x86/cpuid: Calculate a guests xfeature_mask from its featureset
libxc current performs the xstate calculation for guests, and provides the
information to Xen to be used when satisfying CPUID traps. (There is further
work planned to improve this arrangement, but the worst a buggy toolstack can
do is make junk appear in the cpuid leaves for the guest.)
dom0 however has no policy constructed for it, and certain fields filter
straight through from hardware.
Linux queries CPUID.7[0].{EAX/EDX} alone to choose a setting for %xcr0, which
is a valid action to take, but features such as MPX and PKRU are not supported
for PV guests. As a result, Linux, using leaked hardware information, fails
to set %xcr0 on newer Skylake hardware with PKRU support, and crashes.
As an interim solution, dynamically calculate the correct xfeature_mask and
xstate_size to report to the guest for CPUID.7[0] queries. This ensures that
domains don't see leaked hardware values, even when no cpuid policy is
provided.
Similarly, CPUID.7[1]{ECX/EDX} represents the applicable settings for MSR_XSS.
As Xen doesn't yet support any XSS states in guests, unconditionally zero
them.
Reported-by: Luwei Kang <luwei.kang@intel.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Luwei Kang <luwei.kang@intel.com>
Release-acked-by: Wei Liu <wei.liu2@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
projects / xen.git / commit