lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y30xm/y2CKPchObi@google.com>
Date:   Tue, 22 Nov 2022 20:31:23 +0000
From:   Sean Christopherson <seanjc@...gle.com>
To:     David Woodhouse <dwmw2@...radead.org>
Cc:     Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
        linux-kernel@...r.kernel.org, Paul Durrant <paul@....org>
Subject: Re: [PATCH] KVM: x86/xen: Make number of event channels defines less
 magical

EVTCHN_2L_NR_CHANNELSOn Mon, Nov 14, 2022, David Woodhouse wrote:
> On Mon, 2022-11-14 at 19:39 +0000, Sean Christopherson wrote:
> > Ugh.  I worried that might be the case.  An alternative approach to help document
> > things from a KVM perspective would be something like:
> > 
> > diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
> > index 93c628d3e3a9..7769f3b98af0 100644
> > --- a/arch/x86/kvm/xen.c
> > +++ b/arch/x86/kvm/xen.c
> > @@ -1300,6 +1300,9 @@ int kvm_xen_hypercall(struct kvm_vcpu *vcpu)
> >  
> >  static inline int max_evtchn_port(struct kvm *kvm)
> >  {
> > +       BUILD_BUG_ON(EVTCHN_2L_NR_CHANNELS !=
> > +                    (sizeof_field(struct shared_info, evtchn_pending) * BITS_PER_BYTE));
> > +
> >         if (IS_ENABLED(CONFIG_64BIT) && kvm->arch.xen.long_mode)
> >                 return EVTCHN_2L_NR_CHANNELS;
> >         else
> 
> Not really sure I see the point of that.
> 
> There are two main reasons for that kind of BUILD_BUG_ON(). I've added
> a few of them asserting that the size of the structure and its compat
> variant are identical, and thus documenting *why* the code lacks compat
> handling. For example...
> 
> 	/*
> 	 * Next, write the new runstate. This is in the *same* place
> 	 * for 32-bit and 64-bit guests, asserted here for paranoia.
> 	 */
> 	BUILD_BUG_ON(offsetof(struct vcpu_runstate_info, state) !=
> 		     offsetof(struct compat_vcpu_runstate_info, state));
> 
> The second reason is to prevent accidental screwups where our local
> definition of a structure varies from the official ABI. Like these:
> 
> 	/* Paranoia checks on the 32-bit struct layout */
> 	BUILD_BUG_ON(offsetof(struct compat_shared_info, wc) != 0x900);
> 	BUILD_BUG_ON(offsetof(struct compat_shared_info, arch.wc_sec_hi) != 0x924);
> 	BUILD_BUG_ON(offsetof(struct pvclock_vcpu_time_info, version) != 0);
> 
> I don't really see the above fulfilling either of those use cases.
>
> Given that the definition of the evtchn_pending field is:
> 
>         xen_ulong_t evtchn_pending[sizeof(xen_ulong_t) * 8];
> 
> It's fairly tautological that the number of event channels supported is
> BITS_PER_ULONG * BITS_PER_ULONG. Which is sizeof(xen_ulong_t)² * 64 as
> defined in the official Xen headers.
> 
> I don't know that we really need to add our own sanity check on the
> headers we imported from Xen. It doesn't seem to add much.

The goal isn't to add a sanity check, it's to document what EVTCHN_2L_NR_CHANNELS
actually represents.  My frustration with 

  sizeof(xen_ulong_t) * sizeof(xen_ulong_t) * 64

is that there's nothing there that connects it back to evtchn_pending or evtchn_mask.

E.g. ideally the code would be something like

  #define COMPAT_EVTCHN_2L_NR_CHANNELS	256

  #ifdef CONFIG_X86_64
  #define EVTCHN_2L_NR_CHANNELS		512
  #else
  #define EVTCHN_2L_NR_CHANNELS		COMPAT_EVTCHN_2L_NR_CHANNELS


  DECLARE_BITMAP(evtchn_pending, EVTCHN_2L_NR_CHANNELS);
  DECLARE_BITMAP(evtchn_mask, EVTCHN_2L_NR_CHANNELS);

which is much more self-documenting and doesn't require the reader to do math to
grok the basics.

Anyways, we can drop this patch, it was written mostly out of frustration with
how long it took me to understand what is actually a very simple concept that's
written in an unnecessarily obscure way.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