[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.6] x86/msr: Virtualise MSR_FLUSH_CMD for guests
commit c932ff17fc61a6d4c8041e077592800eec54e9f1 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Fri Apr 13 15:34:01 2018 +0000 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Aug 14 17:39:57 2018 +0100 x86/msr: Virtualise MSR_FLUSH_CMD for guests Guests (outside of the nested virt case, which isn't supported yet) don't need L1D_FLUSH for their L1TF mitigations, but offering/emulating MSR_FLUSH_CMD is easy and doesn't pose an issue for Xen. The MSR is offered to HVM guests only. PV guests attempting to use it would trap for emulation, and the L1D cache would fill long before the return to guest context. As such, PV guests can't make any use of the L1D_FLUSH functionality. This is part of XSA-273 / CVE-2018-3646. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> (cherry picked from commit fd9823faf9df057a69a9a53c2e100691d3f4267c) --- xen/arch/x86/hvm/hvm.c | 12 ++++++++++++ xen/arch/x86/hvm/vmx/vmcs.c | 8 ++++++++ xen/arch/x86/traps.c | 5 +++++ 3 files changed, 25 insertions(+) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index 873a3fe404..702dd1a872 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -4829,6 +4829,7 @@ int hvm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; case MSR_PRED_CMD: + case MSR_FLUSH_CMD: /* Write-only */ goto gp_fault; @@ -5019,6 +5020,17 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t msr_content, wrmsrl(MSR_PRED_CMD, msr_content); break; + case MSR_FLUSH_CMD: + hvm_cpuid(7, NULL, NULL, NULL, &edx); + if ( !(edx & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ) + goto gp_fault; /* MSR available? */ + + if ( msr_content & ~FLUSH_CMD_L1D ) + goto gp_fault; /* Rsvd bit set? */ + + wrmsrl(MSR_FLUSH_CMD, msr_content); + break; + case MSR_ARCH_CAPABILITIES: /* Read-only */ goto gp_fault; diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c index 732b7e08ea..e99c0a54a2 100644 --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -1777,6 +1777,14 @@ void vmx_do_resume(struct vcpu *v) vmx_enable_intercept_for_msr(v, MSR_PRED_CMD, MSR_TYPE_R | MSR_TYPE_W); + /* MSR_FLUSH_CMD is safe to pass through if the guest knows about it. */ + if ( (_7d0 & cpufeat_mask(X86_FEATURE_L1D_FLUSH)) ) + vmx_disable_intercept_for_msr(v, MSR_FLUSH_CMD, + MSR_TYPE_R | MSR_TYPE_W); + else + vmx_enable_intercept_for_msr(v, MSR_FLUSH_CMD, + MSR_TYPE_R | MSR_TYPE_W); + v->arch.flags |= TF_launched; } diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c index 598a7a7151..5845055824 100644 --- a/xen/arch/x86/traps.c +++ b/xen/arch/x86/traps.c @@ -2769,6 +2769,10 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) wrmsrl(MSR_PRED_CMD, msr_content); break; + case MSR_FLUSH_CMD: + /* Not available to PV guests. */ + break; + case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7): case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(3): case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2: @@ -2900,6 +2904,7 @@ static int emulate_privileged_op(struct cpu_user_regs *regs) break; case MSR_PRED_CMD: + case MSR_FLUSH_CMD: /* Write-only */ goto fail; -- generated by git-patchbot for /home/xen/git/xen.git#stable-4.6 _______________________________________________ Xen-changelog mailing list Xen-changelog@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/xen-changelog
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |