| Message ID | 20191216054728.12845-1-jnwang@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | Xen missing prompt log when exec-sp=off | expand |
> From: Jin Nan Wang <jnwang@suse.com> > Sent: Monday, December 16, 2019 1:48 PM > > Fix a issue when user disable ETP exec-sp, xen missed a prompt > log in dmesg. > > Signed-off-by: James Wang <jnwang@suse.com> > --- > xen/arch/x86/hvm/vmx/vmx.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c > index 7970ba93e1..9c1f0f645d 100644 > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init > start_vmx(void) > { > /* Default to non-executable superpages on vulnerable hardware. */ > opt_ept_exec_sp = !cpu_has_bug_pschange_mc; > - > + } no parenthesis then. Just move the comment before the earlier condition check > + if (opt_ept_exec_sp == false) > + { > if ( cpu_has_bug_pschange_mc ) > printk("VMX: Disabling executable EPT superpages due to CVE- > 2018-12207\n"); > } Can we do it another way? Always throw out a warning if the hardware is vulnerable, plus its enabling status?
On 16/12/2019 2:17 pm, Tian, Kevin wrote: >> From: Jin Nan Wang <jnwang@suse.com> >> Sent: Monday, December 16, 2019 1:48 PM >> >> Fix a issue when user disable ETP exec-sp, xen missed a prompt >> log in dmesg. >> >> Signed-off-by: James Wang <jnwang@suse.com> >> --- >> xen/arch/x86/hvm/vmx/vmx.c | 4 +++- >> 1 file changed, 3 insertions(+), 1 deletion(-) >> >> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c >> index 7970ba93e1..9c1f0f645d 100644 >> --- a/xen/arch/x86/hvm/vmx/vmx.c >> +++ b/xen/arch/x86/hvm/vmx/vmx.c >> @@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init >> start_vmx(void) >> { >> /* Default to non-executable superpages on vulnerable hardware. */ >> opt_ept_exec_sp = !cpu_has_bug_pschange_mc; >> - >> + } > no parenthesis then. Just move the comment before the earlier condition > check Got it. >> + if (opt_ept_exec_sp == false) >> + { >> if ( cpu_has_bug_pschange_mc ) >> printk("VMX: Disabling executable EPT superpages due to CVE- >> 2018-12207\n"); >> } > Can we do it another way? Always throw out a warning if the hardware > is vulnerable, plus its enabling status? OK. Let me try.
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7970ba93e1..9c1f0f645d 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2499,7 +2499,9 @@ const struct hvm_function_table * __init start_vmx(void) { /* Default to non-executable superpages on vulnerable hardware. */ opt_ept_exec_sp = !cpu_has_bug_pschange_mc; - + } + if (opt_ept_exec_sp == false) + { if ( cpu_has_bug_pschange_mc ) printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n"); }
Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. Signed-off-by: James Wang <jnwang@suse.com> --- xen/arch/x86/hvm/vmx/vmx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)