The behaviour of reserved bits in MSR_PRED_CMD changed between beta and
production microcode, and now raises a #GP fault for set reserved bits. The
AMD spec for future hardware also specifies this behaviour.

Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
---
CC: Jan Beulich <jbeul...@suse.com>
CC: Juergen Gross <jgr...@suse.com>

This wants backporting to all trees which gained Spectre workarounds, and
therefore wants including in 4.11 at this point.
---
 xen/arch/x86/msr.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 369b475..d034561 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -243,11 +243,10 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t 
val)
         if ( !cp->feat.ibrsb && !cp->extd.ibpb )
             goto gp_fault; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( v == curr && (val & PRED_CMD_IBPB) )
+        if ( val & ~PRED_CMD_IBPB )
+            goto gp_fault; /* Rsvd bit set? */
+
+        if ( v == curr )
             wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
         break;
 
-- 
2.1.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Reply via email to