From: Aaron Lewis <aaronlewis@google.com>
To: kvm@vger.kernel.org
Cc: pbonzini@redhat.com, jmattson@google.com, seanjc@google.com,
Aaron Lewis <aaronlewis@google.com>
Subject: [RFC PATCH] KVM: x86: Protect the unused bits in MSR exiting flags
Date: Thu, 14 Jul 2022 16:13:15 +0000 [thread overview]
Message-ID: <20220714161314.1715227-1-aaronlewis@google.com> (raw)
The flags for KVM_CAP_X86_USER_SPACE_MSR and KVM_X86_SET_MSR_FILTER
have no protection for their unused bits. Without protection, future
development for these features will be difficult. Add the protection
needed to make it possible to extend these features in the future.
Signed-off-by: Aaron Lewis <aaronlewis@google.com>
---
Posting as an RFC to get feedback whether it's too late to protect the
unused flag bits. My hope is this feature is still new enough, and not
widely used enough, and this change is reasonable enough to be able to be
corrected. These bits should have been protected from the start, but
unfortunately they were not.
Another option would be to correct this by adding a quirk, but fixing
it that has its down sides. It complicates the code more than it
would otherwise be, and complicates the usage for anyone using any new
features introduce in the future because they would also have to enable
a quirk. For long term simplicity my hope is to be able to just patch
the original change.
arch/x86/kvm/x86.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 1910e1e78b15..ae9b7df86b1a 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -6029,6 +6029,11 @@ int kvm_vm_ioctl_enable_cap(struct kvm *kvm,
r = 0;
break;
case KVM_CAP_X86_USER_SPACE_MSR:
+ r = -EINVAL;
+ if (cap->args[0] & ~(KVM_MSR_EXIT_REASON_INVAL |
+ KVM_MSR_EXIT_REASON_UNKNOWN |
+ KVM_MSR_EXIT_REASON_FILTER))
+ break;
kvm->arch.user_space_msr_mask = cap->args[0];
r = 0;
break;
@@ -6183,6 +6188,9 @@ static int kvm_vm_ioctl_set_msr_filter(struct kvm *kvm, void __user *argp)
if (copy_from_user(&filter, user_msr_filter, sizeof(filter)))
return -EFAULT;
+ if (filter.flags & ~KVM_MSR_FILTER_DEFAULT_DENY)
+ return -EINVAL;
+
for (i = 0; i < ARRAY_SIZE(filter.ranges); i++)
empty &= !filter.ranges[i].nmsrs;
--
2.37.0.144.g8ac04bfd2-goog
next reply other threads:[~2022-07-14 16:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-14 16:13 Aaron Lewis [this message]
2022-07-14 21:56 ` [RFC PATCH] KVM: x86: Protect the unused bits in MSR exiting flags Sean Christopherson
2022-07-19 18:04 ` Paolo Bonzini
2022-07-19 18:55 ` Sean Christopherson
2022-07-19 19:47 ` Aaron Lewis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220714161314.1715227-1-aaronlewis@google.com \
--to=aaronlewis@google.com \
--cc=jmattson@google.com \
--cc=kvm@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.