x86/xsaves: get_xsave_addr, check xsave header and support uncompressed format

The check needs to be against the xsave header in the area, rather than Xen's
maximum xfeature_mask. A guest might easily have a smaller xcr0 than the
maximum Xen is willing to allow, causing the pointer below to be bogus.

The get_xsave_addr() is modified to support uncompressed xstate areas.

Signed-off-by: Huaitong Han <huaitong.han@intel.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

diff --git a/xen/arch/x86/xstate.c b/xen/arch/x86/xstate.c
index b65da38304f9d6413120e96040966e59f60279eb..4e87ab33875518cc0dda865c782c5be7972a0e41 100644 (file)
--- a/xen/arch/x86/xstate.c
+++ b/xen/arch/x86/xstate.c
@@ -146,12 +146,15 @@ static void __init setup_xstate_comp(void)
     }
 }
 
-static void *get_xsave_addr(void *xsave, unsigned int xfeature_idx)
+static void *get_xsave_addr(struct xsave_struct *xsave,
+        unsigned int xfeature_idx)
 {
-    if ( !((1ul << xfeature_idx) & xfeature_mask) )
+    if ( !((1ul << xfeature_idx) & xsave->xsave_hdr.xstate_bv) )
         return NULL;
 
-    return xsave + xstate_comp_offsets[xfeature_idx];
+    return (void *)xsave + (xsave_area_compressed(xsave)
+            ? xstate_comp_offsets
+            : xstate_offsets)[xfeature_idx];
 }
 
 void expand_xsave_states(struct vcpu *v, void *dest, unsigned int size)