On 11/7/24 17:24, Dionna Glaze wrote:
> sev_issue_cmd_external_user is the only function that checks permissions
> before performing its task. With the new GCTX API, it's important to
> establish permission once and have that determination dominate later API
> uses. This is implicitly how ccp has been used by dominating uses of
> sev_do_cmd by a successful sev_issue_cmd_external_user call.
>
> Consider sev_issue_cmd_external_user deprecated by
> checking if a held file descriptor passes file_is_sev, similar to the
> file_is_kvm function.
>
> This also fixes the header comment that the bad file error code is
> -%EINVAL when in fact it is -%EBADF.
Same comment as before. This commit merely creates a helper function, so
this commit message is not appropriate.
>
> CC: Sean Christopherson <seanjc@xxxxxxxxxx>
> CC: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> CC: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
> CC: Ingo Molnar <mingo@xxxxxxxxxx>
> CC: Borislav Petkov <bp@xxxxxxxxx>
> CC: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> CC: Ashish Kalra <ashish.kalra@xxxxxxx>
> CC: Tom Lendacky <thomas.lendacky@xxxxxxx>
> CC: John Allen <john.allen@xxxxxxx>
> CC: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
> CC: "David S. Miller" <davem@xxxxxxxxxxxxx>
> CC: Michael Roth <michael.roth@xxxxxxx>
> CC: Luis Chamberlain <mcgrof@xxxxxxxxxx>
> CC: Russ Weight <russ.weight@xxxxxxxxx>
> CC: Danilo Krummrich <dakr@xxxxxxxxxx>
> CC: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
> CC: "Rafael J. Wysocki" <rafael@xxxxxxxxxx>
> CC: Tianfei zhang <tianfei.zhang@xxxxxxxxx>
> CC: Alexey Kardashevskiy <aik@xxxxxxx>
>
> Signed-off-by: Dionna Glaze <dionnaglaze@xxxxxxxxxx>
> ---
> drivers/crypto/ccp/sev-dev.c | 13 +++++++++++--
> include/linux/psp-sev.h | 11 ++++++++++-
> 2 files changed, 21 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
> index 498ec8a0deeca..f92e6a222da8a 100644
> --- a/drivers/crypto/ccp/sev-dev.c
> +++ b/drivers/crypto/ccp/sev-dev.c
> @@ -8,6 +8,7 @@
> */
>
> #include <linux/bitfield.h>
> +#include <linux/file.h>
> #include <linux/module.h>
> #include <linux/kernel.h>
> #include <linux/kthread.h>
> @@ -2486,11 +2487,19 @@ static struct notifier_block snp_panic_notifier = {
> .notifier_call = snp_shutdown_on_panic,
> };
>
> +bool file_is_sev(struct file *p)
> +{
> + return p && p->f_op == &sev_fops;
> +}
> +EXPORT_SYMBOL_GPL(file_is_sev);
> +
> int sev_issue_cmd_external_user(struct file *filep, unsigned int cmd,
> void *data, int *error)
> {
> - if (!filep || filep->f_op != &sev_fops)
> - return -EBADF;
> + int rc = file_is_sev(filep) ? 0 : -EBADF;
> +
> + if (rc)
> + return rc;
Get rid of rc and just do:
if (!file_is_sev(filep))
return -EBADF;
Thanks,
Tom
>
> return sev_do_cmd(cmd, data, error);
> }
> diff --git a/include/linux/psp-sev.h b/include/linux/psp-sev.h
> index b91cbdc208f49..ed85c0cfcfcbe 100644
> --- a/include/linux/psp-sev.h
> +++ b/include/linux/psp-sev.h
> @@ -879,11 +879,18 @@ int sev_platform_status(struct sev_user_data_status *status, int *error);
> * -%ENOTSUPP if the SEV does not support SEV
> * -%ETIMEDOUT if the SEV command timed out
> * -%EIO if the SEV returned a non-zero return code
> - * -%EINVAL if the SEV file descriptor is not valid
> + * -%EBADF if the file pointer is bad or does not grant access
> */
> int sev_issue_cmd_external_user(struct file *filep, unsigned int id,
> void *data, int *error);
>
> +/**
> + * file_is_sev - returns whether a file pointer is for the SEV device
> + *
> + * @filep - SEV device file pointer
> + */
> +bool file_is_sev(struct file *filep);
> +
> /**
> * sev_guest_deactivate - perform SEV DEACTIVATE command
> *
> @@ -1039,6 +1046,8 @@ static inline int sev_guest_df_flush(int *error) { return -ENODEV; }
> static inline int
> sev_issue_cmd_external_user(struct file *filep, unsigned int id, void *data, int *error) { return -ENODEV; }
>
> +static inline bool file_is_sev(struct file *filep) { return false; }
> +
> static inline void *psp_copy_user_blob(u64 __user uaddr, u32 len) { return ERR_PTR(-EINVAL); }
>
> static inline void *snp_alloc_firmware_page(gfp_t mask)
