[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 2/5] x86/pv: Avoid leaking other guests' MSR_TSC_AUX values into PV context

On Tue, Feb 20, 2018 at 03:26:20PM +0000, Andrew Cooper wrote:
> On 20/02/18 15:22, Wei Liu wrote:
> > On Tue, Feb 20, 2018 at 11:58:40AM +0000, Andrew Cooper wrote:
> >> If the CPU pipeline supports RDTSCP or RDPID, a guest can observe the 
> >> value in
> >> MSR_TSC_AUX, irrespective of whether the relevant CPUID features are
> >> advertised/hidden.
> >>
> > This setup works only because CR4.TSD=0?
> Having CR4.TSD clear is the default, and means RDTSCP will work at any
> privilege level.  Setting CR4.TSD (either due to virtualised TSC, or
> because the guest kernel wants to trap user accesses) will cause RDTSCP
> to trap into emul-priv-op.
> There is no way of causing RDPID to trap (on hardware which supports the
> instruction), and it will read read the current value of MSR_TSC_AUX.


In any case:

Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.