x86emul: work around SandyBridge errata

There are a number of exception condition related errata on SandyBridge
CPUs, some of which are unexpected #UD (others, of no interest here, are
lack of mandated exceptions, or exceptions of unexpected type). Annotate
the one workaround we already have, and add two more.

Due to the exception recovery we have in place for stub invocations
these aren't security issues.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 7f694fea17ac913ae9fa3d814e6d4dd1973616d0..d6c97651e22bfd39f620288602cb025caf7faeed 100644 (file)
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -6079,9 +6079,11 @@ x86_emulate(
         else
         {
             generate_exception_if(vex.reg != 0xf, EXC_UD);
-            vex.l = 0;
             host_and_vcpu_must_have(avx);
             get_fpu(X86EMUL_FPU_ymm);
+
+            /* Work around erratum BT230. */
+            vex.l = 0;
         }
 
         opc = init_prefixes(stub);
@@ -6984,6 +6986,9 @@ x86_emulate(
             get_fpu(X86EMUL_FPU_mmx);
         }
 
+        /* Work around erratum BT36. */
+        vex.w = 0;
+
         opc = init_prefixes(stub);
         opc[0] = b;
         insn_bytes = PFX_BYTES + 1;
@@ -8816,6 +8821,11 @@ x86_emulate(
         generate_exception_if(vex.l || vex.reg != 0xf, EXC_UD);
         host_and_vcpu_must_have(avx);
         get_fpu(X86EMUL_FPU_ymm);
+
+        /* Work around erratum BT41. */
+        if ( !mode_64bit() )
+            vex.w = 0;
+
         opc = init_prefixes(stub);
         goto pextr;