|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2 2/2] nvmx: always trap accesses to x2APIC MSRs
> From: Roger Pau Monne <roger.pau@xxxxxxxxxx> > Sent: Wednesday, January 29, 2020 10:45 PM > > Nested VMX doesn't expose support for > SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE, > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY or > SECONDARY_EXEC_APIC_REGISTER_VIRT, and hence the x2APIC MSRs should > always be trapped in the nested guest MSR bitmap, or else a nested > guest could access the hardware x2APIC MSRs given certain conditions. > > Accessing the hardware MSRs could be achieved by forcing the L0 Xen to > use SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE and > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY or > SECONDARY_EXEC_APIC_REGISTER_VIRT (if supported), and then creating a > L2 guest with a MSR bitmap that doesn't trap accesses to the x2APIC > MSR range. Then OR'ing both L0 and L1 MSR bitmaps would result in a > bitmap that doesn't trap certain x2APIC MSRs and a VMCS that doesn't > have SECONDARY_EXEC_VIRTUALIZE_X2APIC_MODE and > SECONDARY_EXEC_VIRTUAL_INTR_DELIVERY or > SECONDARY_EXEC_APIC_REGISTER_VIRT set either. > > Fix this by making sure x2APIC MSRs are always trapped in the nested > MSR bitmap. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |