Enable Bus Lock Detect if available, and handle #DB traps to reduce
effects of DoS.
The value to restore MSR_DEBUGCTL to after VMExit will now depend on
whether BLD is enabled or not.
Restore MSR_DEBUGCTL after being cleared by storing a copy of the
register value in memory, instead of hard-coding it.
Signed-off-by: Matthew Barnes <matthew.barnes@cloud.com>
---
xen/arch/x86/cpu/common.c | 5 +++++
xen/arch/x86/hvm/vmx/entry.S | 2 +-
xen/arch/x86/include/asm/debugreg.h | 1 +
xen/arch/x86/include/asm/msr-index.h | 1 +
xen/arch/x86/include/asm/msr.h | 2 ++
xen/arch/x86/msr.c | 2 ++
xen/arch/x86/traps.c | 10 ++++++++--
7 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index 28d7f34c4dbe..f11ac06f8292 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -623,6 +623,11 @@ void identify_cpu(struct cpuinfo_x86 *c)
}
setup_doitm();
+
+ if (cpu_has(c, X86_FEATURE_BLD)) {
+ host_msr_debugctl |= IA32_DEBUGCTLMSR_BLD;
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
+ }
}
/* leaf 0xb SMT level */
diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
index 1bead826caa3..a0148f78584d 100644
--- a/xen/arch/x86/hvm/vmx/entry.S
+++ b/xen/arch/x86/hvm/vmx/entry.S
@@ -46,8 +46,8 @@ ENTRY(vmx_asm_vmexit_handler)
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
/* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */
+ mov host_msr_debugctl(%rip), %eax
.macro restore_lbr
- mov $IA32_DEBUGCTLMSR_LBR, %eax
mov $MSR_IA32_DEBUGCTLMSR, %ecx
xor %edx, %edx
wrmsr
diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm/debugreg.h
index 2bdaf5d9aa11..9c048ae215d6 100644
--- a/xen/arch/x86/include/asm/debugreg.h
+++ b/xen/arch/x86/include/asm/debugreg.h
@@ -19,6 +19,7 @@
#define DR_TRAP1 (0x2) /* db1 */
#define DR_TRAP2 (0x4) /* db2 */
#define DR_TRAP3 (0x8) /* db3 */
+#define DR_TRAP11 (0x800) /* db11 */
#define DR_STEP (0x4000) /* single-step */
#define DR_SWITCH (0x8000) /* task switch */
#define DR_NOT_RTM (0x10000) /* clear: #BP inside RTM region */
diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h
index 92dd9fa4962c..2e397bd28c77 100644
--- a/xen/arch/x86/include/asm/msr-index.h
+++ b/xen/arch/x86/include/asm/msr-index.h
@@ -292,6 +292,7 @@
#define MSR_IA32_DEBUGCTLMSR 0x000001d9
#define IA32_DEBUGCTLMSR_LBR (1<<0) /* Last Branch Record */
#define IA32_DEBUGCTLMSR_BTF (1<<1) /* Single Step on Branches */
+#define IA32_DEBUGCTLMSR_BLD (1<<2) /* Bus Lock Detect */
#define IA32_DEBUGCTLMSR_TR (1<<6) /* Trace Message Enable */
#define IA32_DEBUGCTLMSR_BTS (1<<7) /* Branch Trace Store */
#define IA32_DEBUGCTLMSR_BTINT (1<<8) /* Branch Trace Interrupt */
diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h
index 1d8ea9f26faa..9ff7dcc8ca8b 100644
--- a/xen/arch/x86/include/asm/msr.h
+++ b/xen/arch/x86/include/asm/msr.h
@@ -432,4 +432,6 @@ int init_vcpu_msr_policy(struct vcpu *v);
int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val);
int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val);
+extern uint32_t host_msr_debugctl;
+
#endif /* __ASM_MSR_H */
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 9babd441f9d4..7d9d162cb8b4 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -24,6 +24,8 @@
#include <public/hvm/params.h>
+uint32_t host_msr_debugctl;
+
DEFINE_PER_CPU(uint32_t, tsc_aux);
int init_vcpu_msr_policy(struct vcpu *v)
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index d554c9d41edd..7d8eee013d00 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1936,9 +1936,12 @@ void asmlinkage do_debug(struct cpu_user_regs *regs)
*/
write_debugreg(6, X86_DR6_DEFAULT);
+ if ( !( dr6 & DR_TRAP11 ) )
+ return;
+
/* #DB automatically disabled LBR. Reinstate it if debugging Xen. */
if ( cpu_has_xen_lbr )
- wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR);
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
if ( !guest_mode(regs) )
{
@@ -2130,7 +2133,10 @@ void percpu_traps_init(void)
}
if ( cpu_has_xen_lbr )
- wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR);
+ {
+ host_msr_debugctl |= IA32_DEBUGCTLMSR_LBR;
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
+ }
}
/* Exception entries */
--
2.34.1
effects of DoS.
The value to restore MSR_DEBUGCTL to after VMExit will now depend on
whether BLD is enabled or not.
Restore MSR_DEBUGCTL after being cleared by storing a copy of the
register value in memory, instead of hard-coding it.
