[Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off

Jin Nan Wang posted 1 patch 4 years, 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/xen tags/patchew/20191216054728.12845-1-jnwang@suse.com
There is a newer version of this series
xen/arch/x86/hvm/vmx/vmx.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off
Posted by Jin Nan Wang 4 years, 3 months ago
Fix a issue when user disable ETP exec-sp, xen missed a prompt
log in dmesg.

Signed-off-by: James Wang <jnwang@suse.com>
---
 xen/arch/x86/hvm/vmx/vmx.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 7970ba93e1..9c1f0f645d 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init start_vmx(void)
         {
             /* Default to non-executable superpages on vulnerable hardware. */
             opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
-
+        }
+        if (opt_ept_exec_sp == false)
+        {
             if ( cpu_has_bug_pschange_mc )
                 printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
         }
-- 
2.24.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off
Posted by Tian, Kevin 4 years, 3 months ago
> From: Jin Nan Wang <jnwang@suse.com>
> Sent: Monday, December 16, 2019 1:48 PM
> 
> Fix a issue when user disable ETP exec-sp, xen missed a prompt
> log in dmesg.
> 
> Signed-off-by: James Wang <jnwang@suse.com>
> ---
>  xen/arch/x86/hvm/vmx/vmx.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index 7970ba93e1..9c1f0f645d 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init
> start_vmx(void)
>          {
>              /* Default to non-executable superpages on vulnerable hardware. */
>              opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
> -
> +        }

no parenthesis then. Just move the comment before the earlier condition
check

> +        if (opt_ept_exec_sp == false)
> +        {
>              if ( cpu_has_bug_pschange_mc )
>                  printk("VMX: Disabling executable EPT superpages due to CVE-
> 2018-12207\n");
>          }

Can we do it another way? Always throw out a warning if the hardware
is vulnerable, plus its enabling status?

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH] Xen missing prompt log when exec-sp=off
Posted by Jin Nan Wang 4 years, 3 months ago
On 16/12/2019 2:17 pm, Tian, Kevin wrote:
>> From: Jin Nan Wang <jnwang@suse.com>
>> Sent: Monday, December 16, 2019 1:48 PM
>>
>> Fix a issue when user disable ETP exec-sp, xen missed a prompt
>> log in dmesg.
>>
>> Signed-off-by: James Wang <jnwang@suse.com>
>> ---
>>   xen/arch/x86/hvm/vmx/vmx.c | 4 +++-
>>   1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
>> index 7970ba93e1..9c1f0f645d 100644
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init
>> start_vmx(void)
>>           {
>>               /* Default to non-executable superpages on vulnerable hardware. */
>>               opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
>> -
>> +        }
> no parenthesis then. Just move the comment before the earlier condition
> check
Got it.
>> +        if (opt_ept_exec_sp == false)
>> +        {
>>               if ( cpu_has_bug_pschange_mc )
>>                   printk("VMX: Disabling executable EPT superpages due to CVE-
>> 2018-12207\n");
>>           }
> Can we do it another way? Always throw out a warning if the hardware
> is vulnerable, plus its enabling status?
OK. Let me try.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel