From: Andrew Donnellan <ajd@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: ruscur@russell.cc, bgray@linux.ibm.com, nayna@linux.ibm.com, gcwilson@linux.ibm.com, gjoyce@linux.ibm.com, brking@linux.ibm.com, stefanb@linux.ibm.com, sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, joel@jms.id.au, npiggin@gmail.com Subject: [PATCH v5 02/25] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Tue, 31 Jan 2023 17:39:05 +1100 [thread overview] Message-ID: <20230131063928.388035-3-ajd@linux.ibm.com> (raw) In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page boundaries - Password output buffers must not cross page boundaries To ensure correct alignment, we adjust the allocation size of each of these structures/buffers to be the closest power of 2 that is at least the size of the structure/buffer (since kmalloc() guarantees that an allocation of a power of 2 size will be aligned to at least that size). Reported-by: Benjamin Gray <bgray@linux.ibm.com> Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> Reviewed-by: Russell Currey <ruscur@russell.cc> Signed-off-by: Russell Currey <ruscur@russell.cc> --- v3: Merge plpks fixes and signed update series with secvar series v4: Fix typo in commit message Move up in series (npiggin) v5: Reword commit message to better explain alignment guarantee (mpe) --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 9e85b6d85b0b..a01cf2ff140a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -126,7 +126,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -162,7 +163,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -196,7 +199,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); -- 2.39.1
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Donnellan <ajd@linux.ibm.com> To: linuxppc-dev@lists.ozlabs.org, linux-integrity@vger.kernel.org Cc: sudhakar@linux.ibm.com, erichte@linux.ibm.com, gregkh@linuxfoundation.org, nayna@linux.ibm.com, npiggin@gmail.com, linux-kernel@vger.kernel.org, zohar@linux.ibm.com, gjoyce@linux.ibm.com, ruscur@russell.cc, joel@jms.id.au, bgray@linux.ibm.com, brking@linux.ibm.com, gcwilson@linux.ibm.com, stefanb@linux.ibm.com Subject: [PATCH v5 02/25] powerpc/pseries: Fix alignment of PLPKS structures and buffers Date: Tue, 31 Jan 2023 17:39:05 +1100 [thread overview] Message-ID: <20230131063928.388035-3-ajd@linux.ibm.com> (raw) In-Reply-To: <20230131063928.388035-1-ajd@linux.ibm.com> A number of structures and buffers passed to PKS hcalls have alignment requirements, which could on occasion cause problems: - Authorisation structures must be 16-byte aligned and must not cross a page boundary - Label structures must not cross page boundaries - Password output buffers must not cross page boundaries To ensure correct alignment, we adjust the allocation size of each of these structures/buffers to be the closest power of 2 that is at least the size of the structure/buffer (since kmalloc() guarantees that an allocation of a power of 2 size will be aligned to at least that size). Reported-by: Benjamin Gray <bgray@linux.ibm.com> Fixes: 2454a7af0f2a ("powerpc/pseries: define driver for Platform KeyStore") Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com> Reviewed-by: Russell Currey <ruscur@russell.cc> Signed-off-by: Russell Currey <ruscur@russell.cc> --- v3: Merge plpks fixes and signed update series with secvar series v4: Fix typo in commit message Move up in series (npiggin) v5: Reword commit message to better explain alignment guarantee (mpe) --- arch/powerpc/platforms/pseries/plpks.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/arch/powerpc/platforms/pseries/plpks.c b/arch/powerpc/platforms/pseries/plpks.c index 9e85b6d85b0b..a01cf2ff140a 100644 --- a/arch/powerpc/platforms/pseries/plpks.c +++ b/arch/powerpc/platforms/pseries/plpks.c @@ -126,7 +126,8 @@ static int plpks_gen_password(void) u8 *password, consumer = PKS_OS_OWNER; int rc; - password = kzalloc(maxpwsize, GFP_KERNEL); + // The password must not cross a page boundary, so we align to the next power of 2 + password = kzalloc(roundup_pow_of_two(maxpwsize), GFP_KERNEL); if (!password) return -ENOMEM; @@ -162,7 +163,9 @@ static struct plpks_auth *construct_auth(u8 consumer) if (consumer > PKS_OS_OWNER) return ERR_PTR(-EINVAL); - auth = kzalloc(struct_size(auth, password, maxpwsize), GFP_KERNEL); + // The auth structure must not cross a page boundary and must be + // 16 byte aligned. We align to the next largest power of 2 + auth = kzalloc(roundup_pow_of_two(struct_size(auth, password, maxpwsize)), GFP_KERNEL); if (!auth) return ERR_PTR(-ENOMEM); @@ -196,7 +199,8 @@ static struct label *construct_label(char *component, u8 varos, u8 *name, if (component && slen > sizeof(label->attr.prefix)) return ERR_PTR(-EINVAL); - label = kzalloc(sizeof(*label), GFP_KERNEL); + // The label structure must not cross a page boundary, so we align to the next power of 2 + label = kzalloc(roundup_pow_of_two(sizeof(*label)), GFP_KERNEL); if (!label) return ERR_PTR(-ENOMEM); -- 2.39.1
