Re: [RFC 3/7] tee: add private login method for kernel clients

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jens Wiklander <jens.wiklander@linaro.org>
To: Sumit Garg <sumit.garg@linaro.org>
Cc: keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, corbet@lwn.net,
	dhowells@redhat.com, jejb@linux.ibm.com,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	jmorris@namei.org, serge@hallyn.com,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>,
	Daniel Thompson <daniel.thompson@linaro.org>,
	linux-doc@vger.kernel.org,
	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
	tee-dev@lists.linaro.org
Subject: Re: [RFC 3/7] tee: add private login method for kernel clients
Date: Tue, 9 Jul 2019 09:03:55 +0200	[thread overview]
Message-ID: <20190709070354.GA5791@jax> (raw)
In-Reply-To: <CAFA6WYNzs=RErreWaa5BmF-P03Vf9nzQjvY_JpMckw87k9z12w@mail.gmail.com>

On Tue, Jul 09, 2019 at 11:26:19AM +0530, Sumit Garg wrote:
> Thanks Jens for your comments.
> 
> On Mon, 8 Jul 2019 at 21:09, Jens Wiklander <jens.wiklander@linaro.org> wrote:
> >
> > Hi Sumit,
> >
> > On Thu, Jun 13, 2019 at 04:00:29PM +0530, Sumit Garg wrote:
> > > There are use-cases where user-space shouldn't be allowed to communicate
> > > directly with a TEE device which is dedicated to provide a specific
> > > service for a kernel client. So add a private login method for kernel
> > > clients and disallow user-space to open-session using this login method.
> > >
> > > Signed-off-by: Sumit Garg <sumit.garg@linaro.org>
> > > ---
> > >  drivers/tee/tee_core.c   | 6 ++++++
> > >  include/uapi/linux/tee.h | 2 ++
> > >  2 files changed, 8 insertions(+)
> > >
> > > diff --git a/drivers/tee/tee_core.c b/drivers/tee/tee_core.c
> > > index 0f16d9f..4581bd1 100644
> > > --- a/drivers/tee/tee_core.c
> > > +++ b/drivers/tee/tee_core.c
> > > @@ -334,6 +334,12 @@ static int tee_ioctl_open_session(struct tee_context *ctx,
> > >                       goto out;
> > >       }
> > >
> > > +     if (arg.clnt_login == TEE_IOCTL_LOGIN_REE_KERNEL) {
> > TEE_IOCTL_LOGIN_REE_KERNEL is defined as 0x80000000 which is in the
> > range specified and implementation defined by the GP spec. I wonder if
> > we shouldn't filter the entire implementation defined range instead of
> > just this value.
> 
> Agree. Will rather check for entire implementation defined range:
> 0x80000000 - 0xFFFFFFFF.
> 
> >
> > > +             pr_err("login method not allowed for user-space client\n");
> > pr_debug(), if it's needed at all.
> >
> 
> Ok will use pr_debug() instead.
> 
> > > +             rc = -EPERM;
> > > +             goto out;
> > > +     }
> > > +
> > >       rc = ctx->teedev->desc->ops->open_session(ctx, &arg, params);
> > >       if (rc)
> > >               goto out;
> > > diff --git a/include/uapi/linux/tee.h b/include/uapi/linux/tee.h
> > > index 4b9eb06..f33c69c 100644
> > > --- a/include/uapi/linux/tee.h
> > > +++ b/include/uapi/linux/tee.h
> > > @@ -172,6 +172,8 @@ struct tee_ioctl_buf_data {
> > >  #define TEE_IOCTL_LOGIN_APPLICATION          4
> > >  #define TEE_IOCTL_LOGIN_USER_APPLICATION     5
> > >  #define TEE_IOCTL_LOGIN_GROUP_APPLICATION    6
> > > +/* Private login method for REE kernel clients */
> > It's worth noting that this is filtered by the TEE framework, compared
> > to everything else which is treated opaquely.
> >
> 
> IIUC, you are referring to login filter in optee_os. Change to prevent
> filter for this login method is part of this PR [1].
> 
> [1] https://github.com/OP-TEE/optee_os/pull/3082

No, I was referring to the changes in tee_ioctl_open_session() above.
It's relevant for user space to know since it will be prevented from
using that range of login identifiers. This will restrict the user space
API, but I think the risk of breakage is minimal as OP-TEE is the only
in-tree driver registering in the TEE framework. I'm not aware of any
out-of-tree drivers registering.

Thanks,
Jens

> 
> -Sumit
> 
> > > +#define TEE_IOCTL_LOGIN_REE_KERNEL           0x80000000
> > >
> > >  /**
> > >   * struct tee_ioctl_param - parameter
> > > --
> > > 2.7.4
> > >
> >
> > Thanks,
> > Jens

next prev parent reply	other threads:[~2019-07-09  7:04 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-13 10:30 [RFC 0/7] Introduce TEE based Trusted Keys support Sumit Garg
2019-06-13 10:30 ` [RFC 1/7] tee: optee: allow kernel pages to register as shm Sumit Garg
2019-06-13 15:12   ` Jarkko Sakkinen
2019-06-13 15:17     ` Jarkko Sakkinen
2019-06-13 15:17       ` Jarkko Sakkinen
2019-06-14  5:12         ` Sumit Garg
2019-06-14  8:15   ` Jens Wiklander
2019-06-13 10:30 ` [RFC 2/7] tee: enable support to register kernel memory Sumit Garg
2019-06-13 15:20   ` Jarkko Sakkinen
2019-06-14  5:13     ` Sumit Garg
2019-06-14  8:16   ` Jens Wiklander
2019-06-13 10:30 ` [RFC 3/7] tee: add private login method for kernel clients Sumit Garg
2019-07-08 15:39   ` Jens Wiklander
2019-07-09  5:56     ` Sumit Garg
2019-07-09  7:03       ` Jens Wiklander [this message]
2019-07-09  9:36         ` Sumit Garg
2019-07-29  7:08           ` Jens Wiklander
2019-07-29 13:13             ` Sumit Garg
2019-06-13 10:30 ` [RFC 4/7] KEYS: trusted: Introduce TEE based Trusted Keys Sumit Garg
2019-06-13 15:32   ` Jarkko Sakkinen
2019-06-14  5:43     ` Sumit Garg
2019-06-13 10:30 ` [RFC 5/7] KEYS: encrypted: Allow TEE based trusted master keys Sumit Garg
2019-06-13 10:30 ` [RFC 6/7] doc: keys: Document usage of TEE based Trusted Keys Sumit Garg
2019-06-13 15:34   ` Jarkko Sakkinen
2019-06-14  5:37     ` Sumit Garg
2019-06-14 15:36       ` Jarkko Sakkinen
2019-06-13 10:30 ` [RFC 7/7] MAINTAINERS: Add entry for " Sumit Garg
2019-06-13 16:40 ` [RFC 0/7] Introduce TEE based Trusted Keys support Casey Schaufler
2019-06-14  0:03   ` Mimi Zohar
2019-06-14  8:17     ` Sumit Garg
2019-06-14  5:58   ` Sumit Garg
2019-07-08 12:41 ` Sumit Garg
2019-07-08 16:31   ` Jens Wiklander
2019-07-09  5:58     ` Sumit Garg

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190709070354.GA5791@jax \
    --to=jens.wiklander@linaro.org \
    --cc=ard.biesheuvel@linaro.org \
    --cc=corbet@lwn.net \
    --cc=daniel.thompson@linaro.org \
    --cc=dhowells@redhat.com \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=tee-dev@lists.linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).