During the TDX guest attestation process, TSM ConfigFS ABI is used by
the user attestation agent to get the signed VM measurement data (a.k.a
Quote), which can be used by a remote verifier to validate the
trustworthiness of the guest. When a user requests for the Quote data
via the ConfigFS ABI, the TDX Quote generation handler
(tdx_report_new()) forwards the request to VMM (or QE) via a hypercall,
and then shares the output with the user.
Currently, when handling the Quote generation request, tdx_report_new()
handler only checks whether the VMM successfully processed the request
and if it is true it returns success and shares the output to the user
without actually validating the output data. Since the VMM can return
error even after processing the Quote request, always returning success
for the processed requests is incorrect and will create confusion to
the user. Although for the failed request, output buffer length will
be zero and can also be used by the user to identify the failure case,
it will be more clear to return error for all failed cases.
Validate the Quote data output status and return error code for all
failed cases.
Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS")
Reported-by: Xiaoyao Li <xiaoyao.li@xxxxxxxxx>
Closes: https://lore.kernel.org/linux-coco/6bdf569c-684a-4459-af7c-4430691804eb@xxxxxxxxxxxxxxx/T/#u
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@xxxxxxxxxxxxxxx>
---
Changes since v1:
* Updated the commit log (Kirill)
drivers/virt/coco/tdx-guest/tdx-guest.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 1253bf76b570..61368318fa39 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -228,6 +228,12 @@ static int tdx_report_new(struct tsm_report *report, void *data)
goto done;
}
+ if (quote_buf->status != GET_QUOTE_SUCCESS) {
+ pr_err("GetQuote request failed, ret %llx\n", quote_buf->status);
+ ret = -EIO;
+ goto done;
+ }
+
buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL);
if (!buf) {
ret = -ENOMEM;