Download raw body.
[EXT] AMD SEV 1/5: ccp(4): pledge for ioctl(2
On Thu, Aug 29, 2024 at 11:15:55AM +0200, Hans-J?rg H?xer wrote:
> Hi,
>
> On Thu, Aug 29, 2024 at 10:14:12AM +1000, Jonathan Gray wrote:
> > On Thu, Aug 29, 2024 at 09:28:50AM +1000, Jonathan Gray wrote:
> > > >
> > > > +#if NCCP > 0
> > > > +#if NVMM > 0
> > >
> > > can't this be only #if NCCP > 0?
>
> yes, there's actually no need for depending on NVMM
RAMDISK_CD does not build. It has ccp, but #include <machine/conf.h>
is within #if NVMM > 0.
/crypt/home/bluhm/openbsd/cvs/src/sys/kern/kern_pledge.c:1357:44: error: use of undeclared identifier 'pspopen'; did you mean 'pppopen'?
(cdevsw[major(vp->v_rdev)].d_open == pspopen)) {
^~~~~~~
pppopen
If there is no VMM, the psp call make not much sense. So I put
back #if defined(__amd64__) && NCCP > 0 && NVMM > 0
ok?
bluhm
Index: arch/amd64/include/conf.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/arch/amd64/include/conf.h,v
diff -u -p -r1.9 conf.h
--- arch/amd64/include/conf.h 28 Jun 2022 14:43:50 -0000 1.9
+++ arch/amd64/include/conf.h 30 Aug 2024 09:27:09 -0000
@@ -54,3 +54,6 @@ cdev_decl(pctr);
#include "vmm.h"
cdev_decl(vmm);
+
+#include "ccp.h"
+cdev_decl(psp);
Index: dev/ic/ccp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/dev/ic/ccp.c,v
diff -u -p -r1.6 ccp.c
--- dev/ic/ccp.c 13 Aug 2024 20:48:00 -0000 1.6
+++ dev/ic/ccp.c 30 Aug 2024 09:27:09 -0000
@@ -24,6 +24,7 @@
#include <sys/malloc.h>
#include <sys/kernel.h>
#include <sys/timeout.h>
+#include <sys/pledge.h>
#include <machine/bus.h>
@@ -646,12 +647,30 @@ pspioctl(dev_t dev, u_long cmd, caddr_t
psp_snp_get_pstatus((struct psp_snp_platform_status *)data);
break;
default:
- printf("%s: unkown ioctl code 0x%lx\n", __func__, cmd);
ret = ENOTTY;
+ break;
}
rw_exit_write(&ccp_softc->sc_lock);
return (ret);
+}
+
+int
+pledge_ioctl_psp(struct proc *p, long com)
+{
+ switch (com) {
+ case PSP_IOC_GET_PSTATUS:
+ case PSP_IOC_DF_FLUSH:
+ case PSP_IOC_GET_GSTATUS:
+ case PSP_IOC_LAUNCH_START:
+ case PSP_IOC_LAUNCH_UPDATE_DATA:
+ case PSP_IOC_LAUNCH_MEASURE:
+ case PSP_IOC_LAUNCH_FINISH:
+ case PSP_IOC_ACTIVATE:
+ return (0);
+ default:
+ return (pledge_fail(p, EPERM, PLEDGE_VMM));
+ }
}
#endif /* __amd64__ */
Index: kern/kern_pledge.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/kern/kern_pledge.c,v
diff -u -p -r1.316 kern_pledge.c
--- kern/kern_pledge.c 3 Jun 2024 03:41:47 -0000 1.316
+++ kern/kern_pledge.c 30 Aug 2024 09:39:19 -0000
@@ -76,6 +76,7 @@
#if NVMM > 0
#include <machine/conf.h>
#endif
+#include "ccp.h"
#endif
#include "drm.h"
@@ -1345,6 +1346,18 @@ pledge_ioctl(struct proc *p, long com, s
error = pledge_ioctl_vmm(p, com);
if (error == 0)
return 0;
+ }
+ }
+#endif
+
+#if defined(__amd64__) && NCCP > 0 && NVMM > 0
+ if ((pledge & PLEDGE_VMM)) {
+ if ((fp->f_type == DTYPE_VNODE) &&
+ (vp->v_type == VCHR) &&
+ (cdevsw[major(vp->v_rdev)].d_open == pspopen)) {
+ error = pledge_ioctl_psp(p, com);
+ if (error == 0)
+ return (0);
}
}
#endif
Index: sys/pledge.h
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/sys/pledge.h,v
diff -u -p -r1.48 pledge.h
--- sys/pledge.h 2 Jun 2023 17:44:29 -0000 1.48
+++ sys/pledge.h 30 Aug 2024 09:27:09 -0000
@@ -134,6 +134,7 @@ int pledge_socket(struct proc *p, int do
int pledge_ioctl(struct proc *p, long com, struct file *);
int pledge_ioctl_drm(struct proc *p, long com, dev_t device);
int pledge_ioctl_vmm(struct proc *p, long com);
+int pledge_ioctl_psp(struct proc *p, long com);
int pledge_flock(struct proc *p);
int pledge_fcntl(struct proc *p, int cmd);
int pledge_swapctl(struct proc *p, int cmd);
[EXT] AMD SEV 1/5: ccp(4): pledge for ioctl(2