Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp1182507ybh; Mon, 13 Jul 2020 11:25:44 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzhn/KJ1brfhn6fdJMZzFAhdJEhPEqYIforg9SSCs1+Lvvm/rfA/9+SldyKjahA/JF29UbF X-Received: by 2002:aa7:db11:: with SMTP id t17mr631860eds.365.1594664744538; Mon, 13 Jul 2020 11:25:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1594664744; cv=none; d=google.com; s=arc-20160816; b=bMDiGpSnkWBzh/i8yUheSAs9I8QK2EK5tC1BjD8Ldr+TzM+5yr40kLgZIsbI4j8Efj jsBpJq7Q4h4heWDN/3zA8HcW7UagHC61+7Hpqq73NZrTiwaN7Kc5PuogSbOJe4RE89ge xrnVK87yaKYcs3/IWzARE9BtEUUq1PD0ExQUDJbqc79pC1KZIjWtGyALfEk472oylZvt ROa0NISBL5INsjdL54+0HuyuhsfWW3o5gkrDcITTvS2tUfIO305BCR5VDp3RLYhkpoWu tY9nwfS2v43+Z32aPia/Q72fMZq98e8rZPnBladE+mNmYQsMqxcserHUh3CyHwLJ6d5R 6Ocg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=EYkJT4IJ7durdcl3HAxzOHP9WiK8D09OCIn5mRv/ew0=; b=n7xyihYCdPx/FU9NsECyPxGrJq6HyrSqlY/1LarOFz8aLJCCGgwRGSf0p3YM9AEWkA DGaQmNgZav3fFfRCmVWYyQBQ+/c9/ZoddZbWelHrF2vZyEE3wxgTa0ipU3pmiEzJ3pqL Hd4Tke3wxv+1TN8E988LgD1ZsWxg5UeJTlC9Jwuu0ipRIjPikfK6tKFiNyJ8hfI4qEl6 f7g6NhFAJ32h7vUwyG2/TA1TgGF+SyT73bztkLW5T7n4/YaEL4/7N47FA+aJ2zD9jivH 9LekYp2tsmVew9PjGVIOg/k/L0j0ElU3Zfd90B1Tmc8Fe6TvHY6uRZbLf0NYztOBxe09 RrtQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Avvogo0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id cx20si9710079edb.568.2020.07.13.11.25.21; Mon, 13 Jul 2020 11:25:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Avvogo0E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726721AbgGMSYL (ORCPT + 99 others); Mon, 13 Jul 2020 14:24:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37800 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726675AbgGMSYK (ORCPT ); Mon, 13 Jul 2020 14:24:10 -0400 Received: from mail-io1-xd41.google.com (mail-io1-xd41.google.com [IPv6:2607:f8b0:4864:20::d41]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5A77C061755 for ; Mon, 13 Jul 2020 11:24:10 -0700 (PDT) Received: by mail-io1-xd41.google.com with SMTP id c16so14532672ioi.9 for ; Mon, 13 Jul 2020 11:24:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=EYkJT4IJ7durdcl3HAxzOHP9WiK8D09OCIn5mRv/ew0=; b=Avvogo0Ehwuuxv7pOUWUsVP9CBTo8Oy9rhoMRMfJXL8CTXWLE6ltS7rvu63OWcfL9+ zzfMGIbqka1Wlk99wMB8UeyFkHCSEEVe5IpLjsBIyKQkCYPfXri+DgT6gUVPBaX41p4s 7MANE/HHnaTsa0kqvCg/JRj0LTh1B3K7Zzo5dNsqJufOcP47rRj3PNns7t0E1IDu0Hnh X0Ex1ka6fF6hT6nFnbDv79JFqCF+5TdPNjRJ0n5tMWCSRm8dJg3rWWFuV5mZI9oxWFS/ jrXRerEaQyvbkG0fK4JsGb2A/q/PkE22SHBkvCypKEm8HTU4m73Z2X7IlfHteV4O9yXw MfcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=EYkJT4IJ7durdcl3HAxzOHP9WiK8D09OCIn5mRv/ew0=; b=ixDWV/0CccYyTnZJmEO4slmJYDIe/n4rGdMZamUmIVjncRBgvG46vVBSv1tG1jhTYA 12XUcSaNIKMLYS9XxbSDzeMNymjZ1l14R6fCslAZX76oygUuRLiu6murzWmZDG1CMeX2 5xtbovCMEcpFEVYSwceMu+J4c6+Fw3B4y6zRc2TXegaI4VnvpWJL1T3g3rGYs5wSRHEw xclGkvKG5ICEWN0vu44iyisR2wjmTopClXOEYGZQQSZFwfDdcQ6Mc3woGrK/815jqojI 8HDautAm2hTA18xoF6T45h69JdW7iQn5DbDtXN9mGz5v22iJUNawIs6OLMNgMJtY5dNy 1PFw== X-Gm-Message-State: AOAM532m1V4PSdqyXFRyrrVi/YDhzmqk1+nVGGUpfHE7evQPFgNbS6EO wcJANcYx4K9WwSdkSfLRdJLJ7PWwvF6IeG8nWxKmMQ== X-Received: by 2002:a6b:c3cf:: with SMTP id t198mr1048147iof.164.1594664649992; Mon, 13 Jul 2020 11:24:09 -0700 (PDT) MIME-Version: 1.0 References: <20200713162206.1930767-1-vkuznets@redhat.com> In-Reply-To: <20200713162206.1930767-1-vkuznets@redhat.com> From: Jim Mattson Date: Mon, 13 Jul 2020 11:23:59 -0700 Message-ID: Subject: Re: [PATCH v2] KVM: nVMX: fix the layout of struct kvm_vmx_nested_state_hdr To: Vitaly Kuznetsov Cc: kvm list , Paolo Bonzini , Sean Christopherson , Wanpeng Li , Peter Shier , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 13, 2020 at 9:22 AM Vitaly Kuznetsov wrote: > > Before commit 850448f35aaf ("KVM: nVMX: Fix VMX preemption timer > migration") struct kvm_vmx_nested_state_hdr looked like: > > struct kvm_vmx_nested_state_hdr { > __u64 vmxon_pa; > __u64 vmcs12_pa; > struct { > __u16 flags; > } smm; > } > > The ABI got broken by the above mentioned commit and an attempt > to fix that was made in commit 83d31e5271ac ("KVM: nVMX: fixes for > preemption timer migration") which made the structure look like: > > struct kvm_vmx_nested_state_hdr { > __u64 vmxon_pa; > __u64 vmcs12_pa; > struct { > __u16 flags; > } smm; > __u32 flags; > __u64 preemption_timer_deadline; > }; > > The problem with this layout is that before both changes compilers were > allocating 24 bytes for this and although smm.flags is padded to 8 bytes, > it is initialized as a 2 byte value. Chances are that legacy userspaces > using old layout will be passing uninitialized bytes which will slip into > what is now known as 'flags'. > > Suggested-by: Sean Christopherson > Fixes: 850448f35aaf ("KVM: nVMX: Fix VMX preemption timer migration") > Fixes: 83d31e5271ac ("KVM: nVMX: fixes for preemption timer migration") > Signed-off-by: Vitaly Kuznetsov Oops! Reviewed-by: Jim Mattson