diff mbox series

x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy

Message ID 1561664514-3666-1-git-send-email-igor.druzhinin@citrix.com (mailing list archive)
State New, archived
Headers show
Series x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy | expand

Commit Message

Igor Druzhinin June 27, 2019, 7:41 p.m. UTC 
This fixes booting of old non-PV-OPS kernels which historically
looked for OSXSAVE instead of XSAVE bit in CPUID to check whether
XSAVE feature is enabled. If such a guest appears to be started on
an XSAVE enabled CPU and the feature is explicitly cleared in
policy, leaked OSXSAVE bit from Xen will lead to guest crash early in
boot.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
---
 xen/arch/x86/cpuid.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Andrew Cooper June 27, 2019, 7:43 p.m. UTC | #1 
On 27/06/2019 20:41, Igor Druzhinin wrote:
> This fixes booting of old non-PV-OPS kernels which historically
> looked for OSXSAVE instead of XSAVE bit in CPUID to check whether
> XSAVE feature is enabled. If such a guest appears to be started on
> an XSAVE enabled CPU and the feature is explicitly cleared in
> policy, leaked OSXSAVE bit from Xen will lead to guest crash early in
> boot.
>
> Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Yes - this one aspect of the gigantic mess which is PV guests and XSAVE
which I overlooked when coming up with the existing gross bodge.
diff mbox series

Patch

diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
index ac7026f..510a038 100644
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -805,7 +805,8 @@  void guest_cpuid(const struct vcpu *v, uint32_t leaf,
              *
              * - Enlightened CPUID or CPUID faulting available:
              *    Xen can fully control what is seen here.  Guest kernels need
-             *    to see the leaked OSXSAVE via the enlightened path, but
+             *    to see the leaked OSXSAVE via the enlightened path
+             *    (unless XSAVE is explicitly clear in policy), but
              *    guest userspace and the native is given architectural
              *    behaviour.
              *
@@ -814,7 +815,8 @@  void guest_cpuid(const struct vcpu *v, uint32_t leaf,
              */
             /* OSXSAVE clear in policy.  Fast-forward CR4 back in. */
             if ( (v->arch.pv.ctrlreg[4] & X86_CR4_OSXSAVE) ||
-                 (regs->entry_vector == TRAP_invalid_op &&
+                 (p->basic.xsave &&
+                  regs->entry_vector == TRAP_invalid_op &&
                   guest_kernel_mode(v, regs) &&
                   (read_cr4() & X86_CR4_OSXSAVE)) )
                 res->c |= cpufeat_mask(X86_FEATURE_OSXSAVE);