File xsa263-3.patch of Package xen.11298
# Commit cd53023df952cf0084be9ee3d15a90f8837049c2
# Date 2018-05-21 14:20:06 +0100
# Author Andrew Cooper <andrew.cooper3@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/msr: Virtualise MSR_SPEC_CTRL.SSBD for guests to use
Almost all infrastructure is already in place. Update the reserved bits
calculation in guest_wrmsr().
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
--- a/tools/libxc/xc_cpufeature.h
+++ b/tools/libxc/xc_cpufeature.h
@@ -148,5 +148,6 @@
/* Intel-defined CPU features, CPUID level 0x00000007:0 (edx) */
#define X86_FEATURE_IBRSB 26 /* IBRS and IBPB support (used by Intel) */
#define X86_FEATURE_STIBP 27 /* STIBP */
+#define X86_FEATURE_SSBD 31 /* MSR_SPEC_CTRL.SSBD available */
#endif /* __LIBXC_CPUFEATURE_H */
--- a/tools/libxc/xc_cpuid_x86.c
+++ b/tools/libxc/xc_cpuid_x86.c
@@ -368,7 +368,8 @@ static void xc_cpuid_hvm_policy(
bitmaskof(X86_FEATURE_SMAP) |
bitmaskof(X86_FEATURE_FSGSBASE));
regs[3] &= (bitmaskof(X86_FEATURE_IBRSB) |
- bitmaskof(X86_FEATURE_STIBP));
+ bitmaskof(X86_FEATURE_STIBP) |
+ bitmaskof(X86_FEATURE_SSBD));
} else
regs[1] = regs[3] = 0;
regs[0] = regs[2] = 0;
@@ -510,7 +511,8 @@ static void xc_cpuid_pv_policy(
bitmaskof(X86_FEATURE_ADX) |
bitmaskof(X86_FEATURE_FSGSBASE));
regs[3] &= (bitmaskof(X86_FEATURE_IBRSB) |
- bitmaskof(X86_FEATURE_STIBP));
+ bitmaskof(X86_FEATURE_STIBP) |
+ bitmaskof(X86_FEATURE_SSBD));
}
else
regs[1] = regs[3] = 0;
--- a/xen/arch/x86/domctl.c
+++ b/xen/arch/x86/domctl.c
@@ -1303,7 +1303,8 @@ long arch_do_domctl(
* ignored) when STIBP isn't enumerated in hardware.
*/
- if ( msr.value & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP) )
+ if ( msr.value & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP |
+ (boot_cpu_has(X86_FEATURE_SSBD) ? SPEC_CTRL_SSBD : 0)) )
break;
v->arch.spec_ctrl = msr.value;
continue;
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -4698,7 +4698,9 @@ int hvm_msr_write_intercept(unsigned int
* when STIBP isn't enumerated in hardware.
*/
- if ( msr_content & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP) )
+ if ( msr_content & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP |
+ (edx & cpufeat_mask(X86_FEATURE_SSBD)
+ ? SPEC_CTRL_SSBD : 0)) )
goto gp_fault; /* Rsvd bit set? */
v->arch.spec_ctrl = msr_content;
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -674,7 +674,8 @@ static int vmx_load_msr(struct vcpu *v,
* ignored) when STIBP isn't enumerated in hardware.
*/
else if ( ctxt->msr[i].val &
- ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP) )
+ ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP |
+ (boot_cpu_has(X86_FEATURE_SSBD) ? SPEC_CTRL_SSBD : 0)) )
err = -ENXIO;
else
v->arch.spec_ctrl = ctxt->msr[i].val;
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -2673,7 +2673,9 @@ static int emulate_privileged_op(struct
* when STIBP isn't enumerated in hardware.
*/
- if ( msr_content & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP) )
+ if ( msr_content & ~(SPEC_CTRL_IBRS | SPEC_CTRL_STIBP |
+ (edx & cpufeat_mask(X86_FEATURE_SSBD)
+ ? SPEC_CTRL_SSBD : 0)) )
goto fail; /* Rsvd bit set? */
v->arch.spec_ctrl = eax;
