From: Steffen Eiden <seiden@xxxxxxxxxxxxx> Additional data length in the attestation request is an in/out variable. Software provides the capacity of the buffer. Upon successful request, firmware reports the actual bytes written to the additional data in that field. This information is lost, as the length field was not copied back to userspace before. Attestation might fail, if user space did not specify the exact amount of needed bytes required, as this length is part of the attestation measurement. Signed-off-by: Steffen Eiden <seiden@xxxxxxxxxxxxx> Reviewed-by: Claudio Imbrenda <imbrenda@xxxxxxxxxxxxx> Reviewed-by: Janosch Frank <frankja@xxxxxxxxxxxxx> Link: https://lore.kernel.org/r/20231106124922.3032370-1-seiden@xxxxxxxxxxxxx Message-Id: <20231106124922.3032370-1-seiden@xxxxxxxxxxxxx> Signed-off-by: Janosch Frank <frankja@xxxxxxxxxxxxx> --- drivers/s390/char/uvdevice.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/s390/char/uvdevice.c b/drivers/s390/char/uvdevice.c index 144cd2e03590..42c9f77f8da0 100644 --- a/drivers/s390/char/uvdevice.c +++ b/drivers/s390/char/uvdevice.c @@ -109,6 +109,7 @@ static int uvio_copy_attest_result_to_user(struct uv_cb_attest *uvcb_attest, struct uvio_attest *uvio_attest) { struct uvio_attest __user *user_uvio_attest = (void __user *)uv_ioctl->argument_addr; + u32 __user *user_buf_add_len = (u32 __user *)&user_uvio_attest->add_data_len; void __user *user_buf_add = (void __user *)uvio_attest->add_data_addr; void __user *user_buf_meas = (void __user *)uvio_attest->meas_addr; void __user *user_buf_uid = &user_uvio_attest->config_uid; @@ -117,6 +118,8 @@ static int uvio_copy_attest_result_to_user(struct uv_cb_attest *uvcb_attest, return -EFAULT; if (add_data && copy_to_user(user_buf_add, add_data, uvio_attest->add_data_len)) return -EFAULT; + if (put_user(uvio_attest->add_data_len, user_buf_add_len)) + return -EFAULT; if (copy_to_user(user_buf_uid, uvcb_attest->config_uid, sizeof(uvcb_attest->config_uid))) return -EFAULT; return 0; -- 2.43.0