From patchwork Fri Mar 17 09:57:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul Durrant X-Patchwork-Id: 9630159 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 2677460249 for ; Fri, 17 Mar 2017 09:59:57 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F06BB286A1 for ; Fri, 17 Mar 2017 09:59:56 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E54A5286A3; Fri, 17 Mar 2017 09:59:56 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 75E2B286A1 for ; Fri, 17 Mar 2017 09:59:56 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coodM-0000Ux-LI; Fri, 17 Mar 2017 09:57:20 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1coodL-0000Tl-PY for xen-devel@lists.xenproject.org; Fri, 17 Mar 2017 09:57:19 +0000 Received: from [85.158.137.68] by server-12.bemta-3.messagelabs.com id AA/06-12861-FF2BBC85; Fri, 17 Mar 2017 09:57:19 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpmkeJIrShJLcpLzFFi42JxWrrBXvffptM RBofWiVh83zKZyYHR4/CHKywBjFGsmXlJ+RUJrBnPLuxlL+i2qXg4dypTA+NdrS5GTg4JAX+J A58mMIPYbAI6ElOfXmLtYuTgEBFQkbi91wDEZBYol+iYUAtSISwQKrFowT1WEJtFQFViVvNnF hCbV8BdYu/DuywQE+Ukzh//CTaRU8BD4uKlJkYQWwioZkHzVzYIW0Vi/dRZbBC9ghInZz4B62 UWkJA4+OIF8wRG3llIUrOQpBYwMq1i1ChOLSpLLdI1MtVLKspMzyjJTczM0TU0MNbLTS0uTkx PzUlMKtZLzs/dxAgMnHoGBsYdjK0n/A4xSnIwKYnyvlhxOkKILyk/pTIjsTgjvqg0J7X4EKMM B4eSBG/0RqCcYFFqempFWmYOMIRh0hIcPEoivEc2AKV5iwsSc4sz0yFSpxgVpcR5g0H6BEASG aV5cG2wuLnEKCslzMvIwMAgxFOQWpSbWYIq/4pRnINRSZi3H2QKT2ZeCdz0V0CLmYAWv/1wAm RxSSJCSqqBUeaooIWK7Mt3k768W7g36I3Y9MI9FU76SwpbV+5muZFjr3XULv9eap6IxRGVxDv 5wT8SFdpv3GvglfMO3swabOjH87xdu2NVDkfDS1nlC9NZrz5WZlfU3eAf9CTicdXiGW9MTl+/ /qvcRai8+/7c538e981WT2OJfGnz48maGuG7nP3vVa56KLEUZyQaajEXFScCAJiu3b+WAgAA X-Env-Sender: prvs=242126e8b=Paul.Durrant@citrix.com X-Msg-Ref: server-6.tower-31.messagelabs.com!1489744635!64401385!2 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.2.3; banners=-,-,- X-VirusChecked: Checked Received: (qmail 64310 invoked from network); 17 Mar 2017 09:57:17 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-6.tower-31.messagelabs.com with RC4-SHA encrypted SMTP; 17 Mar 2017 09:57:17 -0000 X-IronPort-AV: E=Sophos;i="5.36,176,1486425600"; d="scan'208";a="423198447" From: Paul Durrant To: Date: Fri, 17 Mar 2017 09:57:11 +0000 Message-ID: <1489744633-28760-6-git-send-email-paul.durrant@citrix.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1489744633-28760-1-git-send-email-paul.durrant@citrix.com> References: <1489744633-28760-1-git-send-email-paul.durrant@citrix.com> MIME-Version: 1.0 Cc: Andrew Cooper , Paul Durrant , Jan Beulich Subject: [Xen-devel] [PATCH 5/7] x86/viridian: add warnings for unimplemented hypercalls and MSRs X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP These warnings can be useful when Microsoft updates Windows. In the past there have been several cases when Windows erroneously uses hypercalls and MSRs that should be gated