On Tue, Feb 27, 2024 at 12:47 AM Andrew Cooper
<andrew.coop...@citrix.com> wrote:
>
> On 06/02/2024 1:20 am, George Dunlap wrote:
> > Changeset ef3e8db8068 ("x86/hvm: Corrections and improvements to
> > unhandled vmexit logging") introduced a printk to the default path of
> > the switch statement in nestedsvm_check_intercepts(), complaining of
> > an unknown exit reason.
> >
> > Unfortunately, the "core" switch statement which is meant to handle
> > all vmexit reasons is in nsvm_vmcb_guest_intercepts_exitcode(); the
> > switch statement in nestedsvm_check_intercepts() is only meant to
> > superimpose on top of that some special-casing for how to interaction
> > between L1 and L0 vmexits.
> >
> > Remove the printk, and add a comment to prevent future confusion.
> >
> > Signed-off-by: George Dunlap <george.dun...@cloud.com>
>
> Erm... The addition of this printk was very deliberate, to point out
> where security fixes are needed.
>
> It's not bogus in the slightest. It is an error for exit reasons to not
> be inspected for safety in this path.
I'm a bit at a loss how to respond to this. As I wrote above, exit
reasons are inspected for safety in this path -- in
nsvm_vmcb_guest_intercepts_exitcode(). If you want the patch
reverted, you'll have to explain why that's not sufficient.
-George
