There are two issues. First, the nonlazy xstates were never restored
after returning from the runtime call.
Secondly, with the fully_eager_fpu mitigation for XSA-267 / LazyFPU, the
unilateral stts() is no longer correct, and hits an assertion later when
a lazy state restore tries to occur for a fully eager vcpu.
Fix both of these issues by calling vcpu_restore_fpu_eager(). As EFI
runtime services can be used in the idle context, the idle assertion
needs to move until after the fully_eager_fpu check.
Introduce a "curr" local variable and replace other uses of "current"
at the same time.
Reported-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Juergen Gross <jgross@suse.com>
master commit:
437211cb696515ee5bd5dae0ab72866c9f382a33
master date: 2018-06-21 11:35:46 +0200
/* Restore FPU state whenever VCPU is schduled in. */
void vcpu_restore_fpu_eager(struct vcpu *v)
{
- ASSERT(!is_idle_vcpu(v));
-
/* Restore nonlazy extended state (i.e. parts not tracked by CR0.TS). */
if ( !v->arch.fully_eager_fpu && !v->arch.nonlazy_xstate_used )
return;
+ ASSERT(!is_idle_vcpu(v));
+
/* Avoid recursion */
clts();
void efi_rs_leave(struct efi_rs_state *state)
{
+ struct vcpu *curr = current;
+
if ( !state->cr3 )
return;
switch_cr3_cr4(state->cr3, read_cr4());
- if ( is_pv_vcpu(current) && !is_idle_vcpu(current) )
+ if ( is_pv_vcpu(curr) && !is_idle_vcpu(curr) )
{
struct desc_ptr gdt_desc = {
.limit = LAST_RESERVED_GDT_BYTE,
- .base = GDT_VIRT_START(current)
+ .base = GDT_VIRT_START(curr)
};
asm volatile ( "lgdt %0" : : "m" (gdt_desc) );
irq_exit();
efi_rs_on_cpu = NR_CPUS;
spin_unlock(&efi_rs_lock);
- stts();
+ vcpu_restore_fpu_eager(curr);
}
bool_t efi_rs_using_pgtables(void)
projects / xen.git / commitdiff