Changeset 69584 in vbox

Timestamp:

Nov 4, 2017 10:31:10 PM (7 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

118934

Message:

VBoxCpuReport: Need to be extra careful if MSR modifications are not all done in the kernel.

Location:

trunk/src/VBox/VMM/tools

Files:

• MsrLinux.cpp (modified) (2 diffs)
• MsrSup.cpp (modified) (2 diffs)
• VBoxCpuReport.cpp (modified) (7 diffs)
• VBoxCpuReport.h (modified) (1 diff)

trunk/src/VBox/VMM/tools/MsrLinux.cpp

@@ -129 +129 @@
 }
 
-int PlatformMsrProberInit(VBMSRFNS *fnsMsr)
+int PlatformMsrProberInit(VBMSRFNS *fnsMsr, bool *pfAtomicMsrMod)
 {
     if (access(MSR_DEV_NAME, F_OK))
@@ -148 +148 @@
     fnsMsr->msrModify     = linuxMsrProberModify;
     fnsMsr->msrProberTerm = linuxMsrProberTerm;
+    *pfAtomicMsrMod       = false;  /* Can't modify/restore MSRs without trip to R3. */
 
     return VINF_SUCCESS;

trunk/src/VBox/VMM/tools/MsrSup.cpp

@@ -48 +48 @@
 }
 
-int SupDrvMsrProberInit(VBMSRFNS *fnsMsr)
+int SupDrvMsrProberInit(VBMSRFNS *fnsMsr, bool *pfAtomicMsrMod)
 {
     int rc = SUPR3Init(NULL);
@@ -71 +71 @@
     fnsMsr->msrModify     = supMsrProberModify;
     fnsMsr->msrProberTerm = supMsrProberTerm;
+    *pfAtomicMsrMod       = true;
 
     return VINF_SUCCESS;

trunk/src/VBox/VMM/tools/VBoxCpuReport.cpp

@@ -80 +80 @@
 /** MSR prober routines. */
 static VBMSRFNS         g_MsrAcc;
-
+/** Wheter MSR prober can read/modify/restore MSRs more or less
+ *  atomically, without allowing other code to be executed. */
+static bool             g_fAtomicMsrMod;
 
 void vbCpuRepDebug(const char *pszMsg, ...)
@@ -2544 +2546 @@
             break;
 
+        /* KVM MSRs that are unsafe to touch. */
+        case 0x00000011: /* KVM */
+        case 0x00000012: /* KVM */
+            return VBCPUREPBADNESS_BOND_VILLAIN;
+
+        /* 
+         * The TSC is tricky -- writing it isn't a problem, but if we put back the original 
+         * value, we'll throw it out of whack. If we're on an SMP OS that uses the TSC for timing, 
+         * we'll likely kill it, especially if we can't do the modification very quickly.
+         */
+        case 0x00000010: /* IA32_TIME_STAMP_COUNTER */
+            if (!g_fAtomicMsrMod)
+                return VBCPUREPBADNESS_BOND_VILLAIN;
+            break;
+
+        /* 
+         * The following MSRs are not safe to modify in a typical OS if we can't do it atomically, 
+         * i.e. read/modify/restore without allowing any other code to execute. Everything related 
+         * to syscalls will blow up in our face if we go back to userland with modified MSRs.
+         */ 
+//        case 0x0000001b: /* IA32_APIC_BASE */
+        case 0xc0000081: /* MSR_K6_STAR */
+        case 0xc0000082: /* AMD64_STAR64 */
+        case 0xc0000083: /* AMD64_STARCOMPAT */
+        case 0xc0000084: /* AMD64_SYSCALL_FLAG_MASK */
+        case 0xc0000100: /* AMD64_FS_BASE */
+        case 0xc0000101: /* AMD64_GS_BASE */
+        case 0xc0000102: /* AMD64_KERNEL_GS_BASE */
+            if (!g_fAtomicMsrMod)
+                return VBCPUREPBADNESS_MIGHT_BITE;
+            break;
+
         case 0x000001a0: /* IA32_MISC_ENABLE */
         case 0x00000199: /* IA32_PERF_CTL */
             return VBCPUREPBADNESS_MIGHT_BITE;
+
+        case 0x000005a0: /* C2_PECI_CTL */
+        case 0x000005a1: /* C2_UNK_0000_05a1 */
+            if (g_enmVendor == CPUMCPUVENDOR_INTEL)
+                return VBCPUREPBADNESS_MIGHT_BITE;
+            break;
+
         case 0x00002000: /* P6_CR0. */
         case 0x00002003: /* P6_CR3. */
@@ -3320 +3361 @@
     if (g_enmMicroarch == kCpumMicroarch_Intel_P6_III)
         fSkipMask |= RT_BIT(9);
+
+    /* If the OS uses the APIC, we have to be super careful. */
+    if (!g_fAtomicMsrMod)
+        fSkipMask |= 0x0000000ffffff000;
+
     return reportMsr_GenFunctionEx(uMsr, "Ia32ApicBase", uValue, fSkipMask, 0, NULL);
 }
@@ -3345 +3391 @@
         RTThreadSleep(128);
     }
+
+    /* If the OS is using MONITOR/MWAIT we'd better not disable it! */
+    if (!g_fAtomicMsrMod)
+        fSkipMask |= RT_BIT(18);
 
     /* The no execute related flag is deadly if clear.  */
@@ -3639 +3689 @@
     uint64_t fSkipMask = 0;
     if (vbCpuRepSupportsLongMode())
+    {
         fSkipMask |= MSR_K6_EFER_LME;
+        if (!g_fAtomicMsrMod && (uValue & MSR_K6_EFER_SCE))
+            fSkipMask |= MSR_K6_EFER_SCE;
+    }
     if (   (uValue & MSR_K6_EFER_NXE)
         || vbCpuRepSupportsNX())
@@ -4349 +4403 @@
      * First try the the support library (also checks if we can really read MSRs).
      */
-    int rc = SupDrvMsrProberInit(&g_MsrAcc);
+    int rc = SupDrvMsrProberInit(&g_MsrAcc, &g_fAtomicMsrMod);
     if (RT_FAILURE(rc))
     {
 #ifdef VBCR_HAVE_PLATFORM_MSR_PROBER
         /* Next try a platform-specific interface. */
-        rc = PlatformMsrProberInit(&g_MsrAcc);
+        rc = PlatformMsrProberInit(&g_MsrAcc, &g_fAtomicMsrMod);
 #endif
         if (RT_FAILURE(rc))
@@ -4409 +4463 @@
         uint32_t        cMsrs;
         rc = findMsrs(&paMsrs, &cMsrs, fMsrMask);
-        if (!RT_FAILURE(rc))
+        if (RT_FAILURE(rc))
             return rc;
 

trunk/src/VBox/VMM/tools/VBoxCpuReport.h

@@ -25 +25 @@
 extern void vbCpuRepDebug(const char *pszMsg, ...);
 extern void vbCpuRepPrintf(const char *pszMsg, ...);
-extern int SupDrvMsrProberInit(VBMSRFNS *fnsMsr);
-extern int PlatformMsrProberInit(VBMSRFNS *fnsMsr);
+extern int SupDrvMsrProberInit(VBMSRFNS *fnsMsr, bool *pfAtomicMsrMod);
+extern int PlatformMsrProberInit(VBMSRFNS *fnsMsr, bool *pfAtomicMsrMod);