From: kernel test robot <lkp@intel.com>
To: Dov Murik <dovmurik@linux.ibm.com>, linux-efi@vger.kernel.org
Cc: kbuild-all@lists.01.org, Dov Murik <dovmurik@linux.ibm.com>,
Borislav Petkov <bp@suse.de>, Ashish Kalra <ashish.kalra@amd.com>,
Brijesh Singh <brijesh.singh@amd.com>,
Tom Lendacky <thomas.lendacky@amd.com>,
Ard Biesheuvel <ardb@kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andi Kleen <ak@linux.intel.com>
Subject: Re: [PATCH v6 3/5] virt: Add efi_secret module to expose confidential computing secrets
Date: Mon, 6 Dec 2021 15:58:11 +0800 [thread overview]
Message-ID: <202112061528.k1C2Xe9d-lkp@intel.com> (raw)
In-Reply-To: <20211129114251.3741721-4-dovmurik@linux.ibm.com>
Hi Dov,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on 42eb8fdac2fc5d62392dcfcf0253753e821a97b0]
url: https://github.com/0day-ci/linux/commits/Dov-Murik/Allow-guest-access-to-EFI-confidential-computing-secret-area/20211129-194749
base: 42eb8fdac2fc5d62392dcfcf0253753e821a97b0
config: x86_64-randconfig-s032-20211206 (https://download.01.org/0day-ci/archive/20211206/202112061528.k1C2Xe9d-lkp@intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/ebf498903d5371698bd13ed4005b4d61702f8223
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Dov-Murik/Allow-guest-access-to-EFI-confidential-computing-secret-area/20211129-194749
git checkout ebf498903d5371698bd13ed4005b4d61702f8223
# save the config file to linux build tree
mkdir build_dir
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/virt/coco/efi_secret/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected unsigned char *ptr @@ got void [noderef] __iomem *secret_data @@
drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: expected unsigned char *ptr
drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: got void [noderef] __iomem *secret_data
vim +242 drivers/virt/coco/efi_secret/efi_secret.c
211
212 static int efi_secret_securityfs_setup(void)
213 {
214 struct efi_secret *s = efi_secret_get();
215 int ret = 0, i = 0, bytes_left;
216 unsigned char *ptr;
217 struct secret_header *h;
218 struct secret_entry *e;
219 struct dentry *dent;
220 char guid_str[EFI_VARIABLE_GUID_LEN + 1];
221
222 s->coco_dir = NULL;
223 s->fs_dir = NULL;
224 memset(s->fs_files, 0, sizeof(s->fs_files));
225
226 dent = securityfs_create_dir("coco", NULL);
227 if (IS_ERR(dent)) {
228 pr_err("Error creating coco securityfs directory entry err=%ld\n", PTR_ERR(dent));
229 return PTR_ERR(dent);
230 }
231 s->coco_dir = dent;
232
233 dent = securityfs_create_dir("efi_secret", s->coco_dir);
234 if (IS_ERR(dent)) {
235 pr_err("Error creating efi_secret securityfs directory entry err=%ld\n",
236 PTR_ERR(dent));
237 return PTR_ERR(dent);
238 }
239 d_inode(dent)->i_op = &efi_secret_dir_inode_operations;
240 s->fs_dir = dent;
241
> 242 ptr = s->secret_data;
243 h = (struct secret_header *)ptr;
244 if (efi_guidcmp(h->guid, EFI_SECRET_TABLE_HEADER_GUID)) {
245 pr_err("EFI secret area does not start with correct GUID\n");
246 ret = -EINVAL;
247 goto err_cleanup;
248 }
249 if (h->len < sizeof(*h)) {
250 pr_err("EFI secret area reported length is too small\n");
251 ret = -EINVAL;
252 goto err_cleanup;
253 }
254 if (h->len > s->secret_data_len) {
255 pr_err("EFI secret area reported length is too big\n");
256 ret = -EINVAL;
257 goto err_cleanup;
258 }
259
260 bytes_left = h->len - sizeof(*h);
261 ptr += sizeof(*h);
262 while (bytes_left >= (int)sizeof(*e) && i < EFI_SECRET_NUM_FILES) {
263 e = (struct secret_entry *)ptr;
264 if (e->len < sizeof(*e) || e->len > (unsigned int)bytes_left) {
265 pr_err("EFI secret area is corrupted\n");
266 ret = -EINVAL;
267 goto err_cleanup;
268 }
269
270 /* Skip deleted entries (which will have NULL_GUID) */
271 if (efi_guidcmp(e->guid, NULL_GUID)) {
272 efi_guid_to_str(&e->guid, guid_str);
273
274 dent = securityfs_create_file(guid_str, 0440, s->fs_dir, (void *)e,
275 &efi_secret_bin_file_fops);
276 if (IS_ERR(dent)) {
277 pr_err("Error creating efi_secret securityfs entry\n");
278 ret = PTR_ERR(dent);
279 goto err_cleanup;
280 }
281
282 s->fs_files[i++] = dent;
283 }
284 ptr += e->len;
285 bytes_left -= e->len;
286 }
287
288 pr_debug("Created %d entries in efi_secret securityfs\n", i);
289 return 0;
290
291 err_cleanup:
292 efi_secret_securityfs_teardown();
293 return ret;
294 }
295
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
WARNING: multiple messages have this Message-ID (diff)
From: kernel test robot <lkp@intel.com>
To: kbuild-all@lists.01.org
Subject: Re: [PATCH v6 3/5] virt: Add efi_secret module to expose confidential computing secrets
Date: Mon, 06 Dec 2021 15:58:11 +0800 [thread overview]
Message-ID: <202112061528.k1C2Xe9d-lkp@intel.com> (raw)
In-Reply-To: <20211129114251.3741721-4-dovmurik@linux.ibm.com>
[-- Attachment #1: Type: text/plain, Size: 4815 bytes --]
Hi Dov,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on 42eb8fdac2fc5d62392dcfcf0253753e821a97b0]
url: https://github.com/0day-ci/linux/commits/Dov-Murik/Allow-guest-access-to-EFI-confidential-computing-secret-area/20211129-194749
base: 42eb8fdac2fc5d62392dcfcf0253753e821a97b0
config: x86_64-randconfig-s032-20211206 (https://download.01.org/0day-ci/archive/20211206/202112061528.k1C2Xe9d-lkp(a)intel.com/config)
compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
reproduce:
# apt-get install sparse
# sparse version: v0.6.4-dirty
# https://github.com/0day-ci/linux/commit/ebf498903d5371698bd13ed4005b4d61702f8223
git remote add linux-review https://github.com/0day-ci/linux
git fetch --no-tags linux-review Dov-Murik/Allow-guest-access-to-EFI-confidential-computing-secret-area/20211129-194749
git checkout ebf498903d5371698bd13ed4005b4d61702f8223
# save the config file to linux build tree
mkdir build_dir
make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=x86_64 SHELL=/bin/bash drivers/virt/coco/efi_secret/
If you fix the issue, kindly add following tag as appropriate
Reported-by: kernel test robot <lkp@intel.com>
sparse warnings: (new ones prefixed by >>)
>> drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: sparse: incorrect type in assignment (different address spaces) @@ expected unsigned char *ptr @@ got void [noderef] __iomem *secret_data @@
drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: expected unsigned char *ptr
drivers/virt/coco/efi_secret/efi_secret.c:242:13: sparse: got void [noderef] __iomem *secret_data
vim +242 drivers/virt/coco/efi_secret/efi_secret.c
211
212 static int efi_secret_securityfs_setup(void)
213 {
214 struct efi_secret *s = efi_secret_get();
215 int ret = 0, i = 0, bytes_left;
216 unsigned char *ptr;
217 struct secret_header *h;
218 struct secret_entry *e;
219 struct dentry *dent;
220 char guid_str[EFI_VARIABLE_GUID_LEN + 1];
221
222 s->coco_dir = NULL;
223 s->fs_dir = NULL;
224 memset(s->fs_files, 0, sizeof(s->fs_files));
225
226 dent = securityfs_create_dir("coco", NULL);
227 if (IS_ERR(dent)) {
228 pr_err("Error creating coco securityfs directory entry err=%ld\n", PTR_ERR(dent));
229 return PTR_ERR(dent);
230 }
231 s->coco_dir = dent;
232
233 dent = securityfs_create_dir("efi_secret", s->coco_dir);
234 if (IS_ERR(dent)) {
