From patchwork Tue Sep 1 10:54:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747929 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0499B109B for ; Tue, 1 Sep 2020 11:12:06 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D1FCD206C0 for ; Tue, 1 Sep 2020 11:12:05 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="BxdtPEC/" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D1FCD206C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BP-0000VI-Mh; Tue, 01 Sep 2020 11:10:35 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BO-0000VB-Iy for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:34 +0000 X-Inumbo-ID: adbb51d7-8ec0-490f-8834-f660d8271a81 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id adbb51d7-8ec0-490f-8834-f660d8271a81; Tue, 01 Sep 2020 11:10:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958633; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=zT5MN7nvkqMoYuX6+gGl+F2zxCCkKoFt0fQb/G0S9wE=; b=BxdtPEC/ukYZFnN/oZyNzdmxe4yOJKc/Csn4rrzEB9O6LyODkLM5Huu6 illgiJqhu4JjsmdNr3b0w00SSbbFEDGRfpz02eD/ikuCTthLv0fB++B5N 9P7REpaaxHa2Kv+176mRedcFbGYP4aGppHbNjlHM+sNZqUg8xboHLyyTD w=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: KSWzbafNK/H9Yl9E/Tm0GcMmepaueJn0xpVzrAvruUE6tx8TzmZefARzWNaUnowgMpScoMvyoV NYopEIHELntHKSZuKOLiIfQ+L+jFPwWW/VlDehF2+5dCF9JLNJij7lZldA276xeA9fxPIYjvq2 oADihqaAIowqptpI0Bgq5NdF6u8EK1qbiawwi9A7gcK2KIEl3FeBtL7Dj++Rzl6lkC5erB6QuB WMW05uwDXvqGkhQLCXd/M89+pCdE9DYYoBlgkG3NNFDVpWZ0lIoJqP0SSRTOs3niHYcAU27LgV UqM= X-SBRS: 2.7 X-MesageID: 26058623 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="26058623" From: Roger Pau Monne To: CC: Roger Pau Monne , Jun Nakajima , Kevin Tian , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 1/8] x86/vmx: handle writes to MISC_ENABLE MSR Date: Tue, 1 Sep 2020 12:54:38 +0200 Message-ID: <20200901105445.22277-2-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Such handling consist in checking that no bits have been changed from the read value, if that's the case silently drop the write, otherwise inject a fault. At least Windows guests will expect to write to the MISC_ENABLE MSR with the same value that's been read from it. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- xen/arch/x86/hvm/vmx/vmx.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index a0d58ffbe2..4717e50d4a 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3163,7 +3163,7 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) switch ( msr ) { - uint64_t rsvd; + uint64_t rsvd, tmp; case MSR_IA32_SYSENTER_CS: __vmwrite(GUEST_SYSENTER_CS, msr_content); @@ -3301,6 +3301,13 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) /* None of these MSRs are writeable. */ goto gp_fault; + case MSR_IA32_MISC_ENABLE: + /* Silently drop writes that don't change the reported value. */ + if ( vmx_msr_read_intercept(msr, &tmp) != X86EMUL_OKAY || + tmp != msr_content ) + goto gp_fault; + break; + case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7): case MSR_P6_EVNTSEL(0)...MSR_P6_EVNTSEL(7): case MSR_CORE_PERF_FIXED_CTR0...MSR_CORE_PERF_FIXED_CTR2: From patchwork Tue Sep 1 10:54:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747917 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AEBED166C for ; Tue, 1 Sep 2020 11:11:01 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8917820BED for ; Tue, 1 Sep 2020 11:11:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="LUF5PaIa" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8917820BED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BR-0000Ve-V0; Tue, 01 Sep 2020 11:10:37 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BQ-0000V0-EY for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:36 +0000 X-Inumbo-ID: 263c1e8f-9c54-440b-83fd-2fc466c9c4e2 Received: from esa4.hc3370-68.iphmx.com (unknown [216.71.155.144]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 263c1e8f-9c54-440b-83fd-2fc466c9c4e2; Tue, 01 Sep 2020 11:10:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958633; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=gPkcofx5wqS3WmC+5Y4XByDXXhvalyO2X0/eP2W2w0Y=; b=LUF5PaIau8vuR2UAKFRouQnN/+opAqlteLXuhZzKDcZtSJ3aAUQrMTdj 6SZO8YUF5TpDRQnio5WMeB3GOBIY7QFMy4gM9eARX1J2r42V/Mw7FhpiJ fnx5MIg8hByJ6cOqRKKELrgCqfHMFOjvWHC3uPxRqWTu0lEjEMCs1C1xt c=; Authentication-Results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: JsMJ9J27Kg39sWJ/sRl19UZjLueF8UIkQy4ZHaibDeBsyM/hD7ZGV9hZWP2Ywjfqq+d1rPpRPE NVTySGipQDaxDw63IENjKLFdQ7olxPE+D30p/VpuYSHRIEPQtsMauWbfmwiC5sWH9x2emQVk5p eC6lGWVVQtPE0AP0HKXk3WeLbuB5UEwTHrvpd4az6vbT0ytUodgRfewOqWpYUZNUx/1NRCvxTE G6vIPHN6cZuIbtv9siz8xTC0g5QqaAwezM2vk3jII+oS7PEKsYrXTwBlmjpvL/3LZjW+1HvUK8 GiQ= X-SBRS: 2.7 X-MesageID: 26679910 X-Ironport-Server: esa4.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="26679910" From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 2/8] x86/svm: silently drop writes to SYSCFG and related MSRs Date: Tue, 1 Sep 2020 12:54:39 +0200 Message-ID: <20200901105445.22277-3-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" The SYSCFG, TOP_MEM1 and TOP_MEM2 MSRs are currently exposed to guests and writes are silently discarded. Make this explicit in the SVM code now, and just return default constant values when attempting to read any of the MSRs, while continuing to silently drop writes. Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich --- Changes since v2: - Return 0 from SYSCFG. - Merge switch cases. Changes sincxe v1: - Return MtrrFixDramEn in MSR_K8_SYSCFG. --- xen/arch/x86/hvm/svm/svm.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index ca3bbfcbb3..af584ff5d1 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1917,6 +1917,9 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) goto gpf; break; + case MSR_K8_SYSCFG: + case MSR_K8_TOP_MEM1: + case MSR_K8_TOP_MEM2: case MSR_K8_VM_CR: *msr_content = 0; break; @@ -2094,6 +2097,9 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) goto gpf; break; + case MSR_K8_TOP_MEM1: + case MSR_K8_TOP_MEM2: + case MSR_K8_SYSCFG: case MSR_K8_VM_CR: /* ignore write. handle all bits as read-only. */ break; From patchwork Tue Sep 1 10:54:40 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747923 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 292BB166C for ; Tue, 1 Sep 2020 11:11:36 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 062A420BED for ; Tue, 1 Sep 2020 11:11:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="dIKh1uzV" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 062A420BED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BV-0000Wi-8v; Tue, 01 Sep 2020 11:10:41 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BT-0000VB-EV for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:39 +0000 X-Inumbo-ID: 63ef6d52-76e3-4e40-8936-f4b822b1143a Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 63ef6d52-76e3-4e40-8936-f4b822b1143a; Tue, 01 Sep 2020 11:10:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958635; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=JdFoPoleaw4tuOelguNrercB/rGm2uumX09CkmN978M=; b=dIKh1uzViVnZK1MyPYFsFm7lYcM01zmMIT8NZqYeQN1BP20LDTSUl8eB +CkRlzWLHD9XDFGPY2Qt+Wqbq6VcfPpf6LEPovLyvOFh07bk3rOIEAE8b 9mXXsDpoCYY21a1IZxcT/2bH15ri4qHgi1wH54W4bTJLFqvXo7+NcT7sh g=; Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: 3PT9NW5SBded6iTc0FWkTFU3253T57O2Kjr8lD/3TZw8aLEx489kUJupa+QCfJ6C2AMkxnNOKe H/dEom+Ak5Wzioc08c97FSo0m2My97xb8au5rhtmfSLBXxOjwQx7/XnTGMnPOsx9REsz0GTZQX uRALeT47opfP8cCU52RGjVtuNUY24f0A/6SA16xpBPg0AUfbS1zELcXyPHCE5HkaxAkGvXWR9/ USvO0cabvdFvxLtEc9OpKIBH7U0ldUnUlwCRO0ftqxHxkulZWUCcdVHaLA5qZdA2gIg3sOR2Ju Yl0= X-SBRS: 2.7 X-MesageID: 25858454 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="25858454" From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 3/8] x86/msr: explicitly handle AMD DE_CFG Date: Tue, 1 Sep 2020 12:54:40 +0200 Message-ID: <20200901105445.22277-4-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Report LFENCE_SERIALISE unconditionally for DE_CFG on AMD hardware and silently drop writes. Reported-by: Andrew Cooper Signed-off-by: Roger Pau Monné --- Changes since v2: - Drop the bot_cpu checks and don't attempt to read the MSR, just return LFENCE_SERIALISE unconditionally. - Add a comment about OpenBSD panicking if writing to the MSR triggers a #GP. Changes since v1: - New in this version. --- xen/arch/x86/msr.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index a478b91f23..e84107ac7b 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -292,6 +292,12 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) *val = msrs->tsc_aux; break; + case MSR_AMD64_DE_CFG: + if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) + goto gp_fault; + *val = AMD64_DE_CFG_LFENCE_SERIALISE; + break; + case MSR_AMD64_DR0_ADDRESS_MASK: case MSR_AMD64_DR1_ADDRESS_MASK ... MSR_AMD64_DR3_ADDRESS_MASK: if ( !cp->extd.dbext ) @@ -517,6 +523,15 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) wrmsr_tsc_aux(val); break; + case MSR_AMD64_DE_CFG: + /* + * OpenBSD 6.7 will panic if writing to DE_CFG triggers a #GP: + * https://www.illumos.org/issues/12998 + */ + if ( !(cp->x86_vendor & (X86_VENDOR_AMD | X86_VENDOR_HYGON)) ) + goto gp_fault; + break; + case MSR_AMD64_DR0_ADDRESS_MASK: case MSR_AMD64_DR1_ADDRESS_MASK ... MSR_AMD64_DR3_ADDRESS_MASK: if ( !cp->extd.dbext || val != (uint32_t)val ) From patchwork Tue Sep 1 10:54:41 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747921 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D992C109B for ; Tue, 1 Sep 2020 11:11:27 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id AE6B820BED for ; Tue, 1 Sep 2020 11:11:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="MHv6riaZ" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org AE6B820BED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BW-0000Xn-Pf; Tue, 01 Sep 2020 11:10:42 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BV-0000V0-Ei for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:41 +0000 X-Inumbo-ID: 03185e43-8547-49d8-b993-550fe45a27ad Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 03185e43-8547-49d8-b993-550fe45a27ad; Tue, 01 Sep 2020 11:10:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958636; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8HvuS2IX/VG66e6Pirdx+5CTSqndx03agTLark1mhbU=; b=MHv6riaZuHbduFfLocfaC2Uykbk7ctA8ckZbs+02guWT8fVqZSM1ZIQe cdUJp7evaIbZtCLArVRRuD+rDVgKu990/Nex0h7ljdLo55/oqzH5TDxXw S2EWQ1amdhD15EeFn1cgnA8J98XnrTbt2Ogv5GwQj6SywNB2b0gzQF43Q M=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: IOipEql4F+KsdYjDsrwAh/JCZOSJZovOmaDaRNzVMhL4fdKyy6FSF7XJ0nrhJDqCnr+wnQ4P+Y 0XA3HE/Bwvt7ooLQTH9lxnM8wSabAcaWRTc9uRI6Hre+FYzM7jzQu1jivRKqt8sZ44PvUouHHo RG+Kzl4GECpSvwnoMZnkbhZ2hBGbrRDlAMxpRuO/HkQQsf6q4rTi+IQSWBYvdPaHTtKSCxMXQl +MKn4rLQUGfcDyhUx5tiQi+IUOefux6wk+4Cp1ZGQMgVn5Yxm+Ud9bm85F8b2+WGo5+Ukc2X32 tu8= X-SBRS: 2.7 X-MesageID: 26025440 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="26025440" From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 4/8] x86/svm: handle BU_CFG and BU_CFG2 with cases Date: Tue, 1 Sep 2020 12:54:41 +0200 Message-ID: <20200901105445.22277-5-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Move the special handling of reads to it's own switch case, and also add support for BU_CFG2. On the write side ignore writes if the MSR is readable, otherwise return a #GP. This is in preparation for changing the default MSR read/write behavior, which will instead return #GP on not explicitly handled cases. Signed-off-by: Roger Pau Monné --- Changes since v2: - Move the handling of reads to it's own case. - Drop writes if the MSR is readable, else return a #GP. Changes since v1: - New in this version. --- xen/arch/x86/hvm/svm/svm.c | 43 ++++++++++++++++++++++++++------------ 1 file changed, 30 insertions(+), 13 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index af584ff5d1..0e43154c7e 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1864,6 +1864,30 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) *msr_content = 1ULL << 61; /* MC4_MISC.Locked */ break; + case MSR_F10_BU_CFG: + if ( !rdmsr_safe(msr, *msr_content) ) + break; + + if ( boot_cpu_data.x86 == 0xf ) + { + /* + * Win2k8 x64 reads this MSR on revF chips, where it wasn't + * publically available; it uses a magic constant in %rdi as a + * password, which we don't have in rdmsr_safe(). Since we'll + * ignore the later writes, just use a plausible value here (the + * reset value from rev10h chips) if the real CPU didn't provide + * one. + */ + *msr_content = 0x0000000010200020ull; + break; + } + goto gpf; + + case MSR_F10_BU_CFG2: + if ( rdmsr_safe(msr, *msr_content) ) + goto gpf; + break; + case MSR_IA32_EBC_FREQUENCY_ID: /* * This Intel-only register may be accessed if this HVM guest @@ -1942,19 +1966,6 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) default: if ( rdmsr_safe(msr, *msr_content) == 0 ) break; - - if ( boot_cpu_data.x86 == 0xf && msr == MSR_F10_BU_CFG ) - { - /* Win2k8 x64 reads this MSR on revF chips, where it - * wasn't publically available; it uses a magic constant - * in %rdi as a password, which we don't have in - * rdmsr_safe(). Since we'll ignore the later writes, - * just use a plausible value here (the reset value from - * rev10h chips) if the real CPU didn't provide one. */ - *msr_content = 0x0000000010200020ull; - break; - } - goto gpf; } @@ -2110,6 +2121,12 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) nsvm->ns_msr_hsavepa = msr_content; break; + case MSR_F10_BU_CFG: + case MSR_F10_BU_CFG2: + if ( rdmsr_safe(msr, msr_content) ) + goto gpf; + break; + case MSR_AMD64_TSC_RATIO: if ( msr_content & TSC_RATIO_RSVD_BITS ) goto gpf; From patchwork Tue Sep 1 10:54:42 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747927 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BE23C166C for ; Tue, 1 Sep 2020 11:11:47 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 98D68206C0 for ; Tue, 1 Sep 2020 11:11:47 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="ZucdF/IM" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 98D68206C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Bc-0000aq-EP; Tue, 01 Sep 2020 11:10:48 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Ba-0000V0-Er for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:46 +0000 X-Inumbo-ID: b4a32c02-3e24-4821-80ce-c62ed47c5edf Received: from esa6.hc3370-68.iphmx.com (unknown [216.71.155.175]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id b4a32c02-3e24-4821-80ce-c62ed47c5edf; Tue, 01 Sep 2020 11:10:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958637; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=7HwL1hujKKkpV4RAoFw3wKEs/16rVlGWWGTnnzYIk2E=; b=ZucdF/IMtMDHyWwqbzVpoaMVwiFzIFQgY69/sIH4vCDsKKjJSG1xTima 9/wHjRXp0s20m9dvASFzb4sBh1Kb7X3tKiarBUqwso4cvcIMK73GgNhqU dWNlazkahmJZ5++RIocewAvCf4YFFv9DeQAK3dKbtRpxxXii6Agss2UfY E=; Authentication-Results: esa6.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: fOFVWvz8X0hf2Aq0WsNW70HpeGZbVyRTz8hQsOweEN5t0MV7TeH7unNIkSTXBQ1pij+Qhng6hH gbiFo8+XHuOamgk9XWzvgolDFhVGjFsYNxtlIxxyszcVAhdXiW6Ds9MrMhz5E3iLG/1zdbFwgU 0eprqZoaAXI4v/f+FgvrTKWC0lPPj28exkcW+W7oqeGHaUv6cM5bFpgdDqyfV3Obp31f4U750y xufJGG5PXmAcNrN66m2SjPUm1MwwyreS9BFNYozITUceGM8oy3RR6fCisQ/Qc8+nXAPknX2Kk+ j6s= X-SBRS: 2.7 X-MesageID: 26025443 X-Ironport-Server: esa6.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="26025443" From: Roger Pau Monne To: CC: Roger Pau Monne , Jun Nakajima , Kevin Tian , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 5/8] x86/pv: allow reading FEATURE_CONTROL MSR Date: Tue, 1 Sep 2020 12:54:42 +0200 Message-ID: <20200901105445.22277-6-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Linux PV guests will attempt to read the FEATURE_CONTROL MSR, so move the handling done in VMX code into guest_rdmsr as it can be shared between PV and HVM guests that way. Signed-off-by: Roger Pau Monné --- Changes from v1: - Move the VMX implementation into guest_rdmsr. --- xen/arch/x86/hvm/vmx/vmx.c | 8 +------- xen/arch/x86/msr.c | 13 +++++++++++++ 2 files changed, 14 insertions(+), 7 deletions(-) diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 4717e50d4a..f6657af923 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2980,13 +2980,7 @@ static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) case MSR_IA32_DEBUGCTLMSR: __vmread(GUEST_IA32_DEBUGCTL, msr_content); break; - case MSR_IA32_FEATURE_CONTROL: - *msr_content = IA32_FEATURE_CONTROL_LOCK; - if ( vmce_has_lmce(curr) ) - *msr_content |= IA32_FEATURE_CONTROL_LMCE_ON; - if ( nestedhvm_enabled(curr->domain) ) - *msr_content |= IA32_FEATURE_CONTROL_ENABLE_VMXON_OUTSIDE_SMX; - break; + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_VMFUNC: if ( !nvmx_msr_read_intercept(msr, msr_content) ) goto gp_fault; diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index e84107ac7b..cc2f111a90 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -25,6 +25,7 @@ #include #include +#include #include #include #include @@ -197,6 +198,18 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) /* Not offered to guests. */ goto gp_fault; + case MSR_IA32_FEATURE_CONTROL: + if ( !(cp->x86_vendor & X86_VENDOR_INTEL) ) + goto gp_fault; + + *val = IA32_FEATURE_CONTROL_LOCK; + if ( vmce_has_lmce(v) ) + *val |= IA32_FEATURE_CONTROL_LMCE_ON; + if ( nestedhvm_enabled(d) ) + *val |= IA32_FEATURE_CONTROL_ENABLE_VMXON_OUTSIDE_SMX; + break; + + case MSR_IA32_PLATFORM_ID: if ( !(cp->x86_vendor & X86_VENDOR_INTEL) || !(boot_cpu_data.x86_vendor & X86_VENDOR_INTEL) ) From patchwork Tue Sep 1 10:54:43 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747919 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6AEF7109B for ; Tue, 1 Sep 2020 11:11:13 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 41DDF20BED for ; Tue, 1 Sep 2020 11:11:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="DR5CYW7d" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 41DDF20BED Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Bh-0000eN-5n; Tue, 01 Sep 2020 11:10:53 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Bf-0000V0-Ev for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:51 +0000 X-Inumbo-ID: 5f199d10-49cb-442b-9f02-d3ab43f2ec64 Received: from esa1.hc3370-68.iphmx.com (unknown [216.71.145.142]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5f199d10-49cb-442b-9f02-d3ab43f2ec64; Tue, 01 Sep 2020 11:10:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958641; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=M8ARSpqL0nd5zsCpnhZnfQ+5vJo5jg5hBQPEsOCe3kQ=; b=DR5CYW7d0mhFqK3eph/ezqb4uJOg8FjrNZ8JxzxCjulG0hdtQl4OdMSY Fh1Qh21STokYCUKkdILb1Wu9X3xdn9GtgxKtMiNn3c3HbtF76jonOCMJJ Uiay+DdEZKlXtqB1IWV7rYYl9fOudBLFdzYLd50jEVhDW01L+Mcb3AzXG U=; Authentication-Results: esa1.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: TLJWm8NpR2KpPCRtGX1o5O+WTPORA4mgc8Ov6yZt8hRZiz4n0P7cd2AQVHj7+0MDJFiBu8CB1a Sd+Ss2oTTmwBvCTFszTXwajMkjAsnEwx/8Wlag95o6N88M+xZX+W6EfIMB2KDiT1FB4ysHugcF A7NXuPxoY+lXgn+z+9R317l4p5pA7wkkoVbPC3/J7EG8XypPdCaigNvplgTT8203xeSFoodCj3 oXX7+D02t+2DTG8XIs1XAmfHlSVaJxiN+CK3UXTpf/onlACZfPLMCFR4wfWpuvi0BA5EoqNcEc rJI= X-SBRS: 2.7 X-MesageID: 26058627 X-Ironport-Server: esa1.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="26058627" From: Roger Pau Monne To: CC: Roger Pau Monne , Jan Beulich , Andrew Cooper , Wei Liu Subject: [PATCH v3 6/8] x86/pv: disallow access to unknown MSRs Date: Tue, 1 Sep 2020 12:54:43 +0200 Message-ID: <20200901105445.22277-7-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" Change the catch-all behavior for MSR not explicitly handled. Instead of allow full read-access to the MSR space and silently dropping writes return an exception when the MSR is not explicitly handled. Signed-off-by: Roger Pau Monné Acked-by: Andrew Cooper --- Changes since v2: - Added missing 0x prefix. --- xen/arch/x86/pv/emul-priv-op.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c index bcc1188f6a..2d9953f5b4 100644 --- a/xen/arch/x86/pv/emul-priv-op.c +++ b/xen/arch/x86/pv/emul-priv-op.c @@ -972,9 +972,10 @@ static int read_msr(unsigned int reg, uint64_t *val, } /* fall through */ default: + gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n", reg); + break; + normal: - /* Everyone can read the MSR space. */ - /* gdprintk(XENLOG_WARNING, "Domain attempted RDMSR %08x\n", reg); */ if ( rdmsr_safe(reg, *val) ) break; return X86EMUL_OKAY; @@ -1141,14 +1142,15 @@ static int write_msr(unsigned int reg, uint64_t val, } /* fall through */ default: - if ( rdmsr_safe(reg, temp) ) - break; + gdprintk(XENLOG_WARNING, + "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n", + reg, val); + break; - if ( val != temp ) invalid: - gdprintk(XENLOG_WARNING, - "Domain attempted WRMSR %08x from 0x%016"PRIx64" to 0x%016"PRIx64"\n", - reg, temp, val); + gdprintk(XENLOG_WARNING, + "Domain attempted WRMSR 0x%08x from 0x%016"PRIx64" to 0x%016"PRIx64"\n", + reg, temp, val); return X86EMUL_OKAY; } From patchwork Tue Sep 1 10:54:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747933 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B9271109B for ; Tue, 1 Sep 2020 11:12:29 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 92B82206C0 for ; Tue, 1 Sep 2020 11:12:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="hPJgy7Be" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 92B82206C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Ba-0000ZT-3C; Tue, 01 Sep 2020 11:10:46 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4BY-0000VB-Ec for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:44 +0000 X-Inumbo-ID: 4dc66d48-a97a-41a7-868b-b0013b3a38f6 Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 4dc66d48-a97a-41a7-868b-b0013b3a38f6; Tue, 01 Sep 2020 11:10:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958643; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=E3jeYzrTbVvHtqEv2Ls5J9K9ynGLS4FHP+N0UrriWms=; b=hPJgy7BehiOddMzkN5o81O2LCoogc1yFpu1W1fpV4hsQYM54HkACJCen 5cYbSRE5GcIz/AuZWiL1jnbtqu716vzuCQo3SfDNfXQKPiMIvEXva0Qt3 luPYEeSI5b1cRt8ZKzri6W7pL4GkgV+eilkv6Sa/7BqJpS92db8aTFws9 g=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: lLfVdKCRlzCApa0D2xmXz0BzXvmerCAvdrXWfkwG42+VYyoo5xpmZ0ov/aae8aQZQWMcb6ACXo i6OZemeN4a9vVveDN41SqvB+bSLPdC4IRSj7nZk0siFXmp3Ndhn9hnA5Cp3PqEEdrztwGxZk/S 3VcrOAcq1eHQHwoIgBngBHgEFVnLlNn5p/71CkDWWf4Tbngh+3ZdQJCAvu13llf9uef7ZHez9g 