From nobody Sun May 19 13:14:44 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1693316669; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Z/iLAjAjldO0dVuDSN7xVeSCOxjiXr1lVJuE+VNOaVdlJ/MBeP1ix4K7VIDypZtnxcwtAj1zEQDFa4oUfLYTYsEH1IEy4J20WlGdSA1xcRZGgujFdtO48AO1suxGiD8qfAb9n+u6tF0fHLiesrdcmX1R9yREFnOMOFJQQTmp+YI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1693316669;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=LYpT8N4L0jGUIp/MOlDqa2+ktq5BHsp9rX/s/1lqq6o=;
	b=D8CYeEue2/TP59rRj7GtYPe+njEL9BZdwPEtzWZBIKIDQHxFxQYHcI1kyJVW952J5akf2+rPoUDc7uoHZe4X8q9dWzv6JVMq3cTpdvXlWvNUnpHI7Z423b/pFKQDGgsRjbjHItFpvP9z/XUZzWnlO7TxR9f6LP/jnt1/ahd/Uq8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 169331666952835.24179532739868;
 Tue, 29 Aug 2023 06:44:29 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.592239.924906 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0Y-0004iY-Vi; Tue, 29 Aug 2023 13:43:50 +0000
Received: by outflank-mailman (output) from mailman id 592239.924906;
 Tue, 29 Aug 2023 13:43:50 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0Y-0004iR-T5; Tue, 29 Aug 2023 13:43:50 +0000
Received: by outflank-mailman (input) for mailman id 592239;
 Tue, 29 Aug 2023 13:43:48 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=Wiqx=EO=citrix.com=prvs=598c0cf4a=Andrew.Cooper3@srs-se1.protection.inumbo.net>)
 id 1qaz0W-0004TH-U5
 for xen-devel@lists.xenproject.org; Tue, 29 Aug 2023 13:43:48 +0000
Received: from esa3.hc3370-68.iphmx.com (esa3.hc3370-68.iphmx.com
 [216.71.145.155]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id 13c74970-4672-11ee-9b0d-b553b5be7939;
 Tue, 29 Aug 2023 15:43:47 +0200 (CEST)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 13c74970-4672-11ee-9b0d-b553b5be7939
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=citrix.com; s=securemail; t=1693316627;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=xe99RwbYBP3BHDDttjoRcDbqQqmftTeKL9chAAMix0I=;
  b=Q0I37cxDsnOkcbs2Vw2JNjVzVmMXbBa9SwNTscHEXgGFXLmFFePATuUL
   S9ZM2cm/G18Gxz5zw6C5vPkCi8QHKInh2E2A6l1m5bz5k3Yz2tMawIyYE
   5J3euFWbYJ3i1fsypi6DAsrMN0j0qHfZTJm8EHo2vY40x0EJbnNpqIURl
   Q=;
Authentication-Results: esa3.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none
X-SBRS: 4.0
X-MesageID: 120997914
X-Ironport-Server: esa3.hc3370-68.iphmx.com
X-Remote-IP: 162.221.156.123
X-Policy: $RELAYED
IronPort-Data: A9a23:vJ9He6ChM7VPzhVW/wHjw5YqxClBgxIJ4kV8jS/XYbTApDIk1jBVn
 2ZLXm6PPPvcNjT8L9x2btux9B9XuJKAxtNrQQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h
 yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs
 t7pyyHlEAbNNwVcbCRMscpvlDs15K6p4GNC7wRnDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS
 uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada
 jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw4tlVOCJn0
 tYiNHMWZR2Mh8Dm0YqcY7w57igjBJGD0II3v3hhyXfSDOo8QICFSKLPjTNa9G5u3IYUR6+YP
 pdHL2M1N3wsYDUWUrsTILs4kP2lmT/UdDpApUjOjaE2/3LS3Ep6172F3N/9I4bSFJQKzx/Ez
 o7A1zv3BzdGCY2d8j/G+XG1nNXEuxzgBbtHQdVU8dY12QbOlwT/EiY+RVa95PW0lEO6c9ZeM
 FAPvDojq7Ao806mRcW7WAe3yFamlBMBX9tbE8Uh9RqAjKHT5m6xGWwsXjNHLts8u6ceRz0s0
 V/PnNrvCnpsqpWaTHuc8vGfqjbaBMQOBTZcP2leF1JDuoS95thp1XojU+qPDoatsf/MWhjX6
 QqW7zM1iroTr54a74KSqAWvby2XmrDFSQs85wPyV22j7x9kaIPNW7FE+WQ3/t4bct/HEwDpU
 Gws3pHHsbtQVc3leDmlGr1lIV2/2xqS3NQwa3ZLFoJpyTmi8mXLkWt4sGAnfxcB3irplFbUj
 K7vVeF5vs870JiCN/Ufj2eN5yMClPOIKDgdfqqIBueim7AoHON9wAlgZFSLw0fmm1U2nKc0N
 P+zKJj9VixGVvs+k2HqH4/xNIPHIQhkmQvuqW3TlUz7gdJymlbIIVv6DLd+Rr9gt/7VyOkk2
 91eK9GL231ivB7WO0HqHXooBQlSdxATXMmmw/G7g8bfemKK7kl9Ua6OqV7gEqQ595loehDgp
 SrjBhEFmQKi2xUq62yiMxheVV8mZr4nxVpTAMDmFQzAN6QLCWp30JoiSg==
IronPort-HdrOrdr: A9a23:vdSfDa0VzpvUSbQbZ8P51wqjBIgkLtp133Aq2lEZdPUCSL3+qy
 nIpoV56faUslYssR4b8uxoVJPrfZq+z/9ICOsqUotKBzOW3FdARbsKhbcKpQeMJ8SUzIBgPM
 lbH5SXp7fLfD5HZWqR2njbLz6AquP3lZyVuQ==
X-Talos-CUID: 9a23:2mP8N28HtP3T+RWWXpKVv1YrOPlmW1r39muTOES1BmZLGKytbnbFrQ==
X-Talos-MUID: 9a23:AAG+ngU7L5nvbfvq/GDigRc+CZZq2KHtA0MUi68NnfafaBUlbg==
X-IronPort-AV: E=Sophos;i="6.02,210,1688443200";
   d="scan'208";a="120997914"
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>, Jan Beulich
	<JBeulich@suse.com>, =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?=
	<roger.pau@citrix.com>, Wei Liu <wl@xen.org>, Jinoh Kang
	<jinoh.kang.kr@gmail.com>
Subject: [PATCH 1/3] x86: Reject bad %dr6/%dr7 values when loading guest state
Date: Tue, 29 Aug 2023 14:43:31 +0100
Message-ID: <20230829134333.3551243-2-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
References: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1693316670111100003

Right now, bad PV state is silently dropped and zeroed, while bad HVM state=
 is
passed directly to hardware and can trigger VMEntry/VMRUN failures.  e.g.

  (XEN) d12v0 vmentry failure (reason 0x80000021): Invalid guest state (0)
  ...
  (XEN) RFLAGS=3D0x00000002 (0x00000002)  DR7 =3D 0x4000000000000001

Furthermore, prior to c/s 30f43f4aa81e ("x86: Reorganise and rename debug
register fields in struct vcpu") in Xen 4.11 where v->arch.dr6 was reduced =
in
width, the toolstack can cause a host crash by loading a bad %dr6 value on
VT-x hardware.

Reject any %dr6/7 values with upper bits set.  For PV guests, also audit
%dr0..3 so they aren't silently zeroed later in the function.  Leave a comm=
ent
behind explaing how %dr4/5 handling changed, and why they're ignored now.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Jinoh Kang <jinoh.kang.kr@gmail.com>
---
 xen/arch/x86/domain.c  | 19 +++++++++++++++++++
 xen/arch/x86/hvm/hvm.c |  8 ++++++++
 2 files changed, 27 insertions(+)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index fe86a7f8530f..0698e6d486fe 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -1074,8 +1074,27 @@ int arch_set_info_guest(
 #endif
     flags =3D c(flags);
=20
+    if ( !compat )
+    {
+        if ( c(debugreg[6]) !=3D (uint32_t)c(debugreg[6]) ||
+             c(debugreg[7]) !=3D (uint32_t)c(debugreg[7]) )
+            return -EINVAL;
+    }
+
     if ( is_pv_domain(d) )
     {
+        /*
+         * Prior to Xen 4.11, dr5 was used to hold the emulated-only
+         * subset of dr7, and dr4 was unused.
+         *
+         * In Xen 4.11 and later, dr4/5 are written as zero, ignored for
+         * backwards compatibility, and dr7 emulation is handled
+         * internally.
+         */
+        for ( i =3D 0; i < ARRAY_SIZE(v->arch.dr); i++ )
+            if ( !access_ok(c(debugreg[i]), sizeof(long)) )
+                return -EINVAL;
+
         if ( !compat )
         {
             if ( !is_canonical_address(c.nat->user_regs.rip) ||
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 3a99c0ff20be..3dc2019eca67 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -1032,6 +1032,14 @@ static int cf_check hvm_load_cpu_ctxt(struct domain =
*d, hvm_domain_context_t *h)
         return -EINVAL;
     }
=20
+    if ( ctxt.dr6 !=3D (uint32_t)ctxt.dr6 ||
+         ctxt.dr7 !=3D (uint32_t)ctxt.dr7 )
+    {
+        printk(XENLOG_G_ERR "%pv: HVM restore: bad DR6 %#"PRIx64" or DR7 %=
#"PRIx64"\n",
