Hi Dave,
On 10/24/22 7:17 AM, Dave Hansen wrote:
On 10/23/22 09:13, Sathyanarayanan Kuppuswamy wrote:
On 10/20/22 9:39 PM, Greg Kroah-Hartman wrote:
You are allowing userspace to spam the kernel logs, please do not do that.
Added it to help userspace understand the reason for the failure (only for the cases like request param issues and TDCALL failure). Boris recommended adding it in the previous review.
Again, you just created a vector for userspace to spam the kernel log. No kernel driver should ever do that.
Brois, any comments? Do you also agree?
...
- if (req.subtype || req.rpd_len != TDX_REPORTDATA_LEN ||
req.tdr_len != TDX_REPORT_LEN) {
pr_err("TDX_CMD_GET_REPORT: invalid req: subtype:%u rpd_len:%u tdr_len:%u\n",
req.subtype, req.rpd_len, req.tdr_len);
This is _clearly_ debugging code. There are a billion if(foo){return -EINVAL;}'s in the kernel, and very few of them have printk()'s to go along with them.
They do help figure out what happened when userspace sees an -EINVAL and can't figure out what it did to cause it. But, if the kernel spammed dmesg for every time userspace does something stupid, it'd be filled up with noise.
There are other ways to debug stuff like this if userspace gets confused.
If folks are OK with dev_dbg(), then I'd move over to that. But, frankly, I don't think this rises to the level of needing its own error message.
Heck, I'm not even sure why this code exits in the first place. I guess we don't want userspace making random requests to the host. But, of course, none of _that_ information about what the code is actually there for made it into the patch, and it just consumes comment space regurgitating the TDX spec.
This branch of the thread frankly isn't about a pr_err(). It's about nobody really knowing (or caring) why that line of code is there, when it might happen, and what precise function it serves.
It is added to ensure the user does not make random requests and the user input aligns with the defined IOCTL ABI. Returning -EINVAL for the input parameter error will help userspace better understand the reason for the failure than failing after making the TDCALL request.
I have added the spec reference mainly for the reader to understand the origin of the checks involved. Would you prefer a comment like "Check for valid user input"?