Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp63344ybl; Thu, 15 Aug 2019 12:43:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqyBCoRPQxH4poaJ5z49iWTB7bSOhfeARBZWx8GsKBlUz+7IQ3R6Xvg4FGMCNfYwzSRcfNNk X-Received: by 2002:a17:902:74c4:: with SMTP id f4mr5528221plt.13.1565898180015; Thu, 15 Aug 2019 12:43:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565898180; cv=none; d=google.com; s=arc-20160816; b=fqpStSOAk0sdumdfCge59BlvqMhWDpzprDeZKL5yZcLtdxt8MeRwoMmSttCYZyv0UH Y1/KPbmL1yu1RzG1WrGQ+H6+FyKIS6ECEjVk4SUvrWjoA44pQfe4MHKdmVEO82qGtyeY Sg8kSqczfm/9rJsWSN3HYOMbLmWJOXWeyt+GrRTqjQz4FfYY/2TcWWMpNzp15PzVJeVg aSgaaH2504y9C3egqmY0+3pJJwpFQnSuQ2gSp2b93jbxKwzZK4oVW+pHpw675XdqGiPL Ok3PLBroU1Igtpdko7ujIeGFFOikwL/xYvnWsVSm34L+V/XPgm/Y1hyGInx7x7lqpriU T8Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=t9j/ym3RwCbOGAqoDFdutIQUQ6xlHsdhedQf0/mmLEE=; b=s2h+jpcMhwULeLsY6FuXAAWQ9PKu45HLhKu85v7ufc0lil5zHuAnv11HTAJuEvo4qA O8guEQ+9YviaYk4kwDmPL4HzaCXO6jT66IH5gj6lpxAADJnnvxZIepRKEOIo2jm1Vqqk aRAZ3cIGzLtMYz8es8n1g0xYCtQmfKjf4l9jwh1ikwv8a3HqeU/SdoTGjCVv46qOiD/8 tsDQt86y3HG4dv62SPXkLwksNre+jo2+Lvlwl2+1dCZ1JjNfZ0n0e7+2K5MQ8famdyqk Yde2JVbQ15gFOP8pTgmMvLDMmjQlc1u03+tN2g2a7ZKBWsKdqb2bWB4GC5bxqg6fNB5a o0HA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t26si2616645pfh.275.2019.08.15.12.42.44; Thu, 15 Aug 2019 12:43:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732246AbfHORWj (ORCPT + 99 others); Thu, 15 Aug 2019 13:22:39 -0400 Received: from mga01.intel.com ([192.55.52.88]:19173 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729931AbfHORWj (ORCPT ); Thu, 15 Aug 2019 13:22:39 -0400 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by fmsmga101.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 15 Aug 2019 10:22:38 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.64,389,1559545200"; d="scan'208";a="179427792" Received: from sjchrist-coffee.jf.intel.com ([10.54.74.41]) by orsmga003.jf.intel.com with ESMTP; 15 Aug 2019 10:22:38 -0700 From: Sean Christopherson To: Paul Mackerras , Joerg Roedel , Paolo Bonzini , =?UTF-8?q?Radim=20Kr=C4=8Dm=C3=A1=C5=99?= Cc: kvm-ppc@vger.kernel.org, kvm@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] KVM: Assert that struct kvm_vcpu is always as offset zero Date: Thu, 15 Aug 2019 10:22:37 -0700 Message-Id: <20190815172237.10464-1-sean.j.christopherson@intel.com> X-Mailer: git-send-email 2.22.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org KVM implementations that wrap struct kvm_vcpu with a vendor specific struct, e.g. struct vcpu_vmx, must place the vcpu member at offset 0, otherwise the usercopy region intended to encompass struct kvm_vcpu_arch will instead overlap random chunks of the vendor specific struct. E.g. padding a large number of bytes before struct kvm_vcpu triggers a usercopy warn when running with CONFIG_HARDENED_USERCOPY=y. Signed-off-by: Sean Christopherson --- Note, the PowerPC change is completely untested. arch/powerpc/kvm/e500.c | 3 +++ arch/x86/kvm/svm.c | 3 +++ arch/x86/kvm/vmx/vmx.c | 3 +++ 3 files changed, 9 insertions(+) diff --git a/arch/powerpc/kvm/e500.c b/arch/powerpc/kvm/e500.c index b5a848a55504..00649ca5fa9a 100644 --- a/arch/powerpc/kvm/e500.c +++ b/arch/powerpc/kvm/e500.c @@ -440,6 +440,9 @@ static struct kvm_vcpu *kvmppc_core_vcpu_create_e500(struct kvm *kvm, struct kvm_vcpu *vcpu; int err; + BUILD_BUG_ON_MSG(offsetof(struct kvmppc_vcpu_e500, vcpu) != 0, + "struct kvm_vcpu must be at offset 0 for arch usercopy region"); + vcpu_e500 = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL); if (!vcpu_e500) { err = -ENOMEM; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c index d685491fce4d..70015ae5fc19 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -2137,6 +2137,9 @@ static struct kvm_vcpu *svm_create_vcpu(struct kvm *kvm, unsigned int id) struct page *nested_msrpm_pages; int err; + BUILD_BUG_ON_MSG(offsetof(struct vcpu_svm, vcpu) != 0, + "struct kvm_vcpu must be at offset 0 for arch usercopy region"); + svm = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT); if (!svm) { err = -ENOMEM; diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c index 42ed3faa6af8..402cf2fe5cdd 100644 --- a/arch/x86/kvm/vmx/vmx.c +++ b/arch/x86/kvm/vmx/vmx.c @@ -6615,6 +6615,9 @@ static struct kvm_vcpu *vmx_create_vcpu(struct kvm *kvm, unsigned int id) unsigned long *msr_bitmap; int cpu; + BUILD_BUG_ON_MSG(offsetof(struct vcpu_vmx, vcpu) != 0, + "struct kvm_vcpu must be at offset 0 for arch usercopy region"); + vmx = kmem_cache_zalloc(kvm_vcpu_cache, GFP_KERNEL_ACCOUNT); if (!vmx) return ERR_PTR(-ENOMEM); -- 2.22.0