On 1/13/25 15:10, Rik van Riel wrote:
> On Mon, 2025-01-13 at 08:21 -0600, Tom Lendacky wrote:
>> On 1/12/25 09:53, Rik van Riel wrote:
>>>
>>> +static inline void __invlpgb(unsigned long asid, unsigned long
>>> pcid, unsigned long addr,
>>> + int extra_count, bool pmd_stride,
>>> unsigned long flags)
>>> +{
>>> + u32 edx = (pcid << 16) | asid;
>>> + u32 ecx = (pmd_stride << 31);
>>> + u64 rax = addr | flags;
>>> +
>>> + /* Protect against negative numbers. */
>>> + extra_count = max(extra_count, 0);
>>> + ecx |= extra_count;
>>
>> A bad ECX value (ECX[15:0] > invlpgb_count_max) will result in a #GP,
>> is
>> that ok?
>
> The calling code ensures we do not call this code
> with more than invlpgb_count_max pages at a time.
>
> Given the choice between "a bug in the calling code
> crashes the kernel" and "a bug in the calling code
> results in a missed TLB flush", I'm guessing the
> crash is probably better.
So instead of the negative number protection, shouldn't this just use an
unsigned int for extra_count and panic() if the value is greater than
invlpgb_count_max? The caller has some sort of logic problem and it
could possibly result in missed TLB flushes. Or if a panic() is out of
the question, maybe a WARN() and a full TLB flush to be safe?
Thanks,
Tom
>
