diff mbox series

[v4] Xen missing prompt log when exec-sp=off

Message ID 20191216121023.30237-1-jnwang@suse.com (mailing list archive)
State New, archived
Headers show
Series [v4] Xen missing prompt log when exec-sp=off | expand

Commit Message

Jin Nan Wang Dec. 16, 2019, 12:11 p.m. UTC
Fix a issue when user disable ETP exec-sp, xen missed a prompt
log in dmesg.

At default, xen will tell "VMX: Disabling executable EPT suerpages
due to CVE-2018-12207". When user add 'ept=exec-sp=off' on command-line.
The prompt is disappeared. This can give users the illusion that the
feature is turned on.

Signed-off-by: James Wang <jnwang@suse.com>
---
 xen/arch/x86/hvm/vmx/vmx.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

Jan Beulich Dec. 16, 2019, 12:40 p.m. UTC | #1
On 16.12.2019 13:11, Jin Nan Wang wrote:
> Fix a issue when user disable ETP exec-sp, xen missed a prompt
> log in dmesg.
> 
> At default, xen will tell "VMX: Disabling executable EPT suerpages
> due to CVE-2018-12207". When user add 'ept=exec-sp=off' on command-line.
> The prompt is disappeared. This can give users the illusion that the
> feature is turned on.

I don't think this is sufficient reason to alter the current
logic. And btw - may I ask that you don't submit several
versions a day without even settling the prior discussion?

Jan
diff mbox series

Patch

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 7970ba93e1..9dcb100210 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -2495,14 +2495,14 @@  const struct hvm_function_table * __init start_vmx(void)
     {
         bool cpu_has_bug_pschange_mc = has_if_pschange_mc();
 
+        /* Default to non-executable superpages on vulnerable hardware. */
         if ( opt_ept_exec_sp == -1 )
-        {
-            /* Default to non-executable superpages on vulnerable hardware. */
             opt_ept_exec_sp = !cpu_has_bug_pschange_mc;
 
-            if ( cpu_has_bug_pschange_mc )
-                printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
-        }
+        if ( opt_ept_exec_sp )
+            printk("VMX: Enable executable EPT superpages\n");
+        else 
+            printk("VMX: Disabling executable EPT superpages due to CVE-2018-12207\n");
 
         vmx_function_table.hap_supported = 1;
         vmx_function_table.altp2m_supported = 1;