Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <5aa498ab-1ad6-900b-75eb-003ea2d4d8b1@intel.com>
Date:   Tue, 1 Nov 2022 13:28:28 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101
 Thunderbird/91.13.1
Subject: Re: [PATCH 10/14] platform/x86/intel/ifs: Add metadata validation
Content-Language: en-US
To:     Jithu Joseph <jithu.joseph@intel.com>, <hdegoede@redhat.com>,
        <markgross@kernel.org>
CC:     <tglx@linutronix.de>, <mingo@redhat.com>, <bp@alien8.de>,
        <dave.hansen@linux.intel.com>, <x86@kernel.org>, <hpa@zytor.com>,
        <gregkh@linuxfoundation.org>, <ashok.raj@intel.com>,
        <tony.luck@intel.com>, <linux-kernel@vger.kernel.org>,
        <platform-driver-x86@vger.kernel.org>, <patches@lists.linux.dev>,
        <ravi.v.shankar@intel.com>, <thiago.macieira@intel.com>,
        <athenas.jimenez.gonzalez@intel.com>
References: <20221021203413.1220137-1-jithu.joseph@intel.com>
 <20221021203413.1220137-11-jithu.joseph@intel.com>
From:   Sohil Mehta <sohil.mehta@intel.com>
In-Reply-To: <20221021203413.1220137-11-jithu.joseph@intel.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?NEFEd3BuS3hjZTRWR1l1NmxYQXE3T3JYR0NTaG9Ca0xMdmIraHZKSFFoUkhk?=
 =?utf-8?B?dkwrYzZaVGlkQWNnYU9qZWxUbmpSUjNkNi9VUGhtTEtqeTRkdGZibGl0RzZ3?=
 =?utf-8?B?U0FxaFVWbkVXc2lYSWtibUh6TGE2Y1ZzRm9hTVdEMjdZbVRTQm00VzF0aWZC?=
 =?utf-8?B?a3pZVmdHRHZ0TnpwbE52alBBN3lnMm9aNklDdngvTUVWT05HWUV2RGpuZG0y?=
 =?utf-8?B?NU9Ed1paenl1T2cxWlR2VE1KTXpTV0xORkxjUVJ1VFFsS2ZnTjZ5NENPL3Yz?=
 =?utf-8?B?dFhwU1ZLTlgreml2Q05IdkI0UEhXMUNjUkx3bnc3SWZJQ0xMTHNwZStseklG?=
 =?utf-8?B?TlEzQ3pDczNKTCtyQS93ZmplVy9zVkY4QjRwOW40T2VPaUJvME9JeEprUnFC?=
 =?utf-8?B?eGd4bWlmdituSHZWalh6ZmpaZGlITnJDcUdVbG45a3prRWVzcEo4Q0pYeWVH?=
 =?utf-8?B?TnNsR21oanIrb1RkN1cvTkxxS0ZmcjRiekIxWEJqS2k5WW1EQS92dE53QVc0?=
 =?utf-8?B?dlorREtDd3I0aURNZk0vOEtrcVhHZEdBVmhFZ3laOWdlK2h1Sm5PZlJHVDVM?=
 =?utf-8?B?am8xL2t2WkhOZ1UzaytyR2s4eUlMS2c1aFRhQXdaV0wrR2JUNXdVSXBCRzRV?=
 =?utf-8?B?QlhjZXpvaVhVZG5uVFdTSEtIRWw1K2VLOG15RkRrWWZDSzB2L3N1VjBUWW5w?=
 =?utf-8?B?WXBGSTg1MTE4MUpVa3FtaWI2TldiRXNYMEw0SW9mTmxuY2dVU0RxNUx1Qzhx?=
 =?utf-8?B?ZmJvQUk0ZnA4cGVXNGsyeGxheTdIelhuNVhBbmdUVzExSFczaGFMKytLMnV3?=
 =?utf-8?B?YmJnL1g4RWZKWG9OZjZUZnBydW1KQ29MQXhkdmJJRGw1REwrTEVRbDRvNStV?=
 =?utf-8?B?dkYra1I1cUJ3bmVPUG9uUzdlaStBNWx0T3ZRVkFBR1pFWGd5S1ZtVXNKWC80?=
 =?utf-8?B?ZWhUbnIxenF0SWY4WkhoRHlscFEybTh2Qmtrdkc1MDdZb3ZoNlZtTUN3U3NO?=
 =?utf-8?B?djV2ZC96UENwYjNGMmdwWUxSK1VjL25VM0UzZlNQZVlkeS9mVnQ2YWJQQUgv?=
 =?utf-8?B?dE94TEd1Vmxya0lUZWJlZ2tlcHk4WjNaaUczenRDZEtyQVhmc2M0WEF5V2RM?=
 =?utf-8?B?SU9PSXE5SUpRd2VhRzF2OWxZRzVEeUZKMHFZTk9NWithZ1JIeWpxZEpxeStB?=
 =?utf-8?B?N292Q3llY3hmaEpyU2VWZkc4R1hqM2FHUDkweUV0ak5GR0FFQ01YVDhJTHhO?=
 =?utf-8?B?Qlg5UE54ZldvcTVpdDBVQXRsNThQQnRKQk9XTkplN0N1TW12ZmU0ZGNLZWNN?=
 =?utf-8?B?cDUyQ215eEUxZXRjSFhxN0phcUxVNDdvN3lkYThRWDNJKzR5STJIQWVZd1Yv?=
 =?utf-8?B?Yk05b1NISmJuUXlIY1hpbmV2LzcwWXBnWFM1YUMrSks1c0NWY3ptUGFWb2VG?=
 =?utf-8?B?QjY5UnRKYTF5a0N1ejU3K2QwVklzL0dDVklLYjZNTXd4VWtlYWJhWER3MUpL?=
 =?utf-8?B?SUlNV1hrQkFHV1Z2UFliUEZvN3kwb096R21BSThKYU5MNDl6d0RWcW5aSDZZ?=
 =?utf-8?B?SEFkcXA2YzBLbmFEalFvYTJnbzYxclI3ZHdzQVMvMCs2VHBCYmQxc05lc1dq?=
 =?utf-8?B?R25adExyTXo1Um5vU2p0Nk8yNGxhTjl2MXp4OUVDSlBpKzFIaWV4VHhOMUF6?=
 =?utf-8?B?b2FIQlFvTVNpZlBkN1h2V1ZwNVlrM2dnNXRPZURKU2huUDg5cTd1bXlBcXZ4?=
 =?utf-8?B?c0V3T1JMU1VkcXcxckEzclVtbzZuTDFVWlJwSHk0akRuZE9tWkN0T2JXcmFs?=
 =?utf-8?B?YXBsUkFlNUVld0ZWSnBNdmpndXk0OUpSL0xJRnRyNG1tSWFTMndoWFQwRklV?=
 =?utf-8?B?dGgxNmZSak9iTUZqSThZY0hZc09LeEtkYU1PMkpOVU1qNmdYNjlmVWVmUkd2?=
 =?utf-8?B?QURYM2RYOGttMDNlbFlkNVRwd3NOelJZNERzZlJaUDNpdG0zK0ZBeUlldGNt?=
 =?utf-8?B?Um1pTmM4R3lydkhQVFN0TGNvWmh4bFE3SjJGaW5YcjV3T2hsV0R6bzZScFpK?=
 =?utf-8?B?TDcwRHA5OFFzZTFVM3FFKzdXaGxOb2E3dGdPc3ZnM0NkMlAyOXBhUlJVbzZm?=
 =?utf-8?B?L3NxTytoSGF0YkhXYXUxMDBWUHJjSjk5dytGOWVkQ3R2TWliTXZ1czY5L1pQ?=
 =?utf-8?B?UGc9PQ==?=
X-MS-Exchange-CrossTenant-Network-Message-Id: f01f9e06-c05a-49a7-aec7-08dabc47a3fd
X-MS-Exchange-CrossTenant-AuthSource: BYAPR11MB3320.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Nov 2022 20:28:30.8701
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 75sr5RhCuRtAEocWY1xAm98187Cb0IqIWA6Pb7IhwRcsugqgMhSwt0qoP9YJIocQOqLKAubRg2NxqlWU8b+N2w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5335
X-OriginatorOrg: intel.com
X-Spam-Status: No, score=-5.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A,
        RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_NONE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/21/2022 1:34 PM, Jithu Joseph wrote:
> The data portion of IFS test image file contains a meta-data

Can we be consistent with meta-data/metadata usage? Multiple patches 
have this dual usage.

The popular usage in the kernel seems to be "metadata". I would suggest:

s/meta-data/metadata

> structure in addition to test data and hashes.
> 
> Introduce the layout of this meta_data structure and validate
> the sanity of certain fields of the new-image before loading.
> 

s/new-image/new image

> diff --git a/drivers/platform/x86/intel/ifs/ifs.h b/drivers/platform/x86/intel/ifs/ifs.h
> index be37512535f2..bb43fd65d2d2 100644
> --- a/drivers/platform/x86/intel/ifs/ifs.h
> +++ b/drivers/platform/x86/intel/ifs/ifs.h
> @@ -196,6 +196,7 @@ union ifs_status {
>    * @valid_chunks: number of chunks which could be validated.
>    * @status: it holds simple status pass/fail/untested
>    * @scan_details: opaque scan status code from h/w
> + * @cur_batch: suffix indicating the currently loaded test file

What does "suffix" refer to here? I feel how you derive the current 
batch information shouldn't really matter.

>    */
>   struct ifs_data {
>   	int	integrity_cap_bit;
> @@ -205,6 +206,7 @@ struct ifs_data {
>   	int	valid_chunks;
>   	int	status;
>   	u64	scan_details;
> +	int	cur_batch;
>   };
>   

...

>   #define IFS_HEADER_SIZE	(sizeof(struct microcode_header_intel))
>   #define IFS_HEADER_VER	2
> +#define META_TYPE_IFS	1

What namespace does this meta type belong to? Is the expectation here 
that IFS will have different meta types? Or in the generic microcode 
header IFS meta can be found using this type?

I am asking since microcode_intel_find_meta_data() would be eventually 
called from other non-ifs places as well.

Can you please point me to the architecture documentation that describes 
this?


> +static int validate_ifs_metadata(struct device *dev)
> +{
> +	struct ifs_data *ifsd = ifs_get_data(dev);
> +	struct meta_data *ifs_meta;
> +	char test_file[64];
> +	int ret = -EINVAL;
> +
> +	snprintf(test_file, sizeof(test_file), "%02x-%02x-%02x-%02x.scan",
> +		 boot_cpu_data.x86, boot_cpu_data.x86_model,
> +		 boot_cpu_data.x86_stepping, ifsd->cur_batch);
> +

There are multiple usages of ifsd->cur_batch in this patch. AFAIU, the 
variable is still uninitialized. Would this validation patch make more 
sense after patch 12? The "cur_batch" terminology is introduced there 
and the initialization happens there as well.

> +
> +	if (ifs_meta->current_image != ifsd->cur_batch) {
> +		dev_warn(dev, "Suffix metadata is not matching with filename %s(0x%02x)\n",

What does "suffix metadata" mean? How about:

Currently loaded filename %s(0x%02x) doesn't match with the information 
in the metadata.

Sohil