From a6aa678fa380e9369cc44701a181142322b3a4b0 Mon Sep 17 00:00:00 2001
From: Andrew Cooper <andrew.cooper3@citrix.com>
Date: Mon, 16 Apr 2018 10:56:00 +0000
Subject: [PATCH] x86/msr: Correct the emulation behaviour of MSR_PRED_CMD

Experimentally, the behaviour of reserved bits in MSR_PRED_CMD changed between
beta and production microcode, and now raises a #GP fault for set reserved
bits.  The AMD spec for future hardware also specifies this behaviour, and it
is the more sensible behaviour to implement.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Release-acked-by: Juergen Gross <jgross@suse.com>
---
 xen/arch/x86/msr.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/msr.c b/xen/arch/x86/msr.c
index 369b4754ce..d0345611c1 100644
--- a/xen/arch/x86/msr.c
+++ b/xen/arch/x86/msr.c
@@ -243,11 +243,10 @@ int guest_wrmsr(struct vcpu *v, uint32_t msr, uint64_t val)
         if ( !cp->feat.ibrsb && !cp->extd.ibpb )
             goto gp_fault; /* MSR available? */
 
-        /*
-         * The only defined behaviour is when writing PRED_CMD_IBPB.  In
-         * practice, real hardware accepts any value without faulting.
-         */
-        if ( v == curr && (val & PRED_CMD_IBPB) )
+        if ( val & ~PRED_CMD_IBPB )
+            goto gp_fault; /* Rsvd bit set? */
+
+        if ( v == curr )
             wrmsrl(MSR_PRED_CMD, PRED_CMD_IBPB);
         break;
 
-- 
2.39.5