[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.10] x86/EFI: fix FPU state handling around runtime calls

commit 78a86a7c2a7678d5f714ff5deccaaea6778ea760
Author:     Jan Beulich <jbeulich@xxxxxxxx>
AuthorDate: Wed Jul 4 12:29:31 2018 +0200
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Wed Jul 4 12:29:31 2018 +0200

    x86/EFI: fix FPU state handling around runtime calls
    
    There are two issues.  First, the nonlazy xstates were never restored
    after returning from the runtime call.
    
    Secondly, with the fully_eager_fpu mitigation for XSA-267 / LazyFPU, the
    unilateral stts() is no longer correct, and hits an assertion later when
    a lazy state restore tries to occur for a fully eager vcpu.
    
    Fix both of these issues by calling vcpu_restore_fpu_eager().  As EFI
    runtime services can be used in the idle context, the idle assertion
    needs to move until after the fully_eager_fpu check.
    
    Introduce a "curr" local variable and replace other uses of "current"
    at the same time.
    
    Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Tested-by: Juergen Gross <jgross@xxxxxxxx>
    master commit: 437211cb696515ee5bd5dae0ab72866c9f382a33
    master date: 2018-06-21 11:35:46 +0200
---
 xen/arch/x86/i387.c      | 4 ++--
 xen/common/efi/runtime.c | 8 +++++---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/xen/arch/x86/i387.c b/xen/arch/x86/i387.c
index dbdf1b42bd..9c752732a3 100644
--- a/xen/arch/x86/i387.c
+++ b/xen/arch/x86/i387.c
@@ -208,12 +208,12 @@ static inline void fpu_fxsave(struct vcpu *v)
 /* Restore FPU state whenever VCPU is schduled in. */
 void vcpu_restore_fpu_eager(struct vcpu *v)
 {
-    ASSERT(!is_idle_vcpu(v));
-    
     /* Restore nonlazy extended state (i.e. parts not tracked by CR0.TS). */
     if ( !v->arch.fully_eager_fpu && !v->arch.nonlazy_xstate_used )
         return;
 
+    ASSERT(!is_idle_vcpu(v));
+
     /* Avoid recursion */
     clts();
 
diff --git a/xen/common/efi/runtime.c b/xen/common/efi/runtime.c
index ff3422dce8..8d58db71e0 100644
--- a/xen/common/efi/runtime.c
+++ b/xen/common/efi/runtime.c
@@ -118,14 +118,16 @@ struct efi_rs_state efi_rs_enter(void)
 
 void efi_rs_leave(struct efi_rs_state *state)
 {
+    struct vcpu *curr = current;
+
     if ( !state->cr3 )
         return;
     switch_cr3_cr4(state->cr3, read_cr4());
-    if ( is_pv_vcpu(current) && !is_idle_vcpu(current) )
+    if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) )
     {
         struct desc_ptr gdt_desc = {
             .limit = LAST_RESERVED_GDT_BYTE,
-            .base  = GDT_VIRT_START(current)
+            .base  = GDT_VIRT_START(curr)
         };
 
         asm volatile ( "lgdt %0" : : "m" (gdt_desc) );
@@ -133,7 +135,7 @@ void efi_rs_leave(struct efi_rs_state *state)
     irq_exit();
     efi_rs_on_cpu = NR_CPUS;
     spin_unlock(&efi_rs_lock);
-    stts();
+    vcpu_restore_fpu_eager(curr);
 }
 
 bool efi_rs_using_pgtables(void)
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.10

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.