All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] x86: tighten conditions under which writing certain MSRs is permitted
@ 2011-02-10 13:57 Jan Beulich
  0 siblings, 0 replies; only message in thread
From: Jan Beulich @ 2011-02-10 13:57 UTC (permalink / raw)
  To: xen-devel

[-- Attachment #1: Type: text/plain, Size: 2412 bytes --]

MSRs that control physical CPU aspects generally are pointless (and
possibly dangerous) to be written when the writer isn't sufficiently
aware that it's running virtualized.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2282,7 +2282,7 @@ static int emulate_privileged_op(struct 
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
                  (eax != (uint32_t)val) ||
@@ -2295,7 +2295,7 @@ static int emulate_privileged_op(struct 
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
                 goto fail;
@@ -2317,6 +2317,8 @@ static int emulate_privileged_op(struct 
         case MSR_IA32_UCODE_REV:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+                break;
             if ( rdmsr_safe(regs->ecx, val) )
                 goto fail;
             if ( msr_content )
@@ -2324,7 +2326,7 @@ static int emulate_privileged_op(struct 
             break;
         case MSR_IA32_MISC_ENABLE:
             if ( rdmsr_safe(regs->ecx, val) )
-                goto invalid;
+                goto fail;
             val = guest_misc_enable(val);
             if ( msr_content != val )
                 goto invalid;
@@ -2351,7 +2353,7 @@ static int emulate_privileged_op(struct 
         case MSR_IA32_ENERGY_PERF_BIAS:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( (v->domain->domain_id != 0) || !is_pinned_vcpu(v) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
                 goto fail;




[-- Attachment #2: x86-adjust-guest-wrmsr.patch --]
[-- Type: text/plain, Size: 2406 bytes --]

MSRs that control physical CPU aspects generally are pointless (and
possibly dangerous) to be written when the writer isn't sufficiently
aware that it's running virtualized.

Signed-off-by: Jan Beulich <jbeulich@novell.com>

--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2282,7 +2282,7 @@ static int emulate_privileged_op(struct 
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_AMD64_NB_CFG, val) != 0) ||
                  (eax != (uint32_t)val) ||
@@ -2295,7 +2295,7 @@ static int emulate_privileged_op(struct 
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD ||
                  boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 )
                 goto fail;
-            if ( !IS_PRIV(v->domain) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, val) != 0) )
                 goto fail;
@@ -2317,6 +2317,8 @@ static int emulate_privileged_op(struct 
         case MSR_IA32_UCODE_REV:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
+                break;
             if ( rdmsr_safe(regs->ecx, val) )
                 goto fail;
             if ( msr_content )
@@ -2324,7 +2326,7 @@ static int emulate_privileged_op(struct 
             break;
         case MSR_IA32_MISC_ENABLE:
             if ( rdmsr_safe(regs->ecx, val) )
-                goto invalid;
+                goto fail;
             val = guest_misc_enable(val);
             if ( msr_content != val )
                 goto invalid;
@@ -2351,7 +2353,7 @@ static int emulate_privileged_op(struct 
         case MSR_IA32_ENERGY_PERF_BIAS:
             if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL )
                 goto fail;
-            if ( (v->domain->domain_id != 0) || !is_pinned_vcpu(v) )
+            if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) )
                 break;
             if ( wrmsr_safe(regs->ecx, msr_content) != 0 )
                 goto fail;

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2011-02-10 13:57 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-10 13:57 [PATCH] x86: tighten conditions under which writing certain MSRs is permitted Jan Beulich

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.