[xen stable-4.9] x86: fix slow int80 path after XPTI additions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[xen stable-4.9] x86: fix slow int80 path after XPTI additions

commit 7866e115f9c624b0669997fcc393b489ef3c38a2
Author:     Jan Beulich <[hidden email]>
AuthorDate: Wed Apr 25 14:47:02 2018 +0200
Commit:     Jan Beulich <[hidden email]>
CommitDate: Wed Apr 25 14:47:02 2018 +0200

    x86: fix slow int80 path after XPTI additions
    For the int80 slow path to jump to handle_exception_saved, %r14 needs to
    be set up suitably for XPTI purposes. This is because of the difference
    in nature between the int80 path (which is synchronous WRT guest
    actions) and the exception path which is potentially asynchronous.
    This is XSA-259.
    Reported-by: Andrew Cooper <[hidden email]>
    Signed-off-by: Jan Beulich <[hidden email]>
    Reviewed-by: Andrew Cooper <[hidden email]>
    master commit: 5a5c368faf45ced8a8c6235f4fbf5cdb38ec939f
    master date: 2018-04-25 14:39:41 +0200
 xen/arch/x86/x86_64/entry.S | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index b0bd5fab17..fd6c5d04e2 100644
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -398,6 +398,12 @@ int80_slow_path:
         movl  $TRAP_gp_fault,UREGS_entry_vector(%rsp)
         /* A GPF wouldn't have incremented the instruction pointer. */
         subq  $2,UREGS_rip(%rsp)
+        /*
+         * While we've cleared xen_cr3 above already, normal exception handling
+         * code has logic to restore the original value from %r15. Therefore we
+         * need to set up %r14 here, while %r15 is required to still be zero.
+         */
+        GET_STACK_END(14)
         jmp   handle_exception_saved
         /* create_bounce_frame & helpers don't need to be in .text.entry */
generated by git-patchbot for /home/xen/git/xen.git#stable-4.9

Xen-changelog mailing list
[hidden email]