| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y30xm/y2CKPchObi@google.com>
Date: Tue, 22 Nov 2022 20:31:23 +0000
From: Sean Christopherson <seanjc@...gle.com>
To: David Woodhouse <dwmw2@...radead.org>
Cc: Paolo Bonzini <pbonzini@...hat.com>, kvm@...r.kernel.org,
linux-kernel@...r.kernel.org, Paul Durrant <paul@....org>
Subject: Re: [PATCH] KVM: x86/xen: Make number of event channels defines less
magical
EVTCHN_2L_NR_CHANNELSOn Mon, Nov 14, 2022, David Woodhouse wrote:
> On Mon, 2022-11-14 at 19:39 +0000, Sean Christopherson wrote:
> > Ugh. I worried that might be the case. An alternative approach to help document
> > things from a KVM perspective would be something like:
> >
> > diff --git a/arch/x86/kvm/xen.c b/arch/x86/kvm/xen.c
> > index 93c628d3e3a9..7769f3b98af0 100644
> > --- a/arch/x86/kvm/xen.c
> > +++ b/arch/x86/kvm/xen.c
> > @@ -1300,6 +1300,9 @@ int kvm_xen_hypercall(struct kvm_vcpu *vcpu)
> >
> > static inline int max_evtchn_port(struct kvm *kvm)
> > {
> > + BUILD_BUG_ON(EVTCHN_2L_NR_CHANNELS !=
> > + (sizeof_field(struct shared_info, evtchn_pending) * BITS_PER_BYTE));
> > +
> > if (IS_ENABLED(CONFIG_64BIT) && kvm->arch.xen.long_mode)
> > return EVTCHN_2L_NR_CHANNELS;
> > else
>
> Not really sure I see the point of that.
>
> There are two main reasons for that kind of BUILD_BUG_ON(). I've added
> a few of them asserting that the size of the structure and its compat
> variant are identical, and thus documenting *why* the code lacks compat
> handling. For example...
>
> /*
> * Next, write the new runstate. This is in the *same* place
> * for 32-bit and 64-bit guests, asserted here for paranoia.
> */
> BUILD_BUG_ON(offsetof(struct vcpu_runstate_info, state) !=
> offsetof(struct compat_vcpu_runstate_info, state));
>
> The second reason is to prevent accidental screwups where our local
> definition of a structure varies from the official ABI. Like these:
>
> /* Paranoia checks on the 32-bit struct layout */
> BUILD_BUG_ON(offsetof(struct compat_shared_info, wc) != 0x900);
> BUILD_BUG_ON(offsetof(struct compat_shared_info, arch.wc_sec_hi) != 0x924);
> BUILD_BUG_ON(offsetof(struct pvclock_vcpu_time_info, version) != 0);
>
> I don't really see the above fulfilling either of those use cases.
>
> Given that the definition of the evtchn_pending field is:
>
> xen_ulong_t evtchn_pending[sizeof(xen_ulong_t) * 8];
>
> It's fairly tautological that the number of event channels supported is
> BITS_PER_ULONG * BITS_PER_ULONG. Which is sizeof(xen_ulong_t)² * 64 as
> defined in the official Xen headers.
>
> I don't know that we really need to add our own sanity check on the
> headers we imported from Xen. It doesn't seem to add much.
The goal isn't to add a sanity check, it's to document what EVTCHN_2L_NR_CHANNELS
actually represents. My frustration with
sizeof(xen_ulong_t) * sizeof(xen_ulong_t) * 64
is that there's nothing there that connects it back to evtchn_pending or evtchn_mask.
E.g. ideally the code would be something like
#define COMPAT_EVTCHN_2L_NR_CHANNELS 256
#ifdef CONFIG_X86_64
#define EVTCHN_2L_NR_CHANNELS 512
#else
#define EVTCHN_2L_NR_CHANNELS COMPAT_EVTCHN_2L_NR_CHANNELS
DECLARE_BITMAP(evtchn_pending, EVTCHN_2L_NR_CHANNELS);
DECLARE_BITMAP(evtchn_mask, EVTCHN_2L_NR_CHANNELS);
which is much more self-documenting and doesn't require the reader to do math to
grok the basics.
Anyways, we can drop this patch, it was written mostly out of frustration with
how long it took me to understand what is actually a very simple concept that's
written in an unnecessarily obscure way.
Powered by blists - more mailing lists