Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp593427pxf;
        Thu, 8 Apr 2021 09:06:42 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJz3hTQSXhJRn1sDRIXVEvO2QMstob+jYCmCK7ojfvziXvULU9SZyfJOxgpz+Yn+2ZWHL+wp
X-Received: by 2002:a63:81:: with SMTP id 123mr8447097pga.307.1617898002477;
        Thu, 08 Apr 2021 09:06:42 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1617898002; cv=none;
        d=google.com; s=arc-20160816;
        b=mYhy1uJxcxqoIAgDJ07VRXGGFvn3MBV1PFX/UfKMWJ5fFvWsPnJOT2cMA7lCdFAvMM
         84BOjbKVF54Yg18bM8rLOO+Ne+H/mh9Pr2mMtxNES45rfQdJSNLqYCzucywOot9QC4fO
         NqUqQM5mygiyzlgiwL47+XbYB6J+PGHFOhzm3GmUamr2qiG/cd2+h8YqUuR+CdUmOCSI
         8Z8E9DIgWgajW8WhOkYyr8EXnOyZZbS3KkrGYedCmcdSI79+XTWDiegRsxdIpRYeQqMK
         /6rKPdIU74MG/ecvhU1eDpUHFwbk2B5DAbDNmuDtbc4lcRKXp8cZOXY/+JK1RCib8IHk
         9hjA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=tMpvuw4Dh1XLxT2uBdDI6pLUzC3nDjV8ZP4ZU+oHty0=;
        b=udC8XNyXmsZir3Z5zOY0D9N5hv8+LjMxUs287zCIpT86R+Kb82C9ErEtGguybdxIFb
         gfmqINvStznOEDdLpLU+AOEosiZZnPka544mcRD2lIm9/pb4hqt21getSFFfZTSJYki+
         3q3HxK8zh87yuTh1x8aCDD5UIWx6eRO0+tKXzT4JADhuW27n2dJmxkfcsE9uThBj5OTi
         dmcAwTff3rCglUOalLWEQsRVpYQ70BqJLflzEb83sCGM3vV5bHA2bWa4GXimeevz9fpc
         VA2C+pKKsNNctcDME6Vz0nw2bhUy0f7O5fbBIbTpCAXHbt5PKgJGUIhk7PcsvArBuHUX
         04Zw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=psxEOtbq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id i31si4834158pgl.84.2021.04.08.09.06.28;
        Thu, 08 Apr 2021 09:06:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=psxEOtbq;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231526AbhDHQFh (ORCPT <rfc822;linux.sihyeon@gmail.com>
        + 99 others); Thu, 8 Apr 2021 12:05:37 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45186 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231969AbhDHQFg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 8 Apr 2021 12:05:36 -0400
Received: from mail-pj1-x1032.google.com (mail-pj1-x1032.google.com [IPv6:2607:f8b0:4864:20::1032])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3626CC061762
        for <linux-kernel@vger.kernel.org>; Thu,  8 Apr 2021 09:05:25 -0700 (PDT)
Received: by mail-pj1-x1032.google.com with SMTP id i4so1396878pjk.1
        for <linux-kernel@vger.kernel.org>; Thu, 08 Apr 2021 09:05:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to;
        bh=tMpvuw4Dh1XLxT2uBdDI6pLUzC3nDjV8ZP4ZU+oHty0=;
        b=psxEOtbqErsbiYdmdyyqxvSUlj08ZH3OMBVs8rhyASQ7AZzbbAtbkeLl9b7UZtY+Ah
         ZWUw7063Eg9YW+MJfHfOGqbrWqixOlkkD2E24K756JRYVOH8N6rywbYECmiqzXufBAdQ
         EUjPZlPmtIPvAjV3mIcW5H3hjvBXlONmgjIWaodyPs+ZovRIMc9jPbSZwWouWdfkrx1A
         lXYj8jaGkGfMX7EBNobmMTCgRW6VxPj9gAo/7XXxN05iJauutjgm85iU/vWYUKn2TUGL
         VfwzNs8t/WBBTn0t5u0kbhIXKnfc5dP93zvslSIh9I5Osbr0OxYtUiQwldANslXDz317
         itIg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to;
        bh=tMpvuw4Dh1XLxT2uBdDI6pLUzC3nDjV8ZP4ZU+oHty0=;
        b=M70L5L7CzFKpG+G++9FPe7XhO8/qKPH4AQ2406f/S531u/uCkoQmkXyIABcv/kPnNe
         ANiRiqYcGrKcx5b5O9XgbXM1XhDGAAyzWlEkGhno+TG7rTPviQduyD+MO5BJPVAv4JwU
         eJ7QthSg4965xYfxv6mUwgTsBDlD4PmX5zu62Q2lQvwgfXkW/IVl538S1Mcca4V3GNW3
         qpEfQpjmqXGXt3CJrooC+KGI9V0fPzJ+JMaspZhQbBvohtZ4XwPcc1o9EVUp2OM+C/Zz
         uw5a+0apBb/Ql8eKBhm+0JVY7KSd1oLstSLTJpHkBrqEGWE2yqPk8NFDCX2CYhOsSbb5
         bZ5A==
X-Gm-Message-State: AOAM530DQVmjqwNYrI+9ShjzohgO04e7OQDW0nlrLGvA+f1LxzsaTtAt
        FjYYjzbcKTGqruDFHw1GdDpPTQ==
X-Received: by 2002:a17:90a:e60c:: with SMTP id j12mr9386207pjy.13.1617897924535;
        Thu, 08 Apr 2021 09:05:24 -0700 (PDT)
Received: from google.com (240.111.247.35.bc.googleusercontent.com. [35.247.111.240])
        by smtp.gmail.com with ESMTPSA id 6sm25374609pfv.179.2021.04.08.09.05.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 09:05:23 -0700 (PDT)
Date:   Thu, 8 Apr 2021 16:05:20 +0000
From:   Sean Christopherson <seanjc@google.com>
To:     lihaiwei.kernel@gmail.com
Cc:     linux-kernel@vger.kernel.org, kvm@vger.kernel.org,
        pbonzini@redhat.com, vkuznets@redhat.com, wanpengli@tencent.com,
        jmattson@google.com, joro@8bytes.org,
        Haiwei Li <lihaiwei@tencent.com>
Subject: Re: [PATCH] KVM: vmx: add mismatched size in vmcs_check32
Message-ID: <YG8pwERmjxYQoquP@google.com>
References: <20210408075436.13829-1-lihaiwei.kernel@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210408075436.13829-1-lihaiwei.kernel@gmail.com>
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Apr 08, 2021, lihaiwei.kernel@gmail.com wrote:
> From: Haiwei Li <lihaiwei@tencent.com>
> 
> vmcs_check32 misses the check for 64-bit and 64-bit high.

Can you clarify in the changelog that, while it is architecturally legal to
access 64-bit and 64-bit high fields with a 32-bit read/write in 32-bit mode,
KVM should never do partial accesses to VMCS fields.  And/or note that the
32-bit accesses are done in vmcs_{read,write}64() when necessary?  Hmm, maybe:

  Add compile-time assertions in vmcs_check32() to disallow accesses to
  64-bit and 64-bit high fields via vmcs_{read,write}32().  Upper level
  KVM code should never do partial accesses to VMCS fields.  KVM handles
  the split accesses automatically in vmcs_{read,write}64() when running
  as a 32-bit kernel.

With something along those lines:

Reviewed-and-tested-by: Sean Christopherson <seanjc@google.com> 

> Signed-off-by: Haiwei Li <lihaiwei@tencent.com>
> ---
>  arch/x86/kvm/vmx/vmx_ops.h | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/arch/x86/kvm/vmx/vmx_ops.h b/arch/x86/kvm/vmx/vmx_ops.h
> index 692b0c3..164b64f 100644
> --- a/arch/x86/kvm/vmx/vmx_ops.h
> +++ b/arch/x86/kvm/vmx/vmx_ops.h
> @@ -37,6 +37,10 @@ static __always_inline void vmcs_check32(unsigned long field)
>  {
>  	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0,
>  			 "32-bit accessor invalid for 16-bit field");
> +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) == 0x2000,
> +			 "32-bit accessor invalid for 64-bit field");
> +	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) == 0x2001,
> +			 "32-bit accessor invalid for 64-bit high field");
>  	BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0x6000,
>  			 "32-bit accessor invalid for natural width field");
>  }
> -- 
> 1.8.3.1
>