Revert "x86/traps: 'Fix' safety of read_registers() in #DF path"

This reverts commit 6065a05adf152a556fb9f11a5218c89e41b62893.

The discussed "proper fix" has now been implemented, and the #DF path no
longer writes out-of-bounds.  Restore the proper #DF IST pointer.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
Only 5 years late...

diff --git a/xen/arch/x86/cpu/common.c b/xen/arch/x86/cpu/common.c
index e8d4ca3203befd0f350173d415450a04cdae291c..b934ce7ca487a6d5a3a4ea8e2c1416a5bfe7caeb 100644 (file)
--- a/xen/arch/x86/cpu/common.c
+++ b/xen/arch/x86/cpu/common.c
@@ -847,13 +847,7 @@ void load_system_tables(void)
        tss->ist[IST_MCE - 1] = stack_top + (1 + IST_MCE) * PAGE_SIZE;
        tss->ist[IST_NMI - 1] = stack_top + (1 + IST_NMI) * PAGE_SIZE;
        tss->ist[IST_DB  - 1] = stack_top + (1 + IST_DB)  * PAGE_SIZE;
-       /*
-        * Gross bodge.  The #DF handler uses the vm86 fields of cpu_user_regs
-        * beyond the hardware frame.  Adjust the stack entrypoint so this
-        * doesn't manifest as an OoB write which hits the guard page.
-        */
-       tss->ist[IST_DF  - 1] = stack_top + (1 + IST_DF)  * PAGE_SIZE -
-               (sizeof(struct cpu_user_regs) - offsetof(struct cpu_user_regs, es));
+       tss->ist[IST_DF  - 1] = stack_top + (1 + IST_DF)  * PAGE_SIZE;
        tss->bitmap = IOBMP_INVALID_OFFSET;
 
        /* All other stack pointers poisioned. */