XSA-172, XRSTOR on AMD CPUs

To: port-amd64%NetBSD.org@localhost
Subject: XSA-172, XRSTOR on AMD CPUs
From: coypu%sdf.org@localhost
Date: Sat, 4 Nov 2017 11:26:24 +0000

Hi!

Looking around, XSA-52 uses a workaround similar to us, to how AMD
implements XRSTOR:

                case FPU_SAVE_FXSAVE:
                        /*
                         * AMD FPU's do not restore FIP, FDP, and FOP on
                         * fxrstor, leaking other process's execution history.
                         * Clear them manually by loading a zero.
                         *
                         * Clear the ES bit in the x87 status word if it is
                         * currently set, in order to avoid causing a fault
                         * in the upcoming load.
                         */
                        if (fngetsw() & 0x80)
                                fnclex();
                        fldummy();
                        fxrstor(&pcb->pcb_savefpu);
                        break;

XSA-172 is an amendment to it, and it says:
this workaround does not cover all possible input cases.
This is because writes to the hardware FSW.ES bit, which the current
workaround is based on, are ignored; instead, the CPU calculates
FSW.ES from the pending exception and exception mask bits.  Xen
therefore needs to do the same.

changing:

-    if ( !(fpu_ctxt->fsw & 0x0080) &&
+    if ( !(fpu_ctxt->fsw & ~fpu_ctxt->fcw & 0x003f) &&
          boot_cpu_data.x86_vendor == X86_VENDOR_AMD )

Is this something we should change as well?

XSA-52: https://xenbits.xenproject.org/xsa/advisory-52.html
XSA-172: https://xenbits.xenproject.org/xsa/advisory-172.html

Prev by Date: Re: x86 bus_dmamap_sync
Next by Date: Running NetBSD in Google Cloud?
Previous by Thread: membar_producer
Next by Thread: Running NetBSD in Google Cloud?
Indexes:

Home | Main Index | Thread Index | Old Index