Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp12486649rwl;
        Tue, 3 Jan 2023 15:28:26 -0800 (PST)
X-Google-Smtp-Source: AMrXdXvumMkE4M3lhHUainu6ufvLwu5f9JUOMJnK/JiMp+zDmuW7vlJP0Vfr1pniB9SP5E03Wk2i
X-Received: by 2002:a05:6a21:c08d:b0:af:f1d1:6f7f with SMTP id bn13-20020a056a21c08d00b000aff1d16f7fmr61828428pzc.31.1672788506639;
        Tue, 03 Jan 2023 15:28:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1672788506; cv=none;
        d=google.com; s=arc-20160816;
        b=1LS/ngn7qPlMh+xHWHIcC11038hZ7WvTzp91Dihgl1k5+6bvghdxv0j6cCSWTjS4CI
         P4foee5P6jSvMij9satCZY70JoKOB0etnFGUYwkxaabRrIsddkAC7dnlezkGECaBHsKj
         5VU/snfBeuIyqJAfPNn+/JC9LBzkN4NPslFpzfyHeNqBxp42gKUJzPjn0VZH7HwiudW1
         Jm5g6Pw3CJMncdcMoOTee2uw6KQNpgyyjBoSXt0jlsYn6zfXcwmteYQ7j2AaF8i4DDXT
         lbsvpaRCRPluPNaf4ONGzrlMltmaJqca0CAp4+2YBSwM2O0H60lJ6CaTvat+k5uQubvg
         79Dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:references:message-id:in-reply-to
         :subject:cc:to:from:date:dkim-signature;
        bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=;
        b=b2141/b+/wHW2Dg13FbtrSJwhrybzcGHUYTyCEhd0+wnKZQW/+LrW+mAVreL+DL8mO
         ociY53Kd2MX1sE2B6VCGRZx8Gr1BNwR6V50j9a5M/I63nUbHj4GBn94AX7Yzn8NkoLIo
         ZqCgNSsswzAtiFpEWzmBLY8sMVUJVjDbzQXbrRLMyjoxqZn/YnTK19WRx4826aRS/q4X
         Lpifp6bmjbVlwGt8mLKp4cUFEb07vRsCyxGRvOQKt5Q5otZ4TkXAOGpu4Qd4KvScT4Cp
         KfRzZ4LeWIAzW2qUN8rTPM7eYffmFh4BePeVhX2/SK2MMEubMqvjLUgDHKK+Anchz18w
         S8Mg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=dKwcY+gy;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id q16-20020a63d610000000b0046eca85c48dsi32502308pgg.110.2023.01.03.15.28.04;
        Tue, 03 Jan 2023 15:28:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=dKwcY+gy;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233962AbjACXSf (ORCPT <rfc822;vik.reck@gmail.com> + 99 others);
        Tue, 3 Jan 2023 18:18:35 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42144 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230222AbjACXSe (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Tue, 3 Jan 2023 18:18:34 -0500
Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5122215FD0
        for <linux-crypto@vger.kernel.org>; Tue,  3 Jan 2023 15:18:33 -0800 (PST)
Received: by mail-pf1-x436.google.com with SMTP id 6so18938691pfz.4
        for <linux-crypto@vger.kernel.org>; Tue, 03 Jan 2023 15:18:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:message-id:in-reply-to:subject:cc:to:from
         :date:from:to:cc:subject:date:message-id:reply-to;
        bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=;
        b=dKwcY+gyo70o9MnjanigW/qbwMZCHd1jZ/HZNSbTYA7uNNvtO5+1d3klhV3LBMg+Wz
         C2f5ATp6q34nZdwFYSHxnjLN6cdjcQaZYK8In156L+mHFNKh+ncF5id1Xdogt5wKfYUP
         Jfq+tUgmYLuZ+tsFX7/u5Ev8KhBwft2jYUV4FcrCcN7XOYrKU8lEy9cr4xdbEFAeeqOM
         +mNiWE5zo51VEhO5XWTZPXdcAW+wBtXNeIn+UGKmYkP6QHi06nkmYHqNyDHWviMrOrpU
         DOsV/Fm4EsBo2CqwNVgdmKbLjtd3H+h0QfLHQ/3g4IxCEdekFIWpWIAFgfLrqB5VWLuZ
         UoIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=mime-version:references:message-id:in-reply-to:subject:cc:to:from
         :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=+SKNwK2NyJVXaeShNit/vbIhlTVvPRm29ctCwVFguc8=;
        b=AdL/F+xmluxl7l7VTPY7fmoYg0ye0E/Qsotw/ujUI2vRL5//LuKdowg48PIxO0NYag
         u8F9jWm1enlAJTY9AcVJlWYQWKGdOcWkYolw+QJUiwXdvq6wqO+vy3BjbkK6fiJNEo3c
         MJlyXeR+q+fGo84DaqvQRy6WyosCN7Onsv+JHpBKNpLGQrmcCLs5h5Rfv/ipOIlzH9Y/
         ZJlAU6HE4i841fGeDV2NgFMuRSKMfufyKf9vHuRl70GRFCpl7LFmw2rHji5NlWs7J1V6
         u+yylzq1nnP8e5O5bpI19luXz3tyTdxkAn3sp87OjOdDRATmGwNcd4U+MafS14LWXy+y
         u4XQ==
X-Gm-Message-State: AFqh2kq1ZjKY7D0EL3frysr4+IkXKyalETy+J0pJGMhL6FzGGwtm0HV2
        HPg7jS/L+PI10QvkJeT57ZO5DQ==
X-Received: by 2002:aa7:8084:0:b0:574:8995:c0d0 with SMTP id v4-20020aa78084000000b005748995c0d0mr3598502pff.1.1672787912621;
        Tue, 03 Jan 2023 15:18:32 -0800 (PST)
Received: from [2620:15c:29:203:3ac1:84a4:2f59:c43f] ([2620:15c:29:203:3ac1:84a4:2f59:c43f])
        by smtp.gmail.com with ESMTPSA id w18-20020aa79a12000000b00581816425f3sm12920964pfj.112.2023.01.03.15.18.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 03 Jan 2023 15:18:31 -0800 (PST)
Date:   Tue, 3 Jan 2023 15:18:31 -0800 (PST)
From:   David Rientjes <rientjes@google.com>
To:     Tom Lendacky <thomas.lendacky@amd.com>
cc:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>,
        Peter Gonda <pgonda@google.com>,
        Andy Nguyen <theflow@google.com>, linux-kernel@vger.kernel.org,
        linux-crypto@vger.kernel.org, John Allen <john.allen@amd.com>
Subject: Re: [patch] crypto: ccp - Avoid page allocation failure warning for
 SEV_GET_ID2
In-Reply-To: <1000d0c8-bd8c-8958-d54f-7e1924fd433d@amd.com>
Message-ID: <06de8454-2b29-f3b6-7cf2-c037c2735b6d@google.com>
References: <20221214202046.719598-1-pgonda@google.com> <Y5rxd6ZVBqFCBOUT@gondor.apana.org.au> <762d33dc-b5fd-d1ef-848c-7de3a6695557@google.com> <Y6wDJd3hfztLoCp1@gondor.apana.org.au> <826b3dda-5b48-2d42-96b8-c49ccebfdfed@google.com>
 <833b4dd0-7f85-b336-0786-965f3f573f74@google.com> <1000d0c8-bd8c-8958-d54f-7e1924fd433d@amd.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,
        ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

On Tue, 3 Jan 2023, Tom Lendacky wrote:

> On 12/30/22 16:18, David Rientjes wrote:
> > For SEV_GET_ID2, the user provided length does not have a specified
> > limitation because the length of the ID may change in the future.  The
> > kernel memory allocation, however, is implicitly limited to 4MB on x86 by
> > the page allocator, otherwise the kzalloc() will fail.
> > 
> > When this happens, it is best not to spam the kernel log with the warning.
> > Simply fail the allocation and return ENOMEM to the user.
> > 
> > Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
> > Reported-by: Andy Nguyen <theflow@google.com>
> > Reported-by: Peter Gonda <pgonda@google.com>
> > Suggested-by: Herbert Xu <herbert@gondor.apana.org.au>
> > Signed-off-by: David Rientjes <rientjes@google.com>
> > ---
> >   drivers/crypto/ccp/sev-dev.c | 9 ++++++++-
> >   1 file changed, 8 insertions(+), 1 deletion(-)
> > 
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -881,7 +881,14 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd
> > *argp)
> >   	input_address = (void __user *)input.address;
> >     	if (input.address && input.length) {
> > -		id_blob = kzalloc(input.length, GFP_KERNEL);
> > +		/*
> > +		 * The length of the ID shouldn't be assumed by software since
> > +		 * it may change in the future.  The allocation size is
> > limited
> > +		 * to 1 << (PAGE_SHIFT + MAX_ORDER - 1) by the page allocator.
> > +		 * If the allocation fails, simply return ENOMEM rather than
> > +		 * warning in the kernel log.
> > +		 */
> > +		id_blob = kzalloc(input.length, GFP_KERNEL | __GFP_NOWARN);
> 
> We could do this or we could have the driver invoke the API with a zero length
> to get the minimum buffer size needed for the call. The driver could then
> perform some validation checks comparing the supplied input.length to the
> returned length. If the driver can proceed, then if input.length is exactly 2x
> the minimum length, then kzalloc the 2 * minimum length, otherwise kzalloc the
> minimum length. This is a bit more complicated, though, compared to this fix.
> 

Thanks Tom.  IIUC, this could be useful to identify situations where 
input.length != min_length and input.length != min_length*2 and, in those 
cases, return EINVAL?  Or are there situations where this is actually a 
valid input.length?

I was assuming that the user was always doing its own SEV_GET_ID2 first to 
determine the length and then use it for input.length, but perhaps that's 
not the case and they are passing a bogus value.