x86/msr: Correct the emulation behaviour of MSR_PRED_CMD

Experimentally, the behaviour of reserved bits in MSR_PRED_CMD changed between
beta and production microcode, and now raises a #GP fault for set reserved
bits.  The AMD spec for future hardware also specifies this behaviour, and it
is the more sensible behaviour to implement.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>

diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 369b4754ced6d5477751b1b67c9e9ead2ac84b65..d0345611c1b3dab4e1b9193d65270dfb0579cd46 100644 (file)
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -243,11 +243,10 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
         if ( !cp->feat.ibrsb && !cp->extd.ibpb )
             goto gp_fault; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( v == curr && (val & PRED_CMD_IBPB) )
+        if ( val & ~PRED_CMD_IBPB )
+            goto gp_fault; /* Rsvd bit set? */
+
+        if ( v == curr )
             wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
         break;