From: Chao Gao <chao.gao@intel.com>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "kvm@vger.kernel.org" <kvm@vger.kernel.org>,
"Li, Xiaoyao" <xiaoyao.li@intel.com>,
"linux-coco@lists.linux.dev" <linux-coco@lists.linux.dev>,
"Huang, Kai" <kai.huang@intel.com>,
"x86@kernel.org" <x86@kernel.org>,
"Zhao, Yan Y" <yan.y.zhao@intel.com>,
"dave.hansen@linux.intel.com" <dave.hansen@linux.intel.com>,
"kas@kernel.org" <kas@kernel.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"Weiny, Ira" <ira.weiny@intel.com>,
"pbonzini@redhat.com" <pbonzini@redhat.com>,
"Chatre, Reinette" <reinette.chatre@intel.com>,
"Verma, Vishal L" <vishal.l.verma@intel.com>,
"nik.borisov@suse.com" <nik.borisov@suse.com>,
"seanjc@google.com" <seanjc@google.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"binbin.wu@linux.intel.com" <binbin.wu@linux.intel.com>,
"Annapurve, Vishal" <vannapurve@google.com>,
"hpa@zytor.com" <hpa@zytor.com>,
"sagis@google.com" <sagis@google.com>,
"tony.lindgren@linux.intel.com" <tony.lindgren@linux.intel.com>,
"paulmck@kernel.org" <paulmck@kernel.org>,
"tglx@kernel.org" <tglx@kernel.org>,
"yilun.xu@linux.intel.com" <yilun.xu@linux.intel.com>,
"dan.j.williams@intel.com" <dan.j.williams@intel.com>,
"bp@alien8.de" <bp@alien8.de>
Subject: Re: [PATCH v7 08/22] x86/virt/seamldr: Allocate and populate a module update request
Date: Wed, 15 Apr 2026 19:04:24 +0800 [thread overview]
Message-ID: <ad9wuJPdluqJrcBM@intel.com> (raw)
In-Reply-To: <1016261178d32a5c6f20d1507f28388dd01a15df.camel@intel.com>
>> > > +static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
>> > > +{
>> > > + const struct tdx_blob *blob = (const void *)data;
>> > > + int module_size, sig_size;
>> > > + const void *sig, *module;
>> > > +
>> > > + /*
>> > > + * Ensure the size is valid otherwise reading any field from the
>> > > + * blob may overflow.
>> > > + */
>> > > + if (size <= sizeof(struct tdx_blob) || size <= blob->offset_of_module)
>> > > + return ERR_PTR(-EINVAL);
>> > > +
>> > > + if (blob->version != TDX_BLOB_VERSION_1)
>> > > + return ERR_PTR(-EINVAL);
>> > > +
>> > > + if (blob->reserved0 || memchr_inv(blob->reserved1, 0, sizeof(blob->reserved1)))
>> > > + return ERR_PTR(-EINVAL);
>> > > +
>> > > + /* Split the blob into a sigstruct and a module. */
>> > > + sig = blob->data;
>> > > + sig_size = blob->offset_of_module - sizeof(struct tdx_blob);
>> > > + module = data + blob->offset_of_module;
>> > > + module_size = size - blob->offset_of_module;
>> >
>> > Did you consider just passing the tdx_blob into alloc_seamldr_params()?
>> > Basically, this function checks the blob fields, then alloc_seamldr_params()
>> > turns blob into struct seamldr_params without checks. The way it is, the work
>> > seems kind of spread around two functions with various checks.
>>
>> Fine with merging them.
>>
>
>I wasn't suggesting to merge them. I was suggesting to have them each do a
>dedicated thing.
Ok. See the code snippet below. Most checks are in init_seamldr_params(),
except the limit checks on module_size and sig_size. Moving them there would
require duplicating the module_size/sig_size calculations. So, I just keep the
checks next to the calculations.
static struct seamldr_params *alloc_seamldr_params(const struct tdx_blob *blob)
{
struct seamldr_params *params;
int module_size, sig_size;
const void *sig, *module;
const u8 *ptr;
int i;
/* Split the blob into a sigstruct and a module. */
sig = blob->data;
sig_size = blob->offset_of_module - sizeof(struct tdx_blob);
module = (u8 *)blob + blob->offset_of_module;
module_size = blob->length - blob->offset_of_module;
if (module_size > SEAMLDR_MAX_NR_MODULE_4KB_PAGES * SZ_4K)
return ERR_PTR(-EINVAL);
if (sig_size > SEAMLDR_MAX_NR_SIG_4KB_PAGES * SZ_4K)
return ERR_PTR(-EINVAL);
params = (struct seamldr_params *)get_zeroed_page(GFP_KERNEL);
if (!params)
return ERR_PTR(-ENOMEM);
/*
* Only use version 1 when required (sigstruct > 4KB) for backward
* compatibility with P-SEAMLDR that lacks version 1 support.
*/
params->version = sig_size > SZ_4K;
params->scenario = SEAMLDR_SCENARIO_UPDATE;
ptr = sig;
for (i = 0; i < sig_size / SZ_4K; i++) {
params->sigstruct_pa[i] = vmalloc_to_pfn(ptr) << PAGE_SHIFT;
ptr += SZ_4K;
}
params->num_module_pages = module_size / SZ_4K;
ptr = module;
for (i = 0; i < params->num_module_pages; i++) {
params->mod_pages_pa_list[i] = vmalloc_to_pfn(ptr) << PAGE_SHIFT;
ptr += SZ_4K;
}
return params;
}
static struct seamldr_params *init_seamldr_params(const u8 *data, u32 size)
{
const struct tdx_blob *blob = (const void *)data;
/*
* Ensure the size is valid otherwise reading any field from the
* blob may overflow.
*/
if (size <= sizeof(struct tdx_blob))
return ERR_PTR(-EINVAL);
if (blob->version != TDX_BLOB_VERSION_1)
return ERR_PTR(-EINVAL);
if (blob->length != size)
return ERR_PTR(-EINVAL);
if (memcmp(blob->signature, "TDX-BLOB", 8))
return ERR_PTR(-EINVAL);
if (blob->reserved0 || memchr_inv(blob->reserved1, 0, sizeof(blob->reserved1)))
return ERR_PTR(-EINVAL);
/* Ensure the offset_of_module is within valid range and aligned. */
if (blob->offset_of_module >= size ||
blob->offset_of_module <= sizeof(struct tdx_blob))
return ERR_PTR(-EINVAL);
if (!IS_ALIGNED(blob->offset_of_module, SZ_4K))
return ERR_PTR(-EINVAL);
return alloc_seamldr_params(blob);
}
next prev parent reply other threads:[~2026-04-15 11:04 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-31 12:41 [PATCH v7 00/22] Runtime TDX module update support Chao Gao
2026-03-31 12:41 ` [PATCH v7 01/22] x86/virt/tdx: Move low level SEAMCALL helpers out of <asm/tdx.h> Chao Gao
2026-04-10 23:42 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 02/22] coco/tdx-host: Introduce a "tdx_host" device Chao Gao
2026-03-31 12:41 ` [PATCH v7 03/22] coco/tdx-host: Expose TDX module version Chao Gao
2026-03-31 12:41 ` [PATCH v7 04/22] x86/virt/seamldr: Introduce a wrapper for P-SEAMLDR SEAMCALLs Chao Gao
2026-04-10 23:58 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 05/22] x86/virt/seamldr: Add a helper to retrieve P-SEAMLDR information Chao Gao
2026-04-11 0:13 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 06/22] coco/tdx-host: Expose P-SEAMLDR information via sysfs Chao Gao
2026-03-31 14:58 ` Dave Hansen
2026-04-01 1:57 ` Chao Gao
2026-03-31 14:58 ` Dave Hansen
2026-04-01 2:25 ` Chao Gao
2026-04-13 19:08 ` Edgecombe, Rick P
2026-04-14 11:20 ` Chao Gao
2026-04-14 17:02 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 07/22] coco/tdx-host: Implement firmware upload sysfs ABI for TDX module updates Chao Gao
2026-03-31 15:04 ` Dave Hansen
2026-04-01 3:10 ` Chao Gao
2026-03-31 15:11 ` Dave Hansen
2026-04-01 7:49 ` Chao Gao
2026-04-11 0:26 ` Edgecombe, Rick P
2026-04-14 9:50 ` Chao Gao
2026-04-14 17:04 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 08/22] x86/virt/seamldr: Allocate and populate a module update request Chao Gao
2026-03-31 15:44 ` Dave Hansen
2026-04-01 8:27 ` Chao Gao
2026-04-11 0:33 ` Edgecombe, Rick P
2026-04-11 1:14 ` Edgecombe, Rick P
2026-04-14 9:43 ` Chao Gao
2026-04-14 17:37 ` Edgecombe, Rick P
2026-04-15 11:04 ` Chao Gao [this message]
2026-04-15 17:19 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 09/22] x86/virt/seamldr: Introduce skeleton for TDX module updates Chao Gao
2026-04-07 11:49 ` Chao Gao
2026-04-07 15:55 ` Dave Hansen
2026-04-11 1:23 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 10/22] x86/virt/seamldr: Abort updates if errors occurred midway Chao Gao
2026-04-11 1:26 ` Edgecombe, Rick P
2026-04-14 9:59 ` Chao Gao
2026-04-14 17:41 ` Edgecombe, Rick P
2026-04-15 2:59 ` Chao Gao
2026-04-15 14:56 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 11/22] x86/virt/seamldr: Shut down the current TDX module Chao Gao
2026-04-07 11:51 ` Chao Gao
2026-04-11 1:35 ` Edgecombe, Rick P
2026-04-11 1:36 ` Edgecombe, Rick P
2026-04-14 10:09 ` Chao Gao
2026-04-14 17:34 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 12/22] x86/virt/tdx: Reset software states during TDX module shutdown Chao Gao
2026-04-07 12:02 ` Chao Gao
2026-04-11 1:56 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 13/22] x86/virt/seamldr: Install a new TDX module Chao Gao
2026-04-11 2:01 ` Edgecombe, Rick P
2026-04-14 10:19 ` Chao Gao
2026-04-14 17:35 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 14/22] x86/virt/seamldr: Do TDX per-CPU initialization after updates Chao Gao
2026-04-11 2:03 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 15/22] x86/virt/tdx: Restore TDX module state Chao Gao
2026-04-07 12:07 ` Chao Gao
2026-04-11 2:06 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 16/22] x86/virt/tdx: Update tdx_sysinfo and check features post-update Chao Gao
2026-04-07 12:15 ` Chao Gao
2026-04-07 15:53 ` Dave Hansen
2026-04-08 12:16 ` Chao Gao
2026-03-31 12:41 ` [PATCH v7 17/22] x86/virt/tdx: Avoid updates during update-sensitive operations Chao Gao
2026-04-06 22:29 ` Sean Christopherson
2026-04-14 19:58 ` Edgecombe, Rick P
2026-04-14 21:43 ` Dan Williams
2026-04-14 22:20 ` Edgecombe, Rick P
2026-04-15 0:36 ` Dan Williams
2026-04-15 0:52 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 18/22] coco/tdx-host: Don't expose P-SEAMLDR features on CPUs with erratum Chao Gao
2026-04-13 19:28 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 19/22] x86/virt/tdx: Enable TDX module runtime updates Chao Gao
2026-04-13 19:40 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 20/22] coco/tdx-host: Document TDX module update compatibility criteria Chao Gao
2026-03-31 12:41 ` [PATCH v7 21/22] x86/virt/tdx: Document TDX module update Chao Gao
2026-04-13 19:54 ` Edgecombe, Rick P
2026-03-31 12:41 ` [PATCH v7 22/22] x86/virt/seamldr: Log TDX module update failures Chao Gao
2026-04-13 20:04 ` Edgecombe, Rick P
2026-04-14 10:25 ` Chao Gao
2026-04-14 17:39 ` Edgecombe, Rick P
2026-04-15 3:01 ` Chao Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad9wuJPdluqJrcBM@intel.com \
--to=chao.gao@intel.com \
--cc=binbin.wu@linux.intel.com \
--cc=bp@alien8.de \
--cc=dan.j.williams@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=ira.weiny@intel.com \
--cc=kai.huang@intel.com \
--cc=kas@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=nik.borisov@suse.com \
--cc=paulmck@kernel.org \
--cc=pbonzini@redhat.com \
--cc=reinette.chatre@intel.com \
--cc=rick.p.edgecombe@intel.com \
--cc=sagis@google.com \
--cc=seanjc@google.com \
--cc=tglx@kernel.org \
--cc=tony.lindgren@linux.intel.com \
--cc=vannapurve@google.com \
--cc=vishal.l.verma@intel.com \
--cc=x86@kernel.org \
--cc=xiaoyao.li@intel.com \
--cc=yan.y.zhao@intel.com \
--cc=yilun.xu@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.