| From dc24b19b4c8e0e3620843912c376d734f6464bc9 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 6 Apr 2021 15:49:46 -0700 |
| Subject: crypto: ccp: Detect and reject "invalid" addresses destined for PSP |
| |
| From: Sean Christopherson <seanjc@google.com> |
| |
| [ Upstream commit 74c1f1366eb7714b8b211554f6c5cee315ff3fbc ] |
| |
| Explicitly reject using pointers that are not virt_to_phys() friendly |
| as the source for SEV commands that are sent to the PSP. The PSP works |
| with physical addresses, and __pa()/virt_to_phys() will not return the |
| correct address in these cases, e.g. for a vmalloc'd pointer. At best, |
| the bogus address will cause the command to fail, and at worst lead to |
| system instability. |
| |
| While it's unlikely that callers will deliberately use a bad pointer for |
| SEV buffers, a caller can easily use a vmalloc'd pointer unknowingly when |
| running with CONFIG_VMAP_STACK=y as it's not obvious that putting the |
| command buffers on the stack would be bad. The command buffers are |
| relative small and easily fit on the stack, and the APIs to do not |
| document that the incoming pointer must be a physically contiguous, |
| __pa() friendly pointer. |
| |
| Cc: Brijesh Singh <brijesh.singh@amd.com> |
| Cc: Borislav Petkov <bp@suse.de> |
| Cc: Tom Lendacky <thomas.lendacky@amd.com> |
| Cc: Christophe Leroy <christophe.leroy@csgroup.eu> |
| Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support") |
| Signed-off-by: Sean Christopherson <seanjc@google.com> |
| Message-Id: <20210406224952.4177376-3-seanjc@google.com> |
| Reviewed-by: Brijesh Singh <brijesh.singh@amd.com> |
| Acked-by: Tom Lendacky <thomas.lendacky@amd.com> |
| Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/crypto/ccp/sev-dev.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c |
| index 476113e12489..5b82ba7acc7c 100644 |
| --- a/drivers/crypto/ccp/sev-dev.c |
| +++ b/drivers/crypto/ccp/sev-dev.c |
| @@ -149,6 +149,9 @@ static int __sev_do_cmd_locked(int cmd, void *data, int *psp_ret) |
| |
| sev = psp->sev_data; |
| |
| + if (data && WARN_ON_ONCE(!virt_addr_valid(data))) |
| + return -EINVAL; |
| + |
| /* Get the physical address of the command buffer */ |
| phys_lsb = data ? lower_32_bits(__psp_pa(data)) : 0; |
| phys_msb = data ? upper_32_bits(__psp_pa(data)) : 0; |
| -- |
| 2.30.2 |
| |