On 9/9/22 12:27, Kuppuswamy Sathyanarayanan wrote:
- u8 reserved[7] = {0};
...
- if (!req.reportdata || !req.tdreport || req.subtype ||
req.rpd_len != TDX_REPORTDATA_LEN ||req.tdr_len != TDX_REPORT_LEN ||memcmp(req.reserved, reserved, 7))return -EINVAL;
Huh, so to look for 0's, you:
1. Declare an on-stack structure with a hard coded, magic numbered field that has to be zeroed. 2. memcmp() that structure 3. Feed memcmp() with another hard coded magic number
I've gotta ask: did you have any reservations writing this code? Were there any alarm bells going off saying that something might be wrong?
Using memcmp() itself is probably forgivable. But, the two magic numbers are pretty mortal sins in my book. What's going to happen the first moment someone wants to repurpose a reserved byte? They're going to do:
- __u8 reserved[7]; + __u8 my_new_byte; + __u8 reserved[6];
What's going to happen to the code you wrote? Will it continue to work? Or will the memcmp() silently start doing crazy stuff as it overruns the structure into garbage land?
What's wrong with:
memchr_inv(&req.reserved, sizeof(req.reserved), 0)