Re: [Part2 PATCH v6 18/38] crypto: ccp: Implement SEV_PEK_CSR ioctl command

From: Borislav Petkov
Date: Mon Oct 23 2017 - 08:49:27 EST


On Thu, Oct 19, 2017 at 09:33:53PM -0500, Brijesh Singh wrote:
> The SEV_PEK_CSR command can be used to generate a PEK certificate
> signing request. The command is defined in SEV spec section 5.7.
>
> Cc: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> Cc: "Radim KrÄmÃÅ" <rkrcmar@xxxxxxxxxx>
> Cc: Borislav Petkov <bp@xxxxxxx>
> Cc: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> Cc: Gary Hook <gary.hook@xxxxxxx>
> Cc: Tom Lendacky <thomas.lendacky@xxxxxxx>
> Cc: linux-crypto@xxxxxxxxxxxxxxx
> Cc: kvm@xxxxxxxxxxxxxxx
> Cc: linux-kernel@xxxxxxxxxxxxxxx
> Signed-off-by: Brijesh Singh <brijesh.singh@xxxxxxx>
> ---
> drivers/crypto/ccp/psp-dev.c | 69 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 69 insertions(+)

Improvements-by: Borislav Petkov <bp@xxxxxxx>

> +static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp)
> +{
> + struct sev_user_data_pek_csr input;
> + struct sev_data_pek_csr *data;
> + void *blob = NULL;
> + int ret, err;
> +
> + if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
> + return -EFAULT;
> +
> + data = kzalloc(sizeof(*data), GFP_KERNEL);
> + if (!data)
> + return -ENOMEM;
> +
> + /* userspace wants to query CSR length */
> + if (!input.address || !input.length)
> + goto cmd;
> +
> + /* allocate a physically contiguous buffer to store the CSR blob */
> + if (!access_ok(VERIFY_WRITE, input.address, input.length) ||
> + input.length > SEV_FW_BLOB_MAX_SIZE) {
> + ret = -EFAULT;
> + goto e_free;
> + }
> +
> + blob = kmalloc(input.length, GFP_KERNEL);
> + if (!blob) {
> + ret = -ENOMEM;
> + goto e_free;
> + }
> +
> + data->address = __psp_pa(blob);
> + data->len = input.length;
> +
> +cmd:
> + ret = sev_platform_init(NULL, &argp->error);
> + if (ret)
> + goto e_free_blob;
> +
> + ret = sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error);

This is the same issue: nothing is handling the case where sev_do_cmd()
here fails. If it doesn't matter, then you should simply do:

sev_do_cmd(SEV_CMD_PEK_CSR, data, &argp->error);

along with explaining why we don't care about the command failing. But
simply writing into ret to overwrite it later, looks strange.

--
Regards/Gruss,
Boris.

ECO tip #101: Trim your mails when you reply.
--