|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v3 1/2] nvmx: implement support for MSR bitmaps
> From: Roger Pau Monne <roger.pau@xxxxxxxxxx> > Sent: Tuesday, February 4, 2020 1:37 AM > > Current implementation of nested VMX has a half baked handling of MSR > bitmaps for the L1 VMM: it maps the L1 VMM provided MSR bitmap, but > doesn't actually load it into the nested vmcs, and thus the nested > guest vmcs ends up using the same MSR bitmap as the L1 VMM. > > This is wrong as there's no assurance that the set of features enabled > for the L1 vmcs are the same that L1 itself is going to use in the > nested vmcs, and thus can lead to misconfigurations. > > For example L1 vmcs can use x2APIC virtualization and virtual > interrupt delivery, and thus some x2APIC MSRs won't be trapped so that > they can be handled directly by the hardware using virtualization > extensions. On the other hand, the nested vmcs created by L1 VMM might > not use any of such features, so using a MSR bitmap that doesn't trap > accesses to the x2APIC MSRs will be leaking them to the underlying > hardware. > > Fix this by crafting a merged MSR bitmap between the one used by L1 > and the nested guest. > > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |