Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp254248rdb; Thu, 22 Feb 2024 02:40:11 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWU+bhUGkiXfow08Ts+2A+C1QZUUxT0GZFTIGmZAtuqbIK3ESVe43VTdu3WeX7p0we1HXuJ3I9quVOq44n/goQ8vso2vEB/Umiu8sQ/Bw== X-Google-Smtp-Source: AGHT+IEF+RRxsTOIMuL1aQVn7uxPKvyZPzFQlpgHaNGjvzg1wzV0TybfM8hB2B9aoqGAL5dH9uiG X-Received: by 2002:a05:6214:234e:b0:68f:736b:1fb0 with SMTP id hu14-20020a056214234e00b0068f736b1fb0mr13538194qvb.7.1708598411106; Thu, 22 Feb 2024 02:40:11 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708598411; cv=pass; d=google.com; s=arc-20160816; b=gtPVJ2kgWKq8amuhEYAXjpK5zrYj59sEIji6Z7FCc8dMcz+Hkq7kIzUB+fDHwHPlpE YZ+UdSQ9C3zc8gsCpRQKXumjOJ2BfMqRGrB34cWz+fcpX0K+CHdkCR7c1rZd4PRu2okD bKskSCNptKOszRQghRZjrCKndvaPfMx6l8x9c4L08+ewy/ih1l0m67KJVnbzuAYWRA5k CxysOPGy+9+cTfiuahs7hTXKZdSsihts9kiwdaRCmlVOdg/acQcst2G4MY3PaViBRh+D lvkqqh54zeoVDUj+T59a7p7r3/dJCkNYlUW49yHcCAPfZvhI+9b7XNwQg7GBZanI3vys Id1A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:in-reply-to:from:references:cc:to :content-language:subject:user-agent:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:date:message-id:dkim-signature; bh=nRwsdhyCsfwPU+9c7Pm6bV1qchInuCtIt/3gcCzLBXY=; fh=FqE1TIpHzeJwB8uy/2rCEG/vb1NUWKUrKWmHEEMelFU=; b=Beooqlgj0K7g0Luv9IiaydglmL3KuMHu11ejlFi92Tb9NHNdJaJKhr5BAO0F8HT7BY 5pRkjgE2xTmDF9XzwqCZYhZNTIx9xOVLPBX4YPWEX3sDntpg8FEphuLlLq+DTrd9doHO 7I4JMaX+v75zudOQYzgK/c8acjch2yYL/GoSm4QMReN9Lsc0ln4nvpCoaZiC5qR9stF/ teEYpGJIw5P89Q7Sp+0KsINLu59RL5KChSgB537ChzNDLyXx7C//pP+OwVTOudgpM6u0 3yBXwYuQKGNrLXWH1Co6Gowoh0nOlkz8UCByGs4h91FNwBjmc6lCQYZ8Ipiay1P1b+UG vNtg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@xen0n.name header.s=mail header.b=JX+qBwuN; arc=pass (i=1 spf=pass spfdomain=xen0n.name dkim=pass dkdomain=xen0n.name); spf=pass (google.com: domain of linux-kernel+bounces-76344-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76344-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id pt18-20020a056214049200b0068eda269640si13127455qvb.448.2024.02.22.02.40.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 02:40:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-76344-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@xen0n.name header.s=mail header.b=JX+qBwuN; arc=pass (i=1 spf=pass spfdomain=xen0n.name dkim=pass dkdomain=xen0n.name); spf=pass (google.com: domain of linux-kernel+bounces-76344-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76344-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id D11691C210CF for ; Thu, 22 Feb 2024 10:40:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 993813F9ED; Thu, 22 Feb 2024 10:40:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=xen0n.name header.i=@xen0n.name header.b="JX+qBwuN" Received: from mailbox.box.xen0n.name (mail.xen0n.name [115.28.160.31]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED83038F88; Thu, 22 Feb 2024 10:40:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=115.28.160.31 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708598402; cv=none; b=occGXG9tLdMED3dQ6PPYnggY+rKhqQhKzLbM7NY/HnnPvkUIktxhgrCdqr59b0h1Crk/18HVjleQEnFl62k5lr6Na8KDtQGKk4Ailg3ohR7UGq2ZBRT2Zy8F3yOpf0IXztzT9igibBGIiJgn6++H4RuuBqrAyvlShjpjUeoC/0E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708598402; c=relaxed/simple; bh=FuBDCm+nfRJvluqNb4wLXsonwNUes6SMoT6bu57fO/M=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=KqYAc3/6+oTnM0+jbbO5U7i9maJm/8zstKRGgUBWx3z+Vse3prLCfxqYcZgnQAPdwfbieQFEdXzZtnc6R/ZwSo8221V0q1TLmLKnBhmhSVjzGquZxNazmFPOzu5S7t39zitsYId56hgf0/1IhU/uzyBoPC1uCGqo7W+tXviyCkM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=xen0n.name; spf=pass smtp.mailfrom=xen0n.name; dkim=pass (1024-bit key) header.d=xen0n.name header.i=@xen0n.name header.b=JX+qBwuN; arc=none smtp.client-ip=115.28.160.31 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=xen0n.name Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=xen0n.name DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xen0n.name; s=mail; t=1708598398; bh=FuBDCm+nfRJvluqNb4wLXsonwNUes6SMoT6bu57fO/M=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=JX+qBwuN++k/Hw5I0RCrbZ9ISDmuYWxA8/AfimqU4TDzheKM+5W0nbh0ENjXmTqva WUSzBDwfxpPBpiuYr/qtLq/Kb+alTtFGmBhrOwjMaUrDk1xIKFsqAA70KGvzHeiTkI k9AY3jmi0hio5+Ur4ZCAHm9UMxw0deMXB8prNTf4= Received: from [IPV6:240e:688:100:1:5f9c:42f0:f9f2:a909] (unknown [IPv6:240e:688:100:1:5f9c:42f0:f9f2:a909]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by mailbox.box.xen0n.name (Postfix) with ESMTPSA id 747ED60094; Thu, 22 Feb 2024 18:39:58 +0800 (CST) Message-ID: <37521d9a-7980-486b-8ab6-980a8ccb7bbf@xen0n.name> Date: Thu, 22 Feb 2024 18:39:57 +0800 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PATCH for-6.8 v3 1/3] LoongArch: KVM: Fix input validation of _kvm_get_cpucfg and kvm_check_cpucfg Content-Language: en-US To: maobibo , Paolo Bonzini , Huacai Chen Cc: Tianrui Zhao , kvm@vger.kernel.org, loongarch@lists.linux.dev, linux-kernel@vger.kernel.org, WANG Xuerui References: <20240216085822.3032984-1-kernel@xen0n.name> <20240216085822.3032984-2-kernel@xen0n.name> <412ea29b-7a53-1f91-1cdb-5a256e74826b@loongson.cn> <4a12394a-8ebf-40b8-b0bc-65b5a66967cd@xen0n.name> <0c27477b-d144-37f3-d47c-956f9ba07723@loongson.cn> From: WANG Xuerui In-Reply-To: <0c27477b-d144-37f3-d47c-956f9ba07723@loongson.cn> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit On 2/22/24 18:22, maobibo wrote: > > > On 2024/2/22 下午5:45, WANG Xuerui wrote: >> Hi, >> >> On 2/17/24 11:03, maobibo wrote: >>> Hi Xuerui, >>> >>> Good catch, and thank for your patch. >>> >>> On 2024/2/16 下午4:58, WANG Xuerui wrote: >>>> [snip] >>>> @@ -324,31 +319,33 @@ static int _kvm_get_cpucfg(int id, u64 *v) >>>>           if (cpu_has_lasx) >>>>               *v |= CPUCFG2_LASX; >>>> -        break; >>>> +        return 0; >>>> +    case 0 ... 1: >>>> +    case 3 ... KVM_MAX_CPUCFG_REGS - 1: >>>> +        /* no restrictions on other CPUCFG IDs' values */ >>>> +        *v = U64_MAX; >>>> +        return 0; >>> how about something like this? >>>      default: >>>          /* no restrictions on other CPUCFG IDs' values */ >>>          *v = U64_MAX; >>>          return 0; >> >> I don't think this version correctly expresses the intent. Note that >> the CPUCFG ID range check is squashed into the switch as well, so one >> switch conveniently expresses the three intended cases at once: >> >> * the special treatment of CPUCFG2, > +    case 0 ... 1: > +    case 3 ... KVM_MAX_CPUCFG_REGS - 1: > +        /* no restrictions on other CPUCFG IDs' values */ > +        *v = U64_MAX; > +        return 0; > cpucfg6 checking will be added for PMU support soon. So it will be >         case 6: >             do something check for cpucfg6 >             return mask; >         case 0 ... 1: >         case 3 ... 5: >         case 7 ... KVM_MAX_CPUCFG_REGS - 1: >               *v = U64_MAX; >             return 0; > > If you think it is reasonable to add these separate "case" sentences, I > have no objection. >> * all-allow rules for other in-range CPUCFG IDs, and >> * rejection for out-of-range IDs. >  static int kvm_check_cpucfg(int id, u64 val) >  { > -    u64 mask; > -    int ret = 0; > - > -    if (id < 0 && id >= KVM_MAX_CPUCFG_REGS) > -        return -EINVAL; > you can modify && with ||, like this: >     if (id < 0 || id >= KVM_MAX_CPUCFG_REGS) >         return -EINVAL; Yes I know. Personally I don't find the "three cases" that annoying, but I agree with you that it can be mildly frustrating if one case addition would split the ranges even more. Given I'd like to also change the U64_MAX into U32_MAX (CPUCFG data is specified to be 32-bit wide), I'll send a v4 that keeps the "if" branch to make more people happy (Huacai privately also expressed preference for minimizing changes to the overall code shape). Thanks for your suggestion. -- WANG "xen0n" Xuerui Linux/LoongArch mailing list: https://lore.kernel.org/loongarch/