From: Dave Hansen <dave.hansen@intel.com>
To: Kuppuswamy Sathyanarayanan
<sathyanarayanan.kuppuswamy@linux.intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
x86@kernel.org, Shuah Khan <shuah@kernel.org>
Cc: "H . Peter Anvin" <hpa@zytor.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Kirill A . Shutemov" <kirill.shutemov@linux.intel.com>,
Tony Luck <tony.luck@intel.com>, Andi Kleen <ak@linux.intel.com>,
Kai Huang <kai.huang@intel.com>,
Wander Lairson Costa <wander@redhat.com>,
Isaku Yamahata <isaku.yamahata@gmail.com>,
marcelo.cerri@canonical.com, tim.gardner@canonical.com,
khalid.elmously@canonical.com, philip.cox@canonical.com,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org,
linux-doc@vger.kernel.org
Subject: Re: [PATCH v13 1/3] x86/tdx: Add TDX Guest attestation interface driver
Date: Fri, 9 Sep 2022 12:41:04 -0700 [thread overview]
Message-ID: <1942be91-ec18-5fb3-9fcd-6ffcfaf9f36c@intel.com> (raw)
In-Reply-To: <20220909192708.1113126-2-sathyanarayanan.kuppuswamy@linux.intel.com>
On 9/9/22 12:27, Kuppuswamy Sathyanarayanan wrote:
> + u8 reserved[7] = {0};
...
> + if (!req.reportdata || !req.tdreport || req.subtype ||
> + req.rpd_len != TDX_REPORTDATA_LEN ||
> + req.tdr_len != TDX_REPORT_LEN ||
> + memcmp(req.reserved, reserved, 7))
> + return -EINVAL;
Huh, so to look for 0's, you:
1. Declare an on-stack structure with a hard coded, magic numbered field
that has to be zeroed.
2. memcmp() that structure
3. Feed memcmp() with another hard coded magic number
I've gotta ask: did you have any reservations writing this code? Were
there any alarm bells going off saying that something might be wrong?
Using memcmp() itself is probably forgivable. But, the two magic
numbers are pretty mortal sins in my book. What's going to happen the
first moment someone wants to repurpose a reserved byte? They're going
to do:
- __u8 reserved[7];
+ __u8 my_new_byte;
+ __u8 reserved[6];
What's going to happen to the code you wrote? Will it continue to work?
Or will the memcmp() silently start doing crazy stuff as it overruns
the structure into garbage land?
What's wrong with:
memchr_inv(&req.reserved, sizeof(req.reserved), 0)
next prev parent reply other threads:[~2022-09-09 19:46 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-09 19:27 [PATCH v13 0/3] Add TDX Guest Attestation support Kuppuswamy Sathyanarayanan
2022-09-09 19:27 ` [PATCH v13 1/3] x86/tdx: Add TDX Guest attestation interface driver Kuppuswamy Sathyanarayanan
2022-09-09 19:39 ` Greg Kroah-Hartman
2022-09-09 19:41 ` Dave Hansen [this message]
2022-09-09 20:07 ` Sathyanarayanan Kuppuswamy
2022-09-09 20:54 ` Dave Hansen
2022-09-12 22:22 ` Kirill A . Shutemov
2022-09-12 23:00 ` Sathyanarayanan Kuppuswamy
2022-09-13 1:25 ` Huang, Kai
2022-09-13 2:44 ` Sathyanarayanan Kuppuswamy
2022-09-13 5:03 ` Huang, Kai
2022-09-13 9:01 ` Dave Hansen
2022-09-13 15:21 ` Sathyanarayanan Kuppuswamy
2022-09-14 11:36 ` Dave Hansen
2022-09-14 15:36 ` Sathyanarayanan Kuppuswamy
2022-09-14 16:12 ` Dave Hansen
2022-09-14 16:25 ` Sathyanarayanan Kuppuswamy
2022-09-15 0:30 ` Sathyanarayanan Kuppuswamy
2022-09-15 11:07 ` Greg Kroah-Hartman
2022-09-15 11:09 ` Greg Kroah-Hartman
2022-09-15 15:22 ` Sathyanarayanan Kuppuswamy
2022-09-16 8:12 ` Greg Kroah-Hartman
2022-09-09 19:27 ` [PATCH v13 2/3] selftests: tdx: Test TDX attestation GetReport support Kuppuswamy Sathyanarayanan
2022-09-12 7:17 ` Huang, Kai
2022-09-12 22:06 ` Sathyanarayanan Kuppuswamy
2022-09-12 22:54 ` Huang, Kai
2022-09-12 7:21 ` Huang, Kai
2022-09-12 21:38 ` Sathyanarayanan Kuppuswamy
2022-09-12 22:56 ` Huang, Kai
2022-09-09 19:27 ` [PATCH v13 3/3] Documentation/x86: Document TDX attestation process Kuppuswamy Sathyanarayanan
2022-09-12 7:04 ` Huang, Kai
2022-09-12 14:15 ` Sathyanarayanan Kuppuswamy
2022-09-12 21:01 ` Huang, Kai
2022-09-13 17:54 ` Kirill A . Shutemov
2022-09-13 18:25 ` Sathyanarayanan Kuppuswamy
2022-09-14 1:23 ` Sathyanarayanan Kuppuswamy
2022-09-14 13:41 ` Kirill A. Shutemov
2022-09-14 21:09 ` Huang, Kai
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1942be91-ec18-5fb3-9fcd-6ffcfaf9f36c@intel.com \
--to=dave.hansen@intel.com \
--cc=ak@linux.intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=gregkh@linuxfoundation.org \
--cc=hpa@zytor.com \
--cc=isaku.yamahata@gmail.com \
--cc=kai.huang@intel.com \
--cc=khalid.elmously@canonical.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=marcelo.cerri@canonical.com \
--cc=mingo@redhat.com \
--cc=philip.cox@canonical.com \
--cc=sathyanarayanan.kuppuswamy@linux.intel.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tim.gardner@canonical.com \
--cc=tony.luck@intel.com \
--cc=wander@redhat.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox