Thanks for this series, Jan.
On 30.10.19 11:39, Jan Beulich wrote:
To fulfill the "protected" in its name, don't let the real hardware
values "shine through". Report a control register value expressing this.
Signed-off-by: Jan Beulich <jbeul...@suse.com>
---
TBD: Do we want to permit Dom0 access?
It would be nice to give an administrator a way to get PPIN outside the
context of an MCE when needed.
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -135,6 +135,8 @@ int guest_rdmsr(struct vcpu *v, uint32_t
case MSR_TSX_FORCE_ABORT:
case MSR_AMD64_LWP_CFG:
case MSR_AMD64_LWP_CBADDR:
+ case MSR_PPIN:
+ case MSR_AMD_PPIN:
/* Not offered to guests. */
goto gp_fault;
@@ -237,6 +239,18 @@ int guest_rdmsr(struct vcpu *v, uint32_t
ARRAY_SIZE(msrs->dr_mask))];
break;
+ case MSR_PPIN_CTL:
+ if ( d->arch.cpuid->x86_vendor != X86_VENDOR_INTEL )
+ goto gp_fault;
+ *val = PPIN_LOCKOUT;
+ break;
+
+ case MSR_AMD_PPIN_CTL:
+ if ( !cp->extd.amd_ppin )
+ goto gp_fault;
+ *val = PPIN_LOCKOUT;
+ break;
+
nit: It is not clear to me why you use "d->arch.cpuid->.." (and not
"cp->..") in the first if condition.
-- Eslam
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
