Re: [PATCH v10 20/30] pc-bios/s390-ccw: Add signed component address overlap checks

Wed, 29 Apr 2026 07:18:06 -0700 



On 4/28/26 2:42 PM, Zhuoying Cai wrote:

On 4/15/26 12:36 PM, Jared Rossi wrote:


On 4/2/26 6:14 PM, Zhuoying Cai wrote:

Add address range tracking and overlap checks to ensure that no
component overlaps with a signed component during secure IPL.

Signed-off-by: Zhuoying Cai <[email protected]>
---
   pc-bios/s390-ccw/secure-ipl.c | 58 ++++++++++++++++++++++++++++++++---
   pc-bios/s390-ccw/secure-ipl.h | 15 +++++++++
   2 files changed, 69 insertions(+), 4 deletions(-)

diff --git a/pc-bios/s390-ccw/secure-ipl.c b/pc-bios/s390-ccw/secure-ipl.c
index b66ca9ca7e..d2079e19bc 100644
--- a/pc-bios/s390-ccw/secure-ipl.c
+++ b/pc-bios/s390-ccw/secure-ipl.c

[...]


diff --git a/pc-bios/s390-ccw/secure-ipl.h b/pc-bios/s390-ccw/secure-ipl.h
index 6d65cd5596..c625ac2e3a 100644
--- a/pc-bios/s390-ccw/secure-ipl.h
+++ b/pc-bios/s390-ccw/secure-ipl.h
@@ -24,6 +24,21 @@ typedef struct SecureIplCompEntryInfo {
       uint8_t  flags;
   } SecureIplCompEntryInfo;

   
+typedef struct SecureIplCompAddrRange {

+    bool is_signed;
+    uint64_t start_addr;
+    uint64_t end_addr;
+} SecureIplCompAddrRange;
+
+/*
+ * Custom struct for managing a list of secure IPL component address ranges.
+ * Tracks up to MAX_CERTIFICATES address ranges with an index counter.
+ */
+typedef struct SecureIplCompAddrRangeList {
+    SecureIplCompAddrRange comp_addr_range[MAX_CERTIFICATES];
+    int index;
+} SecureIplCompAddrRangeList;

I don't think 'index' is the correct name for the variable. Something
like 'num' would be better, since it is the total number of address
ranges, right?


“index” refers to the index used to access comp_addr_range, but I agree
that num could be a better name since it represents the total number of
address ranges. I’m happy to rename it if preferred.

Yes, please do.  I think calling it 'num' is more representative of how 
it is
actually being used, e.g. the loop in is_comp_overlap() doesn't loop up 
until

a specific index in the array, it iterates through all elements.

While I'm thinking of it, can you also please change is_comp_overlap() to
check_comp_overlap()?  Prefixing it with 'is_' sounds a bit weird to me.

Thanks,
Jared Rossi




+
   static inline void zipl_secure_handle(const char *message)
   {
       switch (boot_mode) {

Regards,
Jared Rossi

























					Reply via email to