| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e229343797319f6d316432055bb52aaa637d5d6f.camel@intel.com>
Date: Wed, 28 Jan 2026 04:03:25 +0000
From: "Huang, Kai" <kai.huang@...el.com>
To: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-coco@...ts.linux.dev"
<linux-coco@...ts.linux.dev>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "Gao, Chao" <chao.gao@...el.com>,
"x86@...nel.org" <x86@...nel.org>
CC: "dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>,
"kas@...nel.org" <kas@...nel.org>, "seanjc@...gle.com" <seanjc@...gle.com>,
"Chatre, Reinette" <reinette.chatre@...el.com>, "Weiny, Ira"
<ira.weiny@...el.com>, "tglx@...utronix.de" <tglx@...utronix.de>, "Verma,
Vishal L" <vishal.l.verma@...el.com>, "nik.borisov@...e.com"
<nik.borisov@...e.com>, "mingo@...hat.com" <mingo@...hat.com>,
"hpa@...or.com" <hpa@...or.com>, "sagis@...gle.com" <sagis@...gle.com>,
"Chen, Farrah" <farrah.chen@...el.com>, "Duan, Zhenzhong"
<zhenzhong.duan@...el.com>, "Edgecombe, Rick P" <rick.p.edgecombe@...el.com>,
"paulmck@...nel.org" <paulmck@...nel.org>, "Annapurve, Vishal"
<vannapurve@...gle.com>, "yilun.xu@...ux.intel.com"
<yilun.xu@...ux.intel.com>, "Williams, Dan J" <dan.j.williams@...el.com>,
"bp@...en8.de" <bp@...en8.de>
Subject: Re: [PATCH v3 13/26] x86/virt/seamldr: Allocate and populate a module
update request
> +/*
> + * Allocate and populate a seamldr_params.
> + * Note that both @module and @sig should be vmalloc'd memory.
Nit:
How about actually using is_vmalloc_addr() to check in the code rather than
documenting in the comment?
I see you have already checked the overall 'data' buffer is vmalloc()'ed in
seamldr_install_module() so the 'module' and 'sig' (part of 'data') must be
too. But since is_vmalloc_addr() is cheap so I think it's also fine to do
the check here. We can also WARN() so it can be used to catch bug.
> + */
> +static struct seamldr_params *alloc_seamldr_params(const void *module, unsigned int module_size,
> + const void *sig, unsigned int sig_size)
> +{
>
[...]
> + ptr = module;
> + for (i = 0; i < params->num_module_pages; i++) {
> + params->mod_pages_pa_list[i] = (vmalloc_to_pfn(ptr) << PAGE_SHIFT) +
> + ((unsigned long)ptr & ~PAGE_MASK);
> + ptr += SZ_4K;
> + }
> +
> + return params;
> +}
>
[...]
> +/*
> + * Verify that the checksum of the entire blob is zero. The checksum is
> + * calculated by summing up all 16-bit words, with carry bits dropped.
> + */
> +static bool verify_checksum(const struct tdx_blob *blob)
> +{
> + u32 size = blob->len;
> + u16 checksum = 0;
> + const u16 *p;
> + int i;
> +
> + /* Handle the last byte if the size is odd */
> + if (size % 2) {
> + checksum += *((const u8 *)blob + size - 1);
> + size--;
> + }
> +
> + p = (const u16 *)blob;
> + for (i = 0; i < size; i += 2) {
> + checksum += *p;
> + p++;
> + }
> +
> + return !checksum;
> +}
> +
> +static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
> +{
>
[...]
> + if (!verify_checksum(blob)) {
> + pr_err("invalid checksum\n");
> + return ERR_PTR(-EINVAL);
> + }
> +
> + return alloc_seamldr_params(module, module_size, sig, sig_size);
> +}
It's weird that we have do verify checksum manually, because hardware
normally catches that.
I suppose this is because we want to catch as many errors as possible before
actually asking P-SEAMLDR to do module update, since in order to do which we
have to shutdown the existing module first and there's no returning point
once we reach that?
If so a comment would be helpful.
Also, it's also weird that you have to write code for checksum on your own.
I guess the kernel should already have some library code for that.
I checked and it _seems_ the code in lib/checksum.c could be used?
I am not expert though, but I think we should use kernel lib code when we
can.
Powered by blists - more mailing lists