On Mon, Apr 30, 2018 at 04:17:10PM -0700, Jim Mattson wrote:
> On Sat, Apr 28, 2018 at 3:23 AM, Roman Kagan <rkagan@xxxxxxxxxxxxx> wrote:
> > On Fri, Apr 27, 2018 at 10:01:11AM -0700, Jim Mattson wrote:
> >> Enforce the invariant that existing VMCS12 field offsets must not
> >> change. Experience has shown that without strict enforcement, this
> >> invariant will not be maintained.
> >>
> >> Signed-off-by: Jim Mattson <jmattson@xxxxxxxxxx>
> >> ---
> >> arch/x86/kvm/vmx.c | 152 +++++++++++++++++++++++++++++++++++++++++++++
> >> 1 file changed, 152 insertions(+)
> >>
> >> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> >> index 41f9f932de54..f7628ac71672 100644
> >> --- a/arch/x86/kvm/vmx.c
> >> +++ b/arch/x86/kvm/vmx.c
> >> @@ -411,6 +411,158 @@ struct __packed vmcs12 {
> >> u16 guest_pml_index;
> >> };
> >>
> >> +/*
> >> + * For save/restore compatibility, the vmcs12 field offsets must not change.
> >> + */
> >> +#define CHECK_OFFSET(field, loc) \
> >> + _Static_assert(offsetof(struct vmcs12, field) == (loc), \
> >> + "Offset of " #field " in struct vmcs12 has changed.")
> >> +
> >> +CHECK_OFFSET(revision_id, 0);
> >> +CHECK_OFFSET(abort, 4);
> >> +CHECK_OFFSET(launch_state, 8);
> >> +CHECK_OFFSET(io_bitmap_a, 40);
> > [...]
> >
> > Instead of maintaining a separate set of field offset checks, wouldn't
> > it be better to merge this assertion into FIELD/FIELD64 macros?
>
> Sorry for being dense, but how would that be done?
I was thinking of three-argument FIELD/FIELD64 macros, taking the field
id, field name, and desired offset. Not sure if this can be done
without an extra file included twice, first to define
vmcs_field_to_offset_table, and second to assert the offsets.
Thanks,
Roman.
