[PATCH 1/2] KVM: SVM: Fix UBSAN warning when reading avic parameter

[Gal Pressman]

The avic parameter is stored as an int to support the special value -1
(AVIC_AUTO_MODE), but the cited commit changed it from bool to int while
keeping param_get_bool() as the getter function.
This causes UBSAN to report "load of value 255 is not a valid value for
type '_Bool'" when the parameter is read via sysfs.

The issue happens in two scenarios:

1. During module load: There's a time window between when module
   parameters are registered, and when avic_hardware_setup() runs to
   resolve the value, where the value is -1.

2. On non-AMD systems: On non-AMD hardware, the kvm_is_svm_supported()
   check returns early. The avic_hardware_setup() function never runs,
   so avic remains -1.

Fix that by implementing a getter function that properly reads and
converts the -1 value into an 'auto' string.

Triggered by sos report:
  UBSAN: invalid-load in kernel/params.c:323:33
  load of value 255 is not a valid value for type '_Bool'
  CPU: 0 UID: 0 PID: 4667 Comm: sos Not tainted 6.19.0-rc5net_mlx5_1e86836 #1 NONE
  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014
  Call Trace:
   <TASK>
   dump_stack_lvl+0x69/0xa0
   ubsan_epilogue+0x5/0x2b
   __ubsan_handle_load_invalid_value.cold+0x47/0x4c
   ? lock_acquire+0x219/0x2c0
   param_get_bool.cold+0xf/0x14
   param_attr_show+0x51/0x80
   module_attr_show+0x19/0x30
   sysfs_kf_seq_show+0xac/0xf0
   seq_read_iter+0x100/0x410
   copy_splice_read+0x1b4/0x360
   splice_direct_to_actor+0xbd/0x270
   ? wait_for_space+0xb0/0xb0
   do_splice_direct+0x72/0xb0
   ? propagate_umount+0x870/0x870
   do_sendfile+0x3a3/0x470
   __x64_sys_sendfile64+0x5e/0xe0
   do_syscall_64+0x70/0x8c0
   entry_SYSCALL_64_after_hwframe+0x4b/0x53

Fixes: ca2967de5a5b ("KVM: SVM: Enable AVIC by default for Zen4+ if x2AVIC is support")
Reviewed-by: Dragos Tatulea <dtatulea@xxxxxxxxxx>
Signed-off-by: Gal Pressman <gal@xxxxxxxxxx>
---
 arch/x86/kvm/svm/avic.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
index 6b77b2033208..48de0f475ca5 100644
--- a/arch/x86/kvm/svm/avic.c
+++ b/arch/x86/kvm/svm/avic.c
@@ -19,6 +19,7 @@
 #include <linux/amd-iommu.h>
 #include <linux/kvm_host.h>
 #include <linux/kvm_irqfd.h>
+#include <linux/sysfs.h>
 
 #include <asm/irq_remapping.h>
 #include <asm/msr.h>
@@ -76,10 +77,20 @@ static int avic_param_set(const char *val, const struct kernel_param *kp)
 	return param_set_bint(val, kp);
 }
 
+static int avic_param_get(char *buffer, const struct kernel_param *kp)
+{
+	int val = *(int *)kp->arg;
+
+	if (val == AVIC_AUTO_MODE)
+		return sysfs_emit(buffer, "auto\n");
+
+	return param_get_bool(buffer, kp);
+}
+
 static const struct kernel_param_ops avic_ops = {
 	.flags = KERNEL_PARAM_OPS_FL_NOARG,
 	.set = avic_param_set,
-	.get = param_get_bool,
+	.get = avic_param_get,
 };
 
 /*
-- 
2.52.0