aboutsummaryrefslogtreecommitdiffstats
path: root/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch')
-rw-r--r--meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch92
1 files changed, 92 insertions, 0 deletions
diff --git a/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch
new file mode 100644
index 00000000..5d0f49bf
--- /dev/null
+++ b/meta-amd-bsp/recipes-kernel/linux/linux-yocto-4.14.71-e3000/0088-KVM-SVM-no-need-to-call-access_ok-in-LAUNCH_MEASURE-.patch
@@ -0,0 +1,92 @@
+From a63bec5a4d29dba22ee32a0f5af779e17000e415 Mon Sep 17 00:00:00 2001
+From: Brijesh Singh <brijesh.singh@amd.com>
+Date: Fri, 23 Feb 2018 12:36:50 -0600
+Subject: [PATCH 88/95] KVM: SVM: no need to call access_ok() in LAUNCH_MEASURE
+ command
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Using the access_ok() to validate the input before issuing the SEV
+command does not buy us anything in this case. If userland is
+giving us a garbage pointer then copy_to_user() will catch it when we try
+to return the measurement.
+
+Suggested-by: Al Viro <viro@ZenIV.linux.org.uk>
+Fixes: 0d0736f76347 (KVM: SVM: Add support for KVM_SEV_LAUNCH_MEASURE ...)
+Cc: Paolo Bonzini <pbonzini@redhat.com>
+Cc: Radim Krčmář <rkrcmar@redhat.com>
+Cc: Borislav Petkov <bp@suse.de>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: linux-kernel@vger.kernel.org
+Cc: Joerg Roedel <joro@8bytes.org>
+Signed-off-by: Brijesh Singh <brijesh.singh@amd.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Sudheesh Mavila <sudheesh.mavila@amd.com>
+---
+ arch/x86/kvm/svm.c | 16 +++++++---------
+ 1 file changed, 7 insertions(+), 9 deletions(-)
+
+diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
+index 399ad5e..8e60fbc 100755
+--- a/arch/x86/kvm/svm.c
++++ b/arch/x86/kvm/svm.c
+@@ -6205,16 +6205,18 @@ static int sev_launch_update_data(struct kvm *kvm, struct kvm_sev_cmd *argp)
+
+ static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp)
+ {
++ void __user *measure = (void __user *)(uintptr_t)argp->data;
+ struct kvm_sev_info *sev = &kvm->arch.sev_info;
+ struct sev_data_launch_measure *data;
+ struct kvm_sev_launch_measure params;
++ void __user *p = NULL;
+ void *blob = NULL;
+ int ret;
+
+ if (!sev_guest(kvm))
+ return -ENOTTY;
+
+- if (copy_from_user(&params, (void __user *)(uintptr_t)argp->data, sizeof(params)))
++ if (copy_from_user(&params, measure, sizeof(params)))
+ return -EFAULT;
+
+ data = kzalloc(sizeof(*data), GFP_KERNEL);
+@@ -6225,17 +6227,13 @@ static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp)
+ if (!params.len)
+ goto cmd;
+
+- if (params.uaddr) {
++ p = (void __user *)(uintptr_t)params.uaddr;
++ if (p) {
+ if (params.len > SEV_FW_BLOB_MAX_SIZE) {
+ ret = -EINVAL;
+ goto e_free;
+ }
+
+- if (!access_ok(VERIFY_WRITE, params.uaddr, params.len)) {
+- ret = -EFAULT;
+- goto e_free;
+- }
+-
+ ret = -ENOMEM;
+ blob = kmalloc(params.len, GFP_KERNEL);
+ if (!blob)
+@@ -6259,13 +6257,13 @@ static int sev_launch_measure(struct kvm *kvm, struct kvm_sev_cmd *argp)
+ goto e_free_blob;
+
+ if (blob) {
+- if (copy_to_user((void __user *)(uintptr_t)params.uaddr, blob, params.len))
++ if (copy_to_user(p, blob, params.len))
+ ret = -EFAULT;
+ }
+
+ done:
+ params.len = data->len;
+- if (copy_to_user((void __user *)(uintptr_t)argp->data, &params, sizeof(params)))
++ if (copy_to_user(measure, &params, sizeof(params)))
+ ret = -EFAULT;
+ e_free_blob:
+ kfree(blob);
+--
+2.7.4
+