| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f211441a6d23321e22517684159e2c28c8492b86.camel@intel.com>
Date: Mon, 28 Mar 2022 14:30:05 +1300
From: Kai Huang <kai.huang@...el.com>
To: Isaku Yamahata <isaku.yamahata@...il.com>
Cc: linux-kernel@...r.kernel.org, kvm@...r.kernel.org,
dave.hansen@...el.com, seanjc@...gle.com, pbonzini@...hat.com,
kirill.shutemov@...ux.intel.com,
sathyanarayanan.kuppuswamy@...ux.intel.com, peterz@...radead.org,
tony.luck@...el.com, ak@...ux.intel.com, dan.j.williams@...el.com,
isaku.yamahata@...el.com
Subject: Re: [PATCH v2 09/21] x86/virt/tdx: Get information about TDX module
and convertible memory
> > +
> > +static int sanitize_cmrs(struct cmr_info *cmr_array, int cmr_num)
> > +{
> > + int i, j;
> > +
> > + /*
> > + * Intel TDX module spec, 20.7.3 CMR_INFO:
> > + *
> > + * TDH.SYS.INFO leaf function returns a MAX_CMRS (32) entry
> > + * array of CMR_INFO entries. The CMRs are sorted from the
> > + * lowest base address to the highest base address, and they
> > + * are non-overlapping.
> > + *
> > + * This implies that BIOS may generate invalid empty entries
> > + * if total CMRs are less than 32. Skip them manually.
> > + */
> > + for (i = 0; i < cmr_num; i++) {
> > + struct cmr_info *cmr = &cmr_array[i];
> > + struct cmr_info *prev_cmr = NULL;
> > +
> > + /* Skip further invalid CMRs */
> > + if (!cmr_valid(cmr))
> > + break;
> > +
> > + if (i > 0)
> > + prev_cmr = &cmr_array[i - 1];
> > +
> > + /*
> > + * It is a TDX firmware bug if CMRs are not
> > + * in address ascending order.
> > + */
> > + if (prev_cmr && ((prev_cmr->base + prev_cmr->size) >
> > + cmr->base)) {
> > + pr_err("Firmware bug: CMRs not in address ascending order.\n");
> > + return -EFAULT;
> > + }
> > + }
> > +
> > + /*
> > + * Also a sane BIOS should never generate invalid CMR(s) between
> > + * two valid CMRs. Sanity check this and simply return error in
> > + * this case.
> > + */
> > + for (j = i; j < cmr_num; j++)
> > + if (cmr_valid(&cmr_array[j])) {
> > + pr_err("Firmware bug: invalid CMR(s) among valid CMRs.\n");
> > + return -EFAULT;
> > + }
>
> This check doesn't make sense because above i-for loop has break.
The break in above i-for loop will hit at the first invalid CMR entry. Yes "j =
i" will make double check on this invalid CMR entry, but it should have no
problem. Or we can change to "j = i + 1" to skip the first invalid CMR entry.
Does this make sense?
>
> > +
> > + /*
> > + * Trim all tail invalid empty CMRs. BIOS should generate at
> > + * least one valid CMR, otherwise it's a TDX firmware bug.
> > + */
> > + tdx_cmr_num = i;
> > + if (!tdx_cmr_num) {
> > + pr_err("Firmware bug: No valid CMR.\n");
> > + return -EFAULT;
> > + }
>
> Something strange.
> Probably we'd like to check it by decrementing.
> for (i = cmr_num; i >= 0; i--)
> if (!cmr_valid()) // if last invalid cmr
> tdx_cmr_num
> // more check. overlapping
>
I don't know how does this look strange to you? As replied above, "i" is the
index to the first invalid CMR entry (or cmr_num, which is array size), so
"tdx_cmr_num = i" initializes the total valid CMR number, correct?
Powered by blists - more mailing lists