From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Sean Christopherson <seanjc@google.com>
Cc: Wanpeng Li <wanpengli@tencent.com>,
Jim Mattson <jmattson@google.com>, Joerg Roedel <joro@8bytes.org>,
kvm@vger.kernel.org, linux-hyperv@vger.kernel.org,
linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org,
Ajay Garg <ajaygargnsit@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Stephen Hemminger <sthemmin@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Arnd Bergmann <arnd@arndb.de>
Subject: Re: [PATCH v3 7/8] KVM: x86: Reject fixeds-size Hyper-V hypercalls with non-zero "var_cnt"
Date: Thu, 09 Dec 2021 10:55:50 +0100 [thread overview]
Message-ID: <87lf0u3xw9.fsf@redhat.com> (raw)
In-Reply-To: <20211207220926.718794-8-seanjc@google.com>
Sean Christopherson <seanjc@google.com> writes:
> Reject Hyper-V hypercalls if the guest specifies a non-zero variable size
> header (var_cnt in KVM) for a hypercall that has a fixed header size.
> Per the TLFS:
>
> It is illegal to specify a non-zero variable header size for a
> hypercall that is not explicitly documented as accepting variable sized
> input headers. In such a case the hypercall will result in a return
> code of HV_STATUS_INVALID_HYPERCALL_INPUT.
>
> Note, at least some of the various DEBUG commands likely aren't allowed
> to use variable size headers, but the TLFS documentation doesn't clearly
> state what is/isn't allowed. Omit them for now to avoid unnecessary
> breakage.
>
> Signed-off-by: Sean Christopherson <seanjc@google.com>
> ---
> arch/x86/kvm/hyperv.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/kvm/hyperv.c b/arch/x86/kvm/hyperv.c
> index f33a5e890048..522ccd2f0db4 100644
> --- a/arch/x86/kvm/hyperv.c
> +++ b/arch/x86/kvm/hyperv.c
> @@ -2250,14 +2250,14 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
>
> switch (hc.code) {
> case HVCALL_NOTIFY_LONG_SPIN_WAIT:
> - if (unlikely(hc.rep)) {
> + if (unlikely(hc.rep || hc.var_cnt)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
> kvm_vcpu_on_spin(vcpu, true);
> break;
> case HVCALL_SIGNAL_EVENT:
> - if (unlikely(hc.rep)) {
> + if (unlikely(hc.rep || hc.var_cnt)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
> @@ -2267,7 +2267,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
> fallthrough; /* maybe userspace knows this conn_id */
> case HVCALL_POST_MESSAGE:
> /* don't bother userspace if it has no way to handle it */
> - if (unlikely(hc.rep || !to_hv_synic(vcpu)->active)) {
> + if (unlikely(hc.rep || hc.var_cnt || !to_hv_synic(vcpu)->active)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
> @@ -2280,14 +2280,14 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
> kvm_hv_hypercall_complete_userspace;
> return 0;
> case HVCALL_FLUSH_VIRTUAL_ADDRESS_LIST:
> - if (unlikely(!hc.rep_cnt || hc.rep_idx)) {
> + if (unlikely(!hc.rep_cnt || hc.rep_idx || hc.var_cnt)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
> ret = kvm_hv_flush_tlb(vcpu, &hc, false);
> break;
> case HVCALL_FLUSH_VIRTUAL_ADDRESS_SPACE:
> - if (unlikely(hc.rep)) {
> + if (unlikely(hc.rep || hc.var_cnt)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
> @@ -2308,7 +2308,7 @@ int kvm_hv_hypercall(struct kvm_vcpu *vcpu)
> ret = kvm_hv_flush_tlb(vcpu, &hc, true);
> break;
> case HVCALL_SEND_IPI:
> - if (unlikely(hc.rep)) {
> + if (unlikely(hc.rep || hc.var_cnt)) {
> ret = HV_STATUS_INVALID_HYPERCALL_INPUT;
> break;
> }
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
--
Vitaly
next prev parent reply other threads:[~2021-12-09 9:55 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-07 22:09 [PATCH v3 0/8] KVM: x86: Hyper-V hypercall fix and cleanups Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 1/8] KVM: x86: Ignore sparse banks size for an "all CPUs", non-sparse IPI req Sean Christopherson
2021-12-09 11:19 ` Paolo Bonzini
2021-12-07 22:09 ` [PATCH v3 2/8] KVM: x86: Get the number of Hyper-V sparse banks from the VARHEAD field Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 3/8] KVM: x86: Refactor kvm_hv_flush_tlb() to reduce indentation Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 4/8] KVM: x86: Add a helper to get the sparse VP_SET for IPIs and TLB flushes Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 5/8] KVM: x86: Don't bother reading sparse banks that end up being ignored Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 6/8] KVM: x86: Shove vp_bitmap handling down into sparse_set_to_vcpu_mask() Sean Christopherson
2021-12-07 22:09 ` [PATCH v3 7/8] KVM: x86: Reject fixeds-size Hyper-V hypercalls with non-zero "var_cnt" Sean Christopherson
2021-12-09 9:55 ` Vitaly Kuznetsov [this message]
2021-12-07 22:09 ` [PATCH v3 8/8] KVM: x86: Add checks for reserved-to-zero Hyper-V hypercall fields Sean Christopherson
2022-02-01 13:47 ` [PATCH v3 0/8] KVM: x86: Hyper-V hypercall fix and cleanups Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87lf0u3xw9.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=ajaygargnsit@gmail.com \
--cc=arnd@arndb.de \
--cc=decui@microsoft.com \
--cc=haiyangz@microsoft.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=kys@microsoft.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=sthemmin@microsoft.com \
--cc=wanpengli@tencent.com \
--cc=wei.liu@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.