x86/msr: Don't inject #GP when trying to read FEATURE_CONTROL

Windows 10 will triple fault if #GP is injected when attempting to
read the FEATURE_CONTROL MSR on Intel or compatible hardware. Fix this
by injecting a #GP only when the vendor doesn't support the MSR, even
if there are no features to expose.

Fixes: 39ab598c50a2 ('x86/pv: allow reading FEATURE_CONTROL MSR')
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
[Extended comment]
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index be8e36386250f7321549473e9b93d6511784977e..8ed0b4e9825a2c4f9cf7b717b2e9592a6936c4f7 100644 (file)
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -176,7 +176,16 @@ int guest_rdmsr(struct vcpu *v, uint32_t msr, uint64_t *val)
     switch ( msr )
     {
     case MSR_IA32_FEATURE_CONTROL:
-        if ( !cp->basic.vmx && !vmce_has_lmce(v) )
+        /*
+         * Architecturally, availability of this MSR is enumerated by the
+         * visibility of any sub-feature.  However, Win10 in at some
+         * configurations performs a read before setting up a #GP handler.
+         *
+         * The MSR has existed on all Intel parts since before the 64bit days,
+         * and is implemented by other vendors.
+         */
+        if ( !(cp->x86_vendor & (X86_VENDOR_INTEL | X86_VENDOR_CENTAUR |
+                                 X86_VENDOR_SHANGHAI)) )
             goto gp_fault;
 
         *val = IA32_FEATURE_CONTROL_LOCK;