Experimentally MPX instructions have been confirmed to behave as NOPs unless both related XCR0 bits are set to 1. By implication branches then also don't clear BNDn.
Signed-off-by: Jan Beulich <jbeul...@suse.com> Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com> --- v4: Re-base over XSTATE_* renaming. --- a/xen/arch/x86/x86_emulate/x86_emulate.c +++ b/xen/arch/x86/x86_emulate/x86_emulate.c @@ -2154,12 +2154,16 @@ static bool umip_active(struct x86_emula static void adjust_bnd(struct x86_emulate_ctxt *ctxt, const struct x86_emulate_ops *ops, enum vex_pfx pfx) { - uint64_t bndcfg; + uint64_t xcr0, bndcfg; int rc; if ( pfx == vex_f2 || !cpu_has_mpx || !vcpu_has_mpx() ) return; + if ( !ops->read_xcr || ops->read_xcr(0, &xcr0, ctxt) != X86EMUL_OKAY || + !(xcr0 & X86_XCR0_BNDREGS) || !(xcr0 & X86_XCR0_BNDCSR) ) + return; + if ( !mode_ring0() ) bndcfg = read_bndcfgu(); else if ( !ops->read_msr || _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel