The current HVM default for writes to unknown MSRs is to inject #GP if the MSR
is unreadable, and discard writes otherwise. While this behaviour isn't great,
the PV default is even worse, because it swallows writes even to non-readable
MSRs.  i.e. A PV guest doesn't even get a #GP fault for a write to a totally
bogus index.

Update PV to make it consistent with HVM, which will simplify the task of
making other improvements to the default MSR behaviour.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
---
 xen/arch/x86/pv/emul-priv-op.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/pv/emul-priv-op.c b/xen/arch/x86/pv/emul-priv-op.c
index f14552cb4b..efeb2a727e 100644
--- a/xen/arch/x86/pv/emul-priv-op.c
+++ b/xen/arch/x86/pv/emul-priv-op.c
@@ -1113,7 +1113,10 @@ static int write_msr(unsigned int reg, uint64_t val,
         }
         /* fall through */
     default:
-        if ( (rdmsr_safe(reg, temp) != 0) || (val != temp) )
+        if ( rdmsr_safe(reg, temp) )
+            break;
+
+        if ( val != temp )
     invalid:
             gdprintk(XENLOG_WARNING,
                      "Domain attempted WRMSR %08x from 0x%016"PRIx64" to 0x%016"PRIx64"\n",
-- 
2.11.0

On 23.07.2020 20:26, Andrew Cooper wrote:
> The current HVM default for writes to unknown MSRs is to inject #GP if the MSR
> is unreadable, and discard writes otherwise. While this behaviour isn't great,
> the PV default is even worse, because it swallows writes even to non-readable
> MSRs.  i.e. A PV guest doesn't even get a #GP fault for a write to a totally
> bogus index.
> 
> Update PV to make it consistent with HVM, which will simplify the task of
> making other improvements to the default MSR behaviour.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>