On Fri, 2018-01-12 at 18:00 +0000, Andrew Cooper wrote:
>
> @@ -152,14 +163,38 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr,
> uint64_t val)
> {
> const struct vcpu *curr = current;
> struct domain *d = v->domain;
> + const struct cpuid_policy *cp = d->arch.cpuid;
> struct msr_domain_policy *dp = d->arch.msr;
> struct msr_vcpu_policy *vp = v->arch.msr;
>
> switch ( msr )
> {
> case MSR_INTEL_PLATFORM_INFO:
> + /* Read-only */
> goto gp_fault;
>
> + case MSR_SPEC_CTRL:
> + if ( !cp->feat.ibrsb )
> + goto gp_fault; /* MSR available? */
> + if ( val & ~(SPEC_CTRL_IBRS |
> + (cp->feat.stibp ? SPEC_CTRL_STIBP : 0)) )Intel defines the STIBP bit as non-faulting and ignored, even when STIBP isn't advertised. So you should probably just mask it out if !cp->feat.stibp. > + goto gp_fault; /* Rsvd bit set? */ > + vp->spec_ctrl.guest = val; > + vp->spec_ctrl.host = val; > + break; > + There's no actual wrmsr there. This is fine, because you're going to do it on the way back to the guest (albeit in a later patch in the series). But it probably warrants a comment?
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