next prev parent reply other threads:[~2023-01-31 6:40 UTC|newest] Thread overview: 98+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-01-31 6:39 [PATCH v5 00/25] pSeries dynamic secure boot secvar interface + platform keyring loading Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 01/25] powerpc/pseries: Fix handling of PLPKS object flushing timeout Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan [this message] 2023-01-31 6:39 ` [PATCH v5 02/25] powerpc/pseries: Fix alignment of PLPKS structures and buffers Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 03/25] powerpc/secvar: Fix incorrect return in secvar_sysfs_load() Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:18 ` Stefan Berger 2023-01-31 15:18 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 04/25] powerpc/secvar: Use u64 in secvar_operations Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 05/25] powerpc/secvar: Warn and error if multiple secvar ops are set Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 14:48 ` Stefan Berger 2023-01-31 14:48 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 06/25] powerpc/secvar: Use sysfs_emit() instead of sprintf() Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:20 ` Stefan Berger 2023-01-31 15:20 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 07/25] powerpc/secvar: Handle format string in the consumer Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:23 ` Stefan Berger 2023-01-31 15:23 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 08/25] powerpc/secvar: Handle max object size " Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:26 ` Stefan Berger 2023-01-31 15:26 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 09/25] powerpc/secvar: Clean up init error messages Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:45 ` Stefan Berger 2023-01-31 15:45 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 10/25] powerpc/secvar: Extend sysfs to include config vars Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:49 ` Stefan Berger 2023-01-31 15:49 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 11/25] powerpc/secvar: Allow backend to populate static list of variable names Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:54 ` Stefan Berger 2023-01-31 15:54 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 12/25] powerpc/secvar: Warn when PAGE_SIZE is smaller than max object size Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:57 ` Stefan Berger 2023-01-31 15:57 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 13/25] powerpc/secvar: Don't print error on ENOENT when reading variables Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:58 ` Stefan Berger 2023-01-31 15:58 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 14/25] powerpc/pseries: Move plpks.h to include directory Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 15:59 ` Stefan Berger 2023-01-31 15:59 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 15/25] powerpc/pseries: Move PLPKS constants to header file Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:07 ` Stefan Berger 2023-01-31 16:07 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 16/25] powerpc/pseries: Expose PLPKS config values, support additional fields Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:13 ` Stefan Berger 2023-01-31 16:13 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 17/25] powerpc/pseries: Implement signed update for PLPKS objects Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:30 ` Stefan Berger 2023-01-31 16:30 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 18/25] powerpc/pseries: Log hcall return codes for PLPKS debug Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:31 ` Stefan Berger 2023-01-31 16:31 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 19/25] powerpc/pseries: Make caller pass buffer to plpks_read_var() Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:38 ` Stefan Berger 2023-01-31 16:38 ` Stefan Berger 2023-02-07 5:25 ` Andrew Donnellan 2023-02-07 5:25 ` Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 20/25] powerpc/pseries: Turn PSERIES_PLPKS into a hidden option Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:40 ` Stefan Berger 2023-01-31 16:40 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 21/25] powerpc/pseries: Add helper to get PLPKS password length Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:42 ` Stefan Berger 2023-01-31 16:42 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 22/25] powerpc/pseries: Pass PLPKS password on kexec Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 16:52 ` Stefan Berger 2023-01-31 16:52 ` Stefan Berger 2023-01-31 6:39 ` [PATCH v5 23/25] powerpc/pseries: Implement secvars for dynamic secure boot Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 17:11 ` Stefan Berger 2023-01-31 17:11 ` Stefan Berger 2023-02-01 6:32 ` Andrew Donnellan 2023-02-01 6:32 ` Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 24/25] integrity/powerpc: Improve error handling & reporting when loading certs Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 6:39 ` [PATCH v5 25/25] integrity/powerpc: Support loading keys from PLPKS Andrew Donnellan 2023-01-31 6:39 ` Andrew Donnellan 2023-01-31 17:17 ` Stefan Berger 2023-01-31 17:17 ` Stefan Berger
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230131063928.388035-3-ajd@linux.ibm.com \ --to=ajd@linux.ibm.com \ --cc=bgray@linux.ibm.com \ --cc=brking@linux.ibm.com \ --cc=erichte@linux.ibm.com \ --cc=gcwilson@linux.ibm.com \ --cc=gjoyce@linux.ibm.com \ --cc=gregkh@linuxfoundation.org \ --cc=joel@jms.id.au \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linuxppc-dev@lists.ozlabs.org \ --cc=nayna@linux.ibm.com \ --cc=npiggin@gmail.com \ --cc=ruscur@russell.cc \ --cc=stefanb@linux.ibm.com \ --cc=sudhakar@linux.ibm.com \ --cc=zohar@linux.ibm.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.