235 pr_err("Error creating efi_secret securityfs directory entry err=%ld\n",
236 PTR_ERR(dent));
237 return PTR_ERR(dent);
238 }
239 d_inode(dent)->i_op = &efi_secret_dir_inode_operations;
240 s->fs_dir = dent;
241
> 242 ptr = s->secret_data;
243 h = (struct secret_header *)ptr;
244 if (efi_guidcmp(h->guid, EFI_SECRET_TABLE_HEADER_GUID)) {
245 pr_err("EFI secret area does not start with correct GUID\n");
246 ret = -EINVAL;
247 goto err_cleanup;
248 }
249 if (h->len < sizeof(*h)) {
250 pr_err("EFI secret area reported length is too small\n");
251 ret = -EINVAL;
252 goto err_cleanup;
253 }
254 if (h->len > s->secret_data_len) {
255 pr_err("EFI secret area reported length is too big\n");
256 ret = -EINVAL;
257 goto err_cleanup;
258 }
259
260 bytes_left = h->len - sizeof(*h);
261 ptr += sizeof(*h);
262 while (bytes_left >= (int)sizeof(*e) && i < EFI_SECRET_NUM_FILES) {
263 e = (struct secret_entry *)ptr;
264 if (e->len < sizeof(*e) || e->len > (unsigned int)bytes_left) {
265 pr_err("EFI secret area is corrupted\n");
266 ret = -EINVAL;
267 goto err_cleanup;
268 }
269
270 /* Skip deleted entries (which will have NULL_GUID) */
271 if (efi_guidcmp(e->guid, NULL_GUID)) {
272 efi_guid_to_str(&e->guid, guid_str);
273
274 dent = securityfs_create_file(guid_str, 0440, s->fs_dir, (void *)e,
275 &efi_secret_bin_file_fops);
276 if (IS_ERR(dent)) {
277 pr_err("Error creating efi_secret securityfs entry\n");
278 ret = PTR_ERR(dent);
279 goto err_cleanup;
280 }
281
282 s->fs_files[i++] = dent;
283 }
284 ptr += e->len;
285 bytes_left -= e->len;
286 }
287
288 pr_debug("Created %d entries in efi_secret securityfs\n", i);
289 return 0;
290
291 err_cleanup:
292 efi_secret_securityfs_teardown();
293 return ret;
294 }
295
---
0-DAY CI Kernel Test Service, Intel Corporation
https://lists.01.org/hyperkitty/list/kbuild-all(a)lists.01.org
next prev parent reply other threads:[~2021-12-06 7:59 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-29 11:42 [PATCH v6 0/5] Allow guest access to EFI confidential computing secret area Dov Murik
2021-11-29 11:42 ` [PATCH v6 1/5] efi: Save location of EFI confidential computing area Dov Murik
2021-11-29 11:42 ` [PATCH v6 2/5] efi/libstub: Reserve confidential computing secret area Dov Murik
2021-11-29 11:42 ` [PATCH v6 3/5] virt: Add efi_secret module to expose confidential computing secrets Dov Murik
2021-12-06 7:58 ` kernel test robot [this message]
2021-12-06 7:58 ` kernel test robot
2021-11-29 11:42 ` [PATCH v6 4/5] efi: Load efi_secret module if EFI secret area is populated Dov Murik
2021-11-29 11:42 ` [PATCH v6 5/5] docs: security: Add coco/efi_secret documentation Dov Murik
2021-12-15 11:33 ` [PATCH v6 0/5] Allow guest access to EFI confidential computing secret area Dov Murik
2022-01-03 18:59 ` Borislav Petkov
2022-01-04 7:02 ` Dov Murik
2022-01-04 18:26 ` Borislav Petkov
2022-01-05 11:43 ` Dr. David Alan Gilbert
2022-01-05 19:01 ` Borislav Petkov
2022-01-05 20:07 ` Dr. David Alan Gilbert
2022-01-07 11:59 ` Borislav Petkov
2022-01-07 19:16 ` Peter Gonda
2022-01-10 11:14 ` Dov Murik
2022-01-10 16:27 ` Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202112061528.k1C2Xe9d-lkp@intel.com \
--to=lkp@intel.com \
--cc=ak@linux.intel.com \
--cc=ardb@kernel.org \
--cc=ashish.kalra@amd.com \
--cc=bp@suse.de \
--cc=brijesh.singh@amd.com \
--cc=dovmurik@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kbuild-all@lists.01.org \
--cc=linux-efi@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=thomas.lendacky@amd.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.