From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65932C433F5 for ; Thu, 3 Mar 2022 15:28:44 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BDD1A8D0002; Thu, 3 Mar 2022 10:28:43 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id B8C948D0001; Thu, 3 Mar 2022 10:28:43 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A53A08D0002; Thu, 3 Mar 2022 10:28:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (relay.hostedemail.com [64.99.140.25]) by kanga.kvack.org (Postfix) with ESMTP id 958F48D0001 for ; Thu, 3 Mar 2022 10:28:43 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay12.hostedemail.com (Postfix) with ESMTP id 713C61222C3 for ; Thu, 3 Mar 2022 15:28:43 +0000 (UTC) X-FDA: 79203457326.08.129DFF4 Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by imf14.hostedemail.com (Postfix) with ESMTP id 92124100009 for ; Thu, 3 Mar 2022 15:28:14 +0000 (UTC) Received: from nazgul.tnic (nat0.nue.suse.com [IPv6:2001:67c:2178:4000::1111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 599F61EC0354; Thu, 3 Mar 2022 16:28:08 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1646321288; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=3wkQa12TOe6L5HnGAAvvXCd9OYOioyR8PkC5Q5bDZB0=; b=ciJK03bk+KE2NLCrkhmmPvmEM91yiPiBgSXRnWJ4sIiDpwWLEP52w2yQp9MjTvHzkehrZQ ju+iK3ka4iPLgdPAWM9OaNPZz0L+bYQFt96nt8NKVlT2hSEz372BTl/oJjMUqBbQW2HzJJ wgRKuvFN3dDc+VpN/yEElwHAVnXA7fo= Date: Thu, 3 Mar 2022 16:28:13 +0100 From: Borislav Petkov To: Brijesh Singh Cc: x86@kernel.org, linux-kernel@vger.kernel.org, kvm@vger.kernel.org, linux-efi@vger.kernel.org, platform-driver-x86@vger.kernel.org, linux-coco@lists.linux.dev, linux-mm@kvack.org, Thomas Gleixner , Ingo Molnar , Joerg Roedel , Tom Lendacky , "H. Peter Anvin" , Ard Biesheuvel , Paolo Bonzini , Sean Christopherson , Vitaly Kuznetsov , Jim Mattson , Andy Lutomirski , Dave Hansen , Sergio Lopez , Peter Gonda , Peter Zijlstra , Srinivas Pandruvada , David Rientjes , Dov Murik , Tobin Feldman-Fitzthum , Michael Roth , Vlastimil Babka , "Kirill A . Shutemov" , Andi Kleen , "Dr . David Alan Gilbert" , brijesh.ksingh@gmail.com, tony.luck@intel.com, marcorr@google.com, sathyanarayanan.kuppuswamy@linux.intel.com Subject: Re: [PATCH v11 44/45] virt: sevguest: Add support to get extended report Message-ID: References: <20220224165625.2175020-1-brijesh.singh@amd.com> <20220224165625.2175020-45-brijesh.singh@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20220224165625.2175020-45-brijesh.singh@amd.com> X-Rspamd-Server: rspam11 X-Rspamd-Queue-Id: 92124100009 X-Rspam-User: Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=ciJK03bk; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf14.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de X-Stat-Signature: wwiqynet4d6e4moyciccqwm5eukqzjjo X-HE-Tag: 1646321294-400783 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 24, 2022 at 10:56:24AM -0600, Brijesh Singh wrote: > +static int get_ext_report(struct snp_guest_dev *snp_dev, struct snp_guest_request_ioctl *arg) > +{ > + struct snp_guest_crypto *crypto = snp_dev->crypto; > + struct snp_ext_report_req req = {0}; > + struct snp_report_resp *resp; > + int ret, npages = 0, resp_len; > + > + lockdep_assert_held(&snp_cmd_mutex); > + > + if (!arg->req_data || !arg->resp_data) > + return -EINVAL; > + > + if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) > + return -EFAULT; > + > + if (req.certs_len) { > + if (req.certs_len > SEV_FW_BLOB_MAX_SIZE || > + !IS_ALIGNED(req.certs_len, PAGE_SIZE)) > + return -EINVAL; > + } > + > + if (req.certs_address && req.certs_len) { > + if (!access_ok(req.certs_address, req.certs_len)) > + return -EFAULT; > + > + /* > + * Initialize the intermediate buffer with all zeros. This buffer > + * is used in the guest request message to get the certs blob from > + * the host. If host does not supply any certs in it, then copy > + * zeros to indicate that certificate data was not provided. > + */ > + memset(snp_dev->certs_data, 0, req.certs_len); > + > + npages = req.certs_len >> PAGE_SHIFT; > + } I think all those checks should be made more explicit. This makes the code a lot more readable and straight-forward (pasting the full excerpt because the incremental diff ontop is less readable): ... if (copy_from_user(&req, (void __user *)arg->req_data, sizeof(req))) return -EFAULT; if (!req.certs_len || !req.certs_address) return -EINVAL; if (req.certs_len > SEV_FW_BLOB_MAX_SIZE || !IS_ALIGNED(req.certs_len, PAGE_SIZE)) return -EINVAL; if (!access_ok(req.certs_address, req.certs_len)) return -EFAULT; /* * Initialize the intermediate buffer with all zeros. This buffer * is used in the guest request message to get the certs blob from * the host. If host does not supply any certs in it, then copy * zeros to indicate that certificate data was not provided. */ memset(snp_dev->certs_data, 0, req.certs_len); npages = req.certs_len >> PAGE_SHIFT; -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette