[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/Intel: hide CPUID faulting capability from guests

On Thu, Sep 15, 2016 at 11:32 PM, Jan Beulich <JBeulich@xxxxxxxx> wrote:
> We don't currently emulate it, so guests should not be misguided to
> believe they can (try to) use it.
>
> For now, simply return zero to guests for platform MSR reads, and only
> accept (by discarding) writes of zero. If ever there will be bits we
> can safely expose to guests, let's handle them by white listing.
>
> (As a side note - according to SDM version 059 bit 31 is reserved on
> all known families.)
>
> Reported-by: Kyle Huey <me@xxxxxxxxxxxx>
> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2699,6 +2699,13 @@ static int vmx_msr_read_intercept(unsign
>          if ( vpmu_do_rdmsr(msr, msr_content) )
>              goto gp_fault;
>          break;
> +
> +    case MSR_INTEL_PLATFORM_INFO:
> +        if ( rdmsr_safe(MSR_INTEL_PLATFORM_INFO, *msr_content) )
> +            goto gp_fault;
> +        *msr_content = 0;
> +        break;
> +
>      default:
>          if ( passive_domain_do_rdmsr(msr, msr_content) )
>              goto done;
> @@ -2918,6 +2925,13 @@ static int vmx_msr_write_intercept(unsig
>           if ( vpmu_do_wrmsr(msr, msr_content, 0) )
>              goto gp_fault;
>          break;
> +
> +    case MSR_INTEL_PLATFORM_INFO:
> +        if ( msr_content ||
> +             rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msr_content) )
> +            goto gp_fault;
> +        break;
> +
>      default:
>          if ( passive_domain_do_wrmsr(msr, msr_content) )
>              return X86EMUL_OKAY;
> --- a/xen/arch/x86/traps.c
> +++ b/xen/arch/x86/traps.c
> @@ -2938,6 +2938,14 @@ static int emulate_privileged_op(struct
>              if ( v->arch.debugreg[7] & DR7_ACTIVE_MASK )
>                  wrmsrl(regs->_ecx, msr_content);
>              break;
> +
> +        case MSR_INTEL_PLATFORM_INFO:
> +            if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
> +                 msr_content ||
> +                 rdmsr_safe(MSR_INTEL_PLATFORM_INFO, msr_content) )
> +                goto fail;
> +            break;
> +
>          case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7):
>          case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(3):
>          case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2:
> @@ -3066,6 +3074,14 @@ static int emulate_privileged_op(struct
>              /* No extra capabilities are supported */
>              regs->eax = regs->edx = 0;
>              break;
> +
> +        case MSR_INTEL_PLATFORM_INFO:
> +            if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ||
> +                 rdmsr_safe(MSR_INTEL_PLATFORM_INFO, val) )
> +                goto fail;
> +            regs->eax = regs->edx = 0;
> +            break;
> +
>          case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7):
>          case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(3):
>          case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2:
>
>
>

Excellent.  Thank you for writing this.

- Kyle

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.