diff mbox series

[v2] Xen missing prompt log when exec-sp=off

Message ID 20191216082718.20922-1-jnwang@suse.com (mailing list archive)
State Superseded
Headers show
Series [v2] Xen missing prompt log when exec-sp=off | expand

Commit Message

Jin Nan Wang Dec. 16, 2019, 8:27 a.m. UTC
Fix a issue when user disable ETP exec-sp, xen missed a prompt
log in dmesg.

Signed-off-by: James Wang <jnwang@suse.com>
---
 xen/arch/x86/hvm/vmx/vmx.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

Jan Beulich Dec. 16, 2019, 11 a.m. UTC | #1
On 16.12.2019 09:27, Jin Nan Wang wrote:
> Fix a issue when user disable ETP exec-sp, xen missed a prompt
> log in dmesg.

Why "missed" (and why "prompt")? I think the original intention
was to log a message only when no command line option was given
and the system would be vulnerable without the disabling.

Nevertheless two style remarks as well:

> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void)
>      {
>          bool cpu_has_bug_pschange_mc = has_if_pschange_mc();
>  
> +        /* Default to non-executable superpages on vulnerable hardware. */
>          if ( opt_ept_exec_sp == -1 )
> -        {
> -            /* Default to non-executable superpages on vulnerable hardware. */
>              opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
>  
> -            if ( cpu_has_bug_pschange_mc )
> -                printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
> -        }
> +        if (opt_ept_exec_sp)

Missing blanks inside ().

> +            printk("VMX: Enable executable EPT superpages.\n");

No full stop here please.

Jan
Jin Nan Wang Dec. 16, 2019, 11:51 a.m. UTC | #2
On 16/12/2019 7:00 pm, Jan Beulich wrote:
> On 16.12.2019 09:27, Jin Nan Wang wrote:
>> Fix a issue when user disable ETP exec-sp, xen missed a prompt
>> log in dmesg.
> Why "missed" (and why "prompt")? I think the original intention
> was to log a message only when no command line option was given
> and the system would be vulnerable without the disabling.

Yes, I guess it.

But when I test ept=exec-sp=off. I got a little confused.

Because of the "prompt" tell me it's disabled, at default.

when I add 'ept=exec-sp=off', the "prompt" is disappeared. It seems like 
it's ENABLED.


James

> Nevertheless two style remarks as well:
>
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -2495,14 +2495,14 @@ const struct hvm_function_table * __init start_vmx(void)
>>       {
>>           bool cpu_has_bug_pschange_mc = has_if_pschange_mc();
>>   
>> +        /* Default to non-executable superpages on vulnerable hardware. */
>>           if ( opt_ept_exec_sp == -1 )
>> -        {
>> -            /* Default to non-executable superpages on vulnerable hardware. */
>>               opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
>>   
>> -            if ( cpu_has_bug_pschange_mc )
>> -                printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
>> -        }
>> +        if (opt_ept_exec_sp)
> Missing blanks inside ().
>
>> +            printk("VMX: Enable executable EPT superpages.\n");
> No full stop here please.
>
> Jan
Jan Beulich Dec. 16, 2019, 12:31 p.m. UTC | #3
On 16.12.2019 12:51, Jin Nan Wang wrote:
> 
> On 16/12/2019 7:00 pm, Jan Beulich wrote:
>> On 16.12.2019 09:27, Jin Nan Wang wrote:
>>> Fix a issue when user disable ETP exec-sp, xen missed a prompt
>>> log in dmesg.
>> Why "missed" (and why "prompt")? I think the original intention
>> was to log a message only when no command line option was given
>> and the system would be vulnerable without the disabling.
> 
> Yes, I guess it.
> 
> But when I test ept=exec-sp=off. I got a little confused.
> 
> Because of the "prompt" tell me it's disabled, at default.
> 
> when I add 'ept=exec-sp=off', the "prompt" is disappeared. It seems like 
> it's ENABLED.

But when you don't see the log message (which btw is not a prompt)
the next step then would be to check the command line. When you
see "off" there, you'll know it's off. No confusion at all.

Jan
diff mbox series

Patch

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 7970ba93e1..5e86dd0782 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2495,14 +2495,14 @@  const struct hvm_function_table * __init start_vmx(void)
     {
         bool cpu_has_bug_pschange_mc = has_if_pschange_mc();
 
+        /* Default to non-executable superpages on vulnerable hardware. */
         if ( opt_ept_exec_sp == -1 )
-        {
-            /* Default to non-executable superpages on vulnerable hardware. */
             opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
 
-            if ( cpu_has_bug_pschange_mc )
-                printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
-        }
+        if (opt_ept_exec_sp)
+            printk("VMX: Enable executable EPT superpages.\n");
+        else 
+            printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
 
         vmx_function_table.hap_supported = 1;
         vmx_function_table.altp2m_supported = 1;