59BuieQqctgsubTiwMNOQjsIfj+vLO5sbxZUEPzNjQHha7KzcmeS5FxycrhOFSYyjLf3dNTUFs gnA= X-SBRS: 2.7 X-MesageID: 25738158 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="25738158" From: Roger Pau Monne To: CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu , Jun Nakajima , Kevin Tian Subject: [PATCH v3 7/8] x86/hvm: Disallow access to unknown MSRs Date: Tue, 1 Sep 2020 12:54:44 +0200 Message-ID: <20200901105445.22277-8-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Andrew Cooper Change the catch-all behavior for MSR not explicitly handled. Instead of allow full read-access to the MSR space and silently dropping writes return an exception when the MSR is not explicitly handled. Signed-off-by: Andrew Cooper [remove rdmsr_safe from default case in svm_msr_read_intercept] Signed-off-by: Roger Pau Monné Reviewed-by: Jan Beulich Reviewed-by: Kevin Tian --- Changes since v1: - Fold chunk to remove explicit write handling of VMX MSRs just to #GP. - Remove catch-all rdmsr_safe in svm_msr_read_intercept. --- xen/arch/x86/hvm/svm/svm.c | 10 ++++------ xen/arch/x86/hvm/vmx/vmx.c | 16 ++++------------ 2 files changed, 8 insertions(+), 18 deletions(-) diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 0e43154c7e..66b22efdab 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -1964,8 +1964,7 @@ static int svm_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; default: - if ( rdmsr_safe(msr, *msr_content) == 0 ) - break; + gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n", msr); goto gpf; } @@ -2150,10 +2149,9 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) break; default: - /* Match up with the RDMSR side; ultimately this should go away. */ - if ( rdmsr_safe(msr, msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, + "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n", + msr, msr_content); goto gpf; } diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index f6657af923..9cc9d81c41 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3015,9 +3015,7 @@ static int vmx_msr_read_intercept(unsigned int msr, uint64_t *msr_content) break; } - if ( rdmsr_safe(msr, *msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, "RDMSR 0x%08x unimplemented\n", msr); goto gp_fault; } @@ -3290,11 +3288,6 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) __vmwrite(GUEST_IA32_DEBUGCTL, msr_content); break; - case MSR_IA32_FEATURE_CONTROL: - case MSR_IA32_VMX_BASIC ... MSR_IA32_VMX_VMFUNC: - /* None of these MSRs are writeable. */ - goto gp_fault; - case MSR_IA32_MISC_ENABLE: /* Silently drop writes that don't change the reported value. */ if ( vmx_msr_read_intercept(msr, &tmp) != X86EMUL_OKAY || @@ -3320,10 +3313,9 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) is_last_branch_msr(msr) ) break; - /* Match up with the RDMSR side; ultimately this should go away. */ - if ( rdmsr_safe(msr, msr_content) == 0 ) - break; - + gdprintk(XENLOG_WARNING, + "WRMSR 0x%08x val 0x%016"PRIx64" unimplemented\n", + msr, msr_content); goto gp_fault; } From patchwork Tue Sep 1 10:54:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Roger_Pau_Monn=C3=A9?= X-Patchwork-Id: 11747931 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7E087166C for ; Tue, 1 Sep 2020 11:12:15 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5AC3B206C0 for ; Tue, 1 Sep 2020 11:12:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=citrix.com header.i=@citrix.com header.b="U7/HLyV9" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5AC3B206C0 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=citrix.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Be-0000ca-Ri; Tue, 01 Sep 2020 11:10:50 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1kD4Bd-0000VB-Ef for xen-devel@lists.xenproject.org; Tue, 01 Sep 2020 11:10:49 +0000 X-Inumbo-ID: af246697-e068-45e2-be8b-515ad49f064f Received: from esa2.hc3370-68.iphmx.com (unknown [216.71.145.153]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id af246697-e068-45e2-be8b-515ad49f064f; Tue, 01 Sep 2020 11:10:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1598958644; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=BMnRreRW+++9kfh3egHsOAJKzSNN/TeOyxU8V9BYfgQ=; b=U7/HLyV96dAXwwSPMaEOKTVHSCVzqjDU5gWRYSkBmkGGDORFb3+Kyyec xbKmSg1hUH8nMp/mb0DuIBeQXPi1vIzbmwRj1O8vu948CvEiGf+PkgGyP 7OIPsPEV3pBPrWV8TZwP4wKugGI5n2J6Yv9woYgOZrosp5Vwigu5yAR5i 0=; Authentication-Results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none IronPort-SDR: n4tkfPQ9WS11cDUSwwbxf6JXeWpSpobbzFPEnDYn1ddNg0gElB6ucVlj9pGb1EjVSPXGJCgCRS 8PTvH2SlWtsCCZgZpfi0j4RG84+hxFqGj3abcVH9fMN06KCoppXQvf9S1/mZnCvDEBiqZAW8FY 2fbtlon4kCUz+rcZAHBM1nTm8/g6xRdCvMy5tEiIS/YF9XgdE+iSTD0EXWaj6lEH0U0X8ST1am yi6Sg6N7+T9m1qycq774GO66PrTzGH5+ME83vhLbIIrbi6ifaTvNqfJLS0g+WcxRLXzDKwmfc2 3/U= X-SBRS: 2.7 X-MesageID: 25738160 X-Ironport-Server: esa2.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.76,378,1592884800"; d="scan'208";a="25738160" From: Roger Pau Monne To: CC: Andrew Cooper , Jan Beulich , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Wei Liu Subject: [PATCH v3 8/8] x86/msr: Drop compatibility #GP handling in guest_{rd, wr}msr() Date: Tue, 1 Sep 2020 12:54:45 +0200 Message-ID: <20200901105445.22277-9-roger.pau@citrix.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901105445.22277-1-roger.pau@citrix.com> References: <20200901105445.22277-1-roger.pau@citrix.com> MIME-Version: 1.0 X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" From: Andrew Cooper Now that the main PV/HVM MSR handlers raise #GP for all unknown MSRs, there is no need to special case these MSRs any more. Signed-off-by: Andrew Cooper Reviewed-by: Roger Pau Monné --- Changes since v1: - New in this version. --- xen/arch/x86/msr.c | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c index cc2f111a90..ab11e3b73c 100644 --- a/xen/arch/x86/msr.c +++ b/xen/arch/x86/msr.c @@ -175,29 +175,6 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val) switch ( msr ) { - case MSR_AMD_PATCHLOADER: - case MSR_IA32_UCODE_WRITE: - case MSR_PRED_CMD: - case MSR_FLUSH_CMD: - /* Write-only */ - case MSR_TEST_CTRL: - case MSR_CORE_CAPABILITIES: - case MSR_TSX_FORCE_ABORT: - case MSR_TSX_CTRL: - case MSR_MCU_OPT_CTRL: - case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): - case MSR_U_CET: - case MSR_S_CET: - case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: - case MSR_AMD64_LWP_CFG: - case MSR_AMD64_LWP_CBADDR: - case MSR_PPIN_CTL: - case MSR_PPIN: - case MSR_AMD_PPIN_CTL: - case MSR_AMD_PPIN: - /* Not offered to guests. */ - goto gp_fault; - case MSR_IA32_FEATURE_CONTROL: if ( !(cp->x86_vendor & X86_VENDOR_INTEL) ) goto gp_fault; @@ -365,29 +342,6 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val) { uint64_t rsvd; - case MSR_IA32_PLATFORM_ID: - case MSR_CORE_CAPABILITIES: - case MSR_INTEL_CORE_THREAD_COUNT: - case MSR_INTEL_PLATFORM_INFO: - case MSR_ARCH_CAPABILITIES: - /* Read-only */ - case MSR_TEST_CTRL: - case MSR_TSX_FORCE_ABORT: - case MSR_TSX_CTRL: - case MSR_MCU_OPT_CTRL: - case MSR_RTIT_OUTPUT_BASE ... MSR_RTIT_ADDR_B(7): - case MSR_U_CET: - case MSR_S_CET: - case MSR_PL0_SSP ... MSR_INTERRUPT_SSP_TABLE: - case MSR_AMD64_LWP_CFG: - case MSR_AMD64_LWP_CBADDR: - case MSR_PPIN_CTL: - case MSR_PPIN: - case MSR_AMD_PPIN_CTL: - case MSR_AMD_PPIN: - /* Not offered to guests. */ - goto gp_fault; - case MSR_AMD_PATCHLEVEL: BUILD_BUG_ON(MSR_IA32_UCODE_REV != MSR_AMD_PATCHLEVEL); /*