[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.7] x86/msr: Correct the emulation behaviour of MSR_PRED_CMD

commit 2fbc00615061d8931acfd2908426ba5fa0132ca3
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Wed Apr 18 16:56:22 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Apr 18 16:56:22 2018 +0200

    x86/msr: Correct the emulation behaviour of MSR_PRED_CMD
    
    Experimentally, the behaviour of reserved bits in MSR_PRED_CMD changed 
between
    beta and production microcode, and now raises a #GP fault for set reserved
    bits.  The AMD spec for future hardware also specifies this behaviour, and 
it
    is the more sensible behaviour to implement.
    
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    
    x86/msr: further correct the emulation behaviour of MSR_PRED_CMD
    
    Following commit a6aa678fa3 ("x86/msr: Correct the emulation behaviour
    of MSR_PRED_CMD") we may end up writing the low bit with the wrong
    value. While it's unlikely for a guest to want to write zero there, we
    should still permit (this without incurring the overhead of an actual
    barrier). Correcting this right away will also help whenever further
    bits in the MSR might become defined.
    
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: a6aa678fa380e9369cc44701a181142322b3a4b0
    master date: 2018-04-16 13:18:19 +0100
    master commit: a996273d1fc10d14598985703227bfa35a91f681
    master date: 2018-04-18 11:16:37 +0200
---
 xen/arch/x86/hvm/hvm.c | 10 ++++------
 xen/arch/x86/traps.c   | 10 ++++------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 5211c23fb2..ff1c6fa59a 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4007,12 +4007,10 @@ int hvm_msr_write_intercept(unsigned int msr, uint64_t 
msr_content,
              !(ebx & cpufeat_mask(X86_FEATURE_IBPB)) )
             goto gp_fault; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( msr_content & PRED_CMD_IBPB )
-            wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
+        if ( msr_content & ~PRED_CMD_IBPB )
+            goto gp_fault; /* Rsvd bit set? */
+
+        wrmsrl(MSR_PRED_CMD, msr_content);
         break;
 
     case MSR_ARCH_CAPABILITIES:
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index f37ff7ecd6..d317a28a0e 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2919,12 +2919,10 @@ static int emulate_privileged_op(struct cpu_user_regs 
*regs)
                  !(ebx & cpufeat_mask(X86_FEATURE_IBPB)) )
                 goto fail; /* MSR available? */
 
-            /*
-             * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-             * practice, real hardware accepts any value without faulting.
-             */
-            if ( eax & PRED_CMD_IBPB )
-                wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
+            if ( msr_content & ~PRED_CMD_IBPB )
+                goto fail; /* Rsvd bit set? */
+
+            wrmsrl(MSR_PRED_CMD, msr_content);
             break;
 
         case MSR_P6_PERFCTR(0)...MSR_P6_PERFCTR(7):
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.7

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.