Received: by 10.223.176.46 with SMTP id f43csp724293wra;
        Fri, 19 Jan 2018 00:44:20 -0800 (PST)
X-Google-Smtp-Source: ACJfBovTaf8QBXwzBadKmzB05VbAtIl6KjfsxqN8ztmcayOK7mX/4KlaSWb9/HjcyRWFRSjvnlTK
X-Received: by 10.98.131.200 with SMTP id h191mr31198524pfe.149.1516351460673;
        Fri, 19 Jan 2018 00:44:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516351460; cv=none;
        d=google.com; s=arc-20160816;
        b=0nMZlhJcUYXpHqcFHBrTgt6MxoBJyOt6HdXl23jmJ4Pq2Ld4sAJzPsGUcgkc2H1148
         qlna4RWPIGDwqFlPvB9RBveQ6BzTA4LXCHbmDA19Eq7GaJw7GBHA7Y3CBEBi9kCy2YVd
         WaXCxmJJ2lHbfWrMu+oHadSyML8gg7BnsKh5AWSXfauxyultu3dLRGqBPXkfYn09CzaS
         B88ZqcqaAy4mx/ZGgWbp1hfXYVuOOh3kHo2bjv6CDqpVf3+iR6V2nvDsKAqoojjacu65
         X+rfSmOtyXasjP9hsmkN5iJmmyUqzUAn5r3sKamkYz+GyOSU7z9wg4StG8nuCETUojH6
         ak4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:arc-authentication-results;
        bh=31lcVOi9ZtlX6NAtsDZMaJ6Beg5tKKgmZMPPlsKn4Tw=;
        b=LTfEQ4i/Eukc1YCoz+a+X+V2RoQiEG2DVTdv1wCqit35uh7zewRXhdqWeDKJKGk1Cu
         rU32NHSJmKeFHElY8vx1bc89fjZuR3WUXDtX1BJ83Qc0vlaz1oq7Z6ZJGg9NQUr5V519
         lRmoweBiDiPCEDpZZPOgohgYT47VUq9hNEqNSOUw7Yuf/UX2FjXpx5ir9D25Slcu6e9U
         Z0Q2WZpnZChiyYbjFDMNJrcnZyPQrpenv2YDf2DvoxJP+YoM9fPn1wiGWPG+ih60XWCy
         J4r6+YE+aG4pMpeREnKgAX0tt18SqeyT1qmMlBU2y2qybAawxvzEPiwZT9qIR3gf7ADi
         k+Ag==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d199si7799168pfd.387.2018.01.19.00.44.06;
        Fri, 19 Jan 2018 00:44:20 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755102AbeASInL (ORCPT <rfc822;xc.haze2010@gmail.com>
        + 99 others); Fri, 19 Jan 2018 03:43:11 -0500
Received: from mx1.redhat.com ([209.132.183.28]:42876 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1754951AbeASInG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Jan 2018 03:43:06 -0500
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id A5D4351F05;
        Fri, 19 Jan 2018 08:43:06 +0000 (UTC)
Received: from [10.36.117.99] (ovpn-117-99.ams2.redhat.com [10.36.117.99])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 721BC5191D;
        Fri, 19 Jan 2018 08:43:00 +0000 (UTC)
Subject: Re: [PATCH v4 09/10] kvm, x86: fix spectre-v1 mitigation
To:     Dan Williams <dan.j.williams@intel.com>,
        linux-kernel@vger.kernel.org
Cc:     linux-arch@vger.kernel.org, kernel-hardening@lists.openwall.com,
        Andrew Honig <ahonig@google.com>, stable@vger.kernel.org,
        gregkh@linuxfoundation.org, tglx@linutronix.de,
        alan@linux.intel.com, torvalds@linux-foundation.org,
        akpm@linux-foundation.org, Jim Mattson <jmattson@google.com>
References: <151632009605.21271.11304291057104672116.stgit@dwillia2-desk3.amr.corp.intel.com>
 <151632015123.21271.9060883997507739532.stgit@dwillia2-desk3.amr.corp.intel.com>
From:   Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <729b6b10-500b-3002-4051-8a1d8fe31d27@redhat.com>
Date:   Fri, 19 Jan 2018 09:42:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <151632015123.21271.9060883997507739532.stgit@dwillia2-desk3.amr.corp.intel.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Fri, 19 Jan 2018 08:43:06 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 19/01/2018 01:02, Dan Williams wrote:
> Commit 75f139aaf896 "KVM: x86: Add memory barrier on vmcs field lookup"
> added a raw 'asm("lfence");' to prevent a bounds check bypass of
> 'vmcs_field_to_offset_table'. This does not work for some AMD cpus, see
> the 'ifence' helper,

The code never runs on AMD cpus (it's for Intel virtualization
extensions), so it'd be nice if you could fix up the commit message.

Apart from this, obviously

Acked-by: Paolo Bonzini <pbonzini@redhat.com>

Thanks!

Paolo

> and it otherwise does not use the common
> 'array_ptr' helper designed for these types of fixes. Convert this to
> use 'array_ptr'.
> 
> Cc: Andrew Honig <ahonig@google.com>
> Cc: Jim Mattson <jmattson@google.com>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> ---
>  arch/x86/kvm/vmx.c |   19 +++++++------------
>  1 file changed, 7 insertions(+), 12 deletions(-)
> 
> diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
> index c829d89e2e63..20b9b0b5e336 100644
> --- a/arch/x86/kvm/vmx.c
> +++ b/arch/x86/kvm/vmx.c
> @@ -34,6 +34,7 @@
>  #include <linux/tboot.h>
>  #include <linux/hrtimer.h>
>  #include <linux/frame.h>
> +#include <linux/nospec.h>
>  #include "kvm_cache_regs.h"
>  #include "x86.h"
>  
> @@ -898,21 +899,15 @@ static const unsigned short vmcs_field_to_offset_table[] = {
>  
>  static inline short vmcs_field_to_offset(unsigned long field)
>  {
> -	BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
> -
> -	if (field >= ARRAY_SIZE(vmcs_field_to_offset_table))
> -		return -ENOENT;
> +	const unsigned short *offset;
>  
> -	/*
> -	 * FIXME: Mitigation for CVE-2017-5753.  To be replaced with a
> -	 * generic mechanism.
> -	 */
> -	asm("lfence");
> +	BUILD_BUG_ON(ARRAY_SIZE(vmcs_field_to_offset_table) > SHRT_MAX);
>  
> -	if (vmcs_field_to_offset_table[field] == 0)
> +	offset = array_ptr(vmcs_field_to_offset_table, field,
> +			ARRAY_SIZE(vmcs_field_to_offset_table));
> +	if (!offset || *offset == 0)
>  		return -ENOENT;
> -
> -	return vmcs_field_to_offset_table[field];
> +	return *offset;
>  }
>  
>  static inline struct vmcs12 *get_vmcs12(struct kvm_vcpu *vcpu)
>