+               v, ctxt.dr6, ctxt.dr7);
+        return -EINVAL;
+    }
+
     if ( ctxt.cr3 >> d->arch.cpuid->extd.maxphysaddr )
     {
         printk(XENLOG_G_ERR "HVM%d restore: bad CR3 %#" PRIx64 "\n",
--=20
2.30.2


From nobody Sun May 19 13:14:44 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1693316666; cv=none;
	d=zohomail.com; s=zohoarc;
	b=aMKMv3aB+55rcAJpXzy5RNYWCM9s51mfvHgaeL9YH027x9J0EDL59p1YPYSPoQ4GnmjumeLljW1uuh3oI3TzBcZkOgBpJqHb/2FxsSDWBt7hEhNLxCPJJxAGGTEZr1ro8CtdGwUns6NB0YYbCsrfySd1bxzYzSRKiObEQKgKrek=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1693316666;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=8lJQrhFGvDA3R4m3Psg4weMeYgsG/DDocWzoLPw64Ak=;
	b=hAJ2IKVo77dIwisfLy+R/msfesSa/AdfW6nFo3RV+Kt4yWZe7eS+1M8EuoABAoZpcwRc1qWL3GerPH6w8eNDPnS+orBxSeJQjrbpUNhQoSUhV5dqPh6ofxiL5ROG4efqWtoe5O7m6UoluizEgGLtdyDIxmK4gQuuzB5wYfGcYbs=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1693316666192556.2607924410065;
 Tue, 29 Aug 2023 06:44:26 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.592240.924917 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0c-0004z9-7o; Tue, 29 Aug 2023 13:43:54 +0000
Received: by outflank-mailman (output) from mailman id 592240.924917;
 Tue, 29 Aug 2023 13:43:54 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0c-0004yu-3V; Tue, 29 Aug 2023 13:43:54 +0000
Received: by outflank-mailman (input) for mailman id 592240;
 Tue, 29 Aug 2023 13:43:52 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=Wiqx=EO=citrix.com=prvs=598c0cf4a=Andrew.Cooper3@srs-se1.protection.inumbo.net>)
 id 1qaz0a-0004TH-9J
 for xen-devel@lists.xenproject.org; Tue, 29 Aug 2023 13:43:52 +0000
Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com
 [216.71.155.175]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id 14bcaf1a-4672-11ee-9b0d-b553b5be7939;
 Tue, 29 Aug 2023 15:43:50 +0200 (CEST)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 14bcaf1a-4672-11ee-9b0d-b553b5be7939
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=citrix.com; s=securemail; t=1693316630;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=RzbPMPugAWK+qGKTZXd+6jBqguV16fL2HCkt0+KJ7U8=;
  b=fZ6t3Pwt7HDnjJXeX+6DKTo0LBkDKV/5FIFaXk0qIK+qk+J26gH/LuVJ
   UIBhUTwEkssw4ZaRYuNxnrAmaBngXQF8JgQOHn+ORIaM5DollbT5i9o4b
   1rVVN6fuPmuXAerIvotZabLMGOqXC4zs+rNJehX1lu0mSrVfxDTPIkOA2
   U=;
Authentication-Results: esa6.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none
X-SBRS: 4.0
X-MesageID: 120249945
X-Ironport-Server: esa6.hc3370-68.iphmx.com
X-Remote-IP: 162.221.156.123
X-Policy: $RELAYED
IronPort-Data: A9a23:3fA+K6DNW3jAEBVW/wHjw5YqxClBgxIJ4kV8jS/XYbTApDwhhjZUz
 2BLCGuAMqzbYGfzeYsla9vkoB5V7MLWn4Q2QQY4rX1jcSlH+JHPbTi7wuUcHAvJd5GeExg3h
 yk6QoOdRCzhZiaE/n9BCpC48T8nk/nOHuGmYAL9EngZbRd+Tys8gg5Ulec8g4p56fC0GArIs
 t7pyyHlEAbNNwVcbCRMscpvlDs15K6p4GNC7wRnDRx2lAS2e0c9Xcp3yZ6ZdxMUcqEMdsamS
 uDKyq2O/2+x13/B3fv8z94X2mVTKlLjFVDmZkh+AsBOsTAbzsAG6Y4pNeJ0VKtio27hc+ada
 jl6ncfYpQ8BZsUgkQmGOvVSO3kW0aZuoNcrLZUj2CA6IoKvn3bEmp1T4E8K0YIw6+wvJEVzs
 s0iGnMOUUC9ldKt5JGpVbw57igjBJGD0II3v3hhyXfSDOo8QICFSKLPjTNa9G5u3IYUR6+YP
 pdHL2M1N3wsYDUWUrsTILs4kP2lmT/UdDpApUjOjaE2/3LS3Ep6172F3N/9I4bSH5kEzxrFz
 o7A10j6Ais3H+a+9WGMrCup1+zmzXrXVbtHQdVU8dY12QbOlwT/EiY+RVa95PW0lEO6c9ZeM
 FAPvDojq7Ao806mRcW7WAe3yFamlBMBX9tbE8Uh9RqAjKHT5m6xGWwsXjNHLts8u6ceRz0s0
 V/PnNrvCnpsqpWaTHuc8vGfqjbaBMQOBTZcP2leF1JDuoS95thp1XojU+qPDoakhIXQPQy38
 gq47ysB14sBvdUv9LekqAWvby2XmrDFSQs85wPyV22j7x9kaIPNW7FE+WQ3/t4bct/HEwDpU
 Gws3pHHsbtQVc3leDmlGr1lIV2/2xqS3NQwa3ZLFoJpyTmi8mXLkWt4sGAnfxcB3irplFbUj
 K7vVeF5vs870JiCN/Ufj2eN5yMClPOIKDgdfqqIBueim7AoHON9wAlgZFSLw0fmm1U2nKc0N
 P+zKJj9VixGVvs+k2HqH4/xNIPHIQhkmQvuqW3TlUz7gdJymlbIIVv6DLd+Rr9gt/7VyOkk2
 91eK9GL231ivB7WO0HqHXooBQlSdxATXMmmw/G7g8bfemKK7kl9Ua6OqV7gEqQ595loehDgp
 SrjBhEFmQKi2xUq62yiMxheVV8mZr4nxVpTAMDmFQzAN6QLCWp30JoiSg==
IronPort-HdrOrdr: A9a23:vO5RUK9ym4qTvT1n1fxuk+AcI+orL9Y04lQ7vn2ZKSY5TiX4rb
 HKoB1/73XJYVkqN03I9ervBEDiewK/yXcW2+ks1N6ZNWGLhILBFupfBODZsl7d8kPFl9K01c
 1bAtJD4N+bNykGsS4tijPIb+rJw7O8gd+Vbf+19QYIcenzAZsQlzuQDGygYypLbTgDP7UVPr
 yG6PFKojKxEE5nFfhSVhE+Lo7+T8SgruOeXSI7
X-Talos-CUID: 9a23:rfIg2WMLA19Fe+5DSSM/0WopXfEfQD7e8yfuMX+jLUV7V+jA
X-Talos-MUID: =?us-ascii?q?9a23=3A412/Mw4k/AwLaW7UoTg7l/24xoxE4KSUJWs3sKl?=
 =?us-ascii?q?dspfdMH1zEmfEoDmOF9o=3D?=
X-IronPort-AV: E=Sophos;i="6.02,210,1688443200";
   d="scan'208";a="120249945"
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>, Jan Beulich
	<JBeulich@suse.com>, =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?=
	<roger.pau@citrix.com>, Wei Liu <wl@xen.org>, Jinoh Kang
	<jinoh.kang.kr@gmail.com>
Subject: [PATCH 2/3] x86: Introduce new debug.c for debug register
 infrastructure
Date: Tue, 29 Aug 2023 14:43:32 +0100
Message-ID: <20230829134333.3551243-3-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
References: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1693316668854100001

Broken out of the subsequent patch for clarity.

Add stub x86_adj_dr{6,7}_rsvd() functions which will be extended in the
following patch to fix bugs, and adjust debugreg.h to compile with a more
minimal set of includes.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Jinoh Kang <jinoh.kang.kr@gmail.com>
---
 xen/arch/x86/Makefile               |  1 +
 xen/arch/x86/debug.c                | 19 +++++++++++++++++++
 xen/arch/x86/include/asm/debugreg.h | 11 +++++++++++
 3 files changed, 31 insertions(+)
 create mode 100644 xen/arch/x86/debug.c

diff --git a/xen/arch/x86/Makefile b/xen/arch/x86/Makefile
index e642ad6c5578..f3abdf9cd111 100644
--- a/xen/arch/x86/Makefile
+++ b/xen/arch/x86/Makefile
@@ -24,6 +24,7 @@ obj-y +=3D cpuid.o
 obj-$(CONFIG_PV) +=3D compat.o
 obj-$(CONFIG_PV32) +=3D x86_64/compat.o
 obj-$(CONFIG_KEXEC) +=3D crash.o
+obj-y +=3D debug.o
 obj-y +=3D delay.o
 obj-y +=3D desc.o
 obj-bin-y +=3D dmi_scan.init.o
diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c
new file mode 100644
index 000000000000..9900b555d6d3
--- /dev/null
+++ b/xen/arch/x86/debug.c
@@ -0,0 +1,19 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/*
+ * Copyright (C) 2023 XenServer.
+ */
+#include <xen/kernel.h>
+
+#include <xen/lib/x86/cpu-policy.h>
+
+#include <asm/debugreg.h>
+
+unsigned int x86_adj_dr6_rsvd(const struct cpu_policy *p, unsigned int dr6)
+{
+    return dr6;
+}
+
+unsigned int x86_adj_dr7_rsvd(const struct cpu_policy *p, unsigned int dr7)
+{
+    return dr7;
+}
diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm=
/debugreg.h
index 86aa6d714347..673b81ec5eda 100644
--- a/xen/arch/x86/include/asm/debugreg.h
+++ b/xen/arch/x86/include/asm/debugreg.h
@@ -77,7 +77,18 @@
     asm volatile ( "mov %%db" #reg ",%0" : "=3Dr" (__val) );  \
     __val;                                                  \
 })
+
+struct vcpu;
 long set_debugreg(struct vcpu *, unsigned int reg, unsigned long value);
 void activate_debugregs(const struct vcpu *);
=20
+struct cpu_policy;
+
+/*
+ * Architecturally dr6/7 are full GPR-width, but only the bottom 32 bits m=
ay
+ * legally be non-zero.  We avoid avoid storing the upper bits when possib=
le.
+ */
+unsigned int x86_adj_dr6_rsvd(const struct cpu_policy *p, unsigned int dr6=
);
+unsigned int x86_adj_dr7_rsvd(const struct cpu_policy *p, unsigned int dr7=
);
+
 #endif /* _X86_DEBUGREG_H */
--=20
2.30.2


From nobody Sun May 19 13:14:44 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=reject dis=none)  header.from=citrix.com
ARC-Seal: i=1; a=rsa-sha256; t=1693316672; cv=none;
	d=zohomail.com; s=zohoarc;
	b=B45ZeKyms9OFHoawJvMr2U2ErBS8yTINk30uivUE4e7nwweT/S/zGivAC/x+DF60bbegYW2xy+o6ZCmUEpGB/hrAHw9HSHxUI/D2HRY4w0QvSLhaqm0R43No1OqcPqZaMGovlIcMuHE5blriMe/Mh6FEe/DGRzloHRyMlgdW4bE=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1693316672;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Yf6Gs3Qomv99suNOQLpcayGtop88qW0NmPnn5W+Mrxg=;
	b=lrJrsnw6LjYBWejBRbKi52WoPidDvvEDRWMAyE63EdKSdy64sDHt8KVtQ4ikMnqanidiI6pDHxTxE1I5Qcy0Xo3x1EeOmQgD3YB8vDJ0PdJs6/057oDKp2uabLoDlndYhYB3lhBvbDwg7ipGOo+/7MH8lzW9F42ZV0xLjtXm2A8=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<andrew.cooper3@citrix.com> (p=reject dis=none)
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1693316672592670.2644359939216;
 Tue, 29 Aug 2023 06:44:32 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.592241.924927 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0d-0005Fz-Fi; Tue, 29 Aug 2023 13:43:55 +0000
Received: by outflank-mailman (output) from mailman id 592241.924927;
 Tue, 29 Aug 2023 13:43:55 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1qaz0d-0005Fj-By; Tue, 29 Aug 2023 13:43:55 +0000
Received: by outflank-mailman (input) for mailman id 592241;
 Tue, 29 Aug 2023 13:43:54 +0000
Received: from se1-gles-flk1-in.inumbo.com ([94.247.172.50]
 helo=se1-gles-flk1.inumbo.com)
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=Wiqx=EO=citrix.com=prvs=598c0cf4a=Andrew.Cooper3@srs-se1.protection.inumbo.net>)
 id 1qaz0c-0004TH-MQ
 for xen-devel@lists.xenproject.org; Tue, 29 Aug 2023 13:43:54 +0000
Received: from esa6.hc3370-68.iphmx.com (esa6.hc3370-68.iphmx.com
 [216.71.155.175]) by se1-gles-flk1.inumbo.com (Halon) with ESMTPS
 id 171a4fa8-4672-11ee-9b0d-b553b5be7939;
 Tue, 29 Aug 2023 15:43:52 +0200 (CEST)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 171a4fa8-4672-11ee-9b0d-b553b5be7939
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
  d=citrix.com; s=securemail; t=1693316632;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=lwt51s6Ito3ySluQVz8h02ZUlFLP6IalOealcDGSsog=;
  b=OUWfNOqTaeejN/AEar2TTdphL3cq6hU2JiK5LtNQN997SGDdp/P4ud1z
   vj6J0kaNaSAJmRsPIwRYyqbm0DYN5RQoJc9I0ymcAxBdQiu6lvmf0wlwh
   MyjLvph6v8SnDnh+2Z3YBD8ZD3hp9ktBF6jVpzJevrdY6A+hu83P8iFug
   4=;
Authentication-Results: esa6.hc3370-68.iphmx.com;
 dkim=none (message not signed) header.i=none
X-SBRS: 4.0
X-MesageID: 120249946
X-Ironport-Server: esa6.hc3370-68.iphmx.com
X-Remote-IP: 162.221.156.123
X-Policy: $RELAYED
IronPort-Data: A9a23:TmFK9q/HIB89JsY3LC3qDrUDqH6TJUtcMsCJ2f8bNWPcYEJGY0x3n
 2UfWGCObKrZZTHzc49zO4m+8hxQsZWBzd41QQFp/y08E34SpcT7XtnIdU2Y0wF+jCHgZBk+s
 5hBMImowOQcFCK0SsKFa+C5xZVE/fjUAOG6UKicYXoZqTZMEE8JkQhkl/MynrlmiN24BxLlk
 d7pqojUNUTNNwRcawr40Ird7ks11BjOkGlA5AdmNaoa5Aa2e0Q9V/rzG4ngdxMUfaEMdgKKb
 76r5K20+Grf4yAsBruN+losWhRXKlJ6FVHmZkt+A8BOsDAbzsAB+v9T2M4nQVVWk120c+VZk
 72hg3ASpTABZcUgkMxFO/VR/roX0aduoNcrKlDn2SCfItGvn9IBDJyCAWlvVbD09NqbDklf/
 6Q9DA1KXyqxxOGJkIypevJIpdY8eZyD0IM34hmMzBncBPciB5vCX7/L9ZlT2zJYasJmRKiEI
 ZBDMHw2MUqGOkcUUrsUIMtWcOOAr3/zaTBH7nmSorI6+TP7xw1tyrn9dtHSf7RmQO0MxB7C+
 jOXozqR7hcyNtKkyzTZ33SQ3/LxkTnRZZlNBuO1z6s/6LGU7jNKU0BHPbehmtGph0j7V99BJ
 kg8/is1sbN05EGtVsP6XRCzvDiDpBF0c9hRFeo6rgKEzKWS4ByxCW0NTzoHY9sj3OcUbzE30
 l6Cn/vyGCdi9raSTBq16bO8vT60fy8PIgc/iTQsFFVfpYO5+cdq00yJF4w4eEKosjHrMSD6m
 xWukW8PvYdQjvFb6beL5nTkkS358/AlUTUJzgnQW2uk6CZwa4ike5Gk5DDn0BpQEGqKZgLf5
 SZZwqBy+MhLVMjQz3LVHI3hCZnzv5643CvgbUmD9nXL3xCk4DadcI9Z+1mSz285Y59fKVcFj
