Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp12486649rwl; Tue, 3 Jan 2023 15:28:26 -0800 (PST) X-Google-Smtp-Source: AMrXdXvumMkE4M3lhHUainu6ufvLwu5f9JUOMJnK/JiMp+zDmuW7vlJP0Vfr1pniB9SP5E03Wk2i X-Received: by 2002:a05:6a21:c08d:b0:af:f1d1:6f7f with SMTP id bn13-20020a056a21c08d00b000aff1d16f7fmr61828428pzc.31.1672788506639; Tue, 03 Jan 2023 15:28:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672788506; cv=none; d=google.com; s=arc-20160816; b=1LS/ngn7qPlMh+xHWHIcC11038hZ7WvTzp91Dihgl1k5+6bvghdxv0j6cCSWTjS4CI P4foee5P6jSvMij9satCZY70JoKOB0etnFGUYwkxaabRrIsddkAC7dnlezkGECaBHsKj 5VU/snfBeuIyqJAfPNn+/JC9LBzkN4NPslFpzfyHeNqBxp42gKUJzPjn0VZH7HwiudW1 Jm5g6Pw3CJMncdcMoOTee2uw6KQNpgyyjBoSXt0jlsYn6zfXcwmteYQ7j2AaF8i4DDXT lbsvpaRCRPluPNaf4ONGzrlMltmaJqca0CAp4+2YBSwM2O0H60lJ6CaTvat+k5uQubvg 79Dw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=; b=b2141/b+/wHW2Dg13FbtrSJwhrybzcGHUYTyCEhd0+wnKZQW/+LrW+mAVreL+DL8mO ociY53Kd2MX1sE2B6VCGRZx8Gr1BNwR6V50j9a5M/I63nUbHj4GBn94AX7Yzn8NkoLIo ZqCgNSsswzAtiFpEWzmBLY8sMVUJVjDbzQXbrRLMyjoxqZn/YnTK19WRx4826aRS/q4X Lpifp6bmjbVlwGt8mLKp4cUFEb07vRsCyxGRvOQKt5Q5otZ4TkXAOGpu4Qd4KvScT4Cp KfRzZ4LeWIAzW2qUN8rTPM7eYffmFh4BePeVhX2/SK2MMEubMqvjLUgDHKK+Anchz18w S8Mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=dKwcY+gy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q16-20020a63d610000000b0046eca85c48dsi32502308pgg.110.2023.01.03.15.28.04; Tue, 03 Jan 2023 15:28:26 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=dKwcY+gy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233962AbjACXSf (ORCPT + 99 others); Tue, 3 Jan 2023 18:18:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42144 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230222AbjACXSe (ORCPT ); Tue, 3 Jan 2023 18:18:34 -0500 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5122215FD0 for ; Tue, 3 Jan 2023 15:18:33 -0800 (PST) Received: by mail-pf1-x436.google.com with SMTP id 6so18938691pfz.4 for ; Tue, 03 Jan 2023 15:18:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=; b=dKwcY+gyo70o9MnjanigW/qbwMZCHd1jZ/HZNSbTYA7uNNvtO5+1d3klhV3LBMg+Wz C2f5ATp6q34nZdwFYSHxnjLN6cdjcQaZYK8In156L+mHFNKh+ncF5id1Xdogt5wKfYUP Jfq+tUgmYLuZ+tsFX7/u5Ev8KhBwft2jYUV4FcrCcN7XOYrKU8lEy9cr4xdbEFAeeqOM +mNiWE5zo51VEhO5XWTZPXdcAW+wBtXNeIn+UGKmYkP6QHi06nkmYHqNyDHWviMrOrpU DOsV/Fm4EsBo2CqwNVgdmKbLjtd3H+h0QfLHQ/3g4IxCEdekFIWpWIAFgfLrqB5VWLuZ UoIA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=; b=AdL/F+xmluxl7l7VTPY7fmoYg0ye0E/Qsotw/ujUI2vRL5//LuKdowg48PIxO0NYag u8F9jWm1enlAJTY9AcVJlWYQWKGdOcWkYolw+QJUiwXdvq6wqO+vy3BjbkK6fiJNEo3c MJlyXeR+q+fGo84DaqvQRy6WyosCN7Onsv+JHpBKNpLGQrmcCLs5h5Rfv/ipOIlzH9Y/ ZJlAU6HE4i841fGeDV2NgFMuRSKMfufyKf9vHuRl70GRFCpl7LFmw2rHji5NlWs7J1V6 u+yylzq1nnP8e5O5bpI19luXz3tyTdxkAn3sp87OjOdDRATmGwNcd4U+MafS14LWXy+y u4XQ== X-Gm-Message-State: AFqh2kq1ZjKY7D0EL3frysr4+IkXKyalETy+J0pJGMhL6FzGGwtm0HV2 HPg7jS/L+PI10QvkJeT57ZO5DQ== X-Received: by 2002:aa7:8084:0:b0:574:8995:c0d0 with SMTP id v4-20020aa78084000000b005748995c0d0mr3598502pff.1.1672787912621; Tue, 03 Jan 2023 15:18:32 -0800 (PST) Received: from [2620:15c:29:203:3ac1:84a4:2f59:c43f] ([2620:15c:29:203:3ac1:84a4:2f59:c43f]) by smtp.gmail.com with ESMTPSA id w18-20020aa79a12000000b00581816425f3sm12920964pfj.112.2023.01.03.15.18.