Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp2418138rwn; Fri, 9 Sep 2022 13:28:15 -0700 (PDT) X-Google-Smtp-Source: AA6agR7d/0QRvNaxv/qApj92B/N9G4zz6Jy0hYWBqRHZj4DlEoeHtAiecevMZCD3JrBmx46TG7VV X-Received: by 2002:a17:906:8b81:b0:733:183b:988e with SMTP id nr1-20020a1709068b8100b00733183b988emr10975074ejc.457.1662755295134; Fri, 09 Sep 2022 13:28:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662755295; cv=none; d=google.com; s=arc-20160816; b=LxL64lfE3N137NBBmgRNLu/uaOe9PGtqHCF9XVvMrmuqIjCB6evRJA+AK40Z1Ur1HH AekXayHg45zvSfMKY+ZDOg5jfjFQo80BpCOrHtYwmxyat9z9x83o8kmhLJCLCbAwMBpP 5k0URroqCU8dtk/h3NNzi/oMe26IGut2nG2u1geVozSXlWwIuqMfS3dfEnHOuCeKuzaO IUES61inafwSYLFoaO+vNfK0LDAo2S8Y78tiHnm3jJKjVINXr1oKrpiszdQj/OuTbSNU 1PBR2y5FOjRuqXaV23fgrCtP6JshwJsf2Z0gqW9x+a4F4XZN8Lrsjc4XT4/wiNoIgJdM xUXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=0oW4Sm3HaZNwEF1VzymvT4H/3DUH7EqHpwidUNaQ39g=; b=NEGLTnqfAfyNDRrm2X6pDiYF4sPhMtydOtrSly/8EPAU+n6HrvmTA/MYemLuW10r2L Gd0vhPvFmimqU99cFMcP3077R6JM4Kif3XS3zwhZ5UVXYRgvKNPh0RMTQRLhmkWI2NZF hyxzwpUDwkxPjiuiaqgjcZ7bKQXZNoOFhX0wixQLr7R6GOmo1sNmqmX513iGn3NIH9Jf HYA7zDsyp9g3J6v3tAQ0oKKvSKMo3ah0WxqpmNHRvgw9lusfaVp5fQvCL7Skvdjtq5Y4 ylS9gRZs5NIphlIg73jbyqSYc/tkBgKpFfzdTm6/SK4dFtjXezBfcsL/zWB6s+Xog5DD 1ybw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DW8MG5l1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e16-20020a056402191000b0044fc3c0e505si1310399edz.318.2022.09.09.13.27.50; Fri, 09 Sep 2022 13:28:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=DW8MG5l1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232073AbiIITqZ (ORCPT + 99 others); Fri, 9 Sep 2022 15:46:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57076 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231318AbiIITps (ORCPT ); Fri, 9 Sep 2022 15:45:48 -0400 Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACB4910FC7; Fri, 9 Sep 2022 12:42:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1662752556; x=1694288556; h=message-id:date:mime-version:subject:to:cc:references: from:in-reply-to:content-transfer-encoding; bh=+/1qN74VTzXrOaU2w2PUWN7E8sji2DXVrWuidjxRfvQ=; b=DW8MG5l130abbkagfcYolgjzpBKYvVe/YJ77X1l9Ul/P9jJI1VR+rMfO NLj/GipBqShA49sUL8YhrargDgmKKey4O77SH2W49bQK433qwvZBal1Us McDetZp0Toxq+FSeLnO3LmYg9kHc/AD/PgFs86Hgml1siPUKbE6hsh64V j04xb5GAcXyhauG/GKjbvQ2o0u/Pm+3UX4EY6jgNma6nL7hxDV+p7dKsF gD0DkzQk5KSs873wCJpA1Bu5gFxjb/i6sGA6ONk62NSXqrfn9ckm+aKME e5B+XJXS0n4/4cAuQbrGWPqMnUFIOu5Bu682u2mAdiC7iOU7LWaWRNNXn Q==; X-IronPort-AV: E=McAfee;i="6500,9779,10465"; a="298357746" X-IronPort-AV: E=Sophos;i="5.93,303,1654585200"; d="scan'208";a="298357746" Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga102.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Sep 2022 12:41:05 -0700 X-IronPort-AV: E=Sophos;i="5.93,303,1654585200"; d="scan'208";a="566476659" Received: from omeier-mobl1.ger.corp.intel.com (HELO [10.209.54.138]) ([10.209.54.138]) by orsmga003-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Sep 2022 12:41:04 -0700 Message-ID: <1942be91-ec18-5fb3-9fcd-6ffcfaf9f36c@intel.com> Date: Fri, 9 Sep 2022 12:41:04 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Re: [PATCH v13 1/3] x86/tdx: Add TDX Guest attestation interface driver Content-Language: en-US To: Kuppuswamy Sathyanarayanan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, Shuah Khan Cc: "H . Peter Anvin" , Greg Kroah-Hartman , "Kirill A . Shutemov" , Tony Luck , Andi Kleen , Kai Huang , Wander Lairson Costa , Isaku Yamahata , marcelo.cerri@canonical.com, tim.gardner@canonical.com, khalid.elmously@canonical.com, philip.cox@canonical.com, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-doc@vger.kernel.org References: <20220909192708.1113126-1-sathyanarayanan.kuppuswamy@linux.intel.com> <20220909192708.1113126-2-sathyanarayanan.kuppuswamy@linux.intel.com> From: Dave Hansen In-Reply-To: <20220909192708.1113126-2-sathyanarayanan.kuppuswamy@linux.intel.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/9/22 12:27, Kuppuswamy Sathyanarayanan wrote: > + u8 reserved[7] = {0}; ... > + if (!req.reportdata || !req.tdreport || req.subtype || > + req.rpd_len != TDX_REPORTDATA_LEN || > + req.tdr_len != TDX_REPORT_LEN || > + memcmp(req.reserved, reserved, 7)) > + return -EINVAL; Huh, so to look for 0's, you: 1. Declare an on-stack structure with a hard coded, magic numbered field that has to be zeroed. 2. memcmp() that structure 3. Feed memcmp() with another hard coded magic number I've gotta ask: did you have any reservations writing this code? Were there any alarm bells going off saying that something might be wrong? Using memcmp() itself is probably forgivable. But, the two magic numbers are pretty mortal sins in my book. What's going to happen the first moment someone wants to repurpose a reserved byte? They're going to do: - __u8 reserved[7]; + __u8 my_new_byte; + __u8 reserved[6]; What's going to happen to the code you wrote? Will it continue to work? Or will the memcmp() silently start doing crazy stuff as it overruns the structure into garbage land? What's wrong with: memchr_inv(&req.reserved, sizeof(req.reserved), 0)