| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID:
<SN6PR02MB4157AF057CC8539AD47F6D66D4CAA@SN6PR02MB4157.namprd02.prod.outlook.com>
Date: Fri, 14 Nov 2025 05:26:44 +0000
From: Michael Kelley <mhklinux@...look.com>
To: Sean Christopherson <seanjc@...gle.com>, Paolo Bonzini
<pbonzini@...hat.com>, Vitaly Kuznetsov <vkuznets@...hat.com>, "K. Y.
Srinivasan" <kys@...rosoft.com>, Haiyang Zhang <haiyangz@...rosoft.com>, Wei
Liu <wei.liu@...nel.org>, Dexuan Cui <decui@...rosoft.com>, Nuno Das Neves
<nunodasneves@...ux.microsoft.com>
CC: "kvm@...r.kernel.org" <kvm@...r.kernel.org>,
"linux-hyperv@...r.kernel.org" <linux-hyperv@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Jim Mattson
<jmattson@...gle.com>, Yosry Ahmed <yosry.ahmed@...ux.dev>
Subject: RE: [PATCH 7/9] KVM: SVM: Treat exit_code as an unsigned 64-bit value
through all of KVM
From: Sean Christopherson <seanjc@...gle.com> Sent: Thursday, November 13, 2025 2:56 PM
>
Adding Microsoft's Nuno Das Neves to the "To:" line since he
originated the work to keep the Linux headers such as hvgdk.h in
sync with the Windows counterparts from which they originate.
> Fix KVM's long-standing buggy handling of SVM's exit_code as a 32-bit
> value. Per the APM and Xen commit d1bd157fbc ("Big merge the HVM
> full-virtualisation abstractions.") (which is arguably more trustworthy
> than KVM), offset 0x70 is a single 64-bit value:
>
> 070h 63:0 EXITCODE
>
> Track exit_code as a single u64 to prevent reintroducing bugs where KVM
> neglects to correctly set bits 63:32.
>
> Fixes: 6aa8b732ca01 ("[PATCH] kvm: userspace interface")
> Cc: Jim Mattson <jmattson@...gle.com>
> Cc: Yosry Ahmed <yosry.ahmed@...ux.dev>
> Signed-off-by: Sean Christopherson <seanjc@...gle.com>
> ---
> arch/x86/include/asm/svm.h | 3 +--
> arch/x86/include/uapi/asm/svm.h | 32 ++++++++++++++---------------
> arch/x86/kvm/svm/hyperv.c | 1 -
> arch/x86/kvm/svm/nested.c | 13 +++---------
> arch/x86/kvm/svm/sev.c | 36 +++++++++++----------------------
> arch/x86/kvm/svm/svm.c | 7 ++-----
> arch/x86/kvm/svm/svm.h | 4 +---
> arch/x86/kvm/trace.h | 2 +-
> include/hyperv/hvgdk.h | 2 +-
> 9 files changed, 37 insertions(+), 63 deletions(-)
>
> diff --git a/arch/x86/include/asm/svm.h b/arch/x86/include/asm/svm.h
> index e69b6d0dedcf..66b22cffedfc 100644
> --- a/arch/x86/include/asm/svm.h
> +++ b/arch/x86/include/asm/svm.h
> @@ -136,8 +136,7 @@ struct __attribute__ ((__packed__)) vmcb_control_area {
> u32 int_vector;
> u32 int_state;
> u8 reserved_3[4];
> - u32 exit_code;
> - u32 exit_code_hi;
> + u64 exit_code;
> u64 exit_info_1;
> u64 exit_info_2;
> u32 exit_int_info;
> diff --git a/arch/x86/include/uapi/asm/svm.h b/arch/x86/include/uapi/asm/svm.h
> index 650e3256ea7d..010a45c9f614 100644
> --- a/arch/x86/include/uapi/asm/svm.h
> +++ b/arch/x86/include/uapi/asm/svm.h
> @@ -103,38 +103,38 @@
> #define SVM_EXIT_VMGEXIT 0x403
>
> /* SEV-ES software-defined VMGEXIT events */
> -#define SVM_VMGEXIT_MMIO_READ 0x80000001
> -#define SVM_VMGEXIT_MMIO_WRITE 0x80000002
> -#define SVM_VMGEXIT_NMI_COMPLETE 0x80000003
> -#define SVM_VMGEXIT_AP_HLT_LOOP 0x80000004
> -#define SVM_VMGEXIT_AP_JUMP_TABLE 0x80000005
> +#define SVM_VMGEXIT_MMIO_READ 0x80000001ull
> +#define SVM_VMGEXIT_MMIO_WRITE 0x80000002ull
> +#define SVM_VMGEXIT_NMI_COMPLETE 0x80000003ull
> +#define SVM_VMGEXIT_AP_HLT_LOOP 0x80000004ull
> +#define SVM_VMGEXIT_AP_JUMP_TABLE 0x80000005ull
> #define SVM_VMGEXIT_SET_AP_JUMP_TABLE 0
> #define SVM_VMGEXIT_GET_AP_JUMP_TABLE 1
> -#define SVM_VMGEXIT_PSC 0x80000010
> -#define SVM_VMGEXIT_GUEST_REQUEST 0x80000011
> -#define SVM_VMGEXIT_EXT_GUEST_REQUEST 0x80000012
> -#define SVM_VMGEXIT_AP_CREATION 0x80000013
> +#define SVM_VMGEXIT_PSC 0x80000010ull
> +#define SVM_VMGEXIT_GUEST_REQUEST 0x80000011ull
> +#define SVM_VMGEXIT_EXT_GUEST_REQUEST 0x80000012ull
> +#define SVM_VMGEXIT_AP_CREATION 0x80000013ull
> #define SVM_VMGEXIT_AP_CREATE_ON_INIT 0
> #define SVM_VMGEXIT_AP_CREATE 1
> #define SVM_VMGEXIT_AP_DESTROY 2
> -#define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018
> -#define SVM_VMGEXIT_SAVIC 0x8000001a
> +#define SVM_VMGEXIT_SNP_RUN_VMPL 0x80000018ull
> +#define SVM_VMGEXIT_SAVIC 0x8000001aull
> #define SVM_VMGEXIT_SAVIC_REGISTER_GPA 0
> #define SVM_VMGEXIT_SAVIC_UNREGISTER_GPA 1
> #define SVM_VMGEXIT_SAVIC_SELF_GPA ~0ULL
> -#define SVM_VMGEXIT_HV_FEATURES 0x8000fffd
> -#define SVM_VMGEXIT_TERM_REQUEST 0x8000fffe
> +#define SVM_VMGEXIT_HV_FEATURES 0x8000fffdull
> +#define SVM_VMGEXIT_TERM_REQUEST 0x8000fffeull
> #define SVM_VMGEXIT_TERM_REASON(reason_set, reason_code) \
> /* SW_EXITINFO1[3:0] */ \
> (((((u64)reason_set) & 0xf)) | \
> /* SW_EXITINFO1[11:4] */ \
> ((((u64)reason_code) & 0xff) << 4))
> -#define SVM_VMGEXIT_UNSUPPORTED_EVENT 0x8000ffff
> +#define SVM_VMGEXIT_UNSUPPORTED_EVENT 0x8000ffffull
>
> /* Exit code reserved for hypervisor/software use */
> -#define SVM_EXIT_SW 0xf0000000
> +#define SVM_EXIT_SW 0xf0000000ull
>
> -#define SVM_EXIT_ERR -1
> +#define SVM_EXIT_ERR -1ull
>
[snip]
> diff --git a/include/hyperv/hvgdk.h b/include/hyperv/hvgdk.h
> index dd6d4939ea29..56b695873a72 100644
> --- a/include/hyperv/hvgdk.h
> +++ b/include/hyperv/hvgdk.h
> @@ -281,7 +281,7 @@ struct hv_vmcb_enlightenments {
> #define HV_VMCB_NESTED_ENLIGHTENMENTS 31
>
> /* Synthetic VM-Exit */
> -#define HV_SVM_EXITCODE_ENL 0xf0000000
> +#define HV_SVM_EXITCODE_ENL 0xf0000000u
Is there a reason for making this Hyper-V code just "u", while
making the SVM_VMGEXIT_* values "ull"? I don't think
"u" vs. "ull" shouldn't make any difference when assigning to a
u64, but the inconsistency piqued my interest ....
Michael
Powered by blists - more mailing lists