From: Marc Zyngier <maz@kernel.org>
To: Jing Zhang <jingzhangos@google.com>
Cc: KVM <kvm@vger.kernel.org>, KVMARM <kvmarm@lists.linux.dev>,
ARMLinux <linux-arm-kernel@lists.infradead.org>,
Oliver Upton <oupton@google.com>, Joey Gouly <joey.gouly@arm.com>,
Zenghui Yu <yuzenghui@huawei.com>,
Suzuki K Poulose <suzuki.poulose@arm.com>,
Kunkun Jiang <jiangkunkun@huawei.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Andre Przywara <andre.przywara@arm.com>,
Colton Lewis <coltonlewis@google.com>,
Raghavendra Rao Ananta <rananta@google.com>,
Shusen Li <lishusen2@huawei.com>, Eric Auger <eauger@redhat.com>
Subject: Re: [PATCH v4 2/5] KVM: arm64: vgic-its: Add read/write helpers on ITS table entries.
Date: Tue, 12 Nov 2024 08:25:09 +0000 [thread overview]
Message-ID: <87a5e4uae2.wl-maz@kernel.org> (raw)
In-Reply-To: <20241107214137.428439-3-jingzhangos@google.com>
On Thu, 07 Nov 2024 21:41:34 +0000,
Jing Zhang <jingzhangos@google.com> wrote:
>
> To simplify read/write operations on ITS table entries, two helper
> functions have been implemented. These functions incorporate the
> necessary entry size validation.
>
> Signed-off-by: Jing Zhang <jingzhangos@google.com>
> ---
> arch/arm64/kvm/vgic/vgic.h | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
>
> diff --git a/arch/arm64/kvm/vgic/vgic.h b/arch/arm64/kvm/vgic/vgic.h
> index f2486b4d9f95..309295f5e1b0 100644
> --- a/arch/arm64/kvm/vgic/vgic.h
> +++ b/arch/arm64/kvm/vgic/vgic.h
> @@ -146,6 +146,29 @@ static inline int vgic_write_guest_lock(struct kvm *kvm, gpa_t gpa,
> return ret;
> }
>
> +static inline int vgic_its_read_entry_lock(struct vgic_its *its, gpa_t eaddr,
> + u64 *eval, unsigned long esize)
> +{
> + struct kvm *kvm = its->dev->kvm;
> +
> + if (KVM_BUG_ON(esize != sizeof(*eval), kvm))
> + return -EINVAL;
> +
> + return kvm_read_guest_lock(kvm, eaddr, eval, esize);
> +
> +}
> +
> +static inline int vgic_its_write_entry_lock(struct vgic_its *its, gpa_t eaddr,
> + u64 eval, unsigned long esize)
> +{
> + struct kvm *kvm = its->dev->kvm;
> +
> + if (KVM_BUG_ON(esize != sizeof(eval), kvm))
> + return -EINVAL;
> +
> + return vgic_write_guest_lock(kvm, eaddr, &eval, esize);
> +}
> +
I don't think this is right. Or at least not what I had in mind.
What I wanted was to abstract both the element size and the ABI, and
check for the type of 'eval'.
Here, you implicitly case the caller's data on a u64, which C will
happily do without warnings. So this KVM_BUG_ON() checks very little
on writes.
Also, you force the caller to explicitly extract the element-size from
the ABI. Yes, it is available most of the time. But this is about
checking consistency, and you are missing this opportunity.
So while this code isn't wrong, it really doesn't make anything more
robust. It's just another indirection.
M.
--
Without deviation from the norm, progress is not possible.
next prev parent reply other threads:[~2024-11-12 8:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 21:41 [PATCH v4 0/5] Some fixes about vgic-its Jing Zhang
2024-11-07 21:41 ` [PATCH v4 1/5] KVM: selftests: aarch64: Add VGIC selftest for save/restore ITS table mappings Jing Zhang
2024-11-07 21:41 ` [PATCH v4 2/5] KVM: arm64: vgic-its: Add read/write helpers on ITS table entries Jing Zhang
2024-11-12 8:25 ` Marc Zyngier [this message]
2024-11-07 21:41 ` [PATCH v4 3/5] KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* Jing Zhang
2024-11-08 5:13 ` kernel test robot
2024-11-07 21:41 ` [PATCH v4 4/5] KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device Jing Zhang
2024-11-07 21:41 ` [PATCH v4 5/5] KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE Jing Zhang
2025-05-12 14:09 ` David Sauerwein
2025-05-16 9:52 ` Marc Zyngier
2025-08-11 12:40 ` David Woodhouse
2024-11-11 20:40 ` [PATCH v4 0/5] Some fixes about vgic-its Oliver Upton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87a5e4uae2.wl-maz@kernel.org \
--to=maz@kernel.org \
--cc=andre.przywara@arm.com \
--cc=coltonlewis@google.com \
--cc=eauger@redhat.com \
--cc=jiangkunkun@huawei.com \
--cc=jingzhangos@google.com \
--cc=joey.gouly@arm.com \
--cc=kvm@vger.kernel.org \
--cc=kvmarm@lists.linux.dev \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=lishusen2@huawei.com \
--cc=oupton@google.com \
--cc=pbonzini@redhat.com \
--cc=rananta@google.com \
--cc=suzuki.poulose@arm.com \
--cc=yuzenghui@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox