projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d95f450) | patch
x86/msr: Disallow guest access to the RAPL MSRs
authorAndrew Cooper <andrew.cooper3@citrix.com>
Thu, 23 Apr 2020 12:05:46 +0000 (13:05 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 10 Nov 2020 17:43:29 +0000 (17:43 +0000)
commitd101b417b784a26326fc7800a79cc539ba570b79
treef46825f318cc654bade64c0fd717b49b83141216tree | snapshot
parentd95f45073cac2d49c4fd439653b632010ad6c6bbcommit | diff
x86/msr: Disallow guest access to the RAPL MSRs

Researchers have demonstrated using the RAPL interface to perform a
differential power analysis attack to recover AES keys used by other cores in
the system.

Furthermore, even privileged guests cannot use this interface correctly, due
to MSR scope and vcpu scheduling issues.  The interface would want to be
paravirtualised to be used sensibly.

Disallow access to the RAPL MSRs completely, as well as other MSRs which
potentially access fine grain power information.

This is part of XSA-351.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/msr.c diff | blob | history
xen/include/asm-x86/msr-index.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.