lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <66fbab2b73591_964fe29434@dwillia2-xfh.jf.intel.com.notmuch>
Date: Tue, 1 Oct 2024 00:56:27 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: "Huang, Kai" <kai.huang@...el.com>, "Hansen, Dave"
	<dave.hansen@...el.com>, "kirill.shutemov@...ux.intel.com"
	<kirill.shutemov@...ux.intel.com>, "tglx@...utronix.de" <tglx@...utronix.de>,
	"bp@...en8.de" <bp@...en8.de>, "peterz@...radead.org" <peterz@...radead.org>,
	"mingo@...hat.com" <mingo@...hat.com>, "hpa@...or.com" <hpa@...or.com>,
	"Williams, Dan J" <dan.j.williams@...el.com>, "seanjc@...gle.com"
	<seanjc@...gle.com>, "pbonzini@...hat.com" <pbonzini@...hat.com>
CC: "x86@...nel.org" <x86@...nel.org>, "linux-kernel@...r.kernel.org"
	<linux-kernel@...r.kernel.org>, "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
	"Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "Yamahata, Isaku"
	<isaku.yamahata@...el.com>, "Hunter, Adrian" <adrian.hunter@...el.com>,
	"nik.borisov@...e.com" <nik.borisov@...e.com>
Subject: Re: [PATCH v4 3/8] x86/virt/tdx: Prepare to support reading other
 global metadata fields

Huang, Kai wrote:
> 
> 
> On 27/09/2024 10:26 am, Hansen, Dave wrote:
> > On 9/26/24 15:22, Huang, Kai wrote:
> >> But Dan commented using typeless 'void *' and 'size' is kinda a step
> >> backwards and we should do something similar to build_mmio_read():
> > 
> > Well, void* is typeless, but at least it knows the size in this case.
> > It's not completely aimless.  I was thinking of how things like
> > get_user() work.
> 
> get_user(x,ptr) only works with simple types:
> 
>   * @ptr must have pointer-to-simple-variable type, and the result of
>   * dereferencing @ptr must be assignable to @x without a cast.
> 
> The compiler knows the type of both @x and @(*ptr), so it knows 
> type-safety and size to copy.
> 
> I think we can eliminate the __read_sys_metadata_field() by implementing 
> it as a macro directly and get rid of 'void *' and 'size':
> 
> static int tdh_sys_rd(u64 field_id, u64 *val) {}
> 
> /* @_valptr must be pointer to u8/u16/u32/u64 */
> #define read_sys_metadata_field(_field_id, _valptr)	\
> ({							\
> 	u64 ___tmp;					\
> 	int ___ret;					\
> 							\
> 	BUILD_BUG_ON(MD_FIELD_ELE_SIZE(_field_id) !=	\
> 		sizeof(*_valptr));			\
> 							\
> 	___ret = tdh_sys_rd(_field_id, &___tmp);	\
> 							\
> 	*_valptr = ___tmp;				\
> 	___ret;
> })
> 
> It sets *_valptr unconditionally but we can also only do it when ___ret 
> is 0.
> 
> The caller will need to do:
> 
> static int get_tdx_metadata_X_which_is_32bit(...)
> {
> 	u32 metadata_X;
> 	int ret;
> 
> 	ret = read_sys_metadata_field(MD_FIELD_ID_X, &metadata_X);
> 
> 	return ret;
> }
> 
> I haven't compiled and tested but it seems feasible.
> 
> Any comments?

If it works this approach addresses all the concerns I had with getting
the compiler to validate field sizes.

Should be straightforward to put this in a shared location so that it
can optionally use tdg_sys_rd internally.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