| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aXzGkUSg0bmIdJEp@intel.com>
Date: Fri, 30 Jan 2026 22:56:17 +0800
From: Chao Gao <chao.gao@...el.com>
To: "Huang, Kai" <kai.huang@...el.com>
CC: "kvm@...r.kernel.org" <kvm@...r.kernel.org>, "linux-coco@...ts.linux.dev"
<linux-coco@...ts.linux.dev>, "linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>, "x86@...nel.org" <x86@...nel.org>,
"dave.hansen@...ux.intel.com" <dave.hansen@...ux.intel.com>, "kas@...nel.org"
<kas@...nel.org>, "seanjc@...gle.com" <seanjc@...gle.com>, "Chatre, Reinette"
<reinette.chatre@...el.com>, "Weiny, Ira" <ira.weiny@...el.com>,
"tglx@...utronix.de" <tglx@...utronix.de>, "Verma, Vishal L"
<vishal.l.verma@...el.com>, "nik.borisov@...e.com" <nik.borisov@...e.com>,
"mingo@...hat.com" <mingo@...hat.com>, "hpa@...or.com" <hpa@...or.com>,
"sagis@...gle.com" <sagis@...gle.com>, "Chen, Farrah"
<farrah.chen@...el.com>, "Duan, Zhenzhong" <zhenzhong.duan@...el.com>,
"Edgecombe, Rick P" <rick.p.edgecombe@...el.com>, "paulmck@...nel.org"
<paulmck@...nel.org>, "Annapurve, Vishal" <vannapurve@...gle.com>,
"yilun.xu@...ux.intel.com" <yilun.xu@...ux.intel.com>, "Williams, Dan J"
<dan.j.williams@...el.com>, "bp@...en8.de" <bp@...en8.de>
Subject: Re: [PATCH v3 13/26] x86/virt/seamldr: Allocate and populate a
module update request
On Wed, Jan 28, 2026 at 12:03:25PM +0800, Huang, Kai wrote:
>
>> +/*
>> + * Allocate and populate a seamldr_params.
>> + * Note that both @module and @sig should be vmalloc'd memory.
>
>Nit:
>
>How about actually using is_vmalloc_addr() to check in the code rather than
>documenting in the comment?
>
>I see you have already checked the overall 'data' buffer is vmalloc()'ed in
>seamldr_install_module() so the 'module' and 'sig' (part of 'data') must be
>too. But since is_vmalloc_addr() is cheap so I think it's also fine to do
>the check here. We can also WARN() so it can be used to catch bug.
Kai,
Thanks a lot.
Looks good to me. I think WARN() is always better than comments.
>> + if (!verify_checksum(blob)) {
>> + pr_err("invalid checksum\n");
>> + return ERR_PTR(-EINVAL);
>> + }
>> +
>> + return alloc_seamldr_params(module, module_size, sig, sig_size);
>> +}
>
>It's weird that we have do verify checksum manually, because hardware
>normally catches that.
>
>I suppose this is because we want to catch as many errors as possible before
>actually asking P-SEAMLDR to do module update, since in order to do which we
>have to shutdown the existing module first and there's no returning point
>once we reach that?
Yes. Exactly.
>
>If so a comment would be helpful.
Will do.
>
>Also, it's also weird that you have to write code for checksum on your own.
>I guess the kernel should already have some library code for that.
>
>I checked and it _seems_ the code in lib/checksum.c could be used?
>
>I am not expert though, but I think we should use kernel lib code when we
>can.
Good point. After a quick review, lib/checksum.c uses a different algorithm
than tdx_blob's checksum. It adds the carry bit to the checksum, while tdx_blob
drops the carry bit.
*sigh* when I designed the checksum algorithm, I wasn't aware of lib/checksum.c.
Powered by blists - more mailing lists