>>> On 18.07.18 at 19:20, wrote:
> --- a/xen/arch/x86/xstate.c
> +++ b/xen/arch/x86/xstate.c
> @@ -707,12 +707,27 @@ int handle_xsetbv(u32 index, u64 new_bv)
> if ( index != XCR_XFEATURE_ENABLED_MASK )
> return -EOPNOTSUPP;
>
> -if ( (new_bv & ~xcr0_max) ||
> - (new_bv
If new_bv which exceeds xfeature_mask, then something is broken with the CPUID
policy derivation or auditing logic. If hardware rejects new_bv, then
something is broken with Xen's xstate logic.
In both cases, crash the domain with an obvious error message, to help
highlight the issues.