From: Cornelia Huck <cohuck@redhat.com>
To: Collin Walling <walling@linux.ibm.com>
Cc: thuth@redhat.com, Janosch Frank <frankja@linux.ibm.com>,
david@redhat.com, mst@redhat.com, qemu-devel@nongnu.org,
pasic@linux.ibm.com, borntraeger@de.ibm.com,
qemu-s390x@nongnu.org, svens@linux.ibm.com, pbonzini@redhat.com,
mihajlov@linux.ibm.com, rth@twiddle.net
Subject: Re: [PATCH v2 3/8] s390/sclp: rework sclp boundary and length checks
Date: Tue, 19 May 2020 15:19:36 +0200 [thread overview]
Message-ID: <20200519151936.1071fa14.cohuck@redhat.com> (raw)
In-Reply-To: <e8dd0421-0db6-ff92-43af-6fd082d76e7e@linux.ibm.com>
On Mon, 18 May 2020 11:15:07 -0400
Collin Walling <walling@linux.ibm.com> wrote:
> On 5/18/20 4:50 AM, Janosch Frank wrote:
> > On 5/16/20 12:20 AM, Collin Walling wrote:
> >> Rework the SCLP boundary check to account for different SCLP commands
> >> (eventually) allowing different boundary sizes.
> >>
> >> Move the length check code into a separate function, and introduce a
> >> new function to determine the length of the read SCP data (i.e. the size
> >> from the start of the struct to where the CPU entries should begin).
> >>
> >> Signed-off-by: Collin Walling <walling@linux.ibm.com>
> >> ---
> >> hw/s390x/sclp.c | 57 ++++++++++++++++++++++++++++++++++++++++++-------
> >> 1 file changed, 49 insertions(+), 8 deletions(-)
> >>
> >> diff --git a/hw/s390x/sclp.c b/hw/s390x/sclp.c
> >> index 2bd618515e..987699e3c4 100644
> >> --- a/hw/s390x/sclp.c
> >> +++ b/hw/s390x/sclp.c
> >> @@ -49,6 +49,34 @@ static inline bool sclp_command_code_valid(uint32_t code)
> >> return false;
> >> }
> >>
> >> +static bool sccb_has_valid_boundary(uint64_t sccb_addr, uint32_t code,
> >> + SCCBHeader *header)
> >> +{
> >> + uint64_t current_len = sccb_addr + be16_to_cpu(header->length);
> >> + uint64_t allowed_len = (sccb_addr & PAGE_MASK) + PAGE_SIZE;
> >
> > Those are addresses not length indications and the names should reflect
> > that.
>
> True
>
> > Also don't we need to use PAGE_SIZE - 1?
> >
>
> Technically we need to -1 on both sides since length denotes the size of
> the sccb in bytes, not the max address.
>
> How about this:
>
> s/current_len/sccb_max_addr
> s/allowed_len/sccb_boundary
+1, like the names.
>
> -1 to sccb_max_addr
>
> Change the check to: sccb_max_addr < sccb_boundary
>
> ?
>
> > I'm still trying to wake up, so take this with a grain of salt.
> >
>
> No worries. I appreciate the review nonetheless :)
>
> >> +
> >> + switch (code & SCLP_CMD_CODE_MASK) {
> >> + default:
> >> + if (current_len <= allowed_len) {
> >> + return true;
> >> + }
> >> + }
> >> + header->response_code = cpu_to_be16(SCLP_RC_SCCB_BOUNDARY_VIOLATION);
> >> + return false;
> >> +}
> >> +
> >> +/* Calculates sufficient SCCB length to store a full Read SCP/CPU response */
> >> +static bool sccb_has_sufficient_len(SCCB *sccb, int num_cpus, int data_len)
> >> +{
> >> + int required_len = data_len + num_cpus * sizeof(CPUEntry);
> >> +
> >> + if (be16_to_cpu(sccb->h.length) < required_len) {
> >> + sccb->h.response_code = cpu_to_be16(SCLP_RC_INSUFFICIENT_SCCB_LENGTH);
> >> + return false;
> >> + }
> >> + return true;
> >> +}
> >
> > Hm, from the function name alone I'd not have expected it to also set
> > the response code.
> >
>
> It also sets the required length in the header for an extended-length
> sccb. Perhaps this function name doesn't hold up well.
>
> Does sccb_check_sufficient_len make more sense?
To me it does.
>
> I think the same could be said of the boundary check function, which
> also sets the response code.
>
> What about setting the response code outside the function, similar to
> what sclp_comand_code_valid does?
Whatever results in the least code churn to make it consistent ;)
>
> >> +
> >> static void prepare_cpu_entries(MachineState *ms, CPUEntry *entry, int *count)
> >> {
> >> uint8_t features[SCCB_CPU_FEATURE_LEN] = { 0 };
> >> @@ -66,6 +94,16 @@ static void prepare_cpu_entries(MachineState *ms, CPUEntry *entry, int *count)
> >> }
> >> }
> >>
> >> +/*
> >> + * The data length denotes the start of the struct to where the first
> >> + * CPU entry is to be allocated. This value also denotes the offset_cpu
> >> + * field.
> >> + */
> >> +static int get_read_scp_info_data_len(void)
> >> +{
> >> + return offsetof(ReadInfo, entries);
> >> +}
> >
> > Not sure what the policy for this is, but maybe this can go into a
> > header file?
> > David and Conny will surely make that clear to me :)
> >
>
> Not sure either. If anything it might be a good candidate for an inline
> function.
If we don't process read info outside of this file, no need to move it
to a header. The compiler is probably also smart enough to inline it on
its own, I guess.
next prev parent reply other threads:[~2020-05-19 13:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-15 22:20 [PATCH v2 0/8] s390: Extended-Length SCCB & DIAGNOSE 0x318 Collin Walling
2020-05-15 22:20 ` [PATCH v2 1/8] s390/sclp: get machine once during read scp/cpu info Collin Walling
2020-05-18 8:38 ` David Hildenbrand
2020-05-18 17:30 ` Collin Walling
2020-06-11 11:33 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 2/8] s390/sclp: check sccb len before filling in data Collin Walling
2020-05-18 8:37 ` Janosch Frank
2020-05-18 11:46 ` David Hildenbrand
2020-05-18 14:32 ` Collin Walling
2020-05-18 15:43 ` David Hildenbrand
2020-05-18 17:31 ` Collin Walling
2020-06-11 12:01 ` Thomas Huth
2020-06-15 15:47 ` Collin Walling
2020-05-15 22:20 ` [PATCH v2 3/8] s390/sclp: rework sclp boundary and length checks Collin Walling
2020-05-18 8:50 ` Janosch Frank
2020-05-18 15:15 ` Collin Walling
2020-05-19 13:19 ` Cornelia Huck [this message]
2020-05-25 10:53 ` Janosch Frank
2020-06-11 12:56 ` Thomas Huth
2020-06-15 15:47 ` Collin Walling
2020-05-15 22:20 ` [PATCH v2 4/8] s390/sclp: read sccb from mem based on sccb length Collin Walling
2020-06-11 13:05 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 5/8] s390/sclp: use cpu offset to locate cpu entries Collin Walling
2020-06-11 14:33 ` Thomas Huth
2020-05-15 22:20 ` [PATCH v2 6/8] s390/sclp: add extended-length sccb support for kvm guest Collin Walling
2020-05-18 8:55 ` Janosch Frank
2020-05-18 14:31 ` Collin Walling
2020-05-25 10:50 ` Janosch Frank
2020-05-26 14:38 ` Collin Walling
2020-05-19 13:47 ` Cornelia Huck
2020-05-15 22:20 ` [PATCH v2 7/8] s390/kvm: header sync for diag318 Collin Walling
2020-05-15 22:20 ` [PATCH v2 8/8] s390: guest support for diagnose 0x318 Collin Walling
2020-05-20 11:30 ` Cornelia Huck
2020-05-21 6:18 ` Collin Walling
2020-05-16 6:41 ` [PATCH v2 0/8] s390: Extended-Length SCCB & DIAGNOSE 0x318 no-reply
2020-05-18 17:34 ` Collin Walling
2020-05-18 17:51 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200519151936.1071fa14.cohuck@redhat.com \
--to=cohuck@redhat.com \
--cc=borntraeger@de.ibm.com \
--cc=david@redhat.com \
--cc=frankja@linux.ibm.com \
--cc=mihajlov@linux.ibm.com \
--cc=mst@redhat.com \
--cc=pasic@linux.ibm.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-s390x@nongnu.org \
--cc=rth@twiddle.net \
--cc=svens@linux.ibm.com \
--cc=thuth@redhat.com \
--cc=walling@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).