From: Sean Christopherson <seanjc@google.com>
To: kvm-riscv@lists.infradead.org
Subject: [PATCH v2 04/13] KVM: selftests: Assert that vcpu_{g,s}et_reg() won't truncate
Date: Thu, 12 Sep 2024 09:17:36 -0700 [thread overview]
Message-ID: <ZuMUIPIu5iRuxLCC@google.com> (raw)
In-Reply-To: <20240912-75f992936cd9878d0e507498@orel>
On Thu, Sep 12, 2024, Andrew Jones wrote:
> On Wed, Sep 11, 2024 at 01:41:49PM GMT, Sean Christopherson wrote:
> > Assert that the the register being read/written by vcpu_{g,s}et_reg() is
> > no larger than a uint64_t, i.e. that a selftest isn't unintentionally
> > truncating the value being read/written.
> >
> > Ideally, the assert would be done at compile-time, but that would limit
> > the checks to hardcoded accesses and/or require fancier compile-time
> > assertion infrastructure to filter out dynamic usage.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> > tools/testing/selftests/kvm/include/kvm_util.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h
> > index 429a7f003fe3..80230e49e35f 100644
> > --- a/tools/testing/selftests/kvm/include/kvm_util.h
> > +++ b/tools/testing/selftests/kvm/include/kvm_util.h
> > @@ -683,6 +683,8 @@ static inline uint64_t vcpu_get_reg(struct kvm_vcpu *vcpu, uint64_t id)
> > uint64_t val;
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_GET_ONE_REG, ®);
> > return val;
> > }
> > @@ -690,6 +692,8 @@ static inline void vcpu_set_reg(struct kvm_vcpu *vcpu, uint64_t id, uint64_t val
> > {
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_SET_ONE_REG, ®);
> > }
> >
> > --
> > 2.46.0.598.g6f2099f65c-goog
> >
>
> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
>
> Shouldn't patches 3 and 4 come before patch 2 in this series?
Ideally, yes, but for this patch, it gets weird because the output param of
vcpu_reg_get() isn't actually restricted to a 64-bit value prior to patch 2.
E.g. if this patch were merged without that rework, then the assert would be
confusing and arguably flat out wrong.
As for the hack-a-fix, I deliberately ordered it after patch 2 so that it would
be easier for others to (try to) reproduce the bug. I have no objection to
swapping 2 and 3 in the next version.
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: Andrew Jones <ajones@ventanamicro.com>
Cc: Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Anup Patel <anup@brainfault.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
James Houghton <jthoughton@google.com>
Subject: Re: [PATCH v2 04/13] KVM: selftests: Assert that vcpu_{g,s}et_reg() won't truncate
Date: Thu, 12 Sep 2024 09:17:36 -0700 [thread overview]
Message-ID: <ZuMUIPIu5iRuxLCC@google.com> (raw)
In-Reply-To: <20240912-75f992936cd9878d0e507498@orel>
On Thu, Sep 12, 2024, Andrew Jones wrote:
> On Wed, Sep 11, 2024 at 01:41:49PM GMT, Sean Christopherson wrote:
> > Assert that the the register being read/written by vcpu_{g,s}et_reg() is
> > no larger than a uint64_t, i.e. that a selftest isn't unintentionally
> > truncating the value being read/written.
> >
> > Ideally, the assert would be done at compile-time, but that would limit
> > the checks to hardcoded accesses and/or require fancier compile-time
> > assertion infrastructure to filter out dynamic usage.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> > tools/testing/selftests/kvm/include/kvm_util.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h
> > index 429a7f003fe3..80230e49e35f 100644
> > --- a/tools/testing/selftests/kvm/include/kvm_util.h
> > +++ b/tools/testing/selftests/kvm/include/kvm_util.h
> > @@ -683,6 +683,8 @@ static inline uint64_t vcpu_get_reg(struct kvm_vcpu *vcpu, uint64_t id)
> > uint64_t val;
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_GET_ONE_REG, ®);
> > return val;
> > }
> > @@ -690,6 +692,8 @@ static inline void vcpu_set_reg(struct kvm_vcpu *vcpu, uint64_t id, uint64_t val
> > {
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_SET_ONE_REG, ®);
> > }
> >
> > --
> > 2.46.0.598.g6f2099f65c-goog
> >
>
> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
>
> Shouldn't patches 3 and 4 come before patch 2 in this series?
Ideally, yes, but for this patch, it gets weird because the output param of
vcpu_reg_get() isn't actually restricted to a 64-bit value prior to patch 2.
E.g. if this patch were merged without that rework, then the assert would be
confusing and arguably flat out wrong.
As for the hack-a-fix, I deliberately ordered it after patch 2 so that it would
be easier for others to (try to) reproduce the bug. I have no objection to
swapping 2 and 3 in the next version.
WARNING: multiple messages have this Message-ID (diff)
From: Sean Christopherson <seanjc@google.com>
To: Andrew Jones <ajones@ventanamicro.com>
Cc: Marc Zyngier <maz@kernel.org>,
Oliver Upton <oliver.upton@linux.dev>,
Anup Patel <anup@brainfault.org>,
Paolo Bonzini <pbonzini@redhat.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Janosch Frank <frankja@linux.ibm.com>,
Claudio Imbrenda <imbrenda@linux.ibm.com>,
linux-arm-kernel@lists.infradead.org, kvmarm@lists.linux.dev,
kvm@vger.kernel.org, kvm-riscv@lists.infradead.org,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
James Houghton <jthoughton@google.com>
Subject: Re: [PATCH v2 04/13] KVM: selftests: Assert that vcpu_{g,s}et_reg() won't truncate
Date: Thu, 12 Sep 2024 09:17:36 -0700 [thread overview]
Message-ID: <ZuMUIPIu5iRuxLCC@google.com> (raw)
In-Reply-To: <20240912-75f992936cd9878d0e507498@orel>
On Thu, Sep 12, 2024, Andrew Jones wrote:
> On Wed, Sep 11, 2024 at 01:41:49PM GMT, Sean Christopherson wrote:
> > Assert that the the register being read/written by vcpu_{g,s}et_reg() is
> > no larger than a uint64_t, i.e. that a selftest isn't unintentionally
> > truncating the value being read/written.
> >
> > Ideally, the assert would be done at compile-time, but that would limit
> > the checks to hardcoded accesses and/or require fancier compile-time
> > assertion infrastructure to filter out dynamic usage.
> >
> > Signed-off-by: Sean Christopherson <seanjc@google.com>
> > ---
> > tools/testing/selftests/kvm/include/kvm_util.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/tools/testing/selftests/kvm/include/kvm_util.h b/tools/testing/selftests/kvm/include/kvm_util.h
> > index 429a7f003fe3..80230e49e35f 100644
> > --- a/tools/testing/selftests/kvm/include/kvm_util.h
> > +++ b/tools/testing/selftests/kvm/include/kvm_util.h
> > @@ -683,6 +683,8 @@ static inline uint64_t vcpu_get_reg(struct kvm_vcpu *vcpu, uint64_t id)
> > uint64_t val;
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_GET_ONE_REG, ®);
> > return val;
> > }
> > @@ -690,6 +692,8 @@ static inline void vcpu_set_reg(struct kvm_vcpu *vcpu, uint64_t id, uint64_t val
> > {
> > struct kvm_one_reg reg = { .id = id, .addr = (uint64_t)&val };
> >
> > + TEST_ASSERT(KVM_REG_SIZE(id) <= sizeof(val), "Reg %lx too big", id);
> > +
> > vcpu_ioctl(vcpu, KVM_SET_ONE_REG, ®);
> > }
> >
> > --
> > 2.46.0.598.g6f2099f65c-goog
> >
>
> Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
>
> Shouldn't patches 3 and 4 come before patch 2 in this series?
Ideally, yes, but for this patch, it gets weird because the output param of
vcpu_reg_get() isn't actually restricted to a 64-bit value prior to patch 2.
E.g. if this patch were merged without that rework, then the assert would be
confusing and arguably flat out wrong.
As for the hack-a-fix, I deliberately ordered it after patch 2 so that it would
be easier for others to (try to) reproduce the bug. I have no objection to
swapping 2 and 3 in the next version.
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2024-09-12 16:17 UTC|newest]
Thread overview: 72+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 20:41 [PATCH v2 00/13] KVM: selftests: Morph max_guest_mem to mmu_stress Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 01/13] KVM: Move KVM_REG_SIZE() definition to common uAPI header Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 02/13] KVM: selftests: Return a value from vcpu_get_reg() instead of using an out-param Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-12 9:11 ` Andrew Jones
2024-09-12 9:11 ` Andrew Jones
2024-09-12 9:11 ` Andrew Jones
2024-09-12 13:49 ` Sean Christopherson
2024-09-12 13:49 ` Sean Christopherson
2024-09-12 13:49 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 03/13] KVM: selftests: Fudge around an apparent gcc bug in arm64's PMU test Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-30 21:56 ` Sean Christopherson
2024-09-30 21:56 ` Sean Christopherson
2024-09-30 21:56 ` Sean Christopherson
2024-09-30 22:48 ` Sean Christopherson
2024-09-30 22:48 ` Sean Christopherson
2024-09-30 22:48 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 04/13] KVM: selftests: Assert that vcpu_{g,s}et_reg() won't truncate Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-12 9:41 ` Andrew Jones
2024-09-12 9:41 ` Andrew Jones
2024-09-12 9:41 ` Andrew Jones
2024-09-12 16:17 ` Sean Christopherson [this message]
2024-09-12 16:17 ` Sean Christopherson
2024-09-12 16:17 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 05/13] KVM: selftests: Check for a potential unhandled exception iff KVM_RUN succeeded Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 06/13] KVM: selftests: Rename max_guest_memory_test to mmu_stress_test Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 07/13] KVM: selftests: Only muck with SREGS on x86 in mmu_stress_test Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 08/13] KVM: selftests: Compute number of extra pages needed " Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 09/13] KVM: selftests: Enable mmu_stress_test on arm64 Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 10/13] KVM: selftests: Use vcpu_arch_put_guest() in mmu_stress_test Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 11/13] KVM: selftests: Precisely limit the number of guest loops " Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 12/13] KVM: selftests: Add a read-only mprotect() phase to mmu_stress_test Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` [PATCH v2 13/13] KVM: selftests: Verify KVM correctly handles mprotect(PROT_READ) Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-11 20:41 ` Sean Christopherson
2024-09-12 0:19 ` James Houghton
2024-09-12 0:19 ` James Houghton
2024-09-12 0:19 ` James Houghton
2024-09-12 14:36 ` Sean Christopherson
2024-09-12 14:36 ` Sean Christopherson
2024-09-12 14:36 ` Sean Christopherson
2024-09-12 11:48 ` [PATCH v2 00/13] KVM: selftests: Morph max_guest_mem to mmu_stress Andrew Jones
2024-09-12 11:48 ` Andrew Jones
2024-09-12 11:48 ` Andrew Jones
2024-09-12 14:03 ` Sean Christopherson
2024-09-12 14:03 ` Sean Christopherson
2024-09-12 14:03 ` Sean Christopherson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZuMUIPIu5iRuxLCC@google.com \
--to=seanjc@google.com \
--cc=kvm-riscv@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.