'[Xen-changelog] [xen stable-4.8] x86/HVM: don't give the wrong impression of WRMSR succeeding'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xen-cvs
Subject:    [Xen-changelog] [xen stable-4.8] x86/HVM: don't give the wrong impression of WRMSR succeeding
From:       patchbot () xen ! org
Date:       2018-03-29 1:24:25
Message-ID: E1f1MIj-0006sa-4S () xenbits ! xenproject ! org
[Download RAW message or body]

commit b19b20690d4cfcc3069ee1cf6d486e0c8daed580
Author:     Jan Beulich <jbeulich@suse.com>
AuthorDate: Tue Mar 6 16:16:05 2018 +0100
Commit:     Jan Beulich <jbeulich@suse.com>
CommitDate: Tue Mar 6 16:16:05 2018 +0100

    x86/HVM: don't give the wrong impression of WRMSR succeeding
    
    ... for non-existent MSRs: wrmsr_hypervisor_regs()'s comment clearly
    says that the function returns 0 for unrecognized MSRs, so
    {svm,vmx}_msr_write_intercept() should not convert this into success. We
    don't want to unconditionally fail the access though, as we can't be
    certain the list of handled MSRs is complete enough for the guest types
    we care about, so instead mirror what we do on the read paths and probe
    the MSR to decide whether to raise #GP.
    
    Signed-off-by: Jan Beulich <jbeulich@suse.com>
    Reviewed-by: Kevin Tian <kevin.tian@intel.com>
    Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
    Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
    master commit: 1f1d183d49008794b087cf043fc77f724a45af98
    master date: 2018-02-27 15:12:23 +0100
---
 xen/arch/x86/hvm/svm/svm.c | 7 +++++++
 xen/arch/x86/hvm/vmx/vmx.c | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 177459b9df..be4318cc72 100644
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -1954,6 +1954,13 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content)
             result = X86EMUL_RETRY;
             break;
         case 0:
+            /*
+             * Match up with the RDMSR side for now; ultimately this entire
+             * case block should go away.
+             */
+            if ( rdmsr_safe(msr, msr_content) == 0 )
+                break;
+            goto gpf;
         case 1:
             break;
         default:
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index f3a8ccf938..c604672bf8 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -3025,6 +3025,13 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content)
                     case -ERESTART:
                         return X86EMUL_RETRY;
                     case 0:
+                        /*
+                         * Match up with the RDMSR side for now; ultimately this
+                         * entire case block should go away.
+                         */
+                        if ( rdmsr_safe(msr, msr_content) == 0 )
+                            break;
+                        goto gp_fault;
                     case 1:
                         break;
                     default:
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.8

_______________________________________________
Xen-changelog mailing list
Xen-changelog@lists.xenproject.org
https://lists.xenproject.org/xen-changelog
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic