIgk/WvU7NrtX9J45R4g4EMBJJdHzN/JlzH2/6R85npd3Ll3JspqIet9pCrcsqg 36Vc7DvD2/RhtOgel6+iTX5TSNoEsYKOHM+s0oVtT0LdPBxdLtzggAwd1RXGdkiWWieW 0DiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jOFraJc2; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f20-20020a056a001ad400b00576ad2ad835si22765837pfv.13.2022.12.30.14.02.09; Fri, 30 Dec 2022 14:02:29 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=jOFraJc2; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230468AbiL3WBK (ORCPT + 99 others); Fri, 30 Dec 2022 17:01:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46356 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231174AbiL3WBI (ORCPT ); Fri, 30 Dec 2022 17:01:08 -0500 Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D70BD19C37 for ; Fri, 30 Dec 2022 14:01:06 -0800 (PST) Received: by mail-pj1-x102f.google.com with SMTP id fy4so23623891pjb.0 for ; Fri, 30 Dec 2022 14:01:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=DQYLGAH0uGXo3xlMz5nVls5ASt4VNqU9CWQhF48EYvw=; b=jOFraJc2+le2FfTl9+hl81vOAbgJL9wX3Ldrv9YY+Gu/AxmtD+bQtclTHwnTGgH27A BVgmvTTbPItZ5UYgTIKhy5tzqyLIBe5JtpltE5LFgZr8kwMR28Mj8I8kEcPJC/vvtnLb ohnaHo1wEWqxF/beEMnmqoUoVT8oHOP73zM6s1VE/TUIYTqbG5k/Vn7cJIJC3jmdG5M+ IQP4ojENssjjADyCnE40YNMpAIZQVU+6IGsNiZVKUVyv3nOsgB+u3UUg7okJzREaaB6s uYmVb5ffLAbJl/HtlLZj7TCY+kTUVU9+SEK+5gmpEznsAaSXXeA7hDJhlsEbSkbGVdD4 4xcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=DQYLGAH0uGXo3xlMz5nVls5ASt4VNqU9CWQhF48EYvw=; b=DkWTJoR/dc6CIHb6Vlh6hy02R+bOk60AaA313Tbv9bCjfs0ehAdPBAmNchGhZTipAv 9U6DCZS62EqRqH7PBnr1jWnGtaZAzwrvnCZdQ4cGvDzIpmfEBnKn5x7f2G3xhkZ/T9yW PSFv9h1N2uIhpEBbGcm13Cfq1r9/tt4Wy+wql/hL2JPaOgJWJnWE92h8Dqg790jdwhCF YFzpqeXq3PISQzR+YIG2y2kewvJ63smsDUK3eLdTnCuOTAsU0yDBsBP6M+p4o5M7S7Mm WUgBvUAQNnTvVFv7QgnRfHm8+5PNM7BuFhCGglQDHVD1OHu7tsvJIZVtnP8nUwn8zcv+ tMOA== X-Gm-Message-State: AFqh2koAoXi9oOYhKh0A71m7ReYimnvorkOSV5CUA4cO9Sg++MkBEHTT hsA4JWYVFfbFpNhLPsU3nQDpQg== X-Received: by 2002:a17:902:d4d1:b0:189:3a04:4466 with SMTP id o17-20020a170902d4d100b001893a044466mr3420177plg.2.1672437666185; Fri, 30 Dec 2022 14:01:06 -0800 (PST) Received: from [2620:15c:29:203:8954:8b68:67ce:a964] ([2620:15c:29:203:8954:8b68:67ce:a964]) by smtp.gmail.com with ESMTPSA id g19-20020a635213000000b0044ed37dbca8sm9241470pgb.2.2022.12.30.14.01.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Dec 2022 14:01:05 -0800 (PST) Date: Fri, 30 Dec 2022 14:01:04 -0800 (PST) From: David Rientjes To: Herbert Xu cc: Peter Gonda , Andy Nguyen , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, John Allen , "Thomas . Lendacky" Subject: Re: [PATCH] crypto: ccp - Limit memory allocation in SEV_GET_ID2 ioctl In-Reply-To: Message-ID: <826b3dda-5b48-2d42-96b8-c49ccebfdfed@google.com> References: <20221214202046.719598-1-pgonda@google.com> <762d33dc-b5fd-d1ef-848c-7de3a6695557@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 28 Dec 2022, Herbert Xu wrote: > On Tue, Dec 27, 2022 at 05:42:31PM -0800, David Rientjes wrote: > > > > The goal was to be more explicit about that, but setting __GFP_NOWARN > > would result in the same functional behavior. If we're to go that route, > > it would likely be best to add a comment about the limitation. > > > > That said, if AMD would prefer this to be an EINVAL instead of a ENOMEM by > > introducing a more formal limitation on the length that can be used, that > > would be preferred so that we don't need to rely on the page allocator's > > max length to enforce this arbitrarily. > > Ideally the limit should be set according to the object that > you're trying to allocate. But if that is truly unlimited, > and you don't want to see a warning, then GFP_NOWARN seems to > fit the bill. > AMD would be able to speak authoritatively on it, but I think the length of the ID isn't to be assumed by software because it will likely change later. I don't think there's an active vulnerability with the currnet code so we can likely drop stable@vger.kernel.org for this. The kzalloc() will fail if you try to allocate over 2MB. If you try to allocate >32KB, the page allocator will attempt to reclaim but won't oom kill. If you try to allocate <=32KB, there's the potential for oom kill if nothing is reclaimable, but if memory is that scarce I think we have bigger problems. So __GFP_NOWARN will work, but I also think it's subtle enough that it warrants being coupled with a comment.