[Xen-devel] [PATCH] x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy

Igor Druzhinin posted 1 patch 16 weeks ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/xen tags/patchew/1561664514-3666-1-git-send-email-igor.druzhinin@citrix.com
xen/arch/x86/cpuid.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

[Xen-devel] [PATCH] x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy

Posted by Igor Druzhinin 16 weeks ago
This fixes booting of old non-PV-OPS kernels which historically
looked for OSXSAVE instead of XSAVE bit in CPUID to check whether
XSAVE feature is enabled. If such a guest appears to be started on
an XSAVE enabled CPU and the feature is explicitly cleared in
policy, leaked OSXSAVE bit from Xen will lead to guest crash early in
boot.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
---
 xen/arch/x86/cpuid.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/xen/arch/x86/cpuid.c b/xen/arch/x86/cpuid.c
index ac7026f..510a038 100644
--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -805,7 +805,8 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf,
              *
              * - Enlightened CPUID or CPUID faulting available:
              *    Xen can fully control what is seen here.  Guest kernels need
-             *    to see the leaked OSXSAVE via the enlightened path, but
+             *    to see the leaked OSXSAVE via the enlightened path
+             *    (unless XSAVE is explicitly clear in policy), but
              *    guest userspace and the native is given architectural
              *    behaviour.
              *
@@ -814,7 +815,8 @@ void guest_cpuid(const struct vcpu *v, uint32_t leaf,
              */
             /* OSXSAVE clear in policy.  Fast-forward CR4 back in. */
             if ( (v->arch.pv.ctrlreg[4] & X86_CR4_OSXSAVE) ||
-                 (regs->entry_vector == TRAP_invalid_op &&
+                 (p->basic.xsave &&
+                  regs->entry_vector == TRAP_invalid_op &&
                   guest_kernel_mode(v, regs) &&
                   (read_cr4() & X86_CR4_OSXSAVE)) )
                 res->c |= cpufeat_mask(X86_FEATURE_OSXSAVE);
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH] x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy

Posted by Andrew Cooper 16 weeks ago
On 27/06/2019 20:41, Igor Druzhinin wrote:
> This fixes booting of old non-PV-OPS kernels which historically
> looked for OSXSAVE instead of XSAVE bit in CPUID to check whether
> XSAVE feature is enabled. If such a guest appears to be started on
> an XSAVE enabled CPU and the feature is explicitly cleared in
> policy, leaked OSXSAVE bit from Xen will lead to guest crash early in
> boot.
>
> Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

Yes - this one aspect of the gigantic mess which is PV guests and XSAVE
which I overlooked when coming up with the existing gross bodge.

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel