WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

RE: [Xen-devel] [PATCH] MSR related clean up

To: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>, Sheng Yang <sheng@xxxxxxxxxxxxxxx>
Subject: RE: [Xen-devel] [PATCH] MSR related clean up
From: "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Date: Wed, 24 Jun 2009 17:45:15 +0800
Accept-language: en-US
Acceptlanguage: en-US
Cc: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>, "Dong, Eddie" <eddie.dong@xxxxxxxxx>
Delivery-date: Wed, 24 Jun 2009 02:51:45 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C667B02B.E0A3%keir.fraser@xxxxxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <200906241721.27265.sheng@xxxxxxxxxxxxxxx> <C667B02B.E0A3%keir.fraser@xxxxxxxxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: Acn0rTrEp/pda4dGTmWwsRs5r5DGUwAANMPbAABGSPA=
Thread-topic: [Xen-devel] [PATCH] MSR related clean up
Keir Fraser wrote:
> On 24/06/2009 10:21, "Sheng Yang" <sheng@xxxxxxxxxxxxxxx> wrote:
> 
>> What we suffered now is, there are some MSRs existed in CPU, but
>> shouldn't be accessed by guest. And guest should expected a GP fault
>> for accessing, but we return a real value, which is not desired at
>> all. 
>> 
>> And in general, reading from unknown native MSR is dangerous, and
>> also break host/guest isolation. I think we at least should control
>> what we read from native. Maybe add more MSR handling is necessary.
> 
> I kind of agree with you, up to but not including delivering #GPs
> that would not be delivered when running the guest OS natively. A
> middle ground might be to return all zeros for unknown MSRs for which
> rdmsr_safe() succeeds. That is by far the most popular bodge value we
> manually use to fix up cases where returning the real MSR value was
> actually a proven problem. 
> 
>  -- Keir

Returning 0 solves the security concern. But the argument is still that if the 
guest should see same MSR sets with native. The CPUID virtualization provides 
close features with native, but still not identical.
An ideal solution for those MSR read should consult guest CPUID and then decide 
to either inject #GP if guest CPUID doesn't indicate this MSR, or return a 
virtual MSR. In this case MSR write side should provide the virtual MSR too. 
BTW, user can identify certain filtering policy or force some bits of guest 
CPUID, so current approach can't satisfy both cases.

Eddie
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel