vmm(4): Mask Spectre feature bits on AMD hosts

For parity with Intel hosts, which already mask out the CPUID feature bits that indicate the presence of the SPEC_CTRL MSR, do the same on AMD. Eventually we may want to have a better support story for guests, but for now, limit the damage of incorrectly indicating an MSR we do not yet support. Eventually, we may want a generic CPUID override system for administrators, or for minimum supported feature set in heterogenous environments with failover. That is a much larger scope effort than this bug fix. PR: 235010 Reported by: Rys Sommefeldt <rys AT sommefeldt.com> Sponsored by: Dell EMC Isilon
2019-01-18 23:54:51 +00:00 · 2019-01-18 23:54:51 +00:00 · d0c7cde53e
commit d0c7cde53e
parent 61ef814f56
1 changed files with 8 additions and 0 deletions
--- a/sys/amd64/vmm/x86.c
+++ b/sys/amd64/vmm/x86.c
@ -136,6 +136,14 @@ x86_emulate_cpuid(struct vm *vm, int vcpu_id,
 		case CPUID_8000_0008:
 			cpuid_count(*eax, *ecx, regs);
 			if (vmm_is_amd()) {
+				/*
+				 * As on Intel (0000_0007:0, EDX), mask out
+				 * unsupported or unsafe AMD extended features
+				 * (8000_0008 EBX).
+				 */
+				regs[1] &= (AMDFEID_CLZERO | AMDFEID_IRPERF |
+				    AMDFEID_XSAVEERPTR);
+
 				vm_get_topology(vm, &sockets, &cores, &threads,
 				    &maxcpus);
 				/*