* [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value
@ 2018-08-15 11:34 Jan Beulich
2018-08-15 11:39 ` Andrew Cooper
2018-08-22 1:44 ` Tian, Kevin
0 siblings, 2 replies; 4+ messages in thread
From: Jan Beulich @ 2018-08-15 11:34 UTC (permalink / raw)
To: xen-devel; +Cc: Andrew Cooper, Kevin Tian, Jun Nakajima
It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
noticed that the vPMU callers, not checking the function's return value,
may consume uninitialized data. Guard against this by storing zero on
the error path.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(con
const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
if ( !ent )
+ {
+ *val = 0;
return -ESRCH;
+ }
*val = ent->data;
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value
2018-08-15 11:34 [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value Jan Beulich
@ 2018-08-15 11:39 ` Andrew Cooper
2018-08-15 12:01 ` Jan Beulich
2018-08-22 1:44 ` Tian, Kevin
1 sibling, 1 reply; 4+ messages in thread
From: Andrew Cooper @ 2018-08-15 11:39 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Kevin Tian, Jun Nakajima
On 15/08/18 12:34, Jan Beulich wrote:
> It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
> noticed that the vPMU callers, not checking the function's return value,
> may consume uninitialized data. Guard against this by storing zero on
> the error path.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
vPMU really is the gift which keeps on giving...
>
> --- a/xen/include/asm-x86/hvm/vmx/vmcs.h
> +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
> @@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(con
> const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
>
> if ( !ent )
> + {
> + *val = 0;
> return -ESRCH;
> + }
>
> *val = ent->data;
>
You want a similar adjustment in vmx_read_guest_loadonly_msr()
immediately below, which I believe is only applicable to staging atm.
With that, Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value
2018-08-15 11:39 ` Andrew Cooper
@ 2018-08-15 12:01 ` Jan Beulich
0 siblings, 0 replies; 4+ messages in thread
From: Jan Beulich @ 2018-08-15 12:01 UTC (permalink / raw)
To: Andrew Cooper; +Cc: xen-devel, Kevin Tian, Jun Nakajima
>>> On 15.08.18 at 13:39, <andrew.cooper3@citrix.com> wrote:
> On 15/08/18 12:34, Jan Beulich wrote:
>> It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
>> noticed that the vPMU callers, not checking the function's return value,
>> may consume uninitialized data. Guard against this by storing zero on
>> the error path.
>>
>> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> vPMU really is the gift which keeps on giving...
>
>>
>> --- a/xen/include/asm-x86/hvm/vmx/vmcs.h
>> +++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
>> @@ -586,7 +586,10 @@ static inline int vmx_read_guest_msr(con
>> const struct vmx_msr_entry *ent = vmx_find_msr(v, msr, VMX_MSR_GUEST);
>>
>> if ( !ent )
>> + {
>> + *val = 0;
>> return -ESRCH;
>> + }
>>
>> *val = ent->data;
>>
>
> You want a similar adjustment in vmx_read_guest_loadonly_msr()
> immediately below, which I believe is only applicable to staging atm.
Oh, indeed - coming from 4.5 I didn't pay enough attention here.
> With that, Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Thanks, Jan
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value
2018-08-15 11:34 [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value Jan Beulich
2018-08-15 11:39 ` Andrew Cooper
@ 2018-08-22 1:44 ` Tian, Kevin
1 sibling, 0 replies; 4+ messages in thread
From: Tian, Kevin @ 2018-08-22 1:44 UTC (permalink / raw)
To: Jan Beulich, xen-devel; +Cc: Andrew Cooper, Nakajima, Jun
> From: Jan Beulich [mailto:JBeulich@suse.com]
> Sent: Wednesday, August 15, 2018 7:34 PM
>
> It took till the 4.5 backports of the L1TF prereqs that gcc 8.2 finally
> noticed that the vPMU callers, not checking the function's return value,
> may consume uninitialized data. Guard against this by storing zero on
> the error path.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
Acked-by: Kevin Tian <kevin.tian@intel.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2018-08-22 1:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-15 11:34 [PATCH] VMX: make vmx_read_guest_msr() cope with callers not checking its return value Jan Beulich
2018-08-15 11:39 ` Andrew Cooper
2018-08-15 12:01 ` Jan Beulich
2018-08-22 1:44 ` Tian, Kevin
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.