[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] libxc/restore: Fix REC_TYPE_X86_PV_VCPU_XSAVE data auditing (take 2)

It turns out that a bug (since forever) in Xen causes XSAVE records to have
non-architectural behaviour on xsave-capable hardware, when a PV guest has not
touched the state.

In such a case, the data record returned from Xen is 2*uint64_t, both claiming
the (illegitimate) state of %xcr0 and %xcr0_accum being 0.

Adjust the bound in handle_x86_pv_vcpu_blob() to cope with this.

Fixes: 2a62c22715b "libxc/restore: Fix data auditing in 
Reported-by: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CC: Ian Jackson <Ian.Jackson@xxxxxxxxxx>
CC: Wei Liu <wl@xxxxxxx>
CC: Igor Druzhinin <igor.druzhinin@xxxxxxxxxx>

I'll see about fixing Xen at some other point.  A second bug is that we have
two copies of part of the vCPU's FPU state.
 tools/libxc/xc_sr_restore_x86_pv.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/libxc/xc_sr_restore_x86_pv.c 
index 16e738884e..904ccc462a 100644
--- a/tools/libxc/xc_sr_restore_x86_pv.c
+++ b/tools/libxc/xc_sr_restore_x86_pv.c
@@ -827,10 +827,10 @@ static int handle_x86_pv_vcpu_blob(struct xc_sr_context 
-        if ( blobsz < 128 )
+        if ( blobsz < 16 )
             ERROR("%s record too short: min %zu, got %u",
-                  rec_name, sizeof(*vhdr) + 128, rec->length);
+                  rec_name, sizeof(*vhdr) + 16, rec->length);
             goto out;
         blob = &vcpu->xsave;

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.