Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature]: Provide SEV_FEATURES and VINTR_CTRL from user space to stabilize attestation #8

Open
1 task done
jarkkojs opened this issue Nov 28, 2022 · 1 comment
Open
1 task done
Assignees
Labels
attestation Issues related to attestation enhancement New feature or request

Comments

@jarkkojs
Copy link
Collaborator

Is there an existing issue for this?

  • I have searched the existing issues

Description

SEV_FEATURES and VINTR_CTRL change in Linux can break any program using SEV-SNP attestation, as the digest calculation might rely on older values. This could cause old binaries break on new kernel versions without warning.

Something like LAUNCH_UPDATE_VMSA_RESET_VECTOR command with SEV_FEATURES and VINTR_CTRL as parameters would work out, which would partially overwrite kernel VMSA.

Potentially they could be capped by kernel, i.e. "further restrict what kernel allows" should work out.

Acceptance Criteria

Suggestions for a technical implementation

@jarkkojs jarkkojs added the enhancement New feature or request label Nov 28, 2022
@jarkkojs jarkkojs self-assigned this Nov 28, 2022
@dpal dpal added this to Enarx Board Nov 29, 2022
@dpal dpal moved this to New in Enarx Board Nov 29, 2022
@dpal dpal added the attestation Issues related to attestation label Dec 1, 2022
@jarkkojs
Copy link
Collaborator Author

dpal pushed a commit to dpal/linux that referenced this issue Jan 27, 2023
In the error path in ata_tport_add(), when calling put_device(),
ata_tport_release() is called, it will put the refcount of 'ap->host'.

And then ata_host_put() is called again, the refcount is decreased
to 0, ata_host_release() is called, all ports are freed and set to
null.

When unbinding the device after failure, ata_host_stop() is called
to release the resources, it leads a null-ptr-deref(), because all
the ports all freed and null.

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
CPU: 7 PID: 18671 Comm: modprobe Kdump: loaded Tainted: G            E      6.1.0-rc3+ enarx#8
pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : ata_host_stop+0x3c/0x84 [libata]
lr : release_nodes+0x64/0xd0
Call trace:
 ata_host_stop+0x3c/0x84 [libata]
 release_nodes+0x64/0xd0
 devres_release_all+0xbc/0x1b0
 device_unbind_cleanup+0x20/0x70
 really_probe+0x158/0x320
 __driver_probe_device+0x84/0x120
 driver_probe_device+0x44/0x120
 __driver_attach+0xb4/0x220
 bus_for_each_dev+0x78/0xdc
 driver_attach+0x2c/0x40
 bus_add_driver+0x184/0x240
 driver_register+0x80/0x13c
 __pci_register_driver+0x4c/0x60
 ahci_pci_driver_init+0x30/0x1000 [ahci]

Fix this by removing redundant ata_host_put() in the error path.

Fixes: 2623c7a ("libata: add refcounting to ata_host")
Signed-off-by: Yang Yingliang <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
dpal pushed a commit to dpal/linux that referenced this issue Jan 27, 2023
In ata_tport_add(), the return value of transport_add_device() is
not checked. As a result, it causes null-ptr-deref while removing
the module, because transport_remove_device() is called to remove
the device that was not added.

Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G        W          6.1.0-rc3+ enarx#8
pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : device_del+0x48/0x39c
lr : device_del+0x44/0x39c
Call trace:
 device_del+0x48/0x39c
 attribute_container_class_device_del+0x28/0x40
 transport_remove_classdev+0x60/0x7c
 attribute_container_device_trigger+0x118/0x120
 transport_remove_device+0x20/0x30
 ata_tport_delete+0x34/0x60 [libata]
 ata_port_detach+0x148/0x1b0 [libata]
 ata_pci_remove_one+0x50/0x80 [libata]
 ahci_remove_one+0x4c/0x8c [ahci]

Fix this by checking and handling return value of transport_add_device()
in ata_tport_add().

Fixes: d902747 ("[libata] Add ATA transport class")
Signed-off-by: Yang Yingliang <[email protected]>
Signed-off-by: Damien Le Moal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
attestation Issues related to attestation enhancement New feature or request
Projects
Status: New
Development

No branches or pull requests

2 participants