hv: ept: apply MCE on page size change mitigation conditionally

Only apply the software workaround on the models that might be
affected by MCE on page size change. For these models that are
known immune to the issue, the mitigation is turned off.

Atom processors are not afftected by the issue.
Also check the CPUID & MSR to check whether the model is immune to the issue:
CPU is not vulnerable when both CPUID.(EAX=07H,ECX=0H).EDX[29] and
IA32_ARCH_CAPABILITIES[IF_PSCHANGE_MC_NO] are 1.

Other cases not listed above, CPU may be vulnerable.

This patch also changes MACROs for MSR IA32_ARCH_CAPABILITIES bits to UL instead of U
since the MSR is 64bit.

Tracked-On: #4101
Signed-off-by: Binbin Wu <binbin.wu@intel.com>
Acked-by: Eddie Dong <eddie.dong@intel.com>

hypervisor/include/arch/x86/msr.h

@@ -630,12 +630,13 @@ void update_msr_bitmap_x2apic_passthru(struct acrn_vcpu *vcpu);
 #define PRED_SET_IBPB				(1U << 0U)
 
 /* IA32 ARCH Capabilities bit */
-#define IA32_ARCH_CAP_RDCL_NO			(1U << 0U)
-#define IA32_ARCH_CAP_IBRS_ALL			(1U << 1U)
-#define IA32_ARCH_CAP_RSBA			(1U << 2U)
-#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY	(1U << 3U)
-#define IA32_ARCH_CAP_SSB_NO			(1U << 4U)
-#define IA32_ARCH_CAP_MDS_NO			(1U << 5U)
+#define IA32_ARCH_CAP_RDCL_NO			(1UL << 0U)
+#define IA32_ARCH_CAP_IBRS_ALL			(1UL << 1U)
+#define IA32_ARCH_CAP_RSBA			(1UL << 2U)
+#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY	(1UL << 3U)
+#define IA32_ARCH_CAP_SSB_NO			(1UL << 4U)
+#define IA32_ARCH_CAP_MDS_NO			(1UL << 5U)
+#define IA32_ARCH_CAP_IF_PSCHANGE_MC_NO		(1UL << 6U)
 
 /* Flush L1 D-cache */
 #define IA32_L1D_FLUSH				(1UL << 0U)

hypervisor/include/arch/x86/security.h

@@ -21,6 +21,7 @@ int32_t get_ibrs_type(void);
 void cpu_l1d_flush(void);
 bool check_cpu_security_cap(void);
 void cpu_internal_buffers_clear(void);
+bool is_ept_force_4k_ipage(void);
 
 #ifdef STACK_PROTECTOR
 struct stack_canary {