From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: <linux-cxl@vger.kernel.org>, <dave.jiang@intel.com>,
<ira.weiny@intel.com>
Subject: Re: [PATCH 2/4] cxl/mbox: Enable cxl_mbox_send_cmd() users to validate output size
Date: Thu, 8 Dec 2022 11:01:52 +0000 [thread overview]
Message-ID: <20221208110152.000011d0@Huawei.com> (raw)
In-Reply-To: <167030055370.4044561.17788093375112783036.stgit@dwillia2-xfh.jf.intel.com>
On Mon, 05 Dec 2022 20:22:33 -0800
Dan Williams <dan.j.williams@intel.com> wrote:
> Internally cxl_mbox_send_cmd() converts all passed-in parameters to a
> 'struct cxl_mbox_cmd' instance and sends that to cxlds->mbox_send(). It
> then teases the possibilty that the caller can validate the output size.
> However, they cannot since the resulting output size is not conveyed to
> the called. Fix that by making the caller pass in a constructed 'struct
> cxl_mbox_cmd'. This prepares for a future patch to add output size
> validation on a per-command basis.
>
> Given the change in signature, also change the name to differentiate it
> from the user command submission path that performs more validation
> before generating the 'struct cxl_mbox_cmd' instance to execute.
>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
I'm with Ira on ordering in structure alignment. Other trivial things inline.
Usual moans about slipping in unrelated tidy up. All good stuff, but
would have preferred them separated out. In interests of speed though
I'm fine with it as it stands
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
> @@ -83,15 +95,21 @@ static int __cxl_pmem_security_disable(struct nvdimm *nvdimm,
> struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
> struct cxl_dev_state *cxlds = cxlmd->cxlds;
> struct cxl_disable_pass dis_pass;
> - int rc;
> + struct cxl_mbox_cmd mbox_cmd;
>
> - dis_pass.type = ptype == NVDIMM_MASTER ?
> - CXL_PMEM_SEC_PASS_MASTER : CXL_PMEM_SEC_PASS_USER;
> + dis_pass = (struct cxl_disable_pass) {
> + .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
> + CXL_PMEM_SEC_PASS_USER,
> + };
Unrelated change as far as I can see. Perhaps reasonable to keep a common
approach, but should really be in a precusor patch.
> @@ -140,14 +167,22 @@ static int cxl_pmem_security_passphrase_erase(struct nvdimm *nvdimm,
> struct cxl_nvdimm *cxl_nvd = nvdimm_provider_data(nvdimm);
> struct cxl_memdev *cxlmd = cxl_nvd->cxlmd;
> struct cxl_dev_state *cxlds = cxlmd->cxlds;
> + struct cxl_mbox_cmd mbox_cmd;
> struct cxl_pass_erase erase;
> int rc;
>
> - erase.type = ptype == NVDIMM_MASTER ?
> - CXL_PMEM_SEC_PASS_MASTER : CXL_PMEM_SEC_PASS_USER;
> + erase = (struct cxl_pass_erase) {
> + .type = ptype == NVDIMM_MASTER ? CXL_PMEM_SEC_PASS_MASTER :
> + CXL_PMEM_SEC_PASS_USER,
> + };
Unrelated change? Meh trivial though so fair enough rolling it in here.
> memcpy(erase.pass, key->data, NVDIMM_PASSPHRASE_LEN);
> - rc = cxl_mbox_send_cmd(cxlds, CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
> - &erase, sizeof(erase), NULL, 0);
> + mbox_cmd = (struct cxl_mbox_cmd) {
> + .opcode = CXL_MBOX_OP_PASSPHRASE_SECURE_ERASE,
> + .size_in = sizeof(erase),
> + .payload_in = &erase,
> + };
> +
> + rc = cxl_internal_send_cmd(cxlds, &mbox_cmd);
> if (rc < 0)
> return rc;
>
>
next prev parent reply other threads:[~2022-12-08 11:06 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-06 4:22 [PATCH 0/4] cxl/mbox: Output payload validation reworks Dan Williams
2022-12-06 4:22 ` [PATCH 1/4] cxl/security: Fix Get Security State output payload endian handling Dan Williams
2022-12-06 6:07 ` Ira Weiny
2022-12-06 16:21 ` Dave Jiang
2022-12-08 10:52 ` Jonathan Cameron
2022-12-06 4:22 ` [PATCH 2/4] cxl/mbox: Enable cxl_mbox_send_cmd() users to validate output size Dan Williams
2022-12-06 6:27 ` Ira Weiny
2022-12-06 16:35 ` Dave Jiang
2022-12-08 11:01 ` Jonathan Cameron [this message]
2022-12-06 4:22 ` [PATCH 3/4] cxl/mbox: Add variable output size validation for internal commands Dan Williams
2022-12-06 6:36 ` Ira Weiny
2022-12-06 16:53 ` Dave Jiang
2022-12-08 11:03 ` Jonathan Cameron
2022-12-08 21:24 ` Alison Schofield
2022-12-06 4:22 ` [PATCH 4/4] cxl/security: Drop security command ioctl uapi Dan Williams
2022-12-06 6:38 ` Ira Weiny
2022-12-06 16:56 ` Dave Jiang
2022-12-08 10:51 ` Jonathan Cameron
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221208110152.000011d0@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=dan.j.williams@intel.com \
--cc=dave.jiang@intel.com \
--cc=ira.weiny@intel.com \
--cc=linux-cxl@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox