From: Jan Beulich Date: Tue, 27 Feb 2018 14:12:23 +0000 (+0100) Subject: x86/HVM: don't give the wrong impression of WRMSR succeeding X-Git-Tag: archive/raspbian/4.11.1-1+rpi1~1^2~66^2~508 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=1f1d183d49008794b087cf043fc77f724a45af98;p=xen.git x86/HVM: don't give the wrong impression of WRMSR succeeding ... for non-existent MSRs: wrmsr_hypervisor_regs()'s comment clearly says that the function returns 0 for unrecognized MSRs, so {svm,vmx}_msr_write_intercept() should not convert this into success. We don't want to unconditionally fail the access though, as we can't be certain the list of handled MSRs is complete enough for the guest types we care about, so instead mirror what we do on the read paths and probe the MSR to decide whether to raise #GP. Signed-off-by: Jan Beulich Reviewed-by: Kevin Tian Reviewed-by: Andrew Cooper Reviewed-by: Boris Ostrovsky --- diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c index 1dd74b44c4..f2fbe07b20 100644 --- a/xen/arch/x86/hvm/svm/svm.c +++ b/xen/arch/x86/hvm/svm/svm.c @@ -2128,6 +2128,13 @@ static int svm_msr_write_intercept(unsigned int msr, uint64_t msr_content) result = X86EMUL_RETRY; break; case 0: + /* + * Match up with the RDMSR side for now; ultimately this entire + * case block should go away. + */ + if ( rdmsr_safe(msr, msr_content) == 0 ) + break; + goto gpf; case 1: break; default: diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index 9a5887ce52..aa0505036b 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -3191,6 +3191,13 @@ static int vmx_msr_write_intercept(unsigned int msr, uint64_t msr_content) case -ERESTART: return X86EMUL_RETRY; case 0: + /* + * Match up with the RDMSR side for now; ultimately this + * entire case block should go away. + */ + if ( rdmsr_safe(msr, msr_content) == 0 ) + break; + goto gp_fault; case 1: break; default: