Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
xen.4698
58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 58ac1f3f-VMX-dont-leak-host-syscall-MSRs.patch of Package xen.4698
# Commit 2f1add6e1c8789d979daaafa3d80ddc1bc375783 # Date 2017-02-21 11:06:39 +0000 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> x86/vmx: Don't leak host syscall MSR state into HVM guests hvm_hw_cpu->msr_flags is in fact the VMX dirty bitmap of MSRs needing to be restored when switching into guest context. It should never have been part of the migration state to start with, and Xen must not make any decisions based on the value seen during restore. Identify it as obsolete in the header files, consistently save it as zero and ignore it on restore. The MSRs must be considered dirty during VMCS creation to cause the proper defaults of 0 to be visible to the guest. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> Reviewed-by: Kevin Tian <kevin.tian@intel.com> --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -325,7 +325,7 @@ static void svm_save_cpu_state(struct vc data->msr_cstar = vmcb->cstar; data->msr_syscall_mask = vmcb->sfmask; data->msr_efer = v->arch.hvm_vcpu.guest_efer; - data->msr_flags = -1ULL; + data->msr_flags = 0; data->tsc = hvm_get_guest_tsc(v); } --- a/xen/arch/x86/hvm/vmx/vmcs.c +++ b/xen/arch/x86/hvm/vmx/vmcs.c @@ -979,6 +979,9 @@ static int construct_vmcs(struct vcpu *v vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, MSR_TYPE_R | MSR_TYPE_W); } + /* All guest MSR state is dirty. */ + v->arch.hvm_vmx.msr_state.flags = ((1u << VMX_MSR_COUNT) - 1); + /* I/O access bitmap. */ __vmwrite(IO_BITMAP_A, virt_to_maddr((char *)hvm_io_bitmap + 0)); __vmwrite(IO_BITMAP_B, virt_to_maddr((char *)hvm_io_bitmap + PAGE_SIZE)); --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -532,13 +532,12 @@ static int vmx_vmcs_restore(struct vcpu static void vmx_save_cpu_state(struct vcpu *v, struct hvm_hw_cpu *data) { struct vmx_msr_state *guest_state = &v->arch.hvm_vmx.msr_state; - unsigned long guest_flags = guest_state->flags; data->shadow_gs = v->arch.hvm_vmx.shadow_gs; data->msr_cstar = v->arch.hvm_vmx.cstar; /* save msrs */ - data->msr_flags = guest_flags; + data->msr_flags = 0; data->msr_lstar = guest_state->msrs[VMX_INDEX_MSR_LSTAR]; data->msr_star = guest_state->msrs[VMX_INDEX_MSR_STAR]; data->msr_syscall_mask = guest_state->msrs[VMX_INDEX_MSR_SYSCALL_MASK]; @@ -551,7 +550,7 @@ static void vmx_load_cpu_state(struct vc struct vmx_msr_state *guest_state = &v->arch.hvm_vmx.msr_state; /* restore msrs */ - guest_state->flags = data->msr_flags & 7; + guest_state->flags = ((1u << VMX_MSR_COUNT) - 1); guest_state->msrs[VMX_INDEX_MSR_LSTAR] = data->msr_lstar; guest_state->msrs[VMX_INDEX_MSR_STAR] = data->msr_star; guest_state->msrs[VMX_INDEX_MSR_SYSCALL_MASK] = data->msr_syscall_mask; --- a/xen/include/public/arch-x86/hvm/save.h +++ b/xen/include/public/arch-x86/hvm/save.h @@ -133,7 +133,7 @@ struct hvm_hw_cpu { uint64_t shadow_gs; /* msr content saved/restored. */ - uint64_t msr_flags; + uint64_t msr_flags; /* Obsolete, ignored. */ uint64_t msr_lstar; uint64_t msr_star; uint64_t msr_cstar; @@ -242,7 +242,7 @@ struct hvm_hw_cpu_compat { uint64_t shadow_gs; /* msr content saved/restored. */ - uint64_t msr_flags; + uint64_t msr_flags; /* Obsolete, ignored. */ uint64_t msr_lstar; uint64_t msr_star; uint64_t msr_cstar;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor