x86/xsave: initialize unused register state when restoring for guest

In order to avoid leaking register contents from the prior use of the
registers restored through xrstor due to a guest enabling certain xcr0
bits late (particularly after the context restor in question), force
restoring of all known registers (the ones that never got saved would
be forced to their init state).

This is CVE-2013-1442 / XSA-62.

Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
master commit: 63a75ba0de817d6f384f96d25427a05c313e2179
master date: 2013-09-25 10:41:25 +0200

diff --git a/xen/arch/x86/i387.c b/xen/arch/x86/i387.c
index bba14ca978fb1f1118a429ec0dcdb9ae6e21f15f..011a55ad0c4a55b1c3569362e208fdb3a3b3357b 100644 (file)
--- a/xen/arch/x86/i387.c
+++ b/xen/arch/x86/i387.c
@@ -103,9 +103,9 @@ void setup_fpu(struct vcpu *v)
     {
         /*
          * XCR0 normally represents what guest OS set. In case of Xen itself, 
-         * we set all supported feature mask before doing save/restore.
+         * we set all supported feature mask before restoring.
          */
-        set_xcr0(v->arch.xcr0_accum);
+        set_xcr0(xfeature_mask);
         xrstor(v);
         set_xcr0(v->arch.xcr0);
     }
@@ -149,7 +149,7 @@ void save_init_fpu(struct vcpu *v)
     if ( xsave_enabled(v) )
     {
         /* XCR0 normally represents what guest OS set. In case of Xen itself,
-         * we set all accumulated feature mask before doing save/restore.
+         * we set all accumulated feature mask before saving.
          */
         set_xcr0(v->arch.xcr0_accum);
         if ( cpu_has_xsaveopt )