x86/AMD: Allow more fine-grained control of VMCB MSR Permission Map

Currently VMCB's MSRPM can be updated to either intercept both reads and
writes to an MSR or not intercept neither. In some cases we may want to
be more selective and intercept one but not the other.

Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Dietmar Hahn <dietmar.hahn@ts.fujitsu.com>

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index f170ffbea512e540ce6f7e0ca72a43f63e090bc2..8ce37c9c98ccb7e550c21cdefd27c5e223e6c040 100644 (file)
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -137,7 +137,7 @@ svm_msrbit(unsigned long *msr_bitmap, uint32_t msr)
     return msr_bit;
 }
 
-void svm_intercept_msr(struct vcpu *v, uint32_t msr, int enable)
+void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags)
 {
     unsigned long *msr_bit;
 
@@ -145,16 +145,15 @@ void svm_intercept_msr(struct vcpu *v, uint32_t msr, int enable)
     BUG_ON(msr_bit == NULL);
     msr &= 0x1fff;
 
-    if ( enable )
-    {
-        __set_bit(msr * 2, msr_bit);
+    if ( flags & MSR_INTERCEPT_READ )
+         __set_bit(msr * 2, msr_bit);
+    else
+         __clear_bit(msr * 2, msr_bit);
+
+    if ( flags & MSR_INTERCEPT_WRITE )
         __set_bit(msr * 2 + 1, msr_bit);
-    }
     else
-    {
-        __clear_bit(msr * 2, msr_bit);
         __clear_bit(msr * 2 + 1, msr_bit);
-    }
 }
 
 static void svm_save_dr(struct vcpu *v)

diff --git a/xen/include/asm-x86/hvm/svm/vmcb.h b/xen/include/asm-x86/hvm/svm/vmcb.h
index b7c04046b22b11ebd940b283895e3cc1f44d7de0..ade4bb2afa6e0b680f527fa89cd4c11f350201bb 100644 (file)
--- a/xen/include/asm-x86/hvm/svm/vmcb.h
+++ b/xen/include/asm-x86/hvm/svm/vmcb.h
@@ -531,9 +531,13 @@ void svm_destroy_vmcb(struct vcpu *v);
 
 void setup_vmcb_dump(void);
 
+#define MSR_INTERCEPT_NONE    0
+#define MSR_INTERCEPT_READ    1
+#define MSR_INTERCEPT_WRITE   2
+#define MSR_INTERCEPT_RW      (MSR_INTERCEPT_WRITE | MSR_INTERCEPT_READ)
 void svm_intercept_msr(struct vcpu *v, uint32_t msr, int enable);
-#define svm_disable_intercept_for_msr(v, msr) svm_intercept_msr((v), (msr), 0)
-#define svm_enable_intercept_for_msr(v, msr) svm_intercept_msr((v), (msr), 1)
+#define svm_disable_intercept_for_msr(v, msr) svm_intercept_msr((v), (msr), MSR_INTERCEPT_NONE)
+#define svm_enable_intercept_for_msr(v, msr) svm_intercept_msr((v), (msr), MSR_INTERCEPT_RW)
 
 /*
  * VMCB accessor functions.