On Sat, Apr 28, 2018 at 3:23 AM, Roman Kagan <rkagan@xxxxxxxxxxxxx> wrote:
> On Fri, Apr 27, 2018 at 10:01:11AM -0700, Jim Mattson wrote:
>> Enforce the invariant that existing VMCS12 field offsets must not
>> change. Experience has shown that without strict enforcement, this
>> invariant will not be maintained.
>>
>> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
>> ---
>> arch/x86/kvm/vmx.c | 152 +++++++++++++++++++++++++++++++++++++++++++++
>> 1 file changed, 152 insertions(+)
>>
>> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
>> index 41f9f932de54..f7628ac71672 100644
>> --- a/arch/x86/kvm/vmx.c
>> +++ b/arch/x86/kvm/vmx.c
>> @@ -411,6 +411,158 @@ struct __packed vmcs12 {
>> u16 guest_pml_index;
>> };
>>
>> +/*
>> + * For save/restore compatibility, the vmcs12 field offsets must not change.
>> + */
>> +#define CHECK_OFFSET(field, loc) \
>> + _Static_assert(offsetof(struct vmcs12, field) == (loc), \
>> + "Offset of " #field " in struct vmcs12 has changed.")
>> +
>> +CHECK_OFFSET(revision_id, 0);
>> +CHECK_OFFSET(abort, 4);
>> +CHECK_OFFSET(launch_state, 8);
>> +CHECK_OFFSET(io_bitmap_a, 40);
> [...]
>
> Instead of maintaining a separate set of field offset checks, wouldn't
> it be better to merge this assertion into FIELD/FIELD64 macros?
Sorry for being dense, but how would that be done?
