[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] Apply stricter checking to RDMSR/WRMSR emulations.



# HG changeset patch
# User kaf24@xxxxxxxxxxxxxxxxxxxx
# Node ID 5caf1de3f2682e91831b09f464c70662658a8e45
# Parent  df98f37a88b05ced33ed0915efa576e5b110b60d
Apply stricter checking to RDMSR/WRMSR emulations.
In particular, MSRs that domain0 may write to must now
be 'white listed': default policy is to ignore the write.

This will prevent SYSCALL/SYSENTER instructions from
crashign Xen, by preventing the target MSRs from being
overwritten by domain 0.

Signed-off-by: Keir Fraser <keir@xxxxxxxxxxxxx>

diff -r df98f37a88b0 -r 5caf1de3f268 xen/arch/x86/traps.c
--- a/xen/arch/x86/traps.c      Tue Feb  7 13:57:40 2006
+++ b/xen/arch/x86/traps.c      Tue Feb  7 14:56:39 2006
@@ -670,6 +670,7 @@
     unsigned long *reg, eip = regs->eip, res;
     u8 opcode, modrm_reg = 0, modrm_rm = 0, rep_prefix = 0;
     unsigned int port, i, op_bytes = 4, data;
+    u32 l, h;
 
     /* Legacy prefixes. */
     for ( i = 0; i < 8; i++ )
@@ -974,31 +975,67 @@
         break;
 
     case 0x30: /* WRMSR */
-        /* Ignore the instruction if unprivileged. */
-        if ( !IS_PRIV(v->domain) )
-        {
-            u32 l, h;
+        switch ( regs->ecx )
+        {
+#ifdef CONFIG_X86_64
+        case MSR_FS_BASE:
+            if ( wrmsr_user(MSR_FS_BASE, regs->eax, regs->edx) )
+                goto fail;
+            v->arch.guest_context.fs_base =
+                ((u64)regs->edx << 32) | regs->eax;
+            break;
+        case MSR_GS_BASE:
+            if ( wrmsr_user(MSR_GS_BASE, regs->eax, regs->edx) )
+                goto fail;
+            v->arch.guest_context.gs_base_kernel =
+                ((u64)regs->edx << 32) | regs->eax;
+            break;
+        case MSR_SHADOW_GS_BASE:
+            if ( wrmsr_user(MSR_SHADOW_GS_BASE, regs->eax, regs->edx) )
+                goto fail;
+            v->arch.guest_context.gs_base_user =
+                ((u64)regs->edx << 32) | regs->eax;
+            break;
+#endif
+        default:
             if ( (rdmsr_user(regs->ecx, l, h) != 0) ||
                  (regs->ecx != MSR_EFER) ||
                  (regs->eax != l) || (regs->edx != h) )
-                DPRINTK("Non-priv domain attempted WRMSR %p from "
+                DPRINTK("Domain attempted WRMSR %p from "
                         "%08x:%08x to %08lx:%08lx.\n",
                         _p(regs->ecx), h, l, (long)regs->edx, (long)regs->eax);
-        }
-        else if ( wrmsr_user(regs->ecx, regs->eax, regs->edx) )
-            goto fail;
+            break;
+        }
         break;
 
     case 0x32: /* RDMSR */
-        if ( !IS_PRIV(v->domain) )
-        {
-            if ( regs->ecx != MSR_EFER )
-                DPRINTK("Non-priv domain attempted RDMSR %p.\n",
-                        _p(regs->ecx));
-        }
-        /* Everyone can read the MSR space. */
-        if ( rdmsr_user(regs->ecx, regs->eax, regs->edx) )
-            goto fail;
+        switch ( regs->ecx )
+        {
+#ifdef CONFIG_X86_64
+        case MSR_FS_BASE:
+            regs->eax = v->arch.guest_context.fs_base & 0xFFFFFFFFUL;
+            regs->edx = v->arch.guest_context.fs_base >> 32;
+            break;
+        case MSR_GS_BASE:
+            regs->eax = v->arch.guest_context.gs_base_kernel & 0xFFFFFFFFUL;
+            regs->edx = v->arch.guest_context.gs_base_kernel >> 32;
+            break;
+        case MSR_SHADOW_GS_BASE:
+            regs->eax = v->arch.guest_context.gs_base_user & 0xFFFFFFFFUL;
+            regs->edx = v->arch.guest_context.gs_base_user >> 32;
+            break;
+#endif
+        case MSR_EFER:
+            if ( rdmsr_user(regs->ecx, regs->eax, regs->edx) )
+                goto fail;
+            break;
+        default:
+            DPRINTK("Domain attempted RDMSR %p.\n", _p(regs->ecx));
+            /* Everyone can read the MSR space. */
+            if ( rdmsr_user(regs->ecx, regs->eax, regs->edx) )
+                goto fail;
+            break;
+        }
         break;
 
     default:

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.