Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp527487imm; Wed, 22 Aug 2018 08:13:48 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbMetabbiqA86qB7RrrZJccyhcjFH6US3Gtd5Eg1uyIYj+hkvqNLlU6wmwqyezCMO62jp/C X-Received: by 2002:a17:902:bd44:: with SMTP id b4-v6mr2019760plx.144.1534950828737; Wed, 22 Aug 2018 08:13:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534950828; cv=none; d=google.com; s=arc-20160816; b=S4F9TfjZRNtPkByuN9OTZq135JGMvSUgm+96zabAwYC3/LtWlmyymIPLiKvvvGHQOE oLxpD4kWOm84Xv6ALLf9GuxHEF8Lj0A8EDF4rodmsNw6w9C+LDJca3jgx4e10chUZyc+ qDqZrinmgp1xBzVa0ym2Cm4kBEq1r8yzQuSm1eA0I/p9PrzHbDh3VDBCX++LKwr17lvU GSJw9qn3iMQdn4Yvzvb5kCvdJt8Nb39ZVhr3i7NjCS6i5QEGzW6dWNQW4cxDHShaKHTU CJSPckAKtcp5KkhUfBf4vf/zzGDPPMo2qeE8bqVHYAzbSgkTyijVN7Ypls32qpJRccQp URIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature:arc-authentication-results; bh=VqoS7idAgGokWKw/mAUzLpwWnvT9zYvcmyvA03tcStw=; b=IfRX2wJdhirmgtB9yzzieiX6T2GaDocUbp1nGP3hAG2z5l/GEtvGJ7Cr1xY7z6cZxf fUJlOzbbQJWImFZSS6/YCFustUeScksQ9HFkWK6JU+QyXdrPah1yjCa1mItr2NK5NimJ yWBlNag+TZEhGV3bsoCejUVZJbUAEUb2O6FM9GFRfNXKOxYdDgtY59hgYatAHesXsfCr r4c2/BE4cwzjuswil9q3HGRCeMw1ewAc6w70Ni2+4L8SIeBt+cv75mYtcdteuIIwiSgY k1cDFKSO1VV8yAC471vx++gW8gesKCJAFhleTXi39m2zt9V75vtBjNrSxTgPRINh0fYT iu4Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=lyUyfBji; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c9-v6si1908230pgj.654.2018.08.22.08.13.33; Wed, 22 Aug 2018 08:13:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.s=20161025 header.b=lyUyfBji; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729229AbeHVSSS (ORCPT + 99 others); Wed, 22 Aug 2018 14:18:18 -0400 Received: from mail-wr1-f67.google.com ([209.85.221.67]:37617 "EHLO mail-wr1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728947AbeHVSSR (ORCPT ); Wed, 22 Aug 2018 14:18:17 -0400 Received: by mail-wr1-f67.google.com with SMTP id u12-v6so590014wrr.4; Wed, 22 Aug 2018 07:53:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id; bh=VqoS7idAgGokWKw/mAUzLpwWnvT9zYvcmyvA03tcStw=; b=lyUyfBji0wsUvIlZr/g9TJK2ZWFbVwxXdx1LQKhDwh3ixu3Yj7IqjEJxNqSSIX0Qjh Vij9FOKtZQQhqAWiVVJvEDIWkxGlzziCo202G8FxTCZFv/hW7SzKcY4cAE54KhVxQ+0W bj4H8mJ9Qr26WfRHrr52T4S9Y/NvCkDyFni1uU+MKQb9LvSljVRB5cFcLoiYxGIhqTeR TZ6PFSboBB3QAp3HawCzgVP7RP1qOrp8W3Y5btyO9Cveg1GHYjP+IG71e/PRkFTNhluM kUuOrsZW5qSj9tuDRBNizYrZ8wfTFgxLi/cj8jWkTs6doAP2xD0IirweJIT2y/RtCuGb JPXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id; bh=VqoS7idAgGokWKw/mAUzLpwWnvT9zYvcmyvA03tcStw=; b=qukgOCmRH/JEsn2BxL440Kovr+1MK+MLTGuYfbGtm6mXw2Rwj9l/uR1vNgmNS9lubs d0lzIcito7/Xi4CKUjZx0f+nMoJn8OARYqGfPjbLiPmOUPukqhg0SJJl7w6TPgNk2VnA rCkTJsu2s5zXf8NSeU/Vuy89sOrMAC2ec7E0dLOAe3djQH0UBWOa7pTLp2One/hB6Dxc 3eIljQ1sKipieonhPfWASD5eOA9pmPw4wSO/YgpN0ioDUwuQhlPDjD+P3u7FQE3nIR1U YX3lsAgtYEmN1LBwsTtH7eQqUreMpJTyjljqxV9P9I9auuCz/y9dsC0VQZcQtLRAg4Pv qBDA== X-Gm-Message-State: AOUpUlFPRhcglof51PTtqUU+R8i//Zr45gDhBdImLYalfnIVEVuDRXY4 yoO89FICnD3f+Z5eBlh1Or7cR9DX X-Received: by 2002:a5d:428a:: with SMTP id k10-v6mr37686899wrq.225.1534949583074; Wed, 22 Aug 2018 07:53:03 -0700 (PDT) Received: from 640k.lan (dynamic-adsl-78-12-184-244.clienti.tiscali.it. [78.12.184.244]) by smtp.gmail.com with ESMTPSA id 132-v6sm2909832wmd.13.2018.08.22.07.53.01 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 22 Aug 2018 07:53:02 -0700 (PDT) From: Paolo Bonzini To: linux-kernel@vger.kernel.org, kvm@vger.kernel.org Cc: bsd@redhat.com, stable@vger.kernel.org Subject: [PATCH] KVM: VMX: fixes for vmentry_l1d_flush module parameter Date: Wed, 22 Aug 2018 16:53:00 +0200 Message-Id: <1534949580-38261-1-git-send-email-pbonzini@redhat.com> X-Mailer: git-send-email 1.8.3.1 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Two bug fixes: 1) missing entries in the l1d_param array; this can cause a host crash if an access attempts to reach the missing entry. Future-proof the get function against any overflows as well. However, the two entries VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must not be accepted by the parse function, so disable them there. 2) invalid values must be rejected even if the CPU does not have the bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) ... and a small refactoring, since the .cmd field is redundant with the index in the array. Reported-by: Bandan Das Cc: stable@vger.kernel.org Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 Signed-off-by: Paolo Bonzini --- arch/x86/kvm/vmx.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index c76ca8c4befa..8dae47e7267a 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -198,12 +198,14 @@ static const struct { const char *option; - enum vmx_l1d_flush_state cmd; + bool for_parse; } vmentry_l1d_param[] = { - {"auto", VMENTER_L1D_FLUSH_AUTO}, - {"never", VMENTER_L1D_FLUSH_NEVER}, - {"cond", VMENTER_L1D_FLUSH_COND}, - {"always", VMENTER_L1D_FLUSH_ALWAYS}, + [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, + [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, + [VMENTER_L1D_FLUSH_COND] = {"cond", true}, + [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, + [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, + [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, }; #define L1D_CACHE_ORDER 4 @@ -287,8 +289,9 @@ static int vmentry_l1d_flush_parse(const char *s) if (s) { for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { - if (sysfs_streq(s, vmentry_l1d_param[i].option)) - return vmentry_l1d_param[i].cmd; + if (vmentry_l1d_param[i].for_parse && + sysfs_streq(s, vmentry_l1d_param[i].option)) + return i; } } return -EINVAL; @@ -298,13 +301,13 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) { int l1tf, ret; - if (!boot_cpu_has(X86_BUG_L1TF)) - return 0; - l1tf = vmentry_l1d_flush_parse(s); if (l1tf < 0) return l1tf; + if (!boot_cpu_has(X86_BUG_L1TF)) + return 0; + /* * Has vmx_init() run already? If not then this is the pre init * parameter parsing. In that case just store the value and let @@ -324,6 +327,9 @@ static int vmentry_l1d_flush_set(const char *s, const struct kernel_param *kp) static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) { + if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) + return sprintf(s, "???\n"); + return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); } -- 1.8.3.1