xen/26395-x86-FPU-context-conditional.patch

# HG changeset patch
# User Jan Beulich <jbeulich@suse.com>
# Date 1358341015 -3600
# Node ID b4cbb83f9a1f57b4f26f2d35998cda42b904ea69
# Parent  327b812026fe62a990f1d81041729c42196983ca
x86: consistently mask floating point exceptions

c/s 23142:f5e8d152a565 resulted in v->arch.fpu_ctxt to point into the
save area allocated for xsave/xrstor (when they're available). The way
vcpu_restore_fpu_lazy() works (using fpu_init() for an uninitialized
vCPU only when there's no xsave support) causes this to load whatever
arch_set_info_guest() put there, irrespective of whether the i387 state
was specified to be valid in the respective input structure.

Consequently, with a cleared (al zeroes) incoming FPU context, and with
xsave available, one gets all exceptions unmasked (as opposed to to the
legacy case, where FINIT and LDMXCSR get used, masking all exceptions).
This causes e.g. para-virtualized NetWare to crash.

The behavior of arch_set_info_guest() is thus being made more hardware-
like for the FPU portion of it: Considering it to be similar to INIT,
it will leave untouched all floating point state now. An alternative
would be to make the behavior RESET-like, forcing all state to known
values, albeit - taking into account legacy behavior - not to precisely
the values RESET would enforce (which masks only SSE exceptions, but
not x87 ones); that would come closest to mimicing FINIT behavior in
the xsave case. Another option would be to continue copying whatever
was provided, but override (at least) FCW and MXCSR if VGCF_I387_VALID
isn't set.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>

--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -819,7 +819,9 @@ int arch_set_info_guest(
 
     v->arch.vgc_flags = flags;
 
-    memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt));
+    if ( flags & VGCF_I387_VALID )
+        memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt));
+
     if ( !compat )
     {
         memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs));
- Add upstream patch to fix vfb/vkb initialization in libxl 26369-libxl-devid.patch - fate##313584: pass bios information to XEN HVM guest 26554-hvm-firmware-passthrough.patch 26555-hvm-firmware-passthrough.patch 26556-hvm-firmware-passthrough.patch - Upstream patches from Jan 26516-ACPI-parse-table-retval.patch (Replaces CVE-2013-0153-xsa36.patch) 26517-AMD-IOMMU-clear-irtes.patch (Replaces CVE-2013-0153-xsa36.patch) 26518-AMD-IOMMU-disable-if-SATA-combined-mode.patch (Replaces CVE-2013-0153-xsa36.patch) 26519-AMD-IOMMU-perdev-intremap-default.patch (Replaces CVE-2013-0153-xsa36.patch) 26526-pvdrv-no-devinit.patch 26529-gcc48-build-fix.patch 26531-AMD-IOMMU-IVHD-special-missing.patch (Replaces CVE-2013-0153-xsa36.patch) 26532-AMD-IOMMU-phantom-MSI.patch 26536-xenoprof-div-by-0.patch 26576-x86-APICV-migration.patch 26577-x86-APICV-x2APIC.patch 26578-AMD-IOMMU-replace-BUG_ON.patch - bnc#797014 - no way to control live migrations 26547-tools-xc_fix_logic_error_in_stdiostream_progress.patch 26548-tools-xc_handle_tty_output_differently_in_stdiostream_progress.patch 26549-tools-xc_turn_XCFLAGS_*_into_shifts.patch 26550-tools-xc_restore_logging_in_xc_save.patch 26551-tools-xc_log_pid_in_xc_save-xc_restore_output.patch - PVonHVM: __devinit was removed in linux-3.8 OBS-URL: https://build.opensuse.org/package/show/Virtualization/xen?expand=0&rev=229 2013-02-22 21:42:01 +00:00			`# HG changeset patch`
			`# User Jan Beulich <jbeulich@suse.com>`
			`# Date 1358341015 -3600`
			`# Node ID b4cbb83f9a1f57b4f26f2d35998cda42b904ea69`
			`# Parent 327b812026fe62a990f1d81041729c42196983ca`
			`x86: consistently mask floating point exceptions`

			`c/s 23142:f5e8d152a565 resulted in v->arch.fpu_ctxt to point into the`
			`save area allocated for xsave/xrstor (when they're available). The way`
			`vcpu_restore_fpu_lazy() works (using fpu_init() for an uninitialized`
			`vCPU only when there's no xsave support) causes this to load whatever`
			`arch_set_info_guest() put there, irrespective of whether the i387 state`
			`was specified to be valid in the respective input structure.`

			`Consequently, with a cleared (al zeroes) incoming FPU context, and with`
			`xsave available, one gets all exceptions unmasked (as opposed to to the`
			`legacy case, where FINIT and LDMXCSR get used, masking all exceptions).`
			`This causes e.g. para-virtualized NetWare to crash.`

			`The behavior of arch_set_info_guest() is thus being made more hardware-`
			`like for the FPU portion of it: Considering it to be similar to INIT,`
			`it will leave untouched all floating point state now. An alternative`
			`would be to make the behavior RESET-like, forcing all state to known`
			`values, albeit - taking into account legacy behavior - not to precisely`
			`the values RESET would enforce (which masks only SSE exceptions, but`
			`not x87 ones); that would come closest to mimicing FINIT behavior in`
			`the xsave case. Another option would be to continue copying whatever`
			`was provided, but override (at least) FCW and MXCSR if VGCF_I387_VALID`
			`isn't set.`

			`Signed-off-by: Jan Beulich <jbeulich@suse.com>`
			`Acked-by: Keir Fraser <keir@xen.org>`

			`--- a/xen/arch/x86/domain.c`
			`+++ b/xen/arch/x86/domain.c`
			`@@ -819,7 +819,9 @@ int arch_set_info_guest(`

			`v->arch.vgc_flags = flags;`

			`- memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt));`
			`+ if ( flags & VGCF_I387_VALID )`
			`+ memcpy(v->arch.fpu_ctxt, &c.nat->fpu_ctxt, sizeof(c.nat->fpu_ctxt));`
			`+`
			`if ( !compat )`
			`{`
			`memcpy(&v->arch.user_regs, &c.nat->user_regs, sizeof(c.nat->user_regs));`