VMX/cpu-policy: disable RDTSCP and INVPCID insns as needed

author Jan Beulich <jbeulich@suse.com>

Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)

committer Jan Beulich <jbeulich@suse.com>

Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)
author Jan Beulich <jbeulich@suse.com>
Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)
committer Jan Beulich <jbeulich@suse.com>
Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c

index 9dc16d0cc6b9100cd0af231782a81e6cb11c4b5d..40767b94c30b3593021bf3fa2d9723ce36d88f1d 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -785,6 +785,30 @@ static void cf_check vmx_cpuid_policy_changed(struct vcpu *v)
      vmx_vmcs_enter(v);
      vmx_update_exception_bitmap(v);
  
+    if ( cp->extd.rdtscp )
+    {
+        v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_ENABLE_RDTSCP;
+        vmx_update_secondary_exec_control(v);
+    }
+    else if ( v->arch.hvm.vmx.secondary_exec_control &
+              SECONDARY_EXEC_ENABLE_RDTSCP )
+    {
+        v->arch.hvm.vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_RDTSCP;
+        vmx_update_secondary_exec_control(v);
+    }
+
+    if ( cp->feat.invpcid )
+    {
+        v->arch.hvm.vmx.secondary_exec_control |= SECONDARY_EXEC_ENABLE_INVPCID;
+        vmx_update_secondary_exec_control(v);
+    }
+    else if ( v->arch.hvm.vmx.secondary_exec_control &
+              SECONDARY_EXEC_ENABLE_INVPCID )
+    {
+        v->arch.hvm.vmx.secondary_exec_control &= ~SECONDARY_EXEC_ENABLE_INVPCID;
+        vmx_update_secondary_exec_control(v);
+    }
+
      /*
       * We can safely pass MSR_SPEC_CTRL through to the guest, even if STIBP
       * isn't enumerated in hardware, as SPEC_CTRL_STIBP is ignored.
author	Jan Beulich <jbeulich@suse.com>
	Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)
committer	Jan Beulich <jbeulich@suse.com>
	Tue, 30 May 2023 09:56:22 +0000 (11:56 +0200)