1. Patchew
  2. Xen
  3. View series

[Xen-devel] [PATCH v4] Xen missing prompt log when exec-sp=off

Jin Nan Wang posted 1 patch 4 years, 4 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/xen tags/patchew/20191216121023.30237-1-jnwang@suse.com
xen/arch/x86/hvm/vmx/vmx.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
[Xen-devel] [PATCH v4] Xen missing prompt log when exec-sp=off
Posted by Jin Nan Wang 4 years, 4 months ago 
Fix a issue when user disable ETP exec-sp, xen missed a prompt
log in dmesg.

At default, xen will tell "VMX: Disabling executable EPT suerpages
due to CVE-2018-12207". When user add 'ept=exec-sp=off' on command-line.
The prompt is disappeared. This can give users the illusion that the
feature is turned on.

Signed-off-by: James Wang <jnwang@suse.com>
---
 xen/arch/x86/hvm/vmx/vmx.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 7970ba93e1..9dcb100210 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void)
     {
         bool cpu_has_bug_pschange_mc = has_if_pschange_mc();
 
+        /* Default to non-executable superpages on vulnerable hardware. */
         if ( opt_ept_exec_sp == -1 )
-        {
-            /* Default to non-executable superpages on vulnerable hardware. */
             opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
 
-            if ( cpu_has_bug_pschange_mc )
-                printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
-        }
+        if ( opt_ept_exec_sp )
+            printk("VMX: Enable executable EPT superpages\n");
+        else 
+            printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
 
         vmx_function_table.hap_supported = 1;
         vmx_function_table.altp2m_supported = 1;
-- 
2.24.0


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
Re: [Xen-devel] [PATCH v4] Xen missing prompt log when exec-sp=off
Posted by Jan Beulich 4 years, 4 months ago 
On 16.12.2019 13:11, Jin Nan Wang wrote:
> Fix a issue when user disable ETP exec-sp, xen missed a prompt
> log in dmesg.
> 
> At default, xen will tell "VMX: Disabling executable EPT suerpages
> due to CVE-2018-12207". When user add 'ept=exec-sp=off' on command-line.
> The prompt is disappeared. This can give users the illusion that the
> feature is turned on.

I don't think this is sufficient reason to alter the current
logic. And btw - may I ask that you don't submit several
versions a day without even settling the prior discussion?

Jan

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.