Xen project Mailing List

Re: [PATCH v2 1/9] x86/domain: Ensure a vCPU's FPU is reset early

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx

From: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>

Date: Wed, 25 Mar 2026 10:36:03 +0000

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OB0QI9da2qSM09sqEfgTvllWC+wma82Oqe1TiKZfULY=; b=Wqb+u4WcBepn9nvj5VPkmFXjf1fos1nVD9/9+gEbDysmFRDkA6DoEty8fasB/1z86ULY0pux9nz/mG/T2WYuJjpTA5VGEPoiUOR2UAYGQJduRn92tskq0YfpCIfFuEcGkQamvxtTlZP9scCK6JpZpPRQCjd0gpiwDKwHPYXp7OQRR1TAYlPQrgsdHLKk1lYQVGYHAflQPfdCpfbCzQ2wNCEDjFc2Qbgt1QGcHPVbjk0eAxHGL98WfmK/60TbDOoebwyYnfbDSwU8ZDzze+NIKXyFx84zcbnHjFPttVYGXLCKLtAJ8Whtl9Fm1h1ls4yBfGlzISO69bcI6barZUsG8A==

Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=AnjR8Br1oNeRYamYqaeptcsjcM+ORLBgonCk6EJb35zt/pzO0qnuebcHpoEc9grb096YBbXdUg15DK/PBneB5mVP3HBtVcE+r3kQbXrKwqDJjLgF4WMzmlUgoP9+y0vW8t3DHHzdtbA6v0vllTeV2+Zhq6sTPb8yrZMMbNMftt6Ppg4rsRwg3qhwIXd1ZKsxunAdqhu8rXb2PpYq9pevGiNIpeLHnKWGh3TED5QjwfItcDooR3qih9DfaNygFN0E4QPtwo2/nqg5+1mK+OshJSnfWFD3LKs7HB7AgohxDwbHh/1+I/RTA+73kT/SR88E7xjj8NavSY+vL6PWTXrpQQ==

Authentication-results: eu.smtp.expurgate.cloud; dkim=pass header.s=selector1 header.d=citrix.com header.i="@citrix.com" header.h="From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck"

Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=citrix.com;

Cc: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

Delivery-date: Wed, 25 Mar 2026 10:37:37 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 3/24/26 11:02 PM, Andrew Cooper wrote:

On 24/03/2026 6:19 pm, Ross Lagerwall wrote:

When using eager-fpu, a vCPU's FPU is always marked as initialized on
context switch but it is possible that neither vcpu_reset_fpu() nor
vcpu_setup_fpu() has been called on it.


How?

I don't think a PV vCPU can.  You cannot VCPUOP_up a vCPU for which
v->is_initialised is false, and setting is_initialised involves either
giving a good FPU, or taking the "reset" path.

An HVM use of VCPUOP_initialise only passes basic state, so can be used
to set v->is_initialised without touching the FPU state.

Yes, then a subsequent VCPUOP_up allows the VCPU to be scheduled. vcpu_restore_fpu_nonlazy(), called on context switch, always sets fpu_initialised to 1 in the eager-fpu case. I confirmed this happens with some debug logging during VM start: [ 106.281001] vcpu_init_fpu vCPU 1 (fpu_initialised is 0) [ 110.088015] vcpu_restore_fpu_nonlazy vCPU 1 (set fpu_initialised to 1) [ 110.088155] vcpu_restore_fpu_nonlazy vCPU 1 (set fpu_initialised to 1) [ 110.088518] vcpu_restore_fpu_nonlazy vCPU 1 (set fpu_initialised to 1) [ 110.356216] vcpu_reset_fpu vCPU 1 (set fpu_initialised to 0) [ 110.356236] vcpu_restore_fpu_nonlazy vCPU 1 (set fpu_initialised to 1) ...

  If that happens,
arch_get_info_guest() would return a block of all 0's for the FPU
context claiming it to be valid.

Fix this by calling vcpu_reset_fpu() during vCPU creation.

Signed-off-by: Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>


The phrasing is a bit awkward, and the function names don't help, but it
is something we're going to have to address properly when doing nested virt.

(A minor tangent which is relevant to where we want to end up)

https://sandpile.org/x86/initial.htm

#RESET and #INIT used to be a physical pins, but are just a message on
the fabric. Either way they're events which alter state in well defined
ways.

 From Xen's point of view, vcpu_create() is the only #RESET-like thing
we've got.  If we didn't model crash/reboot as constructing a new
domain, that would be the other place to use #RESET.

#INIT exists explicitly for HVM guests, via the APIC interface.  Xen has
no working model of this because HVM guests were built on PV which
wasn't modelled on how CPUs work.

v->is_initialised is a PV-ism which has infected x86 HVM and non-x86
architectures too.  The key thing which PV vCPUs need that doesn't work
like CPUs in the slightest is the chosen vCR3 (and vCR1 for PV64) need
to refer to a property typed L4/L3 pagetable, and PV guests can't take a
type ref on 0.


Anyway, returning from the tangent ...

---
New in v2

  xen/arch/x86/domain.c | 2 ++
  1 file changed, 2 insertions(+)

diff --git a/xen/arch/x86/domain.c b/xen/arch/x86/domain.c
index 9ba2774762cc..82da1c5d7b38 100644
--- a/xen/arch/x86/domain.c
+++ b/xen/arch/x86/domain.c
@@ -522,6 +522,8 @@ int arch_vcpu_create(struct vcpu *v)
          if ( (rc = vcpu_init_fpu(v)) != 0 )
              return rc;

+ vcpu_reset_fpu(v);


... this really should be part of allocating the memory.

First, we should never have the backing memory in the wrong state, and
second, the idle vCPU doesn't take this path.  i.e. in
xstate_alloc_save_area().

Looking into this asks more questions.

xstate_alloc_save_area() does set some of the backing state, but misses
FXSAVE_FTW_RESET.  That's easy enough to fix, and turns out to address
my original concern.

vcpu_reset_fpu() sets v->fpu_initialised = false.  Doesn't this defeat
the point of this patch?

No, since it means the backing memory has been properly initialised by the time fpu_initalised gets unilaterally set in vcpu_restore_fpu_nonlazy()...


Maybe it's easiest just to fix FXSAVE_FTW_RESET and then purge the
booleans in the way this series does.  I don't think trying to unpick
any other bugfixes is going to be fruitful.

... but yes, that does seem like the best way to fix this. Ross

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.