[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.6] x86/msr: Virtualise MSR_FLUSH_CMD for guests



commit c932ff17fc61a6d4c8041e077592800eec54e9f1
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Fri Apr 13 15:34:01 2018 +0000
Commit:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Tue Aug 14 17:39:57 2018 +0100

    x86/msr: Virtualise MSR_FLUSH_CMD for guests
    
    Guests (outside of the nested virt case, which isn't supported yet) don't 
need
    L1D_FLUSH for their L1TF mitigations, but offering/emulating MSR_FLUSH_CMD 
is
    easy and doesn't pose an issue for Xen.
    
    The MSR is offered to HVM guests only.  PV guests attempting to use it would
    trap for emulation, and the L1D cache would fill long before the return to
    guest context.  As such, PV guests can't make any use of the L1D_FLUSH
    functionality.
    
    This is part of XSA-273 / CVE-2018-3646.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    (cherry picked from commit fd9823faf9df057a69a9a53c2e100691d3f4267c)
---
 xen/arch/x86/hvm/hvm.c      | 12 ++++++++++++
 xen/arch/x86/hvm/vmx/vmcs.c |  8 ++++++++
 xen/arch/x86/traps.c        |  5 +++++
 3 files changed, 25 insertions(+)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 873a3fe404..702dd1a872 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4829,6 +4829,7 @@ int hvm_msr_read_intercept(unsigned int msr, uint64_t 
*msr_content)
         break;
 
     case MSR_PRED_CMD:
+    case MSR_FLUSH_CMD:
         /* Write-only */
         goto gp_fault;
 
@@ -5019,6 +5020,17 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t 
msr_content,
         wrmsrl(MSR_PRED_CMD, msr_content);
         break;
 
+    case MSR_FLUSH_CMD:
+        hvm_cpuid(7, NULL, NULL, NULL, &edx);
+        if ( !(edx & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) )
+            goto gp_fault; /* MSR available? */
+
+        if ( msr_content & ~FLUSH_CMD_L1D )
+            goto gp_fault; /* Rsvd bit set? */
+
+        wrmsrl(MSR_FLUSH_CMD, msr_content);
+        break;
+
     case MSR_ARCH_CAPABILITIES:
         /* Read-only */
         goto gp_fault;
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 732b7e08ea..e99c0a54a2 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -1777,6 +1777,14 @@ void vmx_do_resume(struct vcpu *v)
             vmx_enable_intercept_for_msr(v, MSR_PRED_CMD,
                                          MSR_TYPE_R | MSR_TYPE_W);
 
+        /* MSR_FLUSH_CMD is safe to pass through if the guest knows about it. 
*/
+        if ( (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) )
+            vmx_disable_intercept_for_msr(v, MSR_FLUSH_CMD,
+                                          MSR_TYPE_R | MSR_TYPE_W);
+        else
+            vmx_enable_intercept_for_msr(v, MSR_FLUSH_CMD,
+                                         MSR_TYPE_R | MSR_TYPE_W);
+
         v->arch.flags |= TF_launched;
     }
 
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 598a7a7151..5845055824 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2769,6 +2769,10 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
             wrmsrl(MSR_PRED_CMD, msr_content);
             break;
 
+        case MSR_FLUSH_CMD:
+            /* Not available to PV guests. */
+            break;
+
         case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7):
         case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(3):
         case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2:
@@ -2900,6 +2904,7 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
             break;
 
         case MSR_PRED_CMD:
+        case MSR_FLUSH_CMD:
             /* Write-only */
             goto fail;
 
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.6

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.