Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp2817944pxb; Tue, 13 Apr 2021 10:51:54 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfuNRMcDZUHaGlG6WRP8e1l1iiH2wbBaEvShip5PzZ8T14PbBHEcnzpLTvx4XX7puj5byL X-Received: by 2002:a17:907:367:: with SMTP id rs7mr19694916ejb.468.1618336314534; Tue, 13 Apr 2021 10:51:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618336314; cv=none; d=google.com; s=arc-20160816; b=HSFjXRahrWjlG+TLycnPt3j2eaxY39NtDmCmbg2ruGGzLR29BGZ67oCaD03gMb2HSk COq1yxwLiCotMnFMZfd+YNP+0ze9a93TOvJKbYRr3uEMJWSy5Zn+Fsn/tW4bafVC8iT3 Vy9/EhLFTZucZwB18YmWqwT6F0LgZPmajblg7hBaIr9k9gu/JKLUSr4BNsAHZWJ5J2fg IF5zzvbJv49mGFOTySxE9A60Cynp0AKuh6Ssy96+UIyDeUhzHlI40nU7UIXWh5v/iKaF fg/J/XI0qniJmOGOrfTwzrLtbrzc/Vl4YyVwwFouz1OhvcvFA8XuB6K1/RZuD8P6W84Y /puA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=IGQywB7E/UfuggqU2qvxH/Kn9lWGAmCZ1u/iTfLS0l0=; b=Pyt60lFM2XQRfXFirHJli2qs5c2YkEyYwdTKXBiyF44bJzT0RV/Pnyqwt4Ymb+STwn UNscrbDoyn3LYH6/YI5PQWGk61Osryno7s6kGpvYfU9to7EYQGg622OUlSVABFwoeZWA PtFpn/a0i9F6XyH3Y9QqPSuMeURIFzYBh3ZOzrmr/e+GG44CYcL2BUgHF0xUSbxQSRT2 FSOALASscuX3mmI0t/qCp7jrTIcPBGcFbfwSI6hWFZ8C5UjN2UECrvnYblzUJmB2EhL1 ck++T4QxC0VCjWxoM4on7hOPRi7K/suTADjeAb/I2fHWTnDmP09VS32aMIngcyLcSf4h 9oGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="WGr/KztG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id df23si10310514edb.38.2021.04.13.10.51.31; Tue, 13 Apr 2021 10:51:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="WGr/KztG"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242000AbhDMMa0 (ORCPT + 99 others); Tue, 13 Apr 2021 08:30:26 -0400 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:59312 "EHLO us-smtp-delivery-124.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1345760AbhDMM2N (ORCPT ); Tue, 13 Apr 2021 08:28:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1618316874; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IGQywB7E/UfuggqU2qvxH/Kn9lWGAmCZ1u/iTfLS0l0=; b=WGr/KztGqlIJmR7Wn7RAPRjjS2CH2mUiFhcIV3wDIJJbTKW6fb/Y6XH7GfL3VZx8vUYlx4 6perIZPYr9hymYBEgFlKlS6w0NORUEL7NgoyPhAvYgEp1qqjouKr8Cf95s5DHFlQm+2Nxm Wy+AKz74lmnQGKMhYKv8Xup500gFbks= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-575-Ps4Cnv96MKyN4Fy3WsCYbw-1; Tue, 13 Apr 2021 08:27:52 -0400 X-MC-Unique: Ps4Cnv96MKyN4Fy3WsCYbw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id F17D5A40CC; Tue, 13 Apr 2021 12:27:50 +0000 (UTC) Received: from vitty.brq.redhat.com (unknown [10.40.195.75]) by smtp.corp.redhat.com (Postfix) with ESMTP id E24CA60C04; Tue, 13 Apr 2021 12:27:46 +0000 (UTC) From: Vitaly Kuznetsov To: kvm@vger.kernel.org, Paolo Bonzini Cc: Sean Christopherson , Wanpeng Li , Jim Mattson , Siddharth Chandrasekaran , linux-kernel@vger.kernel.org, linux-hyperv@vger.kernel.org Subject: [PATCH RFC 22/22] KVM: x86: hyper-v: Check access to HVCALL_NOTIFY_LONG_SPIN_WAIT hypercall Date: Tue, 13 Apr 2021 14:26:30 +0200 Message-Id: <20210413122630.975617-23-vkuznets@redhat.com> In-Reply-To: <20210413122630.975617-1-vkuznets@redhat.com> References: <20210413122630.975617-1-vkuznets@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org TLFS6.0b states that partition issuing HVCALL_NOTIFY_LONG_SPIN_WAIT must posess 'UseHypercallForLongSpinWait' privilege but there's no corresponding feature bit. Instead, we have "Recommended number of attempts to retry a spinlock failure before notifying the hypervisor about the failures. 0xFFFFFFFF indicates never notify." Use this to check access to the hypercall. Also, check against zero as the corresponding CPUID must be set (and '0' attempts before re-try is weird anyway). Signed-off-by: Vitaly Kuznetsov --- arch/x86/kvm/hyperv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c index 37b8ff30fc1d..325446833bbe 100644 --- a/arch/x86/kvm/hyperv.c +++ b/arch/x86/kvm/hyperv.c @@ -2113,6 +2113,12 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu) switch (code) { case HVCALL_NOTIFY_LONG_SPIN_WAIT: + if (unlikely(!hv_vcpu->cpuid_cache.enlightenments_ebx || + hv_vcpu->cpuid_cache.enlightenments_ebx == U32_MAX)) { + ret = HV_STATUS_ACCESS_DENIED; + break; + } + if (unlikely(rep)) { ret = HV_STATUS_INVALID_HYPERCALL_INPUT; break; -- 2.30.2