Re: [Xen-devel] [PATCH] x86/HVM: don't give the wrong impression of WRMSR succeeding

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 22/02/18 13:44, Jan Beulich wrote:
> ... for unknown MSRs: wrmsr_hypervisor_regs()'s comment clearly says
> that the function returns 0 for unrecognized MSRs, so
> {svm,vmx}_msr_write_intercept() should not convert this into success.
>
> At the time it went in, commit 013e34f5a6 ("x86: handle paged gfn in
> wrmsr_hypervisor_regs") was probably okay, since prior to that the
> return value wasn't checked at all. But that's not how we want things
> to be handled nowadays.
>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

I agree in principle, but this does have a large potential risk for
guests.  Any unknown MSR which guests don't check for #GP faults from
will now cause the guests to crash.

That said, it is the correct direction to go long-term, and we've got to
throw the switch some time, but I expect this will cause problems in the
short term, especially for migrated-in guests.

As for the making this change, there is a better way of doing it by
moving viridian and Xen MSR handing into the new guest_{rd,wr}msr()
infrastructure, which means we won't call into both of these subsystems
for every unknown MSR.

I've already got half a patch to do this from the pending CPUID/MSR work
which I can dust off, if you like?

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel