From: Jan Beulich <jbeulich@suse.com>
To: "xen-devel@lists.xenproject.org" <xen-devel@lists.xenproject.org>
Cc: "Andrew Cooper" <andrew.cooper3@citrix.com>,
"Roger Pau Monné" <roger.pau@citrix.com>
Subject: [PATCH 9/9] x86/mwait-idle: Add C-states validation
Date: Thu, 12 Mar 2026 17:58:21 +0100 [thread overview]
Message-ID: <d13912c9-8820-44e7-8aad-d8ee9ea17980@suse.com> (raw)
In-Reply-To: <7b7a677e-a5b9-42c8-beec-3c506b4eac52@suse.com>
From: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Add validation for C-states specified via the "table=" module parameter.
Treat this module parameter as untrusted input and validate it thoroughly.
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Link: https://patch.msgid.link/20251216080402.156988-4-dedekind1@gmail.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Origin: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git be6a150829b3
Add __init to validate_cmdline_cstate(). Other adjustments to fit our env.
Signed-off-by: Jan Beulich <jbeulich@suse.com>
--- a/xen/arch/x86/cpu/mwait-idle.c
+++ b/xen/arch/x86/cpu/mwait-idle.c
@@ -72,6 +72,11 @@ boolean_param("mwait-idle", opt_mwait_id
/* The maximum allowed length for the 'table' module parameter */
#define MAX_CMDLINE_TABLE_LEN 256
+/* Maximum allowed C-state latency */
+#define MAX_CMDLINE_LATENCY_US (5 * 1000 /* USEC_PER_MSEC */)
+/* Maximum allowed C-state target residency */
+#define MAX_CMDLINE_RESIDENCY_US (100 * 1000 /* USEC_PER_MSEC */)
+
static char cmdline_table_str[MAX_CMDLINE_TABLE_LEN] __initdata;
string_param("mwait-idle.table", cmdline_table_str);
@@ -1589,6 +1594,41 @@ static char *__init get_cmdline_field(ch
}
/**
+ * validate_cmdline_cstate - Validate a C-state from cmdline.
+ * @state: The C-state to validate.
+ * @prev_state: The previous C-state in the table or NULL.
+ *
+ * Return: 0 if the C-state is valid or -EINVAL otherwise.
+ */
+static int __init validate_cmdline_cstate(struct cpuidle_state *state,
+ struct cpuidle_state *prev_state)
+{
+ if (state->exit_latency == 0)
+ /* Exit latency 0 can only be used for the POLL state */
+ return -EINVAL;
+
+ if (state->exit_latency > MAX_CMDLINE_LATENCY_US)
+ return -EINVAL;
+
+ if (state->target_residency > MAX_CMDLINE_RESIDENCY_US)
+ return -EINVAL;
+
+ if (state->target_residency < state->exit_latency)
+ return -EINVAL;
+
+ if (!prev_state)
+ return 0;
+
+ if (state->exit_latency <= prev_state->exit_latency)
+ return -EINVAL;
+
+ if (state->target_residency <= prev_state->target_residency)
+ return -EINVAL;
+
+ return 0;
+}
+
+/**
* cmdline_table_adjust - Adjust the C-states table with data from cmdline.
*
* Adjust the C-states table with data from the 'mwait-idle.table' parameter
@@ -1696,6 +1736,21 @@ static void __init cmdline_table_adjust(
state->name, state->exit_latency, state->target_residency);
}
+ /* Validate the adjusted C-states */
+ for (i = 0; i < state_count; i++) {
+ struct cpuidle_state *prev_state;
+
+ state = &cmdline_states[i];
+ prev_state = i ? &cmdline_states[i - 1] : NULL;
+
+ if (validate_cmdline_cstate(state, prev_state)) {
+ printk(XENLOG_ERR PREFIX
+ "C-state '%s' validation failed\n",
+ state->name);
+ goto error;
+ }
+ }
+
/* Copy the adjusted C-states table back */
for (i = 0; i < state_count; i++)
icpu.state_table[i] = cmdline_states[i];
next prev parent reply other threads:[~2026-03-12 16:58 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 16:53 [PATCH 0/9] x86/mwait-idle: sync up with Linux 7.0-rc Jan Beulich
2026-03-12 16:54 ` [PATCH 1/9] x86/mwait-idle: arrange for BSP MSR adjustments during S3 resume Jan Beulich
2026-04-24 14:34 ` Roger Pau Monné
2026-05-04 9:02 ` Jan Beulich
2026-03-12 16:54 ` [PATCH 2/9] x86/mwait-idle: clean up BYT/CHT auto demotion disable Jan Beulich
2026-04-24 14:47 ` Roger Pau Monné
2026-05-04 9:07 ` Jan Beulich
2026-03-12 16:55 ` [PATCH 3/9] x86/mwait-idle: latch struct idle_cpu contents Jan Beulich
2026-04-24 15:24 ` Roger Pau Monné
2026-03-12 16:55 ` [PATCH 4/9] x86/mwait-idle: move pre-initialized struct idle_cpu instances Jan Beulich
2026-04-24 15:33 ` Roger Pau Monné
2026-03-12 16:56 ` [PATCH 5/9] x86/mwait-idle: Remove unused driver version constant Jan Beulich
2026-04-24 15:35 ` Roger Pau Monné
2026-03-12 16:56 ` [PATCH 6/9] x86/mwait-idle: Remove the 'preferred_cstates' parameter Jan Beulich
2026-04-24 15:37 ` Roger Pau Monné
2026-03-12 16:57 ` [PATCH 7/9] x86/mwait-idle: drop const from struct cpuidle_state arrays Jan Beulich
2026-04-24 17:57 ` Roger Pau Monné
2026-05-04 9:14 ` Jan Beulich
2026-03-12 16:57 ` [PATCH 8/9] x86/mwait-idle: Add cmdline option to adjust C-states table Jan Beulich
2026-04-24 19:10 ` Roger Pau Monné
2026-05-04 9:29 ` Jan Beulich
2026-03-12 16:58 ` Jan Beulich [this message]
2026-04-24 19:15 ` [PATCH 9/9] x86/mwait-idle: Add C-states validation Roger Pau Monné
2026-05-04 9:34 ` Jan Beulich
2026-05-08 7:38 ` Roger Pau Monné
2026-05-11 10:41 ` Jan Beulich
2026-05-12 15:22 ` [PATCH 0/9] x86/mwait-idle: sync up with Linux 7.0-rc Oleksii Kurochko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d13912c9-8820-44e7-8aad-d8ee9ea17980@suse.com \
--to=jbeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.