On Thu, Apr 08, 2021, lihaiwei.kernel@xxxxxxxxx wrote:
> From: Haiwei Li <lihaiwei@xxxxxxxxxxx>
>
> vmcs_check32 misses the check for 64-bit and 64-bit high.
Can you clarify in the changelog that, while it is architecturally legal to
access 64-bit and 64-bit high fields with a 32-bit read/write in 32-bit mode,
KVM should never do partial accesses to VMCS fields. And/or note that the
32-bit accesses are done in vmcs_{read,write}64() when necessary? Hmm, maybe:
Add compile-time assertions in vmcs_check32() to disallow accesses to
64-bit and 64-bit high fields via vmcs_{read,write}32(). Upper level
KVM code should never do partial accesses to VMCS fields. KVM handles
the split accesses automatically in vmcs_{read,write}64() when running
as a 32-bit kernel.
With something along those lines:
Reviewed-and-tested-by: Sean Christopherson <seanjc@xxxxxxxxxx>
> Signed-off-by: Haiwei Li <lihaiwei@xxxxxxxxxxx>
> ---
> arch/x86/kvm/vmx/vmx_ops.h | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/arch/x86/kvm/vmx/vmx_ops.h b/arch/x86/kvm/vmx/vmx_ops.h
> index 692b0c3..164b64f 100644
> --- a/arch/x86/kvm/vmx/vmx_ops.h
> +++ b/arch/x86/kvm/vmx/vmx_ops.h
> @@ -37,6 +37,10 @@ static __always_inline void vmcs_check32(unsigned long field)
> {
> BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0,
> "32-bit accessor invalid for 16-bit field");
> + BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) == 0x2000,
> + "32-bit accessor invalid for 64-bit field");
> + BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6001) == 0x2001,
> + "32-bit accessor invalid for 64-bit high field");
> BUILD_BUG_ON_MSG(__builtin_constant_p(field) && ((field) & 0x6000) == 0x6000,
> "32-bit accessor invalid for natural width field");
> }
> --
> 1.8.3.1
>
