Re: [Xen-devel] Is there any way to read msr in hypervisor code?

On 27/02/2018 09:37, Minjun Hong wrote:
Hello, I've tried to read msr in hypervisor code:

uint64_t reg;  
rdmsr_safe(0x412e, ret);

But, I all failed to read it because the hypervisor is running in ring-1 CPL as I did googling.

Xen runs in ring 0, root mode.  Forget terms like "ring -1" because they are not accurate, and not a helpful description of what is going on.

When I accessed msr, the crash log is below:

(XEN) ----[ Xen-4.9.0  x86_64  debug=n   Not tainted ]----
(XEN) CPU:    7
(XEN) RIP:    e008:[<ffff82d08024139d>] mcsched.c#shscan_timer_fn+0xd/0x180
(XEN) RFLAGS: 0000000000010206   CONTEXT: hypervisor
(XEN) rax: ffff83084abfe028   rbx: ffff83084abfe300   rcx: 000000000000412e
(XEN) rdx: ffff83084abb7fff   rsi: ffff82d080632f00   rdi: 0000000000000000
(XEN) rbp: ffff82d080241390   rsp: ffff83084abb7e30   r8:  ffff830868d4bdc0
(XEN) r9:  0000000000000005   r10: 0000012da75b50a5   r11: ffff8300782f3060
(XEN) r12: 0000000000000000   r13: 0000012d9f9d6e07   r14: ffff83084abb7fff
(XEN) r15: ffff82d08062ad80   cr0: 000000008005003b   cr4: 00000000003526e0
(XEN) cr3: 00000003426f3000   cr2: 00007fc3c21d4000
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen code around <ffff82d08024139d> (mcsched.c#shscan_timer_fn+0xd/0x180):
(XEN)  00 00 41 55 41 54 55 53 <0f> 32 4c 8d 05 0a 79 11 00 48 8d 0d 91 45 14 00

This is a rdmsr(), not rdmsr_safe(), which is why you are crashing.

Irrespective of that, 0x412e isn't an MSR which exists on any real hardware, so I'm not sure what other result you were expecting.

