|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] VMX/cpu-policy: disable RDTSCP and INVPCID insns as needed
commit e56f2106b6727223bd7de03e20fedd1f94da655d
Author: Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Tue May 30 11:56:22 2023 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue May 30 11:56:22 2023 +0200
VMX/cpu-policy: disable RDTSCP and INVPCID insns as needed
When either feature is available in hardware, but disabled for a guest,
the respective insn would better cause #UD if attempted to be used.
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Kevin Tian <kevin.tian@xxxxxxxxx>
---
xen/arch/x86/hvm/vmx/vmx.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 9dc16d0cc6..40767b94c3 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -785,6 +785,30 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu
*v)
vmx_vmcs_enter(v);
vmx_update_exception_bitmap(v);
+ if ( cp->extd.rdtscp )
+ {
+ v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_ENABLE_RDTSCP;
+ vmx_update_secondary_exec_control(v);
+ }
+ else if ( v->arch.hvm.vmx.secondary_exec_control &
+ SECONDARY_EXEC_ENABLE_RDTSCP )
+ {
+ v->arch.hvm.vmx.secondary_exec_control &=
~SECONDARY_EXEC_ENABLE_RDTSCP;
+ vmx_update_secondary_exec_control(v);
+ }
+
+ if ( cp->feat.invpcid )
+ {
+ v->arch.hvm.vmx.secondary_exec_control |=
SECONDARY_EXEC_ENABLE_INVPCID;
+ vmx_update_secondary_exec_control(v);
+ }
+ else if ( v->arch.hvm.vmx.secondary_exec_control &
+ SECONDARY_EXEC_ENABLE_INVPCID )
+ {
+ v->arch.hvm.vmx.secondary_exec_control &=
~SECONDARY_EXEC_ENABLE_INVPCID;
+ vmx_update_secondary_exec_control(v);
+ }
+
/*
* We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP
* isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored.
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |