[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.9] x86/msr: Correct the emulation behaviour of MSR_PRED_CMD



commit 921bff4ea79c5b0d76274c3bb53b08ac4f3cfd55
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Apr 18 16:43:23 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Apr 18 16:43:23 2018 +0200

    x86/msr: Correct the emulation behaviour of MSR_PRED_CMD
    
    Experimentally, the behaviour of reserved bits in MSR_PRED_CMD changed 
between
    beta and production microcode, and now raises a #GP fault for set reserved
    bits.  The AMD spec for future hardware also specifies this behaviour, and 
it
    is the more sensible behaviour to implement.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    
    x86/msr: further correct the emulation behaviour of MSR_PRED_CMD
    
    Following commit a6aa678fa3 ("x86/msr: Correct the emulation behaviour
    of MSR_PRED_CMD") we may end up writing the low bit with the wrong
    value. While it's unlikely for a guest to want to write zero there, we
    should still permit (this without incurring the overhead of an actual
    barrier). Correcting this right away will also help whenever further
    bits in the MSR might become defined.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: a6aa678fa380e9369cc44701a181142322b3a4b0
    master date: 2018-04-16 13:18:19 +0100
    master commit: a996273d1fc10d14598985703227bfa35a91f681
    master date: 2018-04-18 11:16:37 +0200
---
 xen/arch/x86/hvm/hvm.c | 10 ++++------
 xen/arch/x86/traps.c   | 10 ++++------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index df85b7b9c2..1a47ed98b4 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -3629,12 +3629,10 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t 
msr_content,
         if ( !d->arch.cpuid->feat.ibrsb && !d->arch.cpuid->extd.ibpb )
             goto gp_fault; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( msr_content & PRED_CMD_IBPB )
-            wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
+        if ( msr_content & ~PRED_CMD_IBPB )
+            goto gp_fault; /* Rsvd bit set? */
+
+        wrmsrl(MSR_PRED_CMD, msr_content);
         break;
 
     case MSR_ARCH_CAPABILITIES:
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 3b1e62f9f5..b56a26a1af 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2881,12 +2881,10 @@ static int priv_op_write_msr(unsigned int reg, uint64_t 
val,
         if ( !currd->arch.cpuid->feat.ibrsb && !currd->arch.cpuid->extd.ibpb )
             break; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( val & PRED_CMD_IBPB )
-            wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
+        if ( val & ~PRED_CMD_IBPB )
+            break; /* Rsvd bit set? */
+
+        wrmsrl(MSR_PRED_CMD, val);
         return X86EMUL_OKAY;
 
     case MSR_INTEL_MISC_FEATURES_ENABLES:
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.9

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.