Re: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush
> From: MINOURA Makoto / 箕浦 真 > Date: 2018年8月22日周三 上午9:50 > Subject: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush > To: > Cc: > > > > When EPT is not enabled, reading > /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes > general protection fault in vmentry_l1d_flush_get() due to > access beyond the end of the array vmentry_l1d_param[]. > > Signed-off-by: Minoura Makoto > --- > arch/x86/include/asm/vmx.h | 1 + > arch/x86/kvm/vmx.c | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 95f9107449bf..c4b834b05178 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { > VMENTER_L1D_FLUSH_NEVER, > VMENTER_L1D_FLUSH_COND, > VMENTER_L1D_FLUSH_ALWAYS, > + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, > VMENTER_L1D_FLUSH_EPT_DISABLED, > VMENTER_L1D_FLUSH_NOT_REQUIRED, > }; > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1519f030fd73..155ba2a9139f 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -204,6 +204,8 @@ static const struct { > {"never", VMENTER_L1D_FLUSH_NEVER}, > {"cond",VMENTER_L1D_FLUSH_COND}, > {"always", VMENTER_L1D_FLUSH_ALWAYS}, > + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, > + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, > }; > > #define L1D_CACHE_ORDER 4 > @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) > unsigned int i; > > if (s) { > - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { > + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { > if (sysfs_streq(s, vmentry_l1d_param[i].option)) > return vmentry_l1d_param[i].cmd; > } Easy to reproduce. Thanks. Tested-by: Jack Wang -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email:jinpu.w...@profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens
Re: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush
> From: MINOURA Makoto / 箕浦 真 > Date: 2018年8月22日周三 上午9:50 > Subject: [PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush > To: > Cc: > > > > When EPT is not enabled, reading > /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes > general protection fault in vmentry_l1d_flush_get() due to > access beyond the end of the array vmentry_l1d_param[]. > > Signed-off-by: Minoura Makoto > --- > arch/x86/include/asm/vmx.h | 1 + > arch/x86/kvm/vmx.c | 4 +++- > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h > index 95f9107449bf..c4b834b05178 100644 > --- a/arch/x86/include/asm/vmx.h > +++ b/arch/x86/include/asm/vmx.h > @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { > VMENTER_L1D_FLUSH_NEVER, > VMENTER_L1D_FLUSH_COND, > VMENTER_L1D_FLUSH_ALWAYS, > + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, > VMENTER_L1D_FLUSH_EPT_DISABLED, > VMENTER_L1D_FLUSH_NOT_REQUIRED, > }; > diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c > index 1519f030fd73..155ba2a9139f 100644 > --- a/arch/x86/kvm/vmx.c > +++ b/arch/x86/kvm/vmx.c > @@ -204,6 +204,8 @@ static const struct { > {"never", VMENTER_L1D_FLUSH_NEVER}, > {"cond",VMENTER_L1D_FLUSH_COND}, > {"always", VMENTER_L1D_FLUSH_ALWAYS}, > + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, > + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, > }; > > #define L1D_CACHE_ORDER 4 > @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) > unsigned int i; > > if (s) { > - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { > + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { > if (sysfs_streq(s, vmentry_l1d_param[i].option)) > return vmentry_l1d_param[i].cmd; > } Easy to reproduce. Thanks. Tested-by: Jack Wang -- Jack Wang Linux Kernel Developer ProfitBricks GmbH Greifswalder Str. 207 D - 10405 Berlin Tel: +49 30 577 008 042 Fax: +49 30 577 008 299 Email:jinpu.w...@profitbricks.com URL: https://www.profitbricks.de Sitz der Gesellschaft: Berlin Registergericht: Amtsgericht Charlottenburg, HRB 125506 B Geschäftsführer: Achim Weiss, Matthias Steinberg, Christoph Steffens
[PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush
When EPT is not enabled, reading /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes general protection fault in vmentry_l1d_flush_get() due to access beyond the end of the array vmentry_l1d_param[]. Signed-off-by: Minoura Makoto --- arch/x86/include/asm/vmx.h | 1 + arch/x86/kvm/vmx.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 95f9107449bf..c4b834b05178 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { VMENTER_L1D_FLUSH_NEVER, VMENTER_L1D_FLUSH_COND, VMENTER_L1D_FLUSH_ALWAYS, + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, VMENTER_L1D_FLUSH_EPT_DISABLED, VMENTER_L1D_FLUSH_NOT_REQUIRED, }; diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 1519f030fd73..155ba2a9139f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -204,6 +204,8 @@ static const struct { {"never", VMENTER_L1D_FLUSH_NEVER}, {"cond",VMENTER_L1D_FLUSH_COND}, {"always", VMENTER_L1D_FLUSH_ALWAYS}, + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, }; #define L1D_CACHE_ORDER 4 @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) unsigned int i; if (s) { - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { if (sysfs_streq(s, vmentry_l1d_param[i].option)) return vmentry_l1d_param[i].cmd; }
[PATCH] x86/kvm/vmx: Fix GPF on reading vmentry_l1d_flush
When EPT is not enabled, reading /sys/module/kvm_intel/parameters/vmentry_l1d_flush causes general protection fault in vmentry_l1d_flush_get() due to access beyond the end of the array vmentry_l1d_param[]. Signed-off-by: Minoura Makoto --- arch/x86/include/asm/vmx.h | 1 + arch/x86/kvm/vmx.c | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/arch/x86/include/asm/vmx.h b/arch/x86/include/asm/vmx.h index 95f9107449bf..c4b834b05178 100644 --- a/arch/x86/include/asm/vmx.h +++ b/arch/x86/include/asm/vmx.h @@ -581,6 +581,7 @@ enum vmx_l1d_flush_state { VMENTER_L1D_FLUSH_NEVER, VMENTER_L1D_FLUSH_COND, VMENTER_L1D_FLUSH_ALWAYS, + VMENTER_L1D_FLUSH_PARAM_MAX = VMENTER_L1D_FLUSH_ALWAYS, VMENTER_L1D_FLUSH_EPT_DISABLED, VMENTER_L1D_FLUSH_NOT_REQUIRED, }; diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c index 1519f030fd73..155ba2a9139f 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -204,6 +204,8 @@ static const struct { {"never", VMENTER_L1D_FLUSH_NEVER}, {"cond",VMENTER_L1D_FLUSH_COND}, {"always", VMENTER_L1D_FLUSH_ALWAYS}, + {"ept-disabled", VMENTER_L1D_FLUSH_EPT_DISABLED}, + {"not-required", VMENTER_L1D_FLUSH_NOT_REQUIRED}, }; #define L1D_CACHE_ORDER 4 @@ -286,7 +288,7 @@ static int vmentry_l1d_flush_parse(const char *s) unsigned int i; if (s) { - for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { + for (i = 0; i <= VMENTER_L1D_FLUSH_PARAM_MAX; i++) { if (sysfs_streq(s, vmentry_l1d_param[i].option)) return vmentry_l1d_param[i].cmd; }