| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <608ba48cfdffcbbd06c8505e3ba8dc623edf5b10.1727173372.git.kai.huang@intel.com>
Date: Tue, 24 Sep 2024 23:28:29 +1200
From: Kai Huang <kai.huang@...el.com>
To: dave.hansen@...el.com,
kirill.shutemov@...ux.intel.com,
tglx@...utronix.de,
bp@...en8.de,
peterz@...radead.org,
mingo@...hat.com,
hpa@...or.com,
dan.j.williams@...el.com,
seanjc@...gle.com,
pbonzini@...hat.com
Cc: x86@...nel.org,
linux-kernel@...r.kernel.org,
kvm@...r.kernel.org,
rick.p.edgecombe@...el.com,
isaku.yamahata@...el.com,
adrian.hunter@...el.com,
nik.borisov@...e.com,
kai.huang@...el.com
Subject: [PATCH v4 2/8] x86/virt/tdx: Rework TD_SYSINFO_MAP to support build-time verification
Dan noticed [1] that read_sys_metadata_field16() has a runtime warning
to validate that the metadata field size matches the passed in buffer
size. In turns out that all the information to perform that validation
is available at build time. Rework TD_SYSINFO_MAP() to stop providing
runtime data to read_sys_metadata_field16() and instead just pass typed
fields to read_sys_metadata_field16() and let the compiler catch any
mismatches. Rename TD_SYSINFO_MAP() to READ_SYS_INFO() since it no
longer stores the mapping of metadata field ID and the structure member
offset.
For now READ_SYS_INFO() is only used in get_tdx_sys_info_tdmr(). Future
changes will need to read other metadata fields that are organized in
different structures. Do #undef READ_SYS_INFO() after use so the same
pattern can be used for reading other metadata fields. To avoid needing
to duplicate build-time verification in each READ_SYS_INFO() in future
changes, add a wrapper macro to do build-time verification and call it
from READ_SYS_INFO().
The READ_SYS_INFO() has a couple quirks for readability. It requires
the function that uses it to define a local variable @ret to carry the
error code and set the initial value to 0. It also hard-codes the
variable name of the structure pointer used in the function, but it is
less code, build-time verifiable, and the same readability as the former
'struct field_mapping' approach.
Link: http://lore.kernel.org/66b16121c48f4_4fc729424@dwillia2-xfh.jf.intel.com.notmuch [1]
Suggested-by: Dan Williams <dan.j.williams@...el.com>
Signed-off-by: Kai Huang <kai.huang@...el.com>
---
v3 -> v4:
- Rename TD_SYSINFO_MAP() to READ_SYS_INFO() - Ardian.
- #undef READ_SYS_INFO() - Ardian.
- Rewrite changelog based on text from Dan, with some clarification
around using READ_SYS_INFO() and #undef it.
- Move the BUILD_BUG_ON() out of read_sys_metadata_field16() - Dan.
- Use permalink in changelog - Dan.
v2 -> v3:
- Remove 'struct field_mapping' and reimplement TD_SYSINFO_MAP().
---
arch/x86/virt/vmx/tdx/tdx.c | 58 ++++++++++++++-----------------------
1 file changed, 21 insertions(+), 37 deletions(-)
diff --git a/arch/x86/virt/vmx/tdx/tdx.c b/arch/x86/virt/vmx/tdx/tdx.c
index e979bf442929..2f7e4abc1bb9 100644
--- a/arch/x86/virt/vmx/tdx/tdx.c
+++ b/arch/x86/virt/vmx/tdx/tdx.c
@@ -270,60 +270,44 @@ static int read_sys_metadata_field(u64 field_id, u64 *data)
return 0;
}
-static int read_sys_metadata_field16(u64 field_id,
- int offset,
- struct tdx_sys_info_tdmr *ts)
+static int __read_sys_metadata_field16(u64 field_id, u16 *val)
{
- u16 *ts_member = ((void *)ts) + offset;
u64 tmp;
int ret;
- if (WARN_ON_ONCE(MD_FIELD_ID_ELE_SIZE_CODE(field_id) !=
- MD_FIELD_ID_ELE_SIZE_16BIT))
- return -EINVAL;
-
ret = read_sys_metadata_field(field_id, &tmp);
if (ret)
return ret;
- *ts_member = tmp;
+ *val = tmp;
return 0;
}
-struct field_mapping {
- u64 field_id;
- int offset;
-};
-
-#define TD_SYSINFO_MAP(_field_id, _offset) \
- { .field_id = MD_FIELD_ID_##_field_id, \
- .offset = offsetof(struct tdx_sys_info_tdmr, _offset) }
-
-/* Map TD_SYSINFO fields into 'struct tdx_sys_info_tdmr': */
-static const struct field_mapping fields[] = {
- TD_SYSINFO_MAP(MAX_TDMRS, max_tdmrs),
- TD_SYSINFO_MAP(MAX_RESERVED_PER_TDMR, max_reserved_per_tdmr),
- TD_SYSINFO_MAP(PAMT_4K_ENTRY_SIZE, pamt_entry_size[TDX_PS_4K]),
- TD_SYSINFO_MAP(PAMT_2M_ENTRY_SIZE, pamt_entry_size[TDX_PS_2M]),
- TD_SYSINFO_MAP(PAMT_1G_ENTRY_SIZE, pamt_entry_size[TDX_PS_1G]),
-};
+#define read_sys_metadata_field16(_field_id, _val) \
+({ \
+ BUILD_BUG_ON(MD_FIELD_ID_ELE_SIZE_CODE(_field_id) != \
+ MD_FIELD_ID_ELE_SIZE_16BIT); \
+ __read_sys_metadata_field16(_field_id, _val); \
+})
static int get_tdx_sys_info_tdmr(struct tdx_sys_info_tdmr *sysinfo_tdmr)
{
- int ret;
- int i;
+ int ret = 0;
- /* Populate 'sysinfo_tdmr' fields using the mapping structure above: */
- for (i = 0; i < ARRAY_SIZE(fields); i++) {
- ret = read_sys_metadata_field16(fields[i].field_id,
- fields[i].offset,
- sysinfo_tdmr);
- if (ret)
- return ret;
- }
+#define READ_SYS_INFO(_field_id, _member) \
+ ret = ret ?: read_sys_metadata_field16(MD_FIELD_ID_##_field_id, \
+ &sysinfo_tdmr->_member)
- return 0;
+ READ_SYS_INFO(MAX_TDMRS, max_tdmrs);
+ READ_SYS_INFO(MAX_RESERVED_PER_TDMR, max_reserved_per_tdmr);
+ READ_SYS_INFO(PAMT_4K_ENTRY_SIZE, pamt_entry_size[TDX_PS_4K]);
+ READ_SYS_INFO(PAMT_2M_ENTRY_SIZE, pamt_entry_size[TDX_PS_2M]);
+ READ_SYS_INFO(PAMT_1G_ENTRY_SIZE, pamt_entry_size[TDX_PS_1G]);
+
+#undef READ_SYS_INFO
+
+ return ret;
}
/* Calculate the actual TDMR size */
--
2.46.0
Powered by blists - more mailing lists