From mboxrd@z Thu Jan  1 00:00:00 1970
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: [PATCH v12 for-xen-4.5 18/20] x86/VPMU: Add
	privileged PMU mode
Date: Tue, 30 Sep 2014 11:16:57 -0400
Message-ID: <542AC969.1000509@oracle.com>
References: <1411673336-32736-1-git-send-email-boris.ostrovsky@oracle.com>
	<1411673336-32736-19-git-send-email-boris.ostrovsky@oracle.com>
	<542A836A020000780003ADFA@mail.emea.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <542A836A020000780003ADFA@mail.emea.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: kevin.tian@intel.com, keir@xen.org, suravee.suthikulpanit@amd.com, andrew.cooper3@citrix.com, tim@xen.org, dietmar.hahn@ts.fujitsu.com, xen-devel@lists.xen.org, Aravind.Gopalakrishnan@amd.com, jun.nakajima@intel.com, dgdegra@tycho.nsa.gov
List-Id: xen-devel@lists.xenproject.org


On 09/30/2014 04:18 AM, Jan Beulich wrote:
>>>> On 25.09.14 at 21:28, <boris.ostrovsky@oracle.com> wrote:
>> --- a/xen/arch/x86/traps.c
>> +++ b/xen/arch/x86/traps.c
>> @@ -2579,6 +2579,10 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
>>           case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
>>                   if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) )
>>                   {
>> +                    if ( (vpmu_mode & XENPMU_MODE_ALL) &&
>> +                         !is_hardware_domain(v->domain) )
>> +                        break;
>> +
>>                       if ( vpmu_do_wrmsr(regs->ecx, msr_content, 0) )
>>                           goto fail;
>>                   }
>> @@ -2701,6 +2705,14 @@ static int emulate_privileged_op(struct cpu_user_regs *regs)
>>           case MSR_AMD_FAM15H_EVNTSEL0...MSR_AMD_FAM15H_PERFCTR5:
>>                   if ( vpmu_msr || (boot_cpu_data.x86_vendor == X86_VENDOR_AMD) )
>>                   {
>> +                    if ( (vpmu_mode & XENPMU_MODE_ALL) &&
>> +                         !is_hardware_domain(v->domain) )
>> +                    {
>> +                        /* Don't leak PMU MSRs to unprivileged domains */
>> +                        regs->eax = regs->edx = 0;
>> +                        break;
>> +                    }
>> +
>>                       if ( vpmu_do_rdmsr(regs->ecx, &msr_content) )
>>                           goto fail;
>>   
> Is ignoring writes and returning zeroes for reads really reasonable in
> this case? I.e. is the guest validly being told that there is a (v)PMU?
> Because if it's not, it has no business accessing these MSRs and
> hence should probably get a #GP instead.

VPMU mode can be changed to XENPMU_MODE_ALL at any time so a guest that 
started with fully enabled PMU (e.g. when mode was XENPMU_MODE_SELF) may 
continue accessing the MSRs. I don't think it should suddenly start 
getting #GPs.

-boris