Signed-off-by: Matthew Barnes <matthew.barnes@cloud.com>
---
xen/arch/x86/cpu/common.c | 5 +++++
xen/arch/x86/hvm/vmx/entry.S | 2 +-
xen/arch/x86/include/asm/debugreg.h | 1 +
xen/arch/x86/include/asm/msr-index.h | 1 +
xen/arch/x86/include/asm/msr.h | 2 ++
xen/arch/x86/msr.c | 2 ++
xen/arch/x86/traps.c | 10 ++++++++--
7 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index 28d7f34c4dbe..f11ac06f8292 100644
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -623,6 +623,11 @@ void identify_cpu(struct cpuinfo_x86 *c)
}
setup_doitm();
+
+ if (cpu_has(c, X86_FEATURE_BLD)) {
+ host_msr_debugctl |= IA32_DEBUGCTLMSR_BLD;
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
+ }
}
/* leaf 0xb SMT level */
diff --git a/xen/arch/x86/hvm/vmx/entry.S b/xen/arch/x86/hvm/vmx/entry.S
index 1bead826caa3..a0148f78584d 100644
--- a/xen/arch/x86/hvm/vmx/entry.S
+++ b/xen/arch/x86/hvm/vmx/entry.S
@@ -46,8 +46,8 @@ ENTRY(vmx_asm_vmexit_handler)
/* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
/* Hardware clears MSR_DEBUGCTL on VMExit. Reinstate it if debugging Xen. */
+ mov host_msr_debugctl(%rip), %eax
.macro restore_lbr
- mov $IA32_DEBUGCTLMSR_LBR, %eax
mov $MSR_IA32_DEBUGCTLMSR, %ecx
xor %edx, %edx
wrmsr
diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm/debugreg.h
index 2bdaf5d9aa11..9c048ae215d6 100644
--- a/xen/arch/x86/include/asm/debugreg.h
+++ b/xen/arch/x86/include/asm/debugreg.h
@@ -19,6 +19,7 @@
#define DR_TRAP1 (0x2) /* db1 */
#define DR_TRAP2 (0x4) /* db2 */
#define DR_TRAP3 (0x8) /* db3 */
+#define DR_TRAP11 (0x800) /* db11 */
#define DR_STEP (0x4000) /* single-step */
#define DR_SWITCH (0x8000) /* task switch */
#define DR_NOT_RTM (0x10000) /* clear: #BP inside RTM region */
diff --git a/xen/arch/x86/include/asm/msr-index.h b/xen/arch/x86/include/asm/msr-index.h
index 92dd9fa4962c..2e397bd28c77 100644
--- a/xen/arch/x86/include/asm/msr-index.h
+++ b/xen/arch/x86/include/asm/msr-index.h
@@ -292,6 +292,7 @@
#define MSR_IA32_DEBUGCTLMSR 0x000001d9
#define IA32_DEBUGCTLMSR_LBR (1<<0) /* Last Branch Record */
#define IA32_DEBUGCTLMSR_BTF (1<<1) /* Single Step on Branches */
+#define IA32_DEBUGCTLMSR_BLD (1<<2) /* Bus Lock Detect */
#define IA32_DEBUGCTLMSR_TR (1<<6) /* Trace Message Enable */
#define IA32_DEBUGCTLMSR_BTS (1<<7) /* Branch Trace Store */
#define IA32_DEBUGCTLMSR_BTINT (1<<8) /* Branch Trace Interrupt */
diff --git a/xen/arch/x86/include/asm/msr.h b/xen/arch/x86/include/asm/msr.h
index 1d8ea9f26faa..9ff7dcc8ca8b 100644
--- a/xen/arch/x86/include/asm/msr.h
+++ b/xen/arch/x86/include/asm/msr.h
@@ -432,4 +432,6 @@ int init_vcpu_msr_policy(struct vcpu *v);
int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val);
int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val);
+extern uint32_t host_msr_debugctl;
+
#endif /* __ASM_MSR_H */
diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 9babd441f9d4..7d9d162cb8b4 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -24,6 +24,8 @@
#include <public/hvm/params.h>
+uint32_t host_msr_debugctl;
+
DEFINE_PER_CPU(uint32_t, tsc_aux);
int init_vcpu_msr_policy(struct vcpu *v)
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index d554c9d41edd..7d8eee013d00 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -1936,9 +1936,12 @@ void asmlinkage do_debug(struct cpu_user_regs *regs)
*/
write_debugreg(6, X86_DR6_DEFAULT);
+ if ( !( dr6 & DR_TRAP11 ) )
+ return;
+
/* #DB automatically disabled LBR. Reinstate it if debugging Xen. */
if ( cpu_has_xen_lbr )
- wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR);
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
if ( !guest_mode(regs) )
{
@@ -2130,7 +2133,10 @@ void percpu_traps_init(void)
}
if ( cpu_has_xen_lbr )
- wrmsrl(MSR_IA32_DEBUGCTLMSR, IA32_DEBUGCTLMSR_LBR);
+ {
+ host_msr_debugctl |= IA32_DEBUGCTLMSR_LBR;
+ wrmsrl(MSR_IA32_DEBUGCTLMSR, host_msr_debugctl);
+ }
}
/* Exception entries */
--
2.34.1