From: Janosch Frank <frankja@linux.ibm.com>
To: Steffen Eiden <seiden@linux.ibm.com>,
kvm@vger.kernel.org, linux-s390@vger.kernel.org,
linux-kernel@vger.kernel.org,
Viktor Mihajlovski <mihajlov@linux.ibm.com>
Cc: Claudio Imbrenda <imbrenda@linux.ibm.com>,
Nico Boehr <nrb@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Heiko Carstens <hca@linux.ibm.com>,
Hendrik Brueckner <brueckner@linux.ibm.com>
Subject: Re: [PATCH v2 3/6] s390/uvdevice: Add 'List Secrets' UVC
Date: Mon, 5 Jun 2023 15:29:54 +0200 [thread overview]
Message-ID: <c19ee46b-4f89-172e-95d4-093145cff34d@linux.ibm.com> (raw)
In-Reply-To: <20230519093708.810957-4-seiden@linux.ibm.com>
On 5/19/23 11:37, Steffen Eiden wrote:
> Userspace can call the List Secrets Ultravisor Call
> using IOCTLs on the uvdevice.
> During the handling of the new IOCTL nr the uvdevice will do some sanity
> checks first. Then, perform the Ultravisor command, and copy the answer
> to userspace.
> If the List Secrets UV facility is not present, UV will return
> invalid command rc. This won't be fenced in the driver and does not
> result in a negative return value. This is also true for any other
> possible error code the UV can return.
>
> Signed-off-by: Steffen Eiden <seiden@linux.ibm.com>
> ---
>[...]
> +/** uvio_list_secrets() - perform a List Secret UVC
> + *
> + * @uv_ioctl: ioctl control block
> + *
> + * uvio_list_secrets() performs the List Secret Ultravisor Call.
> + * It verifies that the given userspace argument address is valid and its size
> + * is sane. Every other check is made by the Ultravisor (UV) and won't result
> + * in a negative return value. It builds the request, performs the UV-call,
> + * and copies the result to userspace.
> + *
> + * The argument specifies the location for the result of the UV-Call.
> + *
> + * If the List Secrets UV facility is not present,
> + * UV will return invalid command rc. This won't be fenced in the driver
> + * and does not result in a negative return value.
> + *
> + * Context: might sleep
> + *
> + * Return: 0 on success or a negative error code on error.
> + */
> +static int uvio_list_secrets(struct uvio_ioctl_cb *uv_ioctl)
> +{
> + void __user *user_buf_arg = (void __user *)uv_ioctl->argument_addr;
> + struct uv_cb_guest_addr uvcb = {
> + .header.len = sizeof(uvcb),
> + .header.cmd = UVC_CMD_LIST_SECRETS,
> + };
> + void *secrets = NULL;
> + int ret;
int ret = 0;
> +
> + if (uv_ioctl->argument_len != UVIO_LIST_SECRETS_LEN)
> + return -EINVAL;
I'd be less uneasy if you
s/uv_ioctl->argument_len/UVIO_LIST_SECRETS_LEN/ below. Yes, you check
the length above but it still feels weird to use a variable when we have
a perfectly fine constant just waiting to be used.
> +
> + secrets = kvzalloc(uv_ioctl->argument_len, GFP_KERNEL);
> + if (!secrets)
> + return -ENOMEM;
> +
> + uvcb.addr = (u64)secrets;
> + uv_call_sched(0, (u64)&uvcb);
> + uv_ioctl->uv_rc = uvcb.header.rc;
> + uv_ioctl->uv_rrc = uvcb.header.rrc;
> +
> + if (copy_to_user(user_buf_arg, secrets, uv_ioctl->argument_len))
> + ret = -EFAULT;
and remove the else
> + else
> + ret = 0;
> +
> + kvfree(secrets);
> + return ret;
> +}
> +
> static int uvio_copy_and_check_ioctl(struct uvio_ioctl_cb *ioctl, void __user *argp,
> unsigned long cmd)
> {
> @@ -333,6 +385,9 @@ static long uvio_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
> case UVIO_IOCTL_ADD_SECRET_NR:
> ret = uvio_add_secret(&uv_ioctl);
> break;
> + case UVIO_IOCTL_LIST_SECRETS_NR:
> + ret = uvio_list_secrets(&uv_ioctl);
> + break;
> default:
> ret = -ENOIOCTLCMD;
> break;
next prev parent reply other threads:[~2023-06-05 13:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-19 9:37 [PATCH v2 0/6] s390/uvdevice: Expose secret UVCs Steffen Eiden
2023-05-19 9:37 ` [PATCH v2 1/6] s390/uvdevice: Add info IOCTL Steffen Eiden
2023-06-05 12:39 ` Janosch Frank
2023-05-19 9:37 ` [PATCH v2 2/6] s390/uvdevice: Add 'Add Secret' UVC Steffen Eiden
2023-06-05 13:19 ` Janosch Frank
2023-05-19 9:37 ` [PATCH v2 3/6] s390/uvdevice: Add 'List Secrets' UVC Steffen Eiden
2023-06-05 13:29 ` Janosch Frank [this message]
2023-05-19 9:37 ` [PATCH v2 4/6] s390/uvdevice: Add 'Lock Secret Store' UVC Steffen Eiden
2023-06-05 13:34 ` Janosch Frank
2023-05-19 9:37 ` [PATCH v2 5/6] s390/uv: replace scnprintf with sysfs_emit Steffen Eiden
2023-06-05 13:55 ` Janosch Frank
2023-05-19 9:37 ` [PATCH v2 6/6] s390/uv: Update query for secret-UVCs Steffen Eiden
2023-06-05 14:03 ` Janosch Frank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c19ee46b-4f89-172e-95d4-093145cff34d@linux.ibm.com \
--to=frankja@linux.ibm.com \
--cc=borntraeger@linux.ibm.com \
--cc=brueckner@linux.ibm.com \
--cc=hca@linux.ibm.com \
--cc=imbrenda@linux.ibm.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=mihajlov@linux.ibm.com \
--cc=nrb@linux.ibm.com \
--cc=seiden@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox