projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cd8b749) | patch
x86/pv: Avoid leaking other guests' MSR_TSC_AUX values into PV context
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 19 Feb 2018 10:40:20 +0000 (10:40 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 27 Feb 2018 10:47:23 +0000 (10:47 +0000)
commitcc0e45db277922b5723a7b1d9657d6f744230cf1
tree5a0fe89457f10df05b421eb93b924197295c5932tree | snapshot
parentcd8b749282475caef095ea2f339a01d1ff9714aecommit | diff
x86/pv: Avoid leaking other guests' MSR_TSC_AUX values into PV context

If the CPU pipeline supports RDTSCP or RDPID, a guest can observe the value in
MSR_TSC_AUX, irrespective of whether the relevant CPUID features are
advertised/hidden.

At the moment, paravirt_ctxt_switch_to() only writes to MSR_TSC_AUX if
TSC_MODE_PVRDTSCP mode is enabled, but this is not the default mode.
Therefore, default PV guests can read the value from a previously scheduled
HVM vcpu, or TSC_MODE_PVRDTSCP-enabled PV guest.

Alter the PV path to always write to MSR_TSC_AUX, using 0 in the common case.

To amortise overhead cost, introduce wrmsr_tsc_aux() which performs a lazy
update of the MSR, and use this function consistently across the codebase.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Roger Pau Monné <roger.pau@citrix.com>
Reviewed-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Kevin Tian <kevin.tian@intel.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
xen/arch/x86/domain.c diff | blob | history
xen/arch/x86/hvm/hvm.c diff | blob | history
xen/arch/x86/hvm/svm/svm.c diff | blob | history
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/msr.c diff | blob | history
xen/include/asm-x86/msr.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.