[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH v3 7/8] x86/hvm: Disallow access to unknown MSRs


  • To: Roger Pau Monne <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: "Tian, Kevin" <kevin.tian@xxxxxxxxx>
  • Date: Mon, 7 Sep 2020 03:31:00 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=VJu3zgSMgbaYOWtOzxIAxcOYkxDPRp7NThIKfOGWrS4=; b=WO/rCFxPai8QfgGoPmptEHRQRWnJnbqrUCR1RIaHb97PcHjVOeyJCVZpTvMfU4FvfKPclUZRy3MN2mo+NeuVqa5dED9NM2jRdJdj6N357qpo717h20dQWrHyhdqDss4wGHohSmruyPqhIRh8A0+F8PPCMQOR4uSNFHvK/8IE5tV+PjqkD90c6fKxwzgw1gG1RNaMmYm6nHPqZfkPN3HWAkmwe8yVvMd4Bq/XKxoZ4GjvuACJoZ0mWGHJE83HEDCo0CqXHo/9e7gsS6SuyhirHUjOwSOJAEe1V/03CX9CCdHHYb/O23zPHjjztFd9eRQRvgIZBzYDbsq9AeoQYtGTUQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OV7IwdEjlNKEIEGQT1YFIL4Sc0+Jt8aMlDlYxGaae44wMOo5SbjPhWhf2+A1hVRUdv9RPTCsPtVwIT0oy0bdUn38A4yZx5LWyZM3e9cheui2UBTJ8LBlDoPB9HFsJaJAIZQBW0z6/sq5XnyuPMaAGYQ63hZXTYOZqkSxW/H2u7VahBE9cg60RENJcmaub7jmxiGuIILEKRVFi4G6v357flHrqa+7nKqeyjBdnMHD6eOfkz9ZgWLFjg360y6213FNtmtFcqjs58vKI2mgNmTF32XbfYXeUBosC2ZMsh5aEK/ijwcmLrFUBCKQReFBqtS3fH3F6gE5+60mMmLIXg8TCg==
  • Authentication-results: citrix.com; dkim=none (message not signed) header.d=none;citrix.com; dmarc=none action=none header.from=intel.com;
  • Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
  • Delivery-date: Mon, 07 Sep 2020 03:31:10 +0000
  • Dlp-product: dlpe-windows
  • Dlp-reaction: no-action
  • Dlp-version: 11.5.1.3
  • Ironport-sdr: s64FGT0BLmX6ZIgZor0k/pUfeURIeApxhPTsXnjKcHafID2L0MxAGS0L51HC9jjxE8xgSZqOa/ rkF7DMlZQ3tA==
  • Ironport-sdr: U2H+2zCtJBM90BRp5hpAbUFsOEOq3DYW62PRaf+yiTBPxSWVaBytD5E2YgBu1SrZymWK/kH/wB SYKZPvXaV4Fg==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHWgFCN/0PpkCrt6kWmM/Y2GUOEPKlcjeBA
  • Thread-topic: [PATCH v3 7/8] x86/hvm: Disallow access to unknown MSRs

> From: Roger Pau Monne <roger.pau@xxxxxxxxxx>
> Sent: Tuesday, September 1, 2020 6:55 PM
> 
> From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> 
> Change the catch-all behavior for MSR not explicitly handled. Instead
> of allow full read-access to the MSR space and silently dropping
> writes return an exception when the MSR is not explicitly handled.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> [remove rdmsr_safe from default case in svm_msr_read_intercept]
> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>

> ---
> Changes since v1:
>  - Fold chunk to remove explicit write handling of VMX MSRs just to
>    #GP.
>  - Remove catch-all rdmsr_safe in svm_msr_read_intercept.
> ---
>  xen/arch/x86/hvm/svm/svm.c | 10 ++++------
>  xen/arch/x86/hvm/vmx/vmx.c | 16 ++++------------
>  2 files changed, 8 insertions(+), 18 deletions(-)
> 
> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
> index 0e43154c7e..66b22efdab 100644
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -1964,8 +1964,7 @@ static int svm_msr_read_intercept(unsigned int
> msr, uint64_t *msr_content)
>          break;
> 
>      default:
> -        if ( rdmsr_safe(msr, *msr_content) == 0 )
> -            break;
> +        gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n",
> msr);
>          goto gpf;
>      }
> 
> @@ -2150,10 +2149,9 @@ static int svm_msr_write_intercept(unsigned int
> msr, uint64_t msr_content)
>          break;
> 
>      default:
> -        /* Match up with the RDMSR side; ultimately this should go away. */
> -        if ( rdmsr_safe(msr, msr_content) == 0 )
> -            break;
> -
> +        gdprintk(XENLOG_WARNING,
> +                 "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n",
> +                 msr, msr_content);
>          goto gpf;
>      }
> 
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index f6657af923..9cc9d81c41 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -3015,9 +3015,7 @@ static int vmx_msr_read_intercept(unsigned int
> msr, uint64_t *msr_content)
>              break;
>          }
> 
> -        if ( rdmsr_safe(msr, *msr_content) == 0 )
> -            break;
> -
> +        gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n",
> msr);
>          goto gp_fault;
>      }
> 
> @@ -3290,11 +3288,6 @@ static int vmx_msr_write_intercept(unsigned int
> msr, uint64_t msr_content)
>          __vmwrite(GUEST_IA32_DEBUGCTL, msr_content);
>          break;
> 
> -    case MSR_IA32_FEATURE_CONTROL:
> -    case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
> -        /* None of these MSRs are writeable. */
> -        goto gp_fault;
> -
>      case MSR_IA32_MISC_ENABLE:
>          /* Silently drop writes that don't change the reported value. */
>          if ( vmx_msr_read_intercept(msr, &tmp) != X86EMUL_OKAY ||
> @@ -3320,10 +3313,9 @@ static int vmx_msr_write_intercept(unsigned int
> msr, uint64_t msr_content)
>               is_last_branch_msr(msr) )
>              break;
> 
> -        /* Match up with the RDMSR side; ultimately this should go away. */
> -        if ( rdmsr_safe(msr, msr_content) == 0 )
> -            break;
> -
> +        gdprintk(XENLOG_WARNING,
> +                 "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n",
> +                 msr, msr_content);
>          goto gp_fault;
>      }
> 
> --
> 2.28.0


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.