Re: [PATCH RESEND] KVM: TDX: Use struct_size and simplify tdx_get_capabilities

[Sean Christopherson <seanjc@google.com>]

On Wed, Nov 12, 2025, Rick P Edgecombe wrote:
> On Wed, 2025-11-12 at 18:16 +0100, Thorsten Blum wrote:
> 
> kvm x86 logs are suggested to start with a short summary of the patch. Maybe:
> 
> Simplify the logic for copying the KVM_TDX_CAPABILITIES struct to userspace.

Yeah, I have this locally as two separate patches:

  KVM: TDX: Use struct_size to simplify tdx_get_capabilities()
  KVM: TDX: Check size of user's kvm_tdx_capabilities array before allocating

Your CI caught me just in time; I applied this locally last week, but haven't
fully pushed it to kvm-x86 yet. :-)

> It looks like you are conducting a treewide pattern matching cleanup?
> 
> > > Retrieve the number of user entries with get_user() first and return
> > > -E2BIG early if 'user_caps' is too small to fit 'caps'.
> > > 
> > > Allocate memory for 'caps' only after checking the user buffer's number
> > > of entries, thus removing two gotos and the need for premature freeing.
> > > 
> > > Use struct_size() instead of manually calculating the number of bytes to
> > > allocate for 'caps', including the nested flexible array.
> > > 
> > > Finally, copy 'caps' to user space with a single copy_to_user() call.
> 
> In the handling of get_user(nr_user_entries, &user_caps->cpuid.nent), the old
> code forced -EFAULT, this patch doesn't. But it leaves the copy_to_user()'s to
> still force EFAULT. Why?

I'll tweak it to explicitly return -EFAULT.  Doesn't matter terribly, but KVM's
standard pattern is to explicitly return -EFAULT.

> Tested-by: Rick Edgecombe <rick.p.edgecombe@intel.com> (really the TDX CI)