From c1cb8243024791e562d55ba85e996ef69aea1c0e Mon Sep 17 00:00:00 2001 From: "kaf24@firebug.cl.cam.ac.uk" Date: Wed, 14 Dec 2005 19:35:38 +0100 Subject: [PATCH] Prevent new potential features from being exposed to the guests when not virtualized properly. Guests can attempt to set the control registers, etc. (and get #GP and panic) if they are aware of the new feature and the cpuid says it's available. Signed-off-by: --- xen/arch/x86/vmx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xen/arch/x86/vmx.c b/xen/arch/x86/vmx.c index b68356385b..553d74429a 100644 --- a/xen/arch/x86/vmx.c +++ b/xen/arch/x86/vmx.c @@ -503,6 +503,8 @@ static void vmx_do_no_device_fault(void) __vm_clear_bit(EXCEPTION_BITMAP, EXCEPTION_BITMAP_NM); } +/* Reserved bits: [31:15], [12:11], [9], [6], [2:1] */ +#define VMX_VCPU_CPUID_L1_RESERVED 0xffff9a46 static void vmx_vmexit_do_cpuid(unsigned long input, struct cpu_user_regs *regs) { @@ -537,6 +539,7 @@ static void vmx_vmexit_do_cpuid(unsigned long input, struct cpu_user_regs *regs) } /* Unsupportable for virtualised CPUs. */ + ecx &= ~VMX_VCPU_CPUID_L1_RESERVED; /* mask off reserved bits */ clear_bit(X86_FEATURE_VMXE & 31, &ecx); clear_bit(X86_FEATURE_MWAIT & 31, &ecx); } -- 2.30.2