On Tue, Jun 07, 2016 at 04:35:28AM -0600, Jan Beulich wrote: > > @@ -2624,7 +2624,7 @@ static int vmx_msr_read_intercept(unsigned int msr, > > uint64_t *msr_content) > > __vmread(GUEST_IA32_DEBUGCTL, msr_content); > > break; > > case IA32_FEATURE_CONTROL_MSR: > > - case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_TRUE_ENTRY_CTLS: > > + case MSR_IA32_VMX_BASIC...MSR_IA32_VMX_VMFUNC: > > if ( !nvmx_msr_read_intercept(msr, msr_content) ) > > goto gp_fault; > > break; > > ... retaining this code structure makes it likely that some future > addition will lead to the same problem again.
The safest solution would be to whitelist the MSRs which Xen handles and which the guest should be allowed to see, rather than blacklisting which is essentially what is happening now. That would involve a substantial change in the code, but aside from that is there any fundamental reason why it would be a bad idea? Thanks, Euan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