 KI+0D69BaO/3lPwPcebgKrrUazGKJQM8vy8DZjpgiJmOMQZSeN+1HgGibSs927silMwtqo0J
 I2Wd82hZV5DV/U8lmbpGL5CiuNzrszb+Y80bcqnpylLLJLEPCLFIVv7GAbmgh8FAFOs/1yOr
 oc32zqiwBRDSuzuChQ7AqZKRW3m2UMTXMisw+QOL77rH+aTMD15YxMn6e97KtMNcmU8vrugw
 0xRrWcDkwSj2yCWcVjUAp2hAZu2NatCQbsAFXREFT6VN7ILOO5DMI93m0MLQIQa
IronPort-HdrOrdr: A9a23:wkQUVKNtX5FxbMBcTgWjsMiBIKoaSvp037BK7S1MoH1uA6mlfq
 WV9sjzuiWatN98Yh8dcLO7Scu9qBHnlaKdiLN5VduftWHd01dAR7sSjrcKrQeAJ8X/nNQtr5
 uJccJFeaDN5Y4Rt7eH3OG6eexQv+Vu6MqT9IPjJ+8Gd3ATV0lnhT0JbTqzIwlNayRtI4E2L5
 aY7tovnUvaRZxGBv7LYEXsRoL41qT2qK4=
X-Talos-CUID: =?us-ascii?q?9a23=3AwOuoFmuwl+Ghlkb/iHY7EEgm6Is0eCX46EqXEnW?=
 =?us-ascii?q?KSmVWGIOHeUS027F7xp8=3D?=
X-Talos-MUID: =?us-ascii?q?9a23=3AEBQ90A1MSAeJggMzs2kogUsEhTUj4aqVCk5RvJM?=
 =?us-ascii?q?64tS6OTZaBizCnmq6e9py?=
X-IronPort-AV: E=Sophos;i="6.02,210,1688443200";
   d="scan'208";a="120249946"
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Xen-devel <xen-devel@lists.xenproject.org>
CC: Andrew Cooper <andrew.cooper3@citrix.com>, Jinoh Kang
	<jinoh.kang.kr@gmail.com>, Jan Beulich <JBeulich@suse.com>,
	=?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com>, Wei Liu
	<wl@xen.org>
Subject: [PATCH 3/3] x86: Fix calculation of %dr6/dr7 reserved bits
Date: Tue, 29 Aug 2023 14:43:33 +0100
Message-ID: <20230829134333.3551243-4-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
References: <20230829134333.3551243-1-andrew.cooper3@citrix.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @citrix.com)
X-ZM-MESSAGEID: 1693316674639100001

RTM debugging and BusLock Detect have both introduced conditional behaviour
into the %dr6/7 calculations which Xen's existing logic doesn't account for.

Introduce the CPUID bit for BusLock Detect, so we can get the %dr6 behaviour
correct from the outset.

Implement x86_adj_dr{6,7}_rsvd() fully, and use them in place of the plain
bitmasks.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jinoh Kang <jinoh.kang.kr@gmail.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monn=C3=A9 <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Jinoh Kang <jinoh.kang.kr@gmail.com>

Note for reviewers: The dr7 calculation lacking BLD is correct.  BLD is is
activated by MSR_DBG_CTRL.BLD.  RTM is activated by %dr7.RTM && DBG_CTRL.RT=
M,
for reasons best answered by the designers...
---
 xen/arch/x86/debug.c                        | 27 +++++++++++++++++++++
 xen/arch/x86/domain.c                       |  5 ++--
 xen/arch/x86/hvm/hvm.c                      |  6 +++--
 xen/arch/x86/include/asm/debugreg.h         |  4 +--
 xen/arch/x86/include/asm/x86-defns.h        | 21 ++++++++++++++--
 xen/arch/x86/pv/misc-hypercalls.c           | 16 +++---------
 xen/include/public/arch-x86/cpufeatureset.h |  1 +
 7 files changed, 59 insertions(+), 21 deletions(-)

diff --git a/xen/arch/x86/debug.c b/xen/arch/x86/debug.c
index 9900b555d6d3..127fe83021cd 100644
--- a/xen/arch/x86/debug.c
+++ b/xen/arch/x86/debug.c
@@ -10,10 +10,37 @@
=20
 unsigned int x86_adj_dr6_rsvd(const struct cpu_policy *p, unsigned int dr6)
 {
+    unsigned int ones =3D X86_DR6_DEFAULT;
+
+    /*
+     * The i586 and later processors had most but not all reserved bits re=
ad
+     * as 1s.  New features allocated in this space have inverted polarity,
+     * and don't force their respective bit to 1.
+     */
+    if ( p->feat.rtm )
+        ones &=3D ~X86_DR6_RTM;
+    if ( p->feat.bld )
+        ones &=3D ~X86_DR6_BLD;
+
+    dr6 |=3D ones;
+    dr6 &=3D ~X86_DR6_ZEROS;
+
     return dr6;
 }
=20
 unsigned int x86_adj_dr7_rsvd(const struct cpu_policy *p, unsigned int dr7)
 {
+    unsigned int zeros =3D X86_DR7_ZEROS;
+
+    /*
+     * Most but not all reserved bits force to zero.  Hardware lacking
+     * optional features force more bits to zero.
+     */
+    if ( !p->feat.rtm )
+        zeros |=3D X86_DR7_RTM;
+
+    dr7 &=3D ~zeros;
+    dr7 |=3D X86_DR7_DEFAULT;
+
     return dr7;
 }
diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 0698e6d486fe..2d77b83c0bf8 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -1053,6 +1053,7 @@ int arch_set_info_guest(
     struct vcpu *v, vcpu_guest_context_u c)
 {
     struct domain *d =3D v->domain;
+    const struct cpu_policy *p =3D d->arch.cpu_policy;
     unsigned int i;
     unsigned long flags;
     bool compat;
@@ -1186,8 +1187,8 @@ int arch_set_info_guest(
     {
         for ( i =3D 0; i < ARRAY_SIZE(v->arch.dr); ++i )
             v->arch.dr[i] =3D c(debugreg[i]);
-        v->arch.dr6 =3D c(debugreg[6]);
-        v->arch.dr7 =3D c(debugreg[7]);
+        v->arch.dr6 =3D x86_adj_dr6_rsvd(p, c(debugreg[6]));
+        v->arch.dr7 =3D x86_adj_dr7_rsvd(p, c(debugreg[7]));
=20
         if ( v->vcpu_id =3D=3D 0 )
             d->vm_assist =3D c.nat->vm_assist;
diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 3dc2019eca67..482eebbabf7f 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -33,6 +33,7 @@
 #include <asm/shadow.h>
 #include <asm/hap.h>
 #include <asm/current.h>
+#include <asm/debugreg.h>
 #include <asm/e820.h>
 #include <asm/io.h>
 #include <asm/regs.h>
@@ -985,6 +986,7 @@ unsigned long hvm_cr4_guest_valid_bits(const struct dom=
ain *d)
=20
 static int cf_check hvm_load_cpu_ctxt(struct domain *d, hvm_domain_context=
_t *h)
 {
+    const struct cpu_policy *p =3D d->arch.cpu_policy;
     unsigned int vcpuid =3D hvm_load_instance(h);
     struct vcpu *v;
     struct hvm_hw_cpu ctxt;
@@ -1174,8 +1176,8 @@ static int cf_check hvm_load_cpu_ctxt(struct domain *=
d, hvm_domain_context_t *h)
     v->arch.dr[1] =3D ctxt.dr1;
     v->arch.dr[2] =3D ctxt.dr2;
     v->arch.dr[3] =3D ctxt.dr3;
-    v->arch.dr6   =3D ctxt.dr6;
-    v->arch.dr7   =3D ctxt.dr7;
+    v->arch.dr6   =3D x86_adj_dr6_rsvd(p, ctxt.dr6);
+    v->arch.dr7   =3D x86_adj_dr7_rsvd(p, ctxt.dr7);
=20
     hvmemul_cancel(v);
=20
diff --git a/xen/arch/x86/include/asm/debugreg.h b/xen/arch/x86/include/asm=
/debugreg.h
index 673b81ec5eda..bdeedc4c4c99 100644
--- a/xen/arch/x86/include/asm/debugreg.h
+++ b/xen/arch/x86/include/asm/debugreg.h
@@ -1,6 +1,7 @@
 #ifndef _X86_DEBUGREG_H
 #define _X86_DEBUGREG_H
=20
+#include <asm/x86-defns.h>
=20
 /* Indicate the register numbers for a number of the specific
    debug registers.  Registers 0-3 contain the addresses we wish to trap o=
n */
@@ -21,7 +22,6 @@
 #define DR_STEP         (0x4000)        /* single-step */
 #define DR_SWITCH       (0x8000)        /* task switch */
 #define DR_NOT_RTM      (0x10000)       /* clear: #BP inside RTM region */
-#define DR_STATUS_RESERVED_ZERO (~0xffffefffUL) /* Reserved, read as zero =
*/
 #define DR_STATUS_RESERVED_ONE  0xffff0ff0UL /* Reserved, read as one */
=20
 /* Now define a bunch of things for manipulating the control register.
@@ -61,8 +61,6 @@
    We can slow the instruction pipeline for instructions coming via the
    gdt or the ldt if we want to.  I am not sure why this is an advantage */
=20
-#define DR_CONTROL_RESERVED_ZERO (~0xffff27ffUL) /* Reserved, read as zero=
 */
-#define DR_CONTROL_RESERVED_ONE  (0x00000400UL) /* Reserved, read as one */
 #define DR_LOCAL_EXACT_ENABLE    (0x00000100UL) /* Local exact enable */
 #define DR_GLOBAL_EXACT_ENABLE   (0x00000200UL) /* Global exact enable */
 #define DR_RTM_ENABLE            (0x00000800UL) /* RTM debugging enable */
diff --git a/xen/arch/x86/include/asm/x86-defns.h b/xen/arch/x86/include/as=
m/x86-defns.h
index e350227e57eb..74fb0322cb84 100644
--- a/xen/arch/x86/include/asm/x86-defns.h
+++ b/xen/arch/x86/include/asm/x86-defns.h
@@ -102,13 +102,30 @@
=20
 /*
  * Debug status flags in DR6.
+ *
+ * For backwards compatibility, status flags which overlap with
+ * X86_DR6_DEFAULT have inverted polarity.
  */
-#define X86_DR6_DEFAULT         0xffff0ff0  /* Default %dr6 value. */
+#define X86_DR6_B0              (_AC(1, UL) <<  0)   /* Breakpoint 0      =
          */
+#define X86_DR6_B1              (_AC(1, UL) <<  1)   /* Breakpoint 1      =
          */
+#define X86_DR6_B2              (_AC(1, UL) <<  2)   /* Breakpoint 2      =
          */
+#define X86_DR6_B3              (_AC(1, UL) <<  3)   /* Breakpoint 3      =
          */
+#define X86_DR6_BLD             (_AC(1, UL) << 11)   /* BusLock detect (IN=
V)        */
+#define X86_DR6_BD              (_AC(1, UL) << 13)   /* %dr access        =
          */
+#define X86_DR6_BS              (_AC(1, UL) << 14)   /* Single step       =
          */
+#define X86_DR6_BT              (_AC(1, UL) << 15)   /* Task switch       =
          */
+#define X86_DR6_RTM             (_AC(1, UL) << 16)   /* #DB/#BP in RTM reg=
ion (INV) */
+
+#define X86_DR6_ZEROS           _AC(0x00010000, UL)  /* %dr6 bits forced t=
o 0       */
+#define X86_DR6_DEFAULT         _AC(0xffff0ff0, UL)  /* Default %dr6 value=
          */
=20
 /*
  * Debug control flags in DR7.
  */
-#define X86_DR7_DEFAULT         0x00000400  /* Default %dr7 value. */
+#define X86_DR7_RTM             (_AC(1, UL) << 11)   /* RTM debugging enab=
le        */
+
+#define X86_DR7_ZEROS           _AC(0x0000d000, UL)  /* %dr7 bits forced t=
o 0       */
+#define X86_DR7_DEFAULT         _AC(0x00000400, UL)  /* Default %dr7 value=
          */
=20
 /*
  * Invalidation types for the INVPCID instruction.
diff --git a/xen/arch/x86/pv/misc-hypercalls.c b/xen/arch/x86/pv/misc-hyper=
calls.c
index b11bd718b7de..99f502812868 100644
--- a/xen/arch/x86/pv/misc-hypercalls.c
+++ b/xen/arch/x86/pv/misc-hypercalls.c
@@ -56,6 +56,7 @@ long do_fpu_taskswitch(int set)
 long set_debugreg(struct vcpu *v, unsigned int reg, unsigned long value)
 {
     struct vcpu *curr =3D current;
+    const struct cpu_policy *p =3D curr->domain->arch.cpu_policy;
=20
     switch ( reg )
     {
@@ -86,12 +87,7 @@ long set_debugreg(struct vcpu *v, unsigned int reg, unsi=
gned long value)
         if ( value !=3D (uint32_t)value )
             return -EINVAL;
=20
-        /*
-         * DR6: Bits 4-11,16-31 reserved (set to 1).
-         *      Bit 12 reserved (set to 0).
-         */
-        value &=3D ~DR_STATUS_RESERVED_ZERO; /* reserved bits =3D> 0 */
-        value |=3D  DR_STATUS_RESERVED_ONE;  /* reserved bits =3D> 1 */
+        value =3D x86_adj_dr6_rsvd(p, value);
=20
         v->arch.dr6 =3D value;
         if ( v =3D=3D curr )
@@ -108,12 +104,8 @@ long set_debugreg(struct vcpu *v, unsigned int reg, un=
signed long value)
         if ( value !=3D (uint32_t)value )
             return -EINVAL;
=20
-        /*
-         * DR7: Bit 10 reserved (set to 1).
-         *      Bits 11-12,14-15 reserved (set to 0).
-         */
-        value &=3D ~DR_CONTROL_RESERVED_ZERO; /* reserved bits =3D> 0 */
-        value |=3D  DR_CONTROL_RESERVED_ONE;  /* reserved bits =3D> 1 */
+        value =3D x86_adj_dr7_rsvd(p, value);
+
         /*
          * Privileged bits:
          *      GD (bit 13): must be 0.
diff --git a/xen/include/public/arch-x86/cpufeatureset.h b/xen/include/publ=
ic/arch-x86/cpufeatureset.h
index 50fda581f2df..6b6ce2745cfe 100644
--- a/xen/include/public/arch-x86/cpufeatureset.h
+++ b/xen/include/public/arch-x86/cpufeatureset.h
@@ -223,6 +223,7 @@ XEN_CPUFEATURE(AVX512_VNNI,   6*32+11) /*A  Vector Neur=
al Network Instrs */
 XEN_CPUFEATURE(AVX512_BITALG, 6*32+12) /*A  Support for VPOPCNT[B,W] and V=
PSHUFBITQMB */
 XEN_CPUFEATURE(AVX512_VPOPCNTDQ, 6*32+14) /*A  POPCNT for vectors of DW/QW=
 */
 XEN_CPUFEATURE(RDPID,         6*32+22) /*A  RDPID instruction */
+XEN_CPUFEATURE(BLD,           6*32+24) /*   BusLock Detect (#DB trap) supp=
ort */
 XEN_CPUFEATURE(CLDEMOTE,      6*32+25) /*A  CLDEMOTE instruction */
 XEN_CPUFEATURE(MOVDIRI,       6*32+27) /*a  MOVDIRI instruction */
 XEN_CPUFEATURE(MOVDIR64B,     6*32+28) /*a  MOVDIR64B instruction */
--=20
2.30.2