On 03.12.2024 01:16, Andrew Cooper wrote:
> xc_cpuid_apply_policy() provides compatibility for migration of a pre-4.14 VM
> where no CPUID data was provided in the stream.
>
> It guesses the various max-leaf limits, based on what was true at the time of
> writing, but this was not correctly adapted when speculative security issues
> forced the advertisement of new feature bits. Of note are:
>
> * LFENCE-DISPATCH, in leaf 0x80000021.eax
> * BHI-CTRL, in leaf 0x7[2].edx
>
> In both cases, a VM booted on a security-patched Xen 4.13, and then migrated
> on to any newer version of Xen on the same or compatible hardware would have
> these features stripped back because Xen is still editing the cpu-policy for
> sanity behind the back of the toolstack.
>
> For VMs using BHI_DIS_S to mitigate Native-BHI, this resulted in a failure to
> restore the guests MSR_SPEC_CTRL setting:
>
> (XEN) HVM d7v0 load MSR 0x48 with value 0x401 failed
> (XEN) HVM7 restore: failed to load entry 20/0 rc -6
>
> Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID bit")
> Fixes: f3709b15fc86 ("x86/cpuid: Infrastructure for cpuid word 7:2.edx")
> Signed-off-by: Andrew Cooper <[email protected]>
Reviewed-by: Jan Beulich <[email protected]>
