All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Jan Beulich <jbeulich@suse.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	<xen-devel@lists.xenproject.org>, Wei Liu <wl@xen.org>,
	Jun Nakajima <jun.nakajima@intel.com>,
	Kevin Tian <kevin.tian@intel.com>
Subject: Re: [PATCH v3 7/8] x86/hvm: Disallow access to unknown MSRs
Date: Fri, 4 Sep 2020 13:13:54 +0200	[thread overview]
Message-ID: <20200904111354.GP753@Air-de-Roger> (raw)
In-Reply-To: <6823183f-90f0-90df-f843-6db2e84dba4a@suse.com>

On Fri, Sep 04, 2020 at 10:53:26AM +0200, Jan Beulich wrote:
> On 01.09.2020 12:54, Roger Pau Monne wrote:
> > @@ -3290,11 +3288,6 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content)
> >          __vmwrite(GUEST_IA32_DEBUGCTL, msr_content);
> >          break;
> >  
> > -    case MSR_IA32_FEATURE_CONTROL:
> > -    case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC:
> > -        /* None of these MSRs are writeable. */
> > -        goto gp_fault;
> 
> I understand Andrew did ask for this (and I didn't look closely
> when I saw the comment), but ...
> 
> > @@ -3320,10 +3313,9 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content)
> >               is_last_branch_msr(msr) )
> >              break;
> >  
> > -        /* Match up with the RDMSR side; ultimately this should go away. */
> > -        if ( rdmsr_safe(msr, msr_content) == 0 )
> > -            break;
> > -
> > +        gdprintk(XENLOG_WARNING,
> > +                 "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n",
> > +                 msr, msr_content);
> >          goto gp_fault;
> 
> ... above from here is logic that handling of these MSRs now goes
> through. I'm particularly worried about vmx_write_guest_msr(),
> which blindly updates the value of any MSR it can find, i.e. if
> any r/o MSR (from the set above, or even more generally) ever got
> added to this vCPU-specific set, the r/o-ness would no longer be
> maintained.

But those MSRs need to be added to the list explicitly (using
vmx_add_guest_msr) in order for the guest to be able to update them,
and they are supposed to be owned by the guest?

I understand the concern, but AFAICT none of the MSRs handled by
VMX_MSR_GUEST require such handling. Maybe it's worth adding something
like VMX_MSR_GUEST_RO in the future if such need arises?

> Do we perhaps need to white-list MSRs for which
> vmx_write_guest_msr() may get called here?

When such MSRs are added such addition should make sure they are not
allowed write permissions? You would have to do that now anyway
AFAICT.

Roger.


  parent reply	other threads:[~2020-09-04 11:14 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-09-01 10:54 [PATCH v3 0/8] x86: switch default MSR behavior Roger Pau Monne
2020-09-01 10:54 ` [PATCH v3 1/8] x86/vmx: handle writes to MISC_ENABLE MSR Roger Pau Monne
2020-09-04  8:34   ` Jan Beulich
2020-09-07  3:25   ` Tian, Kevin
2020-09-07  7:22     ` Jan Beulich
2020-09-01 10:54 ` [PATCH v3 2/8] x86/svm: silently drop writes to SYSCFG and related MSRs Roger Pau Monne
2020-09-04  8:36   ` Jan Beulich
2020-09-04  9:47     ` Andrew Cooper
2020-09-01 10:54 ` [PATCH v3 3/8] x86/msr: explicitly handle AMD DE_CFG Roger Pau Monne
2020-09-02 20:49   ` Andrew Cooper
2020-09-01 10:54 ` [PATCH v3 4/8] x86/svm: handle BU_CFG and BU_CFG2 with cases Roger Pau Monne
2020-09-02 21:02   ` Andrew Cooper
2020-09-03  8:15     ` Roger Pau Monné
2020-09-04  8:39       ` Jan Beulich
2020-09-03  8:29     ` Jan Beulich
2020-09-01 10:54 ` [PATCH v3 5/8] x86/pv: allow reading FEATURE_CONTROL MSR Roger Pau Monne
2020-09-02 20:56   ` Andrew Cooper
2020-09-03 13:33     ` Roger Pau Monné
2020-09-03 14:06       ` Andrew Cooper
2020-09-03 14:10         ` Roger Pau Monné
2020-09-01 10:54 ` [PATCH v3 6/8] x86/pv: disallow access to unknown MSRs Roger Pau Monne
2020-09-01 10:54 ` [PATCH v3 7/8] x86/hvm: Disallow " Roger Pau Monne
2020-09-04  8:53   ` Jan Beulich
2020-09-04  9:44     ` Andrew Cooper
2020-09-04  9:58       ` Jan Beulich
2020-09-04 11:13     ` Roger Pau Monné [this message]
2020-09-07  3:31   ` Tian, Kevin
2020-09-01 10:54 ` [PATCH v3 8/8] x86/msr: Drop compatibility #GP handling in guest_{rd, wr}msr() Roger Pau Monne

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200904111354.GP753@Air-de-Roger \
    --to=roger.pau@citrix.com \
    --cc=andrew.cooper3@citrix.com \
    --cc=jbeulich@suse.com \
    --cc=jun.nakajima@intel.com \
    --cc=kevin.tian@intel.com \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.