From mboxrd@z Thu Jan  1 00:00:00 1970
From: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Subject: Re: [PATCH] x86/vPMU: constrain MSR_IA32_DS_AREA loads
Date: Thu, 17 Dec 2015 09:12:22 -0500
Message-ID: <5672C2C6.9020808@oracle.com>
References: <5672CE4002000078000C0C7D@prv-mh.provo.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta4.messagelabs.com ([85.158.143.247])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <boris.ostrovsky@oracle.com>) id 1a9ZID-0001Qs-IB
	for xen-devel@lists.xenproject.org; Thu, 17 Dec 2015 14:12:29 +0000
In-Reply-To: <5672CE4002000078000C0C7D@prv-mh.provo.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>, xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Kevin Tian <kevin.tian@intel.com>, Keir Fraser <keir@xen.org>, Jun Nakajima <jun.nakajima@intel.com>
List-Id: xen-devel@lists.xenproject.org

On 12/17/2015 09:01 AM, Jan Beulich wrote:
> For one, loading the MSR with a possibly non-canonical address was
> possible since the verification is conditional, while the MSR load
> wasn't. And then for PV guests we need to further limit the range of
> valid addresses to exclude the hypervisor range.
>
> Signed-off-by: Jan Beulich <jbeulich@suse.com>
>
> --- a/xen/arch/x86/cpu/vpmu_intel.c
> +++ b/xen/arch/x86/cpu/vpmu_intel.c
> @@ -366,7 +366,8 @@ static inline void __core2_vpmu_load(str
>       }
>   
>       wrmsrl(MSR_CORE_PERF_FIXED_CTR_CTRL, core2_vpmu_cxt->fixed_ctrl);
> -    wrmsrl(MSR_IA32_DS_AREA, core2_vpmu_cxt->ds_area);
> +    if ( vpmu_is_set(vcpu_vpmu(v), VPMU_CPU_HAS_DS) )
> +        wrmsrl(MSR_IA32_DS_AREA, core2_vpmu_cxt->ds_area);
>       wrmsrl(MSR_IA32_PEBS_ENABLE, core2_vpmu_cxt->pebs_enable);
>   
>       if ( !has_hvm_container_vcpu(v) )
> @@ -415,8 +416,10 @@ static int core2_vpmu_verify(struct vcpu
>               enabled_cntrs |= (1ULL << i);
>       }
>   
> -    if ( vpmu_is_set(vcpu_vpmu(v), VPMU_CPU_HAS_DS) &&
> -         !is_canonical_address(core2_vpmu_cxt->ds_area) )
> +    if ( vpmu_is_set(vpmu, VPMU_CPU_HAS_DS) &&
> +         !(has_hvm_container_vcpu(v)
> +           ? is_canonical_address(core2_vpmu_cxt->ds_area)
> +           : __addr_ok(core2_vpmu_cxt->ds_area)) )

Should we instead of (or in addition to) this also make the same change 
in core2_vpmu_do_wrmsr()?

-boris

>           return -EINVAL;
>   
>       if ( (core2_vpmu_cxt->global_ctrl & enabled_cntrs) ||
>
>
>