[PATCH v4] virt: tdx-guest: Handle GetQuote request error code

Linux Confidential Computing Development
 help / color / mirror / Atom feed

* [PATCH v4] virt: tdx-guest: Handle GetQuote request error code
@ 2024-04-11  2:22 Kuppuswamy Sathyanarayanan
  2024-12-12  7:55 ` Mikko Ylinen
  0 siblings, 1 reply; 2+ messages in thread
From: Kuppuswamy Sathyanarayanan @ 2024-04-11  2:22 UTC (permalink / raw)
  To: Kirill A . Shutemov, x86
  Cc: Dave Hansen, Dan Williams, Xiaoyao Li, linux-kernel, linux-coco

The tdx-guest driver marshals quote requests via hypercall to have a
quoting enclave sign attestation evidence about the current state of
the TD. There are 2 possible failures, a transport failure (failure
to communicate with the quoting agent) and payload failure (a failed
quote). The driver only checks the former, update it to consider the
latter payload errors as well.

Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS")
Reported-by: Xiaoyao Li <xiaoyao.li@intel.com>
Closes: https://lore.kernel.org/linux-coco/6bdf569c-684a-4459-af7c-4430691804eb@linux.intel.com/T/#u
Reviewed-by: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
Acked-by: Kai Huang <kai.huang@intel.com>
Reviewed-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
---

Changes since v3:
 * Rebased on top of v6.9-rc1
 * Added Dan's Reviewed-by tag.

Changes since v2:
 * Updated the commit log (Dan)
 * Removed pr_err message.

Changes since v1:
 * Updated the commit log (Kirill)

 drivers/virt/coco/tdx-guest/tdx-guest.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
index 1253bf76b570..c39f0007958d 100644
--- a/drivers/virt/coco/tdx-guest/tdx-guest.c
+++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
@@ -228,6 +228,11 @@ static int tdx_report_new(struct tsm_report *report, void *data)
 		goto done;
 	}
 
+	if (quote_buf->status != GET_QUOTE_SUCCESS) {
+		ret = -EIO;
+		goto done;
+	}
+
 	buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL);
 	if (!buf) {
 		ret = -ENOMEM;
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH v4] virt: tdx-guest: Handle GetQuote request error code
  2024-04-11  2:22 [PATCH v4] virt: tdx-guest: Handle GetQuote request error code Kuppuswamy Sathyanarayanan
@ 2024-12-12  7:55 ` Mikko Ylinen
  0 siblings, 0 replies; 2+ messages in thread
From: Mikko Ylinen @ 2024-12-12  7:55 UTC (permalink / raw)
  To: Kuppuswamy Sathyanarayanan
  Cc: Kirill A . Shutemov, x86, Dave Hansen, Dan Williams, Xiaoyao Li,
	linux-kernel, linux-coco

Hi,

On Thu, Apr 11, 2024 at 02:22:50AM +0000, Kuppuswamy Sathyanarayanan wrote:
> The tdx-guest driver marshals quote requests via hypercall to have a
> quoting enclave sign attestation evidence about the current state of
> the TD. There are 2 possible failures, a transport failure (failure
> to communicate with the quoting agent) and payload failure (a failed
> quote). The driver only checks the former, update it to consider the
> latter payload errors as well.
> 
> Fixes: f4738f56d1dc ("virt: tdx-guest: Add Quote generation support using TSM_REPORTS")
> Reported-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Closes: https://lore.kernel.org/linux-coco/6bdf569c-684a-4459-af7c-4430691804eb@linux.intel.com/T/#u
> Reviewed-by: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
> Reviewed-by: Xiaoyao Li <xiaoyao.li@intel.com>
> Acked-by: Kai Huang <kai.huang@intel.com>
> Reviewed-by: Dan Williams <dan.j.williams@intel.com>
> Signed-off-by: Kuppuswamy Sathyanarayanan <sathyanarayanan.kuppuswamy@linux.intel.com>
> ---
> 
> Changes since v3:
>  * Rebased on top of v6.9-rc1
>  * Added Dan's Reviewed-by tag.
> 
> Changes since v2:
>  * Updated the commit log (Dan)
>  * Removed pr_err message.
> 
> Changes since v1:
>  * Updated the commit log (Kirill)
> 
>  drivers/virt/coco/tdx-guest/tdx-guest.c | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/drivers/virt/coco/tdx-guest/tdx-guest.c b/drivers/virt/coco/tdx-guest/tdx-guest.c
> index 1253bf76b570..c39f0007958d 100644
> --- a/drivers/virt/coco/tdx-guest/tdx-guest.c
> +++ b/drivers/virt/coco/tdx-guest/tdx-guest.c
> @@ -228,6 +228,11 @@ static int tdx_report_new(struct tsm_report *report, void *data)
>  		goto done;
>  	}
>  
> +	if (quote_buf->status != GET_QUOTE_SUCCESS) {
> +		ret = -EIO;
> +		goto done;
> +	}
> +
>  	buf = kvmemdup(quote_buf->data, quote_buf->out_len, GFP_KERNEL);
>  	if (!buf) {
>  		ret = -ENOMEM;

Would it be possible to get this queued?

I had the same fix implemented as I ran into the same issue but then
noticed this had already been sent out.

One possible improvement here could be to add a reason for the error
to make it more consistent with the other error paths above:

pr_err("GetQuote failed, status:%llx\n", quote_buf->status);

Anyway, it works as expected as it is so:

Tested-by: Mikko Ylinen <mikko.ylinen@linux.intel.com>

-- Mikko

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-12-12  7:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-11  2:22 [PATCH v4] virt: tdx-guest: Handle GetQuote request error code Kuppuswamy Sathyanarayanan
2024-12-12  7:55 ` Mikko Ylinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox