<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/crypto/ccp/sev-dev.c, branch v5.8</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>crypto: ccp - Fix sparse warnings in sev-dev</title>
<updated>2020-06-15T07:38:53+00:00</updated>
<author>
<name>Herbert Xu</name>
<email>herbert@gondor.apana.org.au</email>
</author>
<published>2020-06-04T08:09:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=376bd28d03c97b4d53f5797d5f9b3522c8bd4d3d'/>
<id>376bd28d03c97b4d53f5797d5f9b3522c8bd4d3d</id>
<content type='text'>
This patch fixes a bunch of sparse warnings in sev-dev where the
__user marking is incorrectly handled.

Reported-by: kbuild test robot &lt;lkp@intel.com&gt;
Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
Fixes: 76a2b524a4b1 ("crypto: ccp: Implement SEV_PDH_CERT_EXPORT...")
Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This patch fixes a bunch of sparse warnings in sev-dev where the
__user marking is incorrectly handled.

Reported-by: kbuild test robot &lt;lkp@intel.com&gt;
Fixes: 7360e4b14350 ("crypto: ccp: Implement SEV_PEK_CERT_IMPORT...")
Fixes: e799035609e1 ("crypto: ccp: Implement SEV_PEK_CSR ioctl...")
Fixes: 76a2b524a4b1 ("crypto: ccp: Implement SEV_PDH_CERT_EXPORT...")
Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command")
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge branch 'uaccess.access_ok' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs</title>
<updated>2020-06-01T23:09:43+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2020-06-01T23:09:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e0cd9206878a3b95024602b355b254d142f5ce94'/>
<id>e0cd9206878a3b95024602b355b254d142f5ce94</id>
<content type='text'>
Pull uaccess/access_ok updates from Al Viro:
 "Removals of trivially pointless access_ok() calls.

  Note: the fiemap stuff was removed from the series, since they are
  duplicates with part of ext4 series carried in Ted's tree"

* 'uaccess.access_ok' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  vmci_host: get rid of pointless access_ok()
  hfi1: get rid of pointless access_ok()
  usb: get rid of pointless access_ok() calls
  lpfc_debugfs: get rid of pointless access_ok()
  efi_test: get rid of pointless access_ok()
  drm_read(): get rid of pointless access_ok()
  via-pmu: don't bother with access_ok()
  drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok()
  omapfb: get rid of pointless access_ok() calls
  amifb: get rid of pointless access_ok() calls
  drivers/fpga/dfl-afu-dma-region.c: get rid of pointless access_ok()
  drivers/fpga/dfl-fme-pr.c: get rid of pointless access_ok()
  cm4000_cs.c cmm_ioctl(): get rid of pointless access_ok()
  nvram: drop useless access_ok()
  n_hdlc_tty_read(): remove pointless access_ok()
  tomoyo_write_control(): get rid of pointless access_ok()
  btrfs_ioctl_send(): don't bother with access_ok()
  fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade...
  dlmfs_file_write(): get rid of pointless access_ok()
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull uaccess/access_ok updates from Al Viro:
 "Removals of trivially pointless access_ok() calls.

  Note: the fiemap stuff was removed from the series, since they are
  duplicates with part of ext4 series carried in Ted's tree"

* 'uaccess.access_ok' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  vmci_host: get rid of pointless access_ok()
  hfi1: get rid of pointless access_ok()
  usb: get rid of pointless access_ok() calls
  lpfc_debugfs: get rid of pointless access_ok()
  efi_test: get rid of pointless access_ok()
  drm_read(): get rid of pointless access_ok()
  via-pmu: don't bother with access_ok()
  drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok()
  omapfb: get rid of pointless access_ok() calls
  amifb: get rid of pointless access_ok() calls
  drivers/fpga/dfl-afu-dma-region.c: get rid of pointless access_ok()
  drivers/fpga/dfl-fme-pr.c: get rid of pointless access_ok()
  cm4000_cs.c cmm_ioctl(): get rid of pointless access_ok()
  nvram: drop useless access_ok()
  n_hdlc_tty_read(): remove pointless access_ok()
  tomoyo_write_control(): get rid of pointless access_ok()
  btrfs_ioctl_send(): don't bother with access_ok()
  fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade...
  dlmfs_file_write(): get rid of pointless access_ok()
</pre>
</div>
</content>
</entry>
<entry>
<title>drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok()</title>
<updated>2020-05-29T15:05:54+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2020-04-23T02:56:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=835ae3bb530a2e40dd5615c3728d4a78320f6fb8'/>
<id>835ae3bb530a2e40dd5615c3728d4a78320f6fb8</id>
<content type='text'>
Contrary to the comments, those do *NOT* verify anything about
writability of memory, etc.

In all cases addresses are passed only to copy_to_user().

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Contrary to the comments, those do *NOT* verify anything about
writability of memory, etc.

In all cases addresses are passed only to copy_to_user().

Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Add support for SEV-ES to the PSP driver</title>
<updated>2020-04-30T05:19:33+00:00</updated>
<author>
<name>Tom Lendacky</name>
<email>thomas.lendacky@amd.com</email>
</author>
<published>2020-04-21T17:44:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=97f9ac3db6612f14ac0c509e1a63ce14fd4cc0eb'/>
<id>97f9ac3db6612f14ac0c509e1a63ce14fd4cc0eb</id>
<content type='text'>
To provide support for SEV-ES, the hypervisor must provide an area of
memory to the PSP. Once this Trusted Memory Region (TMR) is provided to
the PSP, the contents of this area of memory are no longer available to
the x86.

Update the PSP driver to allocate a 1MB region for the TMR that is 1MB
aligned and then provide it to the PSP through the SEV INIT command.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Reviewed-by: Joerg Roedel &lt;jroedel@suse.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
To provide support for SEV-ES, the hypervisor must provide an area of
memory to the PSP. Once this Trusted Memory Region (TMR) is provided to
the PSP, the contents of this area of memory are no longer available to
the x86.

Update the PSP driver to allocate a 1MB region for the TMR that is 1MB
aligned and then provide it to the PSP through the SEV INIT command.

Signed-off-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Reviewed-by: Joerg Roedel &lt;jroedel@suse.de&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - use file mode for sev ioctl permissions</title>
<updated>2020-03-12T12:00:15+00:00</updated>
<author>
<name>Connor Kuehl</name>
<email>ckuehl@redhat.com</email>
</author>
<published>2020-03-06T17:20:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b61028135843d5418f0469d11e2769ca77159463'/>
<id>b61028135843d5418f0469d11e2769ca77159463</id>
<content type='text'>
Instead of using CAP_SYS_ADMIN which is restricted to the root user,
check the file mode for write permissions before executing commands that
can affect the platform. This allows for more fine-grained access
control to the SEV ioctl interface. This would allow a SEV-only user
or group the ability to administer the platform without requiring them
to be root or granting them overly powerful permissions.

For example:

chown root:root /dev/sev
chmod 600 /dev/sev
setfacl -m g:sev:r /dev/sev
setfacl -m g:sev-admin:rw /dev/sev

In this instance, members of the "sev-admin" group have the ability to
perform all ioctl calls (including the ones that modify platform state).
Members of the "sev" group only have access to the ioctls that do not
modify the platform state.

This also makes opening "/dev/sev" more consistent with how file
descriptors are usually handled. By only checking for CAP_SYS_ADMIN,
the file descriptor could be opened read-only but could still execute
ioctls that modify the platform state. This patch enforces that the file
descriptor is opened with write privileges if it is going to be used to
modify the platform state.

This flexibility is completely opt-in, and if it is not desirable by
the administrator then they do not need to give anyone else access to
/dev/sev.

Signed-off-by: Connor Kuehl &lt;ckuehl@redhat.com&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Reviewed-by: Bandan Das &lt;bsd@redhat.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Instead of using CAP_SYS_ADMIN which is restricted to the root user,
check the file mode for write permissions before executing commands that
can affect the platform. This allows for more fine-grained access
control to the SEV ioctl interface. This would allow a SEV-only user
or group the ability to administer the platform without requiring them
to be root or granting them overly powerful permissions.

For example:

chown root:root /dev/sev
chmod 600 /dev/sev
setfacl -m g:sev:r /dev/sev
setfacl -m g:sev-admin:rw /dev/sev

In this instance, members of the "sev-admin" group have the ability to
perform all ioctl calls (including the ones that modify platform state).
Members of the "sev" group only have access to the ioctls that do not
modify the platform state.

This also makes opening "/dev/sev" more consistent with how file
descriptors are usually handled. By only checking for CAP_SYS_ADMIN,
the file descriptor could be opened read-only but could still execute
ioctls that modify the platform state. This patch enforces that the file
descriptor is opened with write privileges if it is going to be used to
modify the platform state.

This flexibility is completely opt-in, and if it is not desirable by
the administrator then they do not need to give anyone else access to
/dev/sev.

Signed-off-by: Connor Kuehl &lt;ckuehl@redhat.com&gt;
Reviewed-by: Brijesh Singh &lt;brijesh.singh@amd.com&gt;
Reviewed-by: Bandan Das &lt;bsd@redhat.com&gt;
Acked-by: David Rientjes &lt;rientjes@google.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - Cleanup misc_dev on sev_exit()</title>
<updated>2020-03-12T12:00:12+00:00</updated>
<author>
<name>John Allen</name>
<email>john.allen@amd.com</email>
</author>
<published>2020-03-03T13:57:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1f14b57ffc0adcbba0cf35214b0a6129ceae9d09'/>
<id>1f14b57ffc0adcbba0cf35214b0a6129ceae9d09</id>
<content type='text'>
Explicitly free and clear misc_dev in sev_exit(). Since devm_kzalloc()
associates misc_dev with the first device that gets probed, change from
devm_kzalloc() to kzalloc() and explicitly free memory in sev_exit() as
the first device probed is not guaranteed to be the last device released.
To ensure that the variable gets properly set to NULL, remove the local
definition of misc_dev.

Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Signed-off-by: John Allen &lt;john.allen@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Explicitly free and clear misc_dev in sev_exit(). Since devm_kzalloc()
associates misc_dev with the first device that gets probed, change from
devm_kzalloc() to kzalloc() and explicitly free memory in sev_exit() as
the first device probed is not guaranteed to be the last device released.
To ensure that the variable gets properly set to NULL, remove the local
definition of misc_dev.

Fixes: 200664d5237f ("crypto: ccp: Add Secure Encrypted Virtualization (SEV) command support")
Signed-off-by: John Allen &lt;john.allen@amd.com&gt;
Acked-by: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - move SEV vdata to a dedicated data structure</title>
<updated>2019-12-20T06:58:32+00:00</updated>
<author>
<name>Rijo Thomas</name>
<email>Rijo-john.Thomas@amd.com</email>
</author>
<published>2019-12-04T06:19:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6eb0cc72bcbe9cc5b9ccd41d7226929767e41311'/>
<id>6eb0cc72bcbe9cc5b9ccd41d7226929767e41311</id>
<content type='text'>
PSP can support both SEV and TEE interface. Therefore, move
SEV specific registers to a dedicated data structure.
TEE interface specific registers will be added in a later
patch.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
PSP can support both SEV and TEE interface. Therefore, move
SEV specific registers to a dedicated data structure.
TEE interface specific registers will be added in a later
patch.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - create a generic psp-dev file</title>
<updated>2019-12-20T06:58:32+00:00</updated>
<author>
<name>Rijo Thomas</name>
<email>Rijo-john.Thomas@amd.com</email>
</author>
<published>2019-12-04T06:18:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=b93566f1bb54e02a1ff1e3b4782073be1886744e'/>
<id>b93566f1bb54e02a1ff1e3b4782073be1886744e</id>
<content type='text'>
The PSP (Platform Security Processor) provides support for key management
commands in Secure Encrypted Virtualization (SEV) mode, along with
software-based Trusted Execution Environment (TEE) to enable third-party
Trusted Applications.

Therefore, introduce psp-dev.c and psp-dev.h files, which can invoke
SEV (or TEE) initialization based on platform feature support.

TEE interface support will be introduced in a later patch.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The PSP (Platform Security Processor) provides support for key management
commands in Secure Encrypted Virtualization (SEV) mode, along with
software-based Trusted Execution Environment (TEE) to enable third-party
Trusted Applications.

Therefore, introduce psp-dev.c and psp-dev.h files, which can invoke
SEV (or TEE) initialization based on platform feature support.

TEE interface support will be introduced in a later patch.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>crypto: ccp - rename psp-dev files to sev-dev</title>
<updated>2019-12-20T06:52:59+00:00</updated>
<author>
<name>Rijo Thomas</name>
<email>Rijo-john.Thomas@amd.com</email>
</author>
<published>2019-12-04T06:18:58+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9b67d08dbc1751ab15d972a63a4d9132e7e7442f'/>
<id>9b67d08dbc1751ab15d972a63a4d9132e7e7442f</id>
<content type='text'>
This is a preliminary patch for creating a generic PSP device driver
file, which will have support for both SEV and TEE (Trusted Execution
Environment) interface.

This patch does not introduce any new functionality, but simply renames
psp-dev.c and psp-dev.h files to sev-dev.c and sev-dev.h files
respectively.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
This is a preliminary patch for creating a generic PSP device driver
file, which will have support for both SEV and TEE (Trusted Execution
Environment) interface.

This patch does not introduce any new functionality, but simply renames
psp-dev.c and psp-dev.h files to sev-dev.c and sev-dev.h files
respectively.

Cc: Ard Biesheuvel &lt;ard.biesheuvel@linaro.org&gt;
Cc: Tom Lendacky &lt;thomas.lendacky@amd.com&gt;
Cc: Jens Wiklander &lt;jens.wiklander@linaro.org&gt;
Co-developed-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Devaraj Rangasamy &lt;Devaraj.Rangasamy@amd.com&gt;
Signed-off-by: Rijo Thomas &lt;Rijo-john.Thomas@amd.com&gt;
Acked-by: Gary R Hook &lt;gary.hook@amd.com&gt;
Signed-off-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
</pre>
</div>
</content>
</entry>
</feed>
