Re: [PATCH v9 43/43] virt: sevguest: Add support to get extended report
From: Borislav Petkov
Date: Mon Feb 07 2022 - 04:29:29 EST
On Fri, Jan 28, 2022 at 11:18:04AM -0600, Brijesh Singh wrote:
> +static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg)
> +{
> + struct snp_guest_crypto *crypto = snp_dev->crypto;
> + struct snp_ext_report_req req = {0};
> + struct snp_report_resp *resp;
> + int ret, npages = 0, resp_len;
> +
> + if (!arg->req_data || !arg->resp_data)
> + return -EINVAL;
> +
> + /* Copy the request payload from userspace */
Useless comment.
> + if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req)))
> + return -EFAULT;
> +
> + if (req.certs_len) {
> + if (req.certs_len > SEV_FW_BLOB_MAX_SIZE ||
> + !IS_ALIGNED(req.certs_len, PAGE_SIZE))
> + return -EINVAL;
> + }
> +
> + if (req.certs_address && req.certs_len) {
> + if (!access_ok(req.certs_address, req.certs_len))
> + return -EFAULT;
> +
> + /*
> + * Initialize the intermediate buffer with all zero's. This buffer
"zeros"
> + * is used in the guest request message to get the certs blob from
> + * the host. If host does not supply any certs in it, then copy
> + * zeros to indicate that certificate data was not provided.
> + */
> + memset(snp_dev->certs_data, 0, req.certs_len);
> +
> + npages = req.certs_len >> PAGE_SHIFT;
> + }
> +
> + /*
> + * The intermediate response buffer is used while decrypting the
> + * response payload. Make sure that it has enough space to cover the
> + * authtag.
> + */
> + resp_len = sizeof(resp->data) + crypto->a_len;
> + resp = kzalloc(resp_len, GFP_KERNEL_ACCOUNT);
> + if (!resp)
> + return -ENOMEM;
> +
> + snp_dev->input.data_npages = npages;
> + ret = handle_guest_request(snp_dev, SVM_VMGEXIT_EXT_GUEST_REQUEST, arg->msg_version,
> + SNP_MSG_REPORT_REQ, &req.data,
> + sizeof(req.data), resp->data, resp_len, &arg->fw_err);
> +
> + /* If certs length is invalid then copy the returned length */
> + if (arg->fw_err == SNP_GUEST_REQ_INVALID_LEN) {
> + req.certs_len = snp_dev->input.data_npages << PAGE_SHIFT;
> +
> + if (copy_to_user((void __user *)arg->req_data, &req, sizeof(req)))
> + ret = -EFAULT;
> + }
> +
> + if (ret)
> + goto e_free;
> +
> + /* Copy the certificate data blob to userspace */
> + if (req.certs_address && req.certs_len &&
> + copy_to_user((void __user *)req.certs_address, snp_dev->certs_data,
> + req.certs_len)) {
> + ret = -EFAULT;
> + goto e_free;
> + }
> +
> + /* Copy the response payload to userspace */
Both comments are not needed.
> + if (copy_to_user((void __user *)arg->resp_data, resp, sizeof(*resp)))
> + ret = -EFAULT;
> +
> +e_free:
> + kfree(resp);
> + return ret;
> +}
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette