From: Dan Carpenter <dan.carpenter@oracle.com>
To: brijesh.singh@amd.com, kernel-janitors@vger.kernel.org
Subject: [bug report] virt: Add SEV-SNP guest driver
Date: Tue, 12 Apr 2022 12:22:23 +0300 [thread overview]
Message-ID: <20220412092223.GA3407@kili> (raw)
Hello Brijesh Singh,
The patch fce96cf04430: "virt: Add SEV-SNP guest driver" from Mar 7,
2022, leads to the following Smatch static checker warning:
drivers/virt/coco/sevguest/sevguest.c:298 enc_payload() warn: signedness bug returning '(-63)'
drivers/virt/coco/sevguest/sevguest.c:329 handle_guest_request() error: uninitialized symbol 'err'.
drivers/virt/coco/sevguest/sevguest.c:584 alloc_shared_pages() warn: 'page' is not an error pointer
drivers/virt/coco/sevguest/sevguest.c
279 static bool enc_payload(struct snp_guest_dev *snp_dev, u64 seqno, int version, u8 type,
^^^^
This should be int.
280 void *payload, size_t sz)
281 {
282 struct snp_guest_msg *req = snp_dev->request;
283 struct snp_guest_msg_hdr *hdr = &req->hdr;
284
285 memset(req, 0, sizeof(*req));
286
287 hdr->algo = SNP_AEAD_AES_256_GCM;
288 hdr->hdr_version = MSG_HDR_VER;
289 hdr->hdr_sz = sizeof(*hdr);
290 hdr->msg_type = type;
291 hdr->msg_version = version;
292 hdr->msg_seqno = seqno;
293 hdr->msg_vmpck = vmpck_id;
294 hdr->msg_sz = sz;
295
296 /* Verify the sequence number is non-zero */
297 if (!hdr->msg_seqno)
298 return -ENOSR;
299
300 dev_dbg(snp_dev->dev, "request [seqno %lld type %d version %d sz %d]\n",
301 hdr->msg_seqno, hdr->msg_type, hdr->msg_version, hdr->msg_sz);
302
303 return __enc_payload(snp_dev, req, payload, sz);
304 }
305
306 static int handle_guest_request(struct snp_guest_dev *snp_dev, u64 exit_code, int msg_ver,
307 u8 type, void *req_buf, size_t req_sz, void *resp_buf,
308 u32 resp_sz, __u64 *fw_err)
309 {
310 unsigned long err;
311 u64 seqno;
312 int rc;
313
314 /* Get message sequence and verify that its a non-zero */
315 seqno = snp_get_msg_seqno(snp_dev);
316 if (!seqno)
317 return -EIO;
318
319 memset(snp_dev->response, 0, sizeof(struct snp_guest_msg));
320
321 /* Encrypt the userspace provided payload */
322 rc = enc_payload(snp_dev, seqno, msg_ver, type, req_buf, req_sz);
323 if (rc)
324 return rc;
325
326 /* Call firmware to process the request */
327 rc = snp_issue_guest_request(exit_code, &snp_dev->input, &err);
328 if (fw_err)
329 *fw_err = err;
"err" can be uninitialized.
330
331 if (rc)
332 return rc;
333
334 /*
335 * The verify_and_dec_payload() will fail only if the hypervisor is
336 * actively modifying the message header or corrupting the encrypted payload.
337 * This hints that hypervisor is acting in a bad faith. Disable the VMPCK so that
338 * the key cannot be used for any communication. The key is disabled to ensure
339 * that AES-GCM does not use the same IV while encrypting the request payload.
340 */
341 rc = verify_and_dec_payload(snp_dev, resp_buf, resp_sz);
342 if (rc) {
343 dev_alert(snp_dev->dev,
344 "Detected unexpected decode failure, disabling the vmpck_id %d\n",
345 vmpck_id);
346 snp_disable_vmpck(snp_dev);
347 return rc;
348 }
349
350 /* Increment to new message sequence after payload decryption was successful. */
351 snp_inc_msg_seqno(snp_dev);
352
353 return 0;
354 }
[ snip ]
577 static void *alloc_shared_pages(size_t sz)
578 {
579 unsigned int npages = PAGE_ALIGN(sz) >> PAGE_SHIFT;
580 struct page *page;
581 int ret;
582
583 page = alloc_pages(GFP_KERNEL_ACCOUNT, get_order(sz));
584 if (IS_ERR(page))
if (!page)
585 return NULL;
586
587 ret = set_memory_decrypted((unsigned long)page_address(page), npages);
588 if (ret) {
589 pr_err("failed to mark page shared, ret=%d\n", ret);
590 __free_pages(page, get_order(sz));
591 return NULL;
592 }
593
594 return page_address(page);
595 }
596
regards,
dan carpenter
reply other threads:[~2022-04-12 10:29 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220412092223.GA3407@kili \
--to=dan.carpenter@oracle.com \
--cc=brijesh.singh@amd.com \
--cc=kernel-janitors@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.