* [Xen-devel] [PATCH] libxc/restore: Fix REC_TYPE_X86_PV_VCPU_XSAVE data auditing (take 2)
@ 2020-02-04 20:29 Andrew Cooper
2020-02-05 12:00 ` Wei Liu
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Cooper @ 2020-02-04 20:29 UTC (permalink / raw)
To: Xen-devel; +Cc: Andrew Cooper, Igor Druzhinin, Wei Liu, Ian Jackson
It turns out that a bug (since forever) in Xen causes XSAVE records to have
non-architectural behaviour on xsave-capable hardware, when a PV guest has not
touched the state.
In such a case, the data record returned from Xen is 2*uint64_t, both claiming
the (illegitimate) state of %xcr0 and %xcr0_accum being 0.
Adjust the bound in handle_x86_pv_vcpu_blob() to cope with this.
Fixes: 2a62c22715b "libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()"
Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Ian Jackson <Ian.Jackson@citrix.com>
CC: Wei Liu <wl@xen.org>
CC: Igor Druzhinin <igor.druzhinin@citrix.com>
I'll see about fixing Xen at some other point. A second bug is that we have
two copies of part of the vCPU's FPU state.
---
tools/libxc/xc_sr_restore_x86_pv.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/tools/libxc/xc_sr_restore_x86_pv.c b/tools/libxc/xc_sr_restore_x86_pv.c
index 16e738884e..904ccc462a 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -827,10 +827,10 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context *ctx,
break;
case REC_TYPE_X86_PV_VCPU_XSAVE:
- if ( blobsz < 128 )
+ if ( blobsz < 16 )
{
ERROR("%s record too short: min %zu, got %u",
- rec_name, sizeof(*vhdr) + 128, rec->length);
+ rec_name, sizeof(*vhdr) + 16, rec->length);
goto out;
}
blob = &vcpu->xsave;
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Xen-devel] [PATCH] libxc/restore: Fix REC_TYPE_X86_PV_VCPU_XSAVE data auditing (take 2)
2020-02-04 20:29 [Xen-devel] [PATCH] libxc/restore: Fix REC_TYPE_X86_PV_VCPU_XSAVE data auditing (take 2) Andrew Cooper
@ 2020-02-05 12:00 ` Wei Liu
0 siblings, 0 replies; 2+ messages in thread
From: Wei Liu @ 2020-02-05 12:00 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Xen-devel, Igor Druzhinin, Wei Liu, Ian Jackson
On Tue, Feb 04, 2020 at 08:29:38PM +0000, Andrew Cooper wrote:
> It turns out that a bug (since forever) in Xen causes XSAVE records to have
> non-architectural behaviour on xsave-capable hardware, when a PV guest has not
> touched the state.
>
> In such a case, the data record returned from Xen is 2*uint64_t, both claiming
> the (illegitimate) state of %xcr0 and %xcr0_accum being 0.
>
> Adjust the bound in handle_x86_pv_vcpu_blob() to cope with this.
>
> Fixes: 2a62c22715b "libxc/restore: Fix data auditing in handle_x86_pv_vcpu_blob()"
> Reported-by: Igor Druzhinin <igor.druzhinin@citrix.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Wei Liu <wl@xen.org>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xenproject.org
https://lists.xenproject.org/mailman/listinfo/xen-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-05 12:01 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-04 20:29 [Xen-devel] [PATCH] libxc/restore: Fix REC_TYPE_X86_PV_VCPU_XSAVE data auditing (take 2) Andrew Cooper
2020-02-05 12:00 ` Wei Liu
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.