| Message ID | 20191216082718.20922-1-jnwang@suse.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [v2] Xen missing prompt log when exec-sp=off | expand |
On 16.12.2019 09:27, Jin Nan Wang wrote: > Fix a issue when user disable ETP exec-sp, xen missed a prompt > log in dmesg. Why "missed" (and why "prompt")? I think the original intention was to log a message only when no command line option was given and the system would be vulnerable without the disabling. Nevertheless two style remarks as well: > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void) > { > bool cpu_has_bug_pschange_mc = has_if_pschange_mc(); > > + /* Default to non-executable superpages on vulnerable hardware. */ > if ( opt_ept_exec_sp == -1 ) > - { > - /* Default to non-executable superpages on vulnerable hardware. */ > opt_ept_exec_sp = !cpu_has_bug_pschange_mc; > > - if ( cpu_has_bug_pschange_mc ) > - printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n"); > - } > + if (opt_ept_exec_sp) Missing blanks inside (). > + printk("VMX: Enable executable EPT superpages.\n"); No full stop here please. Jan
On 16/12/2019 7:00 pm, Jan Beulich wrote: > On 16.12.2019 09:27, Jin Nan Wang wrote: >> Fix a issue when user disable ETP exec-sp, xen missed a prompt >> log in dmesg. > Why "missed" (and why "prompt")? I think the original intention > was to log a message only when no command line option was given > and the system would be vulnerable without the disabling. Yes, I guess it. But when I test ept=exec-sp=off. I got a little confused. Because of the "prompt" tell me it's disabled, at default. when I add 'ept=exec-sp=off', the "prompt" is disappeared. It seems like it's ENABLED. James > Nevertheless two style remarks as well: > >> --- a/xen/arch/x86/hvm/vmx/vmx.c >> +++ b/xen/arch/x86/hvm/vmx/vmx.c >> @@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void) >> { >> bool cpu_has_bug_pschange_mc = has_if_pschange_mc(); >> >> + /* Default to non-executable superpages on vulnerable hardware. */ >> if ( opt_ept_exec_sp == -1 ) >> - { >> - /* Default to non-executable superpages on vulnerable hardware. */ >> opt_ept_exec_sp = !cpu_has_bug_pschange_mc; >> >> - if ( cpu_has_bug_pschange_mc ) >> - printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n"); >> - } >> + if (opt_ept_exec_sp) > Missing blanks inside (). > >> + printk("VMX: Enable executable EPT superpages.\n"); > No full stop here please. > > Jan
On 16.12.2019 12:51, Jin Nan Wang wrote: > > On 16/12/2019 7:00 pm, Jan Beulich wrote: >> On 16.12.2019 09:27, Jin Nan Wang wrote: >>> Fix a issue when user disable ETP exec-sp, xen missed a prompt >>> log in dmesg. >> Why "missed" (and why "prompt")? I think the original intention >> was to log a message only when no command line option was given >> and the system would be vulnerable without the disabling. > > Yes, I guess it. > > But when I test ept=exec-sp=off. I got a little confused. > > Because of the "prompt" tell me it's disabled, at default. > > when I add 'ept=exec-sp=off', the "prompt" is disappeared. It seems like > it's ENABLED. But when you don't see the log message (which btw is not a prompt) the next step then would be to check the command line. When you see "off" there, you'll know it's off. No confusion at all. Jan
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 7970ba93e1..5e86dd0782 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void) { bool cpu_has_bug_pschange_mc = has_if_pschange_mc(); + /* Default to non-executable superpages on vulnerable hardware. */ if ( opt_ept_exec_sp == -1 ) - { - /* Default to non-executable superpages on vulnerable hardware. */ opt_ept_exec_sp = !cpu_has_bug_pschange_mc; - if ( cpu_has_bug_pschange_mc ) - printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n"); - } + if (opt_ept_exec_sp) + printk("VMX: Enable executable EPT superpages.\n"); + else + printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n"); vmx_function_table.hap_supported = 1; vmx_function_table.altp2m_supported = 1;
Fix a issue when user disable ETP exec-sp, xen missed a prompt log in dmesg. Signed-off-by: James Wang <jnwang@suse.com> --- xen/arch/x86/hvm/vmx/vmx.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-)