Xen project Mailing List

[PATCH v2 7/8] x86/hvm: Disallow access to unknown MSRs

From: Roger Pau Monne <roger.pau@xxxxxxxxxx>

Date: Thu, 20 Aug 2020 17:08:34 +0200

Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Kevin Tian <kevin.tian@xxxxxxxxx>

Delivery-date: Thu, 20 Aug 2020 15:09:51 +0000

Ironport-sdr: WC8Phs4G2OE1+xbh74B68s9+1JUr4rg7TGkxrf2xHD0JuVOyA2KMSEag4c0DcoYXrXk9JJ/1W8 yF0iSKW1e86GPOISJ8MczKKj6TgZvcZrMNhm23m8Ww3da42Qc6ar4QjMgfA8fl7QX5IQPA7i5g V2ytyZfvbZytU1gey9V5A67W1sdt67XR634LQlV/6QF3onAvnNuKsVpim1YrEmxrXDe1MXMFuw p4iRATwkqy2RH/Qd74z8g/vYE5P748RqW5XYxrY3qjHx7CHZfmb8MGgaHbzCCX4mIU+hpZollq +yU=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Change the catch-all behavior for MSR not explicitly handled. Instead of allow full read-access to the MSR space and silently dropping writes return an exception when the MSR is not explicitly handled. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> [remove rdmsr_safe from default case in svm_msr_read_intercept] Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> --- Changes since v1: - Fold chunk to remove explicit write handling of VMX MSRs just to #GP. - Remove catch-all rdmsr_safe in svm_msr_read_intercept. --- xen/arch/x86/hvm/svm/svm.c | 11 ++++------- xen/arch/x86/hvm/vmx/vmx.c | 16 ++++------------ 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 7586b77268..1e4458c184 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1952,9 +1952,6 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; default: - if ( rdmsr_safe(msr, *msr_content) == 0 ) - break; - if ( boot_cpu_data.x86 == 0xf && msr == MSR_F10_BU_CFG ) { /* Win2k8 x64 reads this MSR on revF chips, where it @@ -1967,6 +1964,7 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; } + gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n", msr); goto gpf; } @@ -2154,10 +2152,9 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) break; default: - /* Match up with the RDMSR side; ultimately this should go away. */ - if ( rdmsr_safe(msr, msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, + "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n", + msr, msr_content); goto gpf; } diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f6657af923..9cc9d81c41 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3015,9 +3015,7 @@ static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; } - if ( rdmsr_safe(msr, *msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n", msr); goto gp_fault; } @@ -3290,11 +3288,6 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) __vmwrite(GUEST_IA32_DEBUGCTL, msr_content); break; - case MSR_IA32_FEATURE_CONTROL: - case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: - /* None of these MSRs are writeable. */ - goto gp_fault; - case MSR_IA32_MISC_ENABLE: /* Silently drop writes that don't change the reported value. */ if ( vmx_msr_read_intercept(msr, &tmp) != X86EMUL_OKAY || @@ -3320,10 +3313,9 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) is_last_branch_msr(msr) ) break; - /* Match up with the RDMSR side; ultimately this should go away. */ - if ( rdmsr_safe(msr, msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, + "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n", + msr, msr_content); goto gp_fault; } -- 2.28.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.