From: Dave Hansen <dave.hansen@intel.com>
To: Sathyanarayanan Kuppuswamy
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Shuah Khan <shuah@kernel.org>,
"H . Peter Anvin" <hpa@zytor.com>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Wander Lairson Costa <wander@redhat.com>,
Isaku Yamahata <isaku.yamahata@gmail.com>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-doc@vger.kernel.org
Subject: Re: [PATCH v12 1/3] x86/tdx: Add TDX Guest attestation interface driver
Date: Thu, 8 Sep 2022 13:36:00 -0700 [thread overview]
Message-ID: <ac10ec37-91c8-031e-b3d3-843eaf28f0ee@intel.com> (raw)
In-Reply-To: <6cf407ed-95c7-0db4-d581-b85efad13239@linux.intel.com>
On 9/8/22 12:07, Sathyanarayanan Kuppuswamy wrote:
> On 9/7/22 10:31 PM, Greg Kroah-Hartman wrote:
>> On Wed, Sep 07, 2022 at 05:27:20PM -0700, Kuppuswamy Sathyanarayanan wrote:
>>> + /*
>>> + * Per TDX Module 1.0 specification, section titled
>>> + * "TDG.MR.REPORT", REPORTDATA length is fixed as
>>> + * TDX_REPORTDATA_LEN, TDREPORT length is fixed as
>>> + * TDX_REPORT_LEN, and TDREPORT subtype is fixed as
>>> + * 0. Also check for valid user pointers.
>>> + */
>>> + if (!req.reportdata || !req.tdreport || req.subtype ||
>>> + req.rpd_len != TDX_REPORTDATA_LEN ||
>>> + req.tdr_len != TDX_REPORT_LEN)
>>> + return -EINVAL;
>> You never verify that your reserved[7] fields are actually set to 0,
>> which means you can never use them in the future :(
> Currently, we don't use those fields in our code. Why do we have to
> make sure they are set to zero?
Yes.
> Can't we add checks when we really use them in future?
No.
This has been a hard learned lesson both by people writing software and
designing hardware interfaces: if you _let_ folks pass garbage you have
to _keep_ letting them pass garbage forever. It becomes part of the ABI.
I'm sorry you missed the memo on this one. But, this is one million
percent a best practice across the industry. Please do it.
next prev parent reply other threads:[~2022-09-08 20:36 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 0:27 [PATCH v12 0/3] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-09-08 0:27 ` [PATCH v12 1/3] x86/tdx: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-09-08 5:31 ` Greg Kroah-Hartman
2022-09-08 19:07 ` Sathyanarayanan Kuppuswamy
2022-09-08 20:36 ` Dave Hansen [this message]
2022-09-08 20:45 ` Sathyanarayanan Kuppuswamy
2022-09-09 5:26 ` Greg Kroah-Hartman
2022-09-08 23:53 ` Sathyanarayanan Kuppuswamy
2022-09-09 5:25 ` Greg Kroah-Hartman
2022-09-08 0:27 ` [PATCH v12 2/3] selftests: tdx: Test TDX attestation GetReport support Kuppuswamy Sathyanarayanan
2022-09-08 14:16 ` Wander Lairson Costa
2022-09-08 23:45 ` Sathyanarayanan Kuppuswamy
2022-09-09 13:36 ` Wander Lairson Costa
2022-09-09 18:40 ` Sathyanarayanan Kuppuswamy
2022-09-09 1:55 ` Sathyanarayanan Kuppuswamy
2022-09-09 13:49 ` Dave Hansen
2022-09-09 3:48 ` Huang, Kai
2022-09-09 5:08 ` Sathyanarayanan Kuppuswamy
2022-09-08 0:27 ` [PATCH v12 3/3] Documentation/x86: Document TDX attestation process Kuppuswamy Sathyanarayanan
2022-09-08 9:10 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ac10ec37-91c8-031e-b3d3-843eaf28f0ee@intel.com \
--to=dave.hansen@intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=philip.cox@canonical.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=tony.luck@intel.com \
--cc=wander@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.