tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

KVM: SVM: Fix UBSAN warning when reading avic parameter

The avic parameter is stored as an int to support the special value -1
(AVIC_AUTO_MODE), but the cited commit changed it from bool to int while
keeping param_get_bool() as the getter function.
This causes UBSAN to report "load of value 255 is not a valid value for
type '_Bool'" when the parameter is read via sysfs.

The issue happens in two scenarios:

1. During module load: There's a time window between when module
parameters are registered, and when avic_hardware_setup() runs to
resolve the value, where the value is -1.

2. On non-AMD systems: On non-AMD hardware, the kvm_is_svm_supported()
check returns early. The avic_hardware_setup() function never runs,
so avic remains -1.

Fix that by implementing a getter function that properly reads and
converts the -1 value into a string.

Triggered by sos report:
UBSAN: invalid-load in kernel/params.c:323:33
load of value 255 is not a valid value for type '_Bool'
CPU: 0 UID: 0 PID: 4667 Comm: sos Not tainted 6.19.0-rc5net_mlx5_1e86836 #1 NONE
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
Call Trace:
<TASK>
dump_stack_lvl+0x69/0xa0
ubsan_epilogue+0x5/0x2b
__ubsan_handle_load_invalid_value.cold+0x47/0x4c
? lock_acquire+0x219/0x2c0
param_get_bool.cold+0xf/0x14
param_attr_show+0x51/0x80
module_attr_show+0x19/0x30
sysfs_kf_seq_show+0xac/0xf0
seq_read_iter+0x100/0x410
copy_splice_read+0x1b4/0x360
splice_direct_to_actor+0xbd/0x270
? wait_for_space+0xb0/0xb0
do_splice_direct+0x72/0xb0
? propagate_umount+0x870/0x870
do_sendfile+0x3a3/0x470
__x64_sys_sendfile64+0x5e/0xe0
do_syscall_64+0x70/0x8c0
entry_SYSCALL_64_after_hwframe+0x4b/0x53

Fixes: ca2967de5a5b ("KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support")
Reviewed-by: Dragos Tatulea <dtatulea@nvidia.com>
Signed-off-by: Gal Pressman <gal@nvidia.com>
Reviewed-by: Naveen N Rao (AMD) <naveen@kernel.org>
Link: https://patch.msgid.link/20260225145050.2350278-2-gal@nvidia.com
Signed-off-by: Sean Christopherson <seanjc@google.com>

authored by

Gal Pressman and committed by
Sean Christopherson 2b1a59f7 fa78a514

+12 -1
+12 -1
arch/x86/kvm/svm/avic.c
··· 19 19 #include <linux/amd-iommu.h> 20 20 #include <linux/kvm_host.h> 21 21 #include <linux/kvm_irqfd.h> 22 + #include <linux/sysfs.h> 22 23 23 24 #include <asm/irq_remapping.h> 24 25 #include <asm/msr.h> ··· 77 76 return param_set_bint(val, kp); 78 77 } 79 78 79 + static int avic_param_get(char *buffer, const struct kernel_param *kp) 80 + { 81 + int val = *(int *)kp->arg; 82 + 83 + if (val == AVIC_AUTO_MODE) 84 + return sysfs_emit(buffer, "N\n"); 85 + 86 + return param_get_bool(buffer, kp); 87 + } 88 + 80 89 static const struct kernel_param_ops avic_ops = { 81 90 .flags = KERNEL_PARAM_OPS_FL_NOARG, 82 91 .set = avic_param_set, 83 - .get = param_get_bool, 92 + .get = avic_param_get, 84 93 }; 85 94 86 95 /*