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Jan 2023 15:18:31 -0800 (PST) Date: Tue, 3 Jan 2023 15:18:31 -0800 (PST) From: David Rientjes To: Tom Lendacky cc: Herbert Xu , "David S. Miller" , Peter Gonda , Andy Nguyen , linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, John Allen Subject: Re: [patch] crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 In-Reply-To: <1000d0c8-bd8c-8958-d54f-7e1924fd433d@amd.com> Message-ID: <06de8454-2b29-f3b6-7cf2-c037c2735b6d@google.com> References: <20221214202046.719598-1-pgonda@google.com> <762d33dc-b5fd-d1ef-848c-7de3a6695557@google.com> <826b3dda-5b48-2d42-96b8-c49ccebfdfed@google.com> <833b4dd0-7f85-b336-0786-965f3f573f74@google.com> <1000d0c8-bd8c-8958-d54f-7e1924fd433d@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, 3 Jan 2023, Tom Lendacky wrote: > On 12/30/22 16:18, David Rientjes wrote: > > For SEV_GET_ID2, the user provided length does not have a specified > > limitation because the length of the ID may change in the future. The > > kernel memory allocation, however, is implicitly limited to 4MB on x86 by > > the page allocator, otherwise the kzalloc() will fail. > > > > When this happens, it is best not to spam the kernel log with the warning. > > Simply fail the allocation and return ENOMEM to the user. > > > > Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command") > > Reported-by: Andy Nguyen > > Reported-by: Peter Gonda > > Suggested-by: Herbert Xu > > Signed-off-by: David Rientjes > > --- > > drivers/crypto/ccp/sev-dev.c | 9 ++++++++- > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > > --- a/drivers/crypto/ccp/sev-dev.c > > +++ b/drivers/crypto/ccp/sev-dev.c > > @@ -881,7 +881,14 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd > > *argp) > > input_address = (void __user *)input.address; > > if (input.address && input.length) { > > - id_blob = kzalloc(input.length, GFP_KERNEL); > > + /* > > + * The length of the ID shouldn't be assumed by software since > > + * it may change in the future. The allocation size is > > limited > > + * to 1 << (PAGE_SHIFT + MAX_ORDER - 1) by the page allocator. > > + * If the allocation fails, simply return ENOMEM rather than > > + * warning in the kernel log. > > + */ > > + id_blob = kzalloc(input.length, GFP_KERNEL | __GFP_NOWARN); > > We could do this or we could have the driver invoke the API with a zero length > to get the minimum buffer size needed for the call. The driver could then > perform some validation checks comparing the supplied input.length to the > returned length. If the driver can proceed, then if input.length is exactly 2x > the minimum length, then kzalloc the 2 * minimum length, otherwise kzalloc the > minimum length. This is a bit more complicated, though, compared to this fix. > Thanks Tom. IIUC, this could be useful to identify situations where input.length != min_length and input.length != min_length*2 and, in those cases, return EINVAL? Or are there situations where this is actually a valid input.length? I was assuming that the user was always doing its own SEV_GET_ID2 first to determine the length and then use it for input.length, but perhaps that's not the case and they are passing a bogus value.