Re: [Xen-devel] [PATCH] nested vmx: Intercept guest rdmsr for MSR_IA32_VMX_VMFUNC

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 07/06/16 11:53, Euan Harris wrote:
> On Tue, Jun 07, 2016 at 04:35:28AM -0600, Jan Beulich wrote:
>>> @@ -2624,7 +2624,7 @@ static int vmx_msr_read_intercept(unsigned int msr, 
>>> uint64_t *msr_content)
>>>          __vmread(GUEST_IA32_DEBUGCTL, msr_content);
>>>          break;
>>>      case IA32_FEATURE_CONTROL_MSR:
>>> -    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_TRUE_ENTRY_CTLS:
>>> +    case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_VMFUNC:
>>>          if ( !nvmx_msr_read_intercept(msr, msr_content) )
>>>              goto gp_fault;
>>>          break;
>> ... retaining this code structure makes it likely that some future
>> addition will lead to the same problem again.
> The safest solution would be to whitelist the MSRs which Xen handles and
> which the guest should be allowed to see, rather than blacklisting which
> is essentially what is happening now.   That would involve a substantial
> change in the code, but aside from that is there any fundamental reason
> why it would be a bad idea?

I do have plans which will eventually turn all cpuid information and
msrs visible to guests into a whitelist rather than a blacklist, but
there is indeed a lot of infrastructure work required to make this happen.

It is certainly the longterm plan.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel