Prevent new potential features from being exposed to the

guests when not virtualized properly. Guests can attempt to set the
control registers, etc. (and get #GP and panic) if they are aware of the
new feature and the cpuid says it's available.

Signed-off-by: <jun.nakajima@intel.com>

diff --git a/xen/arch/x86/vmx.c b/xen/arch/x86/vmx.c
index b68356385b5ec2375f656b999a98e3087f97dcc4..553d74429a5496e22ed82a014b379b4ae4aa9d19 100644 (file)
--- a/xen/arch/x86/vmx.c
+++ b/xen/arch/x86/vmx.c
@@ -503,6 +503,8 @@ static void vmx_do_no_device_fault(void)
     __vm_clear_bit(EXCEPTION_BITMAP, EXCEPTION_BITMAP_NM);
 }
 
+/* Reserved bits: [31:15], [12:11], [9], [6], [2:1] */
+#define VMX_VCPU_CPUID_L1_RESERVED 0xffff9a46 
 
 static void vmx_vmexit_do_cpuid(unsigned long input, struct cpu_user_regs *regs)
 {
@@ -537,6 +539,7 @@ static void vmx_vmexit_do_cpuid(unsigned long input, struct cpu_user_regs *regs)
         }
 
         /* Unsupportable for virtualised CPUs. */
+        ecx &= ~VMX_VCPU_CPUID_L1_RESERVED; /* mask off reserved bits */
         clear_bit(X86_FEATURE_VMXE & 31, &ecx);
         clear_bit(X86_FEATURE_MWAIT & 31, &ecx);
     }