From 0d4d9e8f55602415475e04a5dc8b4ad27845a7f9 Mon Sep 17 00:00:00 2001
From: Jan Beulich <jbeulich@suse.com>
Date: Tue, 18 Dec 2018 15:19:47 +0100
Subject: [PATCH] x86emul: work around SandyBridge errata

There are a number of exception condition related errata on SandyBridge
CPUs, some of which are unexpected #UD (others, of no interest here, are
lack of mandated exceptions, or exceptions of unexpected type). Annotate
the one workaround we already have, and add two more.

Due to the exception recovery we have in place for stub invocations
these aren't security issues.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 xen/arch/x86/x86_emulate/x86_emulate.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/xen/arch/x86/x86_emulate/x86_emulate.c b/xen/arch/x86/x86_emulate/x86_emulate.c
index 7f694fea17..d6c97651e2 100644
--- a/xen/arch/x86/x86_emulate/x86_emulate.c
+++ b/xen/arch/x86/x86_emulate/x86_emulate.c
@@ -6079,9 +6079,11 @@ x86_emulate(
         else
         {
             generate_exception_if(vex.reg != 0xf, EXC_UD);
-            vex.l = 0;
             host_and_vcpu_must_have(avx);
             get_fpu(X86EMUL_FPU_ymm);
+
+            /* Work around erratum BT230. */
+            vex.l = 0;
         }
 
         opc = init_prefixes(stub);
@@ -6984,6 +6986,9 @@ x86_emulate(
             get_fpu(X86EMUL_FPU_mmx);
         }
 
+        /* Work around erratum BT36. */
+        vex.w = 0;
+
         opc = init_prefixes(stub);
         opc[0] = b;
         insn_bytes = PFX_BYTES + 1;
@@ -8816,6 +8821,11 @@ x86_emulate(
         generate_exception_if(vex.l || vex.reg != 0xf, EXC_UD);
         host_and_vcpu_must_have(avx);
         get_fpu(X86EMUL_FPU_ymm);
+
+        /* Work around erratum BT41. */
+        if ( !mode_64bit() )
+            vex.w = 0;
+
         opc = init_prefixes(stub);
         goto pextr;
 
-- 
2.30.2