From patchwork Thu Jun 27 19:41:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Druzhinin X-Patchwork-Id: 11020425 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6A04B1398 for ; Thu, 27 Jun 2019 19:43:23 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 59636262FF for ; Thu, 27 Jun 2019 19:43:23 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 4AD39286FE; Thu, 27 Jun 2019 19:43:23 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.2 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E03E728708 for ; Thu, 27 Jun 2019 19:43:22 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hgaHR-0000Cr-8n; Thu, 27 Jun 2019 19:42:01 +0000 Received: from us1-rack-dfw2.inumbo.com ([104.130.134.6]) by lists.xenproject.org with esmtp (Exim 4.89) (envelope-from ) id 1hgaHQ-0000Cm-7Z for xen-devel@lists.xenproject.org; Thu, 27 Jun 2019 19:42:00 +0000 X-Inumbo-ID: a0929926-9913-11e9-8980-bc764e045a96 Received: from esa5.hc3370-68.iphmx.com (unknown [216.71.155.168]) by us1-rack-dfw2.inumbo.com (Halon) with ESMTPS id a0929926-9913-11e9-8980-bc764e045a96; Thu, 27 Jun 2019 19:41:59 +0000 (UTC) Authentication-Results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=igor.druzhinin@citrix.com; spf=Pass smtp.mailfrom=igor.druzhinin@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of igor.druzhinin@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="igor.druzhinin@citrix.com"; x-sender="igor.druzhinin@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa5.hc3370-68.iphmx.com: domain of igor.druzhinin@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="igor.druzhinin@citrix.com"; x-sender="igor.druzhinin@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ~all" Received-SPF: None (esa5.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa5.hc3370-68.iphmx.com; envelope-from="igor.druzhinin@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible IronPort-SDR: swjml8zXoLNc4SnsFiM/xeeztZd7kswb7N7wSAUMUkbGJ0/S+IYnJoNrMrtsOcQV2MOSWgv3c2 ZiBoVEQdctNOA161QgYY8Xd8sT1cZvvOkxyt3bHzy8Exutw89qD4Cs9DNjLowPEa1WHMq1bkRc vtUkmmgYdSR9S/xUSgU3ueWMwRYx6cQrG/RqQIySyyUxBWqFmcaukqbNEUD9QcsrAK8N+Fxn4h IkRmV/d9x9s+lY6IXYBQLXJnwb+yzuAZduSHbLVl+S+UQ9d8OWo/A2Avh7qFslsGepowe35C9s 0Kw= X-SBRS: 2.7 X-MesageID: 2342339 X-Ironport-Server: esa5.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.63,424,1557201600"; d="scan'208";a="2342339" From: Igor Druzhinin To: Date: Thu, 27 Jun 2019 20:41:54 +0100 Message-ID: <1561664514-3666-1-git-send-email-igor.druzhinin@citrix.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Subject: [Xen-devel] [PATCH] x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: andrew.cooper3@citrix.com, Igor Druzhinin , wl@xen.org, jbeulich@suse.com, roger.pau@citrix.com Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP This fixes booting of old non-PV-OPS kernels which historically looked for OSXSAVE instead of XSAVE bit in CPUID to check whether XSAVE feature is enabled. If such a guest appears to be started on an XSAVE enabled CPU and the feature is explicitly cleared in policy, leaked OSXSAVE bit from Xen will lead to guest crash early in boot. Signed-off-by: Igor Druzhinin Reviewed-by: Andrew Cooper --- xen/arch/x86/cpuid.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c index ac7026f..510a038 100644 --- a/xen/arch/x86/cpuid.c +++ b/xen/arch/x86/cpuid.c @@ -805,7 +805,8 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf, * * - Enlightened CPUID or CPUID faulting available: * Xen can fully control what is seen here. Guest kernels need - * to see the leaked OSXSAVE via the enlightened path, but + * to see the leaked OSXSAVE via the enlightened path + * (unless XSAVE is explicitly clear in policy), but * guest userspace and the native is given architectural * behaviour. * @@ -814,7 +815,8 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf, */ /* OSXSAVE clear in policy. Fast-forward CR4 back in. */ if ( (v->arch.pv.ctrlreg[4] & X86_CR4_OSXSAVE) || - (regs->entry_vector == TRAP_invalid_op && + (p->basic.xsave && + regs->entry_vector == TRAP_invalid_op && guest_kernel_mode(v, regs) && (read_cr4() & X86_CR4_OSXSAVE)) ) res->c |= cpufeat_mask(X86_FEATURE_OSXSAVE);