svm: don't clear interception for MSRs required for introspection

This patch mirrors the VMX code that doesn't allow
vmx_clear_msr_intercept() to clear interception of MSRs that an
introspection agent is trying to monitor.

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
index 165500e3f2c2b683b046b48e46c7032074688674..bb47f59e4a46816cae90b3cfe5ee9962da40e585 100644 (file)
--- a/xen/arch/x86/hvm/svm/svm.c
+++ b/xen/arch/x86/hvm/svm/svm.c
@@ -148,6 +148,7 @@ svm_msrbit(unsigned long *msr_bitmap, uint32_t msr)
 void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags)
 {
     unsigned long *msr_bit;
+    const struct domain *d = v->domain;
 
     msr_bit = svm_msrbit(v->arch.hvm_svm.msrpm, msr);
     BUG_ON(msr_bit == NULL);
@@ -155,12 +156,12 @@ void svm_intercept_msr(struct vcpu *v, uint32_t msr, int flags)
 
     if ( flags & MSR_INTERCEPT_READ )
          __set_bit(msr * 2, msr_bit);
-    else
+    else if ( !monitored_msr(d, msr) )
          __clear_bit(msr * 2, msr_bit);
 
     if ( flags & MSR_INTERCEPT_WRITE )
         __set_bit(msr * 2 + 1, msr_bit);
-    else
+    else if ( !monitored_msr(d, msr) )
         __clear_bit(msr * 2 + 1, msr_bit);
 }