Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:Maintenance:114
xen.openSUSE_Evergreen_11.4
22899-x86-tighten-msr-permissions.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 22899-x86-tighten-msr-permissions.patch of Package xen.openSUSE_Evergreen_11.4
# HG changeset patch # User Keir Fraser <keir@xen.org> # Date 1297347563 0 # Node ID 5b18a72d292a066d1c2b9fff7e35fc1230cdec85 # Parent 332c1f73a594f6c17d9c252c4efc16e3b59a64ba x86: tighten conditions under which writing certain MSRs is permitted MSRs that control physical CPU aspects generally are pointless (and possibly dangerous) to be written when the writer isn't sufficiently aware that it's running virtualized. Signed-off-by: Jan Beulich <jbeulich@novell.com> Index: xen-4.0.3-testing/xen/arch/x86/traps.c =================================================================== --- xen-4.0.3-testing.orig/xen/arch/x86/traps.c +++ xen-4.0.3-testing/xen/arch/x86/traps.c @@ -2277,7 +2277,7 @@ static int emulate_privileged_op(struct if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD || boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 ) goto fail; - if ( !IS_PRIV(v->domain) ) + if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) break; if ( (rdmsr_safe(MSR_AMD64_NB_CFG, l, h) != 0) || (eax != l) || @@ -2290,7 +2290,7 @@ static int emulate_privileged_op(struct if ( boot_cpu_data.x86_vendor != X86_VENDOR_AMD || boot_cpu_data.x86 < 0x10 || boot_cpu_data.x86 > 0x17 ) goto fail; - if ( !IS_PRIV(v->domain) ) + if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) break; if ( (rdmsr_safe(MSR_FAM10H_MMIO_CONF_BASE, l, h) != 0) ) goto fail; @@ -2312,6 +2312,8 @@ static int emulate_privileged_op(struct case MSR_IA32_UCODE_REV: if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ) goto fail; + if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) + break; if ( rdmsr_safe(regs->ecx, l, h) ) goto fail; if ( l | h ) @@ -2319,7 +2321,7 @@ static int emulate_privileged_op(struct break; case MSR_IA32_MISC_ENABLE: if ( rdmsr_safe(regs->ecx, l, h) ) - goto invalid; + goto fail; l = guest_misc_enable(l); if ( eax != l || edx != h ) goto invalid; @@ -2345,7 +2347,7 @@ static int emulate_privileged_op(struct case MSR_IA32_THERM_CONTROL: if ( boot_cpu_data.x86_vendor != X86_VENDOR_INTEL ) goto fail; - if ( (v->domain->domain_id != 0) || !is_pinned_vcpu(v) ) + if ( !IS_PRIV(v->domain) || !is_pinned_vcpu(v) ) break; if ( wrmsr_safe(regs->ecx, eax, edx) != 0 ) goto fail;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor