Xen project Mailing List

Re: [Xen-devel] [PATCH 2/2] x86: explicitly disallow guest access to PPIN

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Mon, 4 Nov 2019 11:04:54 +0100

Cc: "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Mon, 04 Nov 2019 10:05:06 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 01.11.2019 19:35, Andrew Cooper wrote: > On 30/10/2019 12:02, Jan Beulich wrote: >> On 30.10.2019 12:43, Andrew Cooper wrote: >>> On 30/10/2019 10:39, Jan Beulich wrote: >>>> To fulfill the "protected" in its name, don't let the real hardware >>>> values "shine through". Report a control register value expressing this. >>>> >>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> >>>> --- >>>> TBD: Do we want to permit Dom0 access? >>> I would recommend reordering the two patches and putting this one first >>> (along with the enumeration details, along with a pair of feature >>> strings in xen-cpuid). This patch at least wants backporting. >> Well, the reason for this ordering is because this way Dom0 >> doesn't transiently lose all access. > > Nothing pre-existing can be used reliably by dom0 because of the > raz/write-discard behaviour. Why "raz" - default behavior for "un-enumerated" MSRs is to hand out the raw hardware value. I agree Dom0 can't _enable_ the PPIN MSR (due to the write-discard default behavior), but on systems where the firmware does the enabling it could still have read the values. Jan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.