From: Jan Kiszka <jan.kiszka@siemens.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gleb Natapov <gleb@kernel.org>,
Marcelo Tosatti <mtosatti@redhat.com>, kvm <kvm@vger.kernel.org>
Subject: Re: [PATCH 04/12] KVM: x86: Validate guest writes to MSR_IA32_APICBASE
Date: Thu, 16 Jan 2014 15:19:44 +0100 [thread overview]
Message-ID: <52D7EA80.1080202@siemens.com> (raw)
In-Reply-To: <52D7E793.5080005@redhat.com>
On 2014-01-16 15:07, Paolo Bonzini wrote:
> Il 04/01/2014 18:47, Jan Kiszka ha scritto:
>> + u64 old_state = vcpu->arch.apic_base &
>> + (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE);
>> + u64 new_state = msr_info->data &
>> + (MSR_IA32_APICBASE_ENABLE | X2APIC_ENABLE);
>> + u64 reserved_bits = ((~0ULL) << boot_cpu_data.x86_phys_bits) | 0x2ff |
>> + (guest_cpuid_has_x2apic(vcpu) ? 0 : X2APIC_ENABLE);
>> +
>
> Should this use the guest CPUID instead?
Hmm, they may differ... Then yes.
>
>> + if (!msr_info->host_initiated &&
>
> Is this check on host_initiated just for backwards compatibility, or is
> there another case that I am missing?
The path is taken for both host-initiated and guest-initiated APICBASE
updates. Host-initiated ones are allowed to perform architecturally
invalid state transitions. And the MSR is emulated, so if they like to
set a reserved bit...
Jan
--
Siemens AG, Corporate Technology, CT RTC ITP SES-DE
Corporate Competence Center Embedded Linux
next prev parent reply other threads:[~2014-01-16 14:19 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-04 17:47 [PATCH 00/12] KVM: x86: Fixes for debug registers, IA32_APIC_BASE, and nVMX Jan Kiszka
2014-01-04 17:47 ` [PATCH 01/12] KVM: x86: Sync DR7 on KVM_SET_DEBUGREGS Jan Kiszka
2014-01-04 17:47 ` [PATCH 02/12] KVM: SVM: Fix reading of DR6 Jan Kiszka
2014-01-04 17:47 ` [PATCH 03/12] KVM: VMX: Fix DR6 update on #DB exception Jan Kiszka
2014-01-04 17:47 ` [PATCH 04/12] KVM: x86: Validate guest writes to MSR_IA32_APICBASE Jan Kiszka
2014-01-16 14:07 ` Paolo Bonzini
2014-01-16 14:19 ` Jan Kiszka [this message]
2014-01-04 17:47 ` [PATCH 05/12] KVM: nVMX: Leave VMX mode on clearing of feature control MSR Jan Kiszka
2014-01-04 17:47 ` [PATCH 06/12] KVM: nVMX: Pass vmexit parameters to nested_vmx_vmexit Jan Kiszka
2014-01-04 17:47 ` [PATCH 07/12] KVM: nVMX: Add tracepoints for nested_vmexit and nested_vmexit_inject Jan Kiszka
2014-01-04 17:47 ` [PATCH 08/12] KVM: nVMX: Clean up handling of VMX-related MSRs Jan Kiszka
2014-01-04 17:47 ` [PATCH 09/12] KVM: nVMX: Fix nested_run_pending on activity state HLT Jan Kiszka
2014-01-04 17:47 ` [PATCH 10/12] KVM: nVMX: Update guest activity state field on L2 exits Jan Kiszka
2014-01-05 20:01 ` Paolo Bonzini
2014-01-05 20:16 ` Jan Kiszka
2014-01-04 17:47 ` [PATCH 11/12] KVM: nVMX: Rework interception of IRQs and NMIs Jan Kiszka
2014-01-16 15:08 ` Paolo Bonzini
2014-01-04 17:47 ` [PATCH 12/12] KVM: nVMX: Fully emulate preemption timer Jan Kiszka
2014-01-16 15:08 ` [PATCH 00/12] KVM: x86: Fixes for debug registers, IA32_APIC_BASE, and nVMX Paolo Bonzini
2014-01-16 15:12 ` Jan Kiszka
2014-01-16 15:20 ` Paolo Bonzini
2014-01-16 15:38 ` Jan Kiszka
2014-01-21 15:32 ` Jan Kiszka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52D7EA80.1080202@siemens.com \
--to=jan.kiszka@siemens.com \
--cc=gleb@kernel.org \
--cc=kvm@vger.kernel.org \
--cc=mtosatti@redhat.com \
--cc=pbonzini@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).