1. Patchew
  2. linux
  3. [PATCH v2 0/2] KVM: x86: Fix UBSAN bool warnings in module parameters
  4. View patch

[PATCH v2 1/2] KVM: SVM: Fix UBSAN warning when reading avic parameter

Gal Pressman posted 2 patches 1 month, 1 week ago
[PATCH v2 1/2] KVM: SVM: Fix UBSAN warning when reading avic parameter
Posted by Gal Pressman 1 month, 1 week ago 
The avic parameter is stored as an int to support the special value -1
(AVIC_AUTO_MODE), but the cited commit changed it from bool to int while
keeping param_get_bool() as the getter function.
This causes UBSAN to report "load of value 255 is not a valid value for
type '_Bool'" when the parameter is read via sysfs.

The issue happens in two scenarios:

1. During module load: There's a time window between when module
   parameters are registered, and when avic_hardware_setup() runs to
   resolve the value, where the value is -1.

2. On non-AMD systems: On non-AMD hardware, the kvm_is_svm_supported()
   check returns early. The avic_hardware_setup() function never runs,
   so avic remains -1.

Fix that by implementing a getter function that properly reads and
converts the -1 value into a string.

Triggered by sos report:
  UBSAN: invalid-load in kernel/params.c:323:33
  load of value 255 is not a valid value for type '_Bool'
  CPU: 0 UID: 0 PID: 4667 Comm: sos Not tainted 6.19.0-rc5net_mlx5_1e86836 #1 NONE
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
  Call Trace:
   <TASK>
   dump_stack_lvl+0x69/0xa0
   ubsan_epilogue+0x5/0x2b
   __ubsan_handle_load_invalid_value.cold+0x47/0x4c
   ? lock_acquire+0x219/0x2c0
   param_get_bool.cold+0xf/0x14
   param_attr_show+0x51/0x80
   module_attr_show+0x19/0x30
   sysfs_kf_seq_show+0xac/0xf0
   seq_read_iter+0x100/0x410
   copy_splice_read+0x1b4/0x360
   splice_direct_to_actor+0xbd/0x270
   ? wait_for_space+0xb0/0xb0
   do_splice_direct+0x72/0xb0
   ? propagate_umount+0x870/0x870
   do_sendfile+0x3a3/0x470
   __x64_sys_sendfile64+0x5e/0xe0
   do_syscall_64+0x70/0x8c0
   entry_SYSCALL_64_after_hwframe+0x4b/0x53

Fixes: ca2967de5a5b ("KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support")
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Gal Pressman <gal@nvidia.com>
---
 arch/x86/kvm/svm/avic.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index 0f6c8596719b..ffacd619956b 100644
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -19,6 +19,7 @@
 #include <linux/amd-iommu.h>
 #include <linux/kvm_host.h>
 #include <linux/kvm_irqfd.h>
+#include <linux/sysfs.h>
 
 #include <asm/irq_remapping.h>
 #include <asm/msr.h>
@@ -76,10 +77,20 @@ static int avic_param_set(const char *val, const struct kernel_param *kp)
 	return param_set_bint(val, kp);
 }
 
+static int avic_param_get(char *buffer, const struct kernel_param *kp)
+{
+	int val = *(int *)kp->arg;
+
+	if (val == AVIC_AUTO_MODE)
+		return sysfs_emit(buffer, "N\n");
+
+	return param_get_bool(buffer, kp);
+}
+
 static const struct kernel_param_ops avic_ops = {
 	.flags = KERNEL_PARAM_OPS_FL_NOARG,
 	.set = avic_param_set,
-	.get = param_get_bool,
+	.get = avic_param_get,
 };
 
 /*
-- 
2.52.0
Re: [PATCH v2 1/2] KVM: SVM: Fix UBSAN warning when reading avic parameter
Posted by Naveen N Rao 1 month, 1 week ago 
On Wed, Feb 25, 2026 at 04:50:49PM +0200, Gal Pressman wrote:
> The avic parameter is stored as an int to support the special value -1
> (AVIC_AUTO_MODE), but the cited commit changed it from bool to int while
> keeping param_get_bool() as the getter function.
> This causes UBSAN to report "load of value 255 is not a valid value for
> type '_Bool'" when the parameter is read via sysfs.
> 
> The issue happens in two scenarios:
> 
> 1. During module load: There's a time window between when module
>    parameters are registered, and when avic_hardware_setup() runs to
>    resolve the value, where the value is -1.
> 
> 2. On non-AMD systems: On non-AMD hardware, the kvm_is_svm_supported()
>    check returns early. The avic_hardware_setup() function never runs,
>    so avic remains -1.
> 
> Fix that by implementing a getter function that properly reads and
> converts the -1 value into a string.
> 
> Triggered by sos report:
>   UBSAN: invalid-load in kernel/params.c:323:33
>   load of value 255 is not a valid value for type '_Bool'
>   CPU: 0 UID: 0 PID: 4667 Comm: sos Not tainted 6.19.0-rc5net_mlx5_1e86836 #1 NONE
>   Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
>   Call Trace:
>    <TASK>
>    dump_stack_lvl+0x69/0xa0
>    ubsan_epilogue+0x5/0x2b
>    __ubsan_handle_load_invalid_value.cold+0x47/0x4c
>    ? lock_acquire+0x219/0x2c0
>    param_get_bool.cold+0xf/0x14
>    param_attr_show+0x51/0x80
>    module_attr_show+0x19/0x30
>    sysfs_kf_seq_show+0xac/0xf0
>    seq_read_iter+0x100/0x410
>    copy_splice_read+0x1b4/0x360
>    splice_direct_to_actor+0xbd/0x270
>    ? wait_for_space+0xb0/0xb0
>    do_splice_direct+0x72/0xb0
>    ? propagate_umount+0x870/0x870
>    do_sendfile+0x3a3/0x470
>    __x64_sys_sendfile64+0x5e/0xe0
>    do_syscall_64+0x70/0x8c0
>    entry_SYSCALL_64_after_hwframe+0x4b/0x53
> 
> Fixes: ca2967de5a5b ("KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support")
> Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
> Signed-off-by: Gal Pressman <gal@nvidia.com>
> ---
>  arch/x86/kvm/svm/avic.c | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)

LGTM.
Reviewed-by: Naveen N Rao (AMD) <naveen@kernel.org>

- Naveen

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.