lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <66db6465cd956_22a22943d@dwillia2-xfh.jf.intel.com.notmuch>
Date: Fri, 6 Sep 2024 13:21:57 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: Kai Huang <kai.huang@...el.com>, <dave.hansen@...el.com>,
	<kirill.shutemov@...ux.intel.com>, <tglx@...utronix.de>, <bp@...en8.de>,
	<peterz@...radead.org>, <mingo@...hat.com>, <hpa@...or.com>,
	<dan.j.williams@...el.com>, <seanjc@...gle.com>, <pbonzini@...hat.com>
CC: <x86@...nel.org>, <linux-kernel@...r.kernel.org>, <kvm@...r.kernel.org>,
	<rick.p.edgecombe@...el.com>, <isaku.yamahata@...el.com>,
	<chao.gao@...el.com>, <binbin.wu@...ux.intel.com>, <adrian.hunter@...el.com>,
	<kai.huang@...el.com>
Subject: Re: [PATCH v3 2/8] x86/virt/tdx: Remove 'struct field_mapping' and
 implement TD_SYSINFO_MAP() macro

I think the subject buries the lead on what this patch does which is
more like:

x86/virt/tdx: Rework TD_SYSINFO_MAP to support build-time verification

Kai Huang wrote:
> TL;DR: Remove the 'struct field_mapping' structure and use another way

I would drop the TL;DR: and just make the changelog more concise,
because as it stands now it requires the reader to fully appreciate the
direction of the v1 approach which this new proposal abandons:

Something like:

    Dan noticed [1] that read_sys_metadata_field16() has a runtime warning
    to validate that the metadata field size matches the passed in buffer
    size. In turns out that all the information to perform that validation
    is available at build time. Rework TD_SYSINFO_MAP() to stop providing
    runtime data to read_sys_metadata_field16() and instead just pass typed
    fields to read_sys_metadata_field16() and let the compiler catch any
    mismatches.
    
    The new TD_SYSINFO_MAP() has a couple quirks for readability.  It
    requires the function that uses it to define a local variable @ret to
    carry the error code and set the initial value to 0.  It also hard-codes
    the variable name of the structure pointer used in the function, but it
    is less code, build-time verfiable, and the same readability as the
    former 'struct field_mapping' approach.
    
    Link: http://lore.kernel.org/66b16121c48f4_4fc729424@dwillia2-xfh.jf.intel.com.notmuch [1]

[..]
> Link: https://lore.kernel.org/kvm/a107b067-861d-43f4-86b5-29271cb93dad@intel.com/T/#m7cfb3c146214d94b24e978eeb8708d92c0b14ac6 [1]

The expectation for lore links is to capture the message-id. Note the
differences with the "Link:" format above.

> v2 -> v3:
>  - Remove 'struct field_mapping' and reimplement TD_SYSINFO_MAP().
> 
> ---
>  arch/x86/virt/vmx/tdx/tdx.c | 57 ++++++++++++++-----------------------
>  1 file changed, 21 insertions(+), 36 deletions(-)
> 
> diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
> index e979bf442929..7e75c1b10838 100644
> --- a/arch/x86/virt/vmx/tdx/tdx.c
> +++ b/arch/x86/virt/vmx/tdx/tdx.c
> @@ -270,60 +270,45 @@ static int read_sys_metadata_field(u64 field_id, u64 *data)
>  	return 0;
>  }
>  
> -static int read_sys_metadata_field16(u64 field_id,
> -				     int offset,
> -				     struct tdx_sys_info_tdmr *ts)
> +static int read_sys_metadata_field16(u64 field_id, u16 *val)
>  {
> -	u16 *ts_member = ((void *)ts) + offset;
>  	u64 tmp;
>  	int ret;
>  
> -	if (WARN_ON_ONCE(MD_FIELD_ID_ELE_SIZE_CODE(field_id) !=
> -			MD_FIELD_ID_ELE_SIZE_16BIT))
> -		return -EINVAL;
> +	BUILD_BUG_ON(MD_FIELD_ID_ELE_SIZE_CODE(field_id) !=
> +			MD_FIELD_ID_ELE_SIZE_16BIT);

Perhaps just move this to TD_SYSINFO_MAP() directly?

Something like:

#define TD_SYSINFO_MAP(_field_id, _member, _size)					\
	({										\
		BUILD_BUG_ON(MD_FIELD_ID_ELE_SIZE_CODE(field_id) !=			\
				MD_FIELD_ID_ELE_SIZE_##_size##BIT);			\
		if (!ret)								\
			ret = read_sys_metadata_field##_size(MD_FIELD_ID_##_field_id,	\
					&sysinfo_tdmr->_member);			\
	})

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