File 5d160571-x86-cpuid-restrict-OSXSAVE-leak.patch of Package xen.12877

Overview Repositories Revisions Requests Users Attributes Meta

File 5d160571-x86-cpuid-restrict-OSXSAVE-leak.patch of Package xen.12877

# Commit 902888922e6feda2c485cc4bdeffd0d6e6c26e14
# Date 2019-06-28 13:17:53 +0100
# Author Igor Druzhinin <igor.druzhinin@citrix.com>
# Committer Andrew Cooper <andrew.cooper3@citrix.com>
x86/cpuid: leak OSXSAVE only when XSAVE is not clear in policy

This fixes booting of old non-PV-OPS kernels which historically
looked for OSXSAVE instead of XSAVE bit in CPUID to check whether
XSAVE feature is enabled. If such a guest appears to be started on
an XSAVE enabled CPU and the feature is explicitly cleared in
policy, leaked OSXSAVE bit from Xen will lead to guest crash early in
boot.

Signed-off-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

--- a/xen/arch/x86/cpuid.c
+++ b/xen/arch/x86/cpuid.c
@@ -845,7 +845,8 @@ void guest_cpuid(const struct vcpu *v, u
              *    damage itself.
              *
              * - Enlightened CPUID or CPUID faulting available:
-             *    Xen can fully control what is seen here.  Guest kernels need
+             *    Xen can fully control what is seen here.  When the guest has
+             *    been configured to have XSAVE available, guest kernels need
              *    to see the leaked OSXSAVE via the enlightened path, but
              *    guest userspace and the native is given architectural
              *    behaviour.
@@ -855,7 +856,8 @@ void guest_cpuid(const struct vcpu *v, u
              */
             /* OSXSAVE clear in policy.  Fast-forward CR4 back in. */
             if ( (v->arch.pv_vcpu.ctrlreg[4] & X86_CR4_OSXSAVE) ||
-                 (regs->entry_vector == TRAP_invalid_op &&
+                 (p->basic.xsave &&
+                  regs->entry_vector == TRAP_invalid_op &&
                   guest_kernel_mode(v, regs) &&
                   (read_cr4() & X86_CR4_OSXSAVE)) )
                 res->c |= cpufeat_mask(X86_FEATURE_OSXSAVE);

Places

File 5d160571-x86-cpuid-restrict-OSXSAVE-leak.patch of Package xen.12877

Places