bitkeeper revision 1.1389.1.5 (42712ad1Qoo2MSKU_8_-kkJWHY9E9g)

Handle the possibility that FXRSTOR may fault by silently clearing
the data area that it is restoring from. This may occur if control
tools reload a saved VM image without adequate checking, for example.
Signed-off-by: Keir Fraser <keir@xensource.com>

1 files changed, 26 insertions, 2 deletions

diff --git a/xen/arch/x86/i387.c b/xen/arch/x86/i387.c
index f25973398f..08dc9fdcb7 100644
--- a/xen/arch/x86/i387.c
+++ b/xen/arch/x86/i387.c
@@ -46,10 +46,34 @@ void save_init_fpu(struct exec_domain *tsk)
 
 void restore_fpu(struct exec_domain *tsk)
 {
+    /*
+     * FXRSTOR can fault if passed a corrupted data block. We handle this
+     * possibility, which may occur if the block was passed to us by control
+     * tools, by silently clearing the block.
+     */
     if ( cpu_has_fxsr )
         __asm__ __volatile__ (
-            "fxrstor %0"
-            : : "m" (tsk->arch.guest_context.fpu_ctxt) );
+            "1: fxrstor %0            \n"
+            ".section .fixup,\"ax\"   \n"
+            "2: push %%"__OP"ax       \n"
+            "   push %%"__OP"cx       \n"
+            "   push %%"__OP"di       \n"
+            "   lea  %0,%%"__OP"di    \n"
+            "   mov  %1,%%ecx         \n"
+            "   xor  %%eax,%%eax      \n"
+            "   rep ; stosl           \n"
+            "   pop  %%"__OP"di       \n"
+            "   pop  %%"__OP"cx       \n"
+            "   pop  %%"__OP"ax       \n"
+            "   jmp  1b               \n"
+            ".previous                \n"
+            ".section __ex_table,\"a\"\n"
+            "   "__FIXUP_ALIGN"       \n"
+            "   "__FIXUP_WORD" 1b,2b  \n"
+            ".previous                \n"
+            : 
+            : "m" (tsk->arch.guest_context.fpu_ctxt),
+              "i" (sizeof(tsk->arch.guest_context.fpu_ctxt)/4) );
     else
         __asm__ __volatile__ (
             "frstor %0"