[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Xen-devel] [PATCH v12 for-xen-4.5 18/20] x86/VPMU: Add privileged PMU mode
- To: Jan Beulich <JBeulich@xxxxxxxx>
- From: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
- Date: Tue, 30 Sep 2014 11:16:57 -0400
- Cc: kevin.tian@xxxxxxxxx, keir@xxxxxxx, suravee.suthikulpanit@xxxxxxx, andrew.cooper3@xxxxxxxxxx, tim@xxxxxxx, dietmar.hahn@xxxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, Aravind.Gopalakrishnan@xxxxxxx, jun.nakajima@xxxxxxxxx, dgdegra@xxxxxxxxxxxxx
- Delivery-date: Tue, 30 Sep 2014 15:28:01 +0000
- List-id: Xen developer discussion <xen-devel.lists.xen.org>
On 09/30/2014 04:18 AM, Jan Beulich wrote:
On 25.09.14 at 21:28, <boris.ostrovsky@xxxxxxxxxx> wrote:
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2579,6 +2579,10 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
)
{
+ if ( (vpmu_mode & XENPMU_MODE_ALL) &&
+ !is_hardware_domain(v->domain) )
+ break;
+
if ( vpmu_do_wrmsr(regs->ecx, msr_content, 0) )
goto fail;
}
@@ -2701,6 +2705,14 @@ static int emulate_privileged_op(struct cpu_user_regs
*regs)
case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD)
)
{
+ if ( (vpmu_mode & XENPMU_MODE_ALL) &&
+ !is_hardware_domain(v->domain) )
+ {
+ /* Don't leak PMU MSRs to unprivileged domains */
+ regs->eax = regs->edx = 0;
+ break;
+ }
+
if ( vpmu_do_rdmsr(regs->ecx, &msr_content) )
goto fail;
Is ignoring writes and returning zeroes for reads really reasonable in
this case? I.e. is the guest validly being told that there is a (v)PMU?
Because if it's not, it has no business accessing these MSRs and
hence should probably get a #GP instead.
VPMU mode can be changed to XENPMU_MODE_ALL at any time so a guest that
started with fully enabled PMU (e.g. when mode was XENPMU_MODE_SELF) may
continue accessing the MSRs. I don't think it should suddenly start
getting #GPs.
-boris
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