on CPUID flags than Xen does not set. The usual symptom is a guest crash with little or no information in the hypervisor log. Adding these warnings at least gives a clue as to what might be happening in such cases. Some versions of Windows do currently issue hypercalls that they should not, so this patch whitelists those to avoid the warnings as the lack of implementation is clearly proved not to be a problem to the guest. The warnings are rate limited so a malicious guest cannot use them to as a DoS. NOTE: Because the MSR warnings need to be gated on range checking the MSR address this patch imports the up-to-date definitions of all the viridian MSRs from the specification. Signed-off-by: Paul Durrant --- Cc: Jan Beulich Cc: Andrew Cooper --- xen/arch/x86/hvm/viridian.c | 102 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 88 insertions(+), 14 deletions(-) diff --git a/xen/arch/x86/hvm/viridian.c b/xen/arch/x86/hvm/viridian.c index 4151ba5..deb57f9 100644 --- a/xen/arch/x86/hvm/viridian.c +++ b/xen/arch/x86/hvm/viridian.c @@ -23,17 +23,73 @@ #include /* Viridian MSR numbers. */ -#define HV_X64_MSR_GUEST_OS_ID 0x40000000 -#define HV_X64_MSR_HYPERCALL 0x40000001 -#define HV_X64_MSR_VP_INDEX 0x40000002 -#define HV_X64_MSR_TIME_REF_COUNT 0x40000020 -#define HV_X64_MSR_REFERENCE_TSC 0x40000021 -#define HV_X64_MSR_TSC_FREQUENCY 0x40000022 -#define HV_X64_MSR_APIC_FREQUENCY 0x40000023 -#define HV_X64_MSR_EOI 0x40000070 -#define HV_X64_MSR_ICR 0x40000071 -#define HV_X64_MSR_TPR 0x40000072 -#define HV_X64_MSR_VP_ASSIST_PAGE 0x40000073 +#define HV_X64_MSR_GUEST_OS_ID 0x40000000 +#define HV_X64_MSR_HYPERCALL 0x40000001 +#define HV_X64_MSR_VP_INDEX 0x40000002 +#define HV_X64_MSR_RESET 0x40000003 +#define HV_X64_MSR_VP_RUNTIME 0x40000010 +#define HV_X64_MSR_TIME_REF_COUNT 0x40000020 +#define HV_X64_MSR_REFERENCE_TSC 0x40000021 +#define HV_X64_MSR_TSC_FREQUENCY 0x40000022 +#define HV_X64_MSR_APIC_FREQUENCY 0x40000023 +#define HV_X64_MSR_EOI 0x40000070 +#define HV_X64_MSR_ICR 0x40000071 +#define HV_X64_MSR_TPR 0x40000072 +#define HV_X64_MSR_VP_ASSIST_PAGE 0x40000073 +#define HV_X64_MSR_SCONTROL 0x40000080 +#define HV_X64_MSR_SVERSION 0x40000081 +#define HV_X64_MSR_SIEFP 0x40000082 +#define HV_X64_MSR_SIMP 0x40000083 +#define HV_X64_MSR_EOM 0x40000084 +#define HV_X64_MSR_SINT0 0x40000090 +#define HV_X64_MSR_SINT1 0x40000091 +#define HV_X64_MSR_SINT2 0x40000092 +#define HV_X64_MSR_SINT3 0x40000093 +#define HV_X64_MSR_SINT4 0x40000094 +#define HV_X64_MSR_SINT5 0x40000095 +#define HV_X64_MSR_SINT6 0x40000096 +#define HV_X64_MSR_SINT7 0x40000097 +#define HV_X64_MSR_SINT8 0x40000098 +#define HV_X64_MSR_SINT9 0x40000099 +#define HV_X64_MSR_SINT10 0x4000009A +#define HV_X64_MSR_SINT11 0x4000009B +#define HV_X64_MSR_SINT12 0x4000009C +#define HV_X64_MSR_SINT13 0x4000009D +#define HV_X64_MSR_SINT14 0x4000009E +#define HV_X64_MSR_SINT15 0x4000009F +#define HV_X64_MSR_STIMER0_CONFIG 0x400000B0 +#define HV_X64_MSR_STIMER0_COUNT 0x400000B1 +#define HV_X64_MSR_STIMER1_CONFIG 0x400000B2 +#define HV_X64_MSR_STIMER1_COUNT 0x400000B3 +#define HV_X64_MSR_STIMER2_CONFIG 0x400000B4 +#define HV_X64_MSR_STIMER2_COUNT 0x400000B5 +#define HV_X64_MSR_STIMER3_CONFIG 0x400000B6 +#define HV_X64_MSR_STIMER3_COUNT 0x400000B7 +#define HV_X64_MSR_POWER_STATE_TRIGGER_C1 0x400000C1 +#define HV_X64_MSR_POWER_STATE_TRIGGER_C2 0x400000C2 +#define HV_X64_MSR_POWER_STATE_TRIGGER_C3 0x400000C3 +#define HV_X64_MSR_POWER_STATE_CONFIG_C1 0x400000D1 +#define HV_X64_MSR_POWER_STATE_CONFIG_C2 0x400000D2 +#define HV_X64_MSR_POWER_STATE_CONFIG_C3 0x400000D3 +#define HV_X64_MSR_STATS_PARTITION_RETAIL_PAGE 0x400000E0 +#define HV_X64_MSR_STATS_PARTITION_INTERNAL_PAGE 0x400000E1 +#define HV_X64_MSR_STATS_VP_RETAIL_PAGE 0x400000E2 +#define HV_X64_MSR_STATS_VP_INTERNAL_PAGE 0x400000E3 +#define HV_X64_MSR_GUEST_IDLE 0x400000F0 +#define HV_X64_MSR_SYNTH_DEBUG_CONTROL 0x400000F1 +#define HV_X64_MSR_SYNTH_DEBUG_STATUS 0x400000F2 +#define HV_X64_MSR_SYNTH_DEBUG_SEND_BUFFER 0x400000F3 +#define HV_X64_MSR_SYNTH_DEBUG_RECEIVE_BUFFER 0x400000F4 +#define HV_X64_MSR_SYNTH_DEBUG_PENDING_BUFFER 0x400000F5 +#define HV_X64_MSR_CRASH_P0 0x40000100 +#define HV_X64_MSR_CRASH_P1 0x40000101 +#define HV_X64_MSR_CRASH_P2 0x40000102 +#define HV_X64_MSR_CRASH_P3 0x40000103 +#define HV_X64_MSR_CRASH_P4 0x40000104 +#define HV_X64_MSR_CRASH_CTL 0x40000105 + +#define VIRIDIAN_MSR_MIN HV_X64_MSR_GUEST_OS_ID +#define VIRIDIAN_MSR_MAX HV_X64_MSR_CRASH_CTL /* Viridian Hypercall Status Codes. */ #define HV_STATUS_SUCCESS 0x0000 @@ -41,9 +97,11 @@ #define HV_STATUS_INVALID_PARAMETER 0x0005 /* Viridian Hypercall Codes. */ -#define HvFlushVirtualAddressSpace 2 -#define HvFlushVirtualAddressList 3 -#define HvNotifyLongSpinWait 8 +#define HvFlushVirtualAddressSpace 0x0002 +#define HvFlushVirtualAddressList 0x0003 +#define HvNotifyLongSpinWait 0x0008 +#define HvGetPartitionId 0x0046 +#define HvExtCallQueryCapabilities 0x8001 /* Viridian Hypercall Flags. */ #define HV_FLUSH_ALL_PROCESSORS 1 @@ -534,6 +592,10 @@ int wrmsr_viridian_regs(uint32_t idx, uint64_t val) break; default: + if (idx >= VIRIDIAN_MSR_MIN && idx <= VIRIDIAN_MSR_MAX) + gdprintk(XENLOG_WARNING, "unimplemented MSR %08x\n", + idx); + return 0; } @@ -657,6 +719,10 @@ int rdmsr_viridian_regs(uint32_t idx, uint64_t *val) } default: + if (idx >= VIRIDIAN_MSR_MIN && idx <= VIRIDIAN_MSR_MAX) + gdprintk(XENLOG_WARNING, "unimplemented MSR %08x\n", + idx); + return 0; } @@ -809,7 +875,15 @@ int viridian_hypercall(struct cpu_user_regs *regs) break; } + case HvGetPartitionId: + case HvExtCallQueryCapabilities: + status = HV_STATUS_INVALID_HYPERCALL_CODE; + break; + default: + gdprintk(XENLOG_WARNING, "unimplemented hypercall %04x\n", + input.call_code); + status = HV_STATUS_INVALID_HYPERCALL_CODE; break; }