>>> On 18.07.18 at 14:30, <andrew.coop...@citrix.com> wrote: > If valid_xcr0() accepts a new_bv which exceeds xfeature_mask, then something > is broken with the CPUID policiy derivation or auditing logic. If hardware > rejects new_bv, then something is broken with Xen's xstate logic.
With what I've said about valid_xcr0() in reply to patch 1, this is incorrect, and hence both text and first half of the code change need re-doing. Provided that's what we want in the first place, but I'd have to see the new version in order to be able to sensibly judge. Jan > In both cases, crash the domain with an obvious error message, to help > highlight the issues. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > CC: Jan Beulich <jbeul...@suse.com> > --- > xen/arch/x86/xstate.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > > diff --git a/xen/arch/x86/xstate.c b/xen/arch/x86/xstate.c > index 44b993f..06c94f8 100644 > --- a/xen/arch/x86/xstate.c > +++ b/xen/arch/x86/xstate.c > @@ -708,11 +708,27 @@ int handle_xsetbv(u32 index, u64 new_bv) > if ( index != XCR_XFEATURE_ENABLED_MASK ) > return -EOPNOTSUPP; > > - if ( (new_bv & ~xfeature_mask) || !valid_xcr0(curr->domain, new_bv) ) > + if ( !valid_xcr0(curr->domain, new_bv) ) > return -EINVAL; > > + if ( new_bv & ~xfeature_mask ) > + { > + gprintk(XENLOG_ERR, > + "new_bv %016" PRIx64 " exceeds hardware max %016" PRIx64 > "\n", > + new_bv, xfeature_mask); > + domain_crash(curr->domain); > + > + return -EINVAL; > + } > + > if ( !set_xcr0(new_bv) ) > + { > + gprintk(XENLOG_ERR, "new_bv %016" PRIx64 " rejected by hardware\n", > + new_bv); > + domain_crash(curr->domain); > + > return -EFAULT; > + } > > mask = new_bv & ~curr->arch.xcr0_accum; > curr->arch.xcr0 = new_bv; > -- > 2.1.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel