[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen staging-4.12] x86/msr: Disallow guest access to the RAPL MSRs
commit 14c9c0fceae92a18dedc3f280ebf8b9f52e39de5 Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> AuthorDate: Thu Apr 23 13:05:46 2020 +0100 Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> CommitDate: Tue Nov 10 17:50:11 2020 +0000 x86/msr: Disallow guest access to the RAPL MSRs Researchers have demonstrated using the RAPL interface to perform a differential power analysis attack to recover AES keys used by other cores in the system. Furthermore, even privileged guests cannot use this interface correctly, due to MSR scope and vcpu scheduling issues. The interface would want to be paravirtualised to be used sensibly. Disallow access to the RAPL MSRs completely, as well as other MSRs which potentially access fine grain power information. This is part of XSA-351. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> --- xen/arch/x86/msr.c | 18 ++++++++++++++++++ xen/include/asm-x86/msr-index.h | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index a427826ba0..927ed625df 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -151,9 +151,18 @@ int guest_rdmsr(const struct vcpu *v, uint32_t msr, uint64_t *val) case MSR_TSX_CTRL: case MSR_MCU_OPT_CTRL: case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): + case MSR_RAPL_POWER_UNIT: + case MSR_PKG_POWER_LIMIT ... MSR_PKG_POWER_INFO: + case MSR_DRAM_POWER_LIMIT ... MSR_DRAM_POWER_INFO: + case MSR_PP0_POWER_LIMIT ... MSR_PP0_POLICY: + case MSR_PP1_POWER_LIMIT ... MSR_PP1_POLICY: + case MSR_PLATFORM_ENERGY_COUNTER: + case MSR_PLATFORM_POWER_LIMIT: case MSR_U_CET: case MSR_S_CET: case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: + case MSR_F15H_CU_POWER ... MSR_F15H_CU_MAX_POWER: + case MSR_AMD_RAPL_POWER_UNIT ... MSR_AMD_PKG_ENERGY_STATUS: /* Not offered to guests. */ goto gp_fault; @@ -315,9 +324,18 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) case MSR_TSX_CTRL: case MSR_MCU_OPT_CTRL: case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): + case MSR_RAPL_POWER_UNIT: + case MSR_PKG_POWER_LIMIT ... MSR_PKG_POWER_INFO: + case MSR_DRAM_POWER_LIMIT ... MSR_DRAM_POWER_INFO: + case MSR_PP0_POWER_LIMIT ... MSR_PP0_POLICY: + case MSR_PP1_POWER_LIMIT ... MSR_PP1_POLICY: + case MSR_PLATFORM_ENERGY_COUNTER: + case MSR_PLATFORM_POWER_LIMIT: case MSR_U_CET: case MSR_S_CET: case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: + case MSR_F15H_CU_POWER ... MSR_F15H_CU_MAX_POWER: + case MSR_AMD_RAPL_POWER_UNIT ... MSR_AMD_PKG_ENERGY_STATUS: /* Not offered to guests. */ goto gp_fault; diff --git a/xen/include/asm-x86/msr-index.h b/xen/include/asm-x86/msr-index.h index 0eb6855614..ba9e90af21 100644 --- a/xen/include/asm-x86/msr-index.h +++ b/xen/include/asm-x86/msr-index.h @@ -96,6 +96,38 @@ /* Lower 6 bits define the format of the address in the LBR stack */ #define MSR_IA32_PERF_CAP_LBR_FORMAT 0x3f +/* + * Intel Runtime Average Power Limiting (RAPL) interface. Power plane base + * addresses (MSR_*_POWER_LIMIT) are model specific, but have so-far been + * consistent since their introduction in SandyBridge. + * + * Offsets of functionality from the power plane base is architectural, but + * not all power planes support all functionality. + */ +#define MSR_RAPL_POWER_UNIT 0x00000606 + +#define MSR_PKG_POWER_LIMIT 0x00000610 +#define MSR_PKG_ENERGY_STATUS 0x00000611 +#define MSR_PKG_PERF_STATUS 0x00000613 +#define MSR_PKG_POWER_INFO 0x00000614 + +#define MSR_DRAM_POWER_LIMIT 0x00000618 +#define MSR_DRAM_ENERGY_STATUS 0x00000619 +#define MSR_DRAM_PERF_STATUS 0x0000061b +#define MSR_DRAM_POWER_INFO 0x0000061c + +#define MSR_PP0_POWER_LIMIT 0x00000638 +#define MSR_PP0_ENERGY_STATUS 0x00000639 +#define MSR_PP0_POLICY 0x0000063a + +#define MSR_PP1_POWER_LIMIT 0x00000640 +#define MSR_PP1_ENERGY_STATUS 0x00000641 +#define MSR_PP1_POLICY 0x00000642 + +/* Intel Platform-wide power interface. */ +#define MSR_PLATFORM_ENERGY_COUNTER 0x0000064d +#define MSR_PLATFORM_POWER_LIMIT 0x0000065c + #define MSR_IA32_BNDCFGS 0x00000d90 #define IA32_BNDCFGS_ENABLE 0x00000001 #define IA32_BNDCFGS_PRESERVE 0x00000002 @@ -236,6 +268,8 @@ #define MSR_K8_VM_CR 0xc0010114 #define MSR_K8_VM_HSAVE_PA 0xc0010117 +#define MSR_F15H_CU_POWER 0xc001007a +#define MSR_F15H_CU_MAX_POWER 0xc001007b #define MSR_AMD_FAM15H_EVNTSEL0 0xc0010200 #define MSR_AMD_FAM15H_PERFCTR0 0xc0010201 #define MSR_AMD_FAM15H_EVNTSEL1 0xc0010202 @@ -249,6 +283,10 @@ #define MSR_AMD_FAM15H_EVNTSEL5 0xc001020a #define MSR_AMD_FAM15H_PERFCTR5 0xc001020b +#define MSR_AMD_RAPL_POWER_UNIT 0xc0010299 +#define MSR_AMD_CORE_ENERGY_STATUS 0xc001029a +#define MSR_AMD_PKG_ENERGY_STATUS 0xc001029b + #define MSR_AMD_L7S0_FEATURE_MASK 0xc0011002 #define MSR_AMD_THRM_FEATURE_MASK 0xc0011003 #define MSR_K8_FEATURE_MASK 0xc0011004 -- generated by git-patchbot for /home/xen/git/xen.git#staging-4.12
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |