From: sashiko-bot@kernel.org
To: "Dan Williams" <djbw@kernel.org>
Cc: linux-pci@vger.kernel.org
Subject: Re: [PATCH 04/15] device core: Introduce "device evidence" over netlink
Date: Sun, 05 Jul 2026 22:20:51 +0000 [thread overview]
Message-ID: <20260705222051.6044E1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260705220819.2472765-5-djbw@kernel.org>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] Premature state advancement causes missing netlink attributes when a dump message is split across multiple skbs.
--
commit 011b819de43e88cfea717a04a2344bfd9d08116a
Author: Dan Williams <djbw@kernel.org>
device core: Introduce "device evidence" over netlink
This commit introduces a device-scoped ABI over netlink to retrieve device
security evidence objects, such as SPDM certificates and measurements. A
bus opts in via device_evidence_register() to resolve a device handle to
its evidence context and provide these objects to userspace.
> diff --git a/drivers/base/evidence.c b/drivers/base/evidence.c
> new file mode 100644
> index 0000000000000..8e019669db072
> --- /dev/null
> +++ b/drivers/base/evidence.c
[ ... ]
> +static int __device_evidence_read(struct sk_buff *skb,
> + struct netlink_callback *cb,
> + struct device_evidence *evidence)
> +{
[ ... ]
> + if (ctx->offset == DEVICE_EVIDENCE_OBJECT_START) {
> + if (nla_put_u32(skb, DEVICE_EVIDENCE_A_OBJECT_TYPE,
> + current_type(ctx)) ||
> + nla_put_u32(skb, DEVICE_EVIDENCE_A_OBJECT_GENERATION,
> + ctx->generation) ||
> + nla_put_u32(skb, DEVICE_EVIDENCE_A_OBJECT_LENGTH,
> + object_len))
> + goto out_cancel;
> +
> + ctx->offset = 0;
> + }
> +
> + available = skb_tailroom(skb);
> + overhead = nla_total_size(0) + NLA_ALIGNTO;
> + if (available <= overhead) {
> + rc = -EMSGSIZE;
> + goto out_cancel;
> + }
[Severity: Medium]
If available <= overhead evaluates to true and the code takes the
goto out_cancel path, does ctx->offset incorrectly remain 0 while the
netlink message is canceled?
On the next invocation with a fresh skb, ctx->offset will not equal
DEVICE_EVIDENCE_OBJECT_START, which means the mandatory type, generation,
and length attributes will be skipped, leading to a malformed netlink reply.
Could ctx->offset be updated after the tailroom check or reverted in the
out_cancel error path?
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260705220819.2472765-1-djbw@kernel.org?part=4
next prev parent reply other threads:[~2026-07-05 22:20 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-05 22:08 [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Dan Williams
2026-07-05 22:08 ` [PATCH 01/15] netlink: specs: Introduce multi-message blobs for SPDM Dan Williams
2026-07-05 22:13 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 02/15] tools: ynl: Teach pyynl to handle blobs Dan Williams
2026-07-05 22:18 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 03/15] tools: ynl: Teach ynl_gen_c to validate and dump 'blob' attributes Dan Williams
2026-07-05 22:20 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 04/15] device core: Introduce "device evidence" over netlink Dan Williams
2026-07-05 22:20 ` sashiko-bot [this message]
2026-07-05 22:08 ` [PATCH 05/15] device core: Add "device evidence" 'validate' command Dan Williams
2026-07-05 22:26 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 06/15] PCI/TSM: Add device evidence support Dan Williams
2026-07-05 22:16 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 07/15] modules: Document the global async_probe parameter Dan Williams
2026-07-05 22:15 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 08/15] device core: Initial device trust infrastructure Dan Williams
2026-07-05 22:17 ` sashiko-bot
2026-07-06 13:45 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 09/15] PCI, device core: Move "untrusted" concept to DEVICE_TRUST_ADVERSARY Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 13:49 ` Jason Gunthorpe
2026-07-05 22:08 ` [PATCH 10/15] PCI/TSM: Add device interface security LOCKED support Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 11/15] PCI/TSM: Add device interface security RUN support Dan Williams
2026-07-05 22:21 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 12/15] PCI/TSM: Add device interface security DMA enable/disable Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 13/15] PCI, device core: Add private memory access for DEVICE_TRUST_TCB Dan Williams
2026-07-05 22:28 ` sashiko-bot
2026-07-06 12:42 ` Aneesh Kumar K.V
2026-07-05 22:08 ` [PATCH 14/15] PCI/TSM: Create MMIO descriptors via TDISP Report Dan Williams
2026-07-05 22:24 ` sashiko-bot
2026-07-05 22:08 ` [PATCH 15/15] PCI/TSM: Add relative MMIO offset support? Dan Williams
2026-07-05 22:25 ` sashiko-bot
2026-07-06 12:51 ` [PATCH 00/15] Device Evidence and Trust for PCI Security Protocol (TDISP) Jason Gunthorpe
2026-07-06 20:55 ` Dan Williams (nvidia)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260705222051.6044E1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=djbw@kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox