[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v12 for-xen-4.5 18/20] x86/VPMU: Add privileged PMU mode




On 09/30/2014 04:18 AM, Jan Beulich wrote:
On 25.09.14 at 21:28, <boris.ostrovsky@xxxxxxxxxx> wrote:
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2579,6 +2579,10 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
          case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
                  if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) 
)
                  {
+                    if ( (vpmu_mode & XENPMU_MODE_ALL) &&
+                         !is_hardware_domain(v->domain) )
+                        break;
+
                      if ( vpmu_do_wrmsr(regs->ecx, msr_content, 0) )
                          goto fail;
                  }
@@ -2701,6 +2705,14 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
          case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
                  if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) 
)
                  {
+                    if ( (vpmu_mode & XENPMU_MODE_ALL) &&
+                         !is_hardware_domain(v->domain) )
+                    {
+                        /* Don't leak PMU MSRs to unprivileged domains */
+                        regs->eax = regs->edx = 0;
+                        break;
+                    }
+
                      if ( vpmu_do_rdmsr(regs->ecx, &msr_content) )
                          goto fail;
Is ignoring writes and returning zeroes for reads really reasonable in
this case? I.e. is the guest validly being told that there is a (v)PMU?
Because if it's not, it has no business accessing these MSRs and
hence should probably get a #GP instead.

VPMU mode can be changed to XENPMU_MODE_ALL at any time so a guest that started with fully enabled PMU (e.g. when mode was XENPMU_MODE_SELF) may continue accessing the MSRs. I don't think it should suddenly start getting #GPs.

-boris

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.