Re: [PATCH 2/5] crypto: ccp: Reject SEV commands with mismatching command buffer
From: Sean Christopherson
Date: Mon Apr 05 2021 - 12:33:10 EST
On Mon, Apr 05, 2021, Tom Lendacky wrote:
> On 4/2/21 6:36 PM, Sean Christopherson wrote:
> > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> > index 6556d220713b..4c513318f16a 100644
> > --- a/drivers/crypto/ccp/sev-dev.c
> > +++ b/drivers/crypto/ccp/sev-dev.c
> > @@ -141,6 +141,7 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
> > struct sev_device *sev;
> > unsigned int phys_lsb, phys_msb;
> > unsigned int reg, ret = 0;
> > + int buf_len;
> >
> > if (!psp || !psp->sev_data)
> > return -ENODEV;
> > @@ -150,7 +151,11 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret)
> >
> > sev = psp->sev_data;
> >
> > - if (data && WARN_ON_ONCE(is_vmalloc_addr(data)))
> > + buf_len = sev_cmd_buffer_len(cmd);
> > + if (WARN_ON_ONCE(!!data != !!buf_len))
>
> Seems a bit confusing to me. Can this just be:
>
> if (WARN_ON_ONCE(data && !buf_len))
Or as Christophe pointed out, "!data != !buf_len".
> Or is this also trying to catch the case where buf_len is non-zero but
> data is NULL?
Ya. It's not necessary to detect "buf_len && !data", but it doesn't incur
additional cost. Is there a reason _not_ to disallow that?