[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[xen stable-4.18] libs/guest: Fix migration compatibility with a security-patched Xen 4.13



commit 4306bf6a7558e033356554fa32859eeba9a4471e
Author:     Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Mon Dec 16 13:35:02 2024 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 16 13:35:02 2024 +0100

    libs/guest: Fix migration compatibility with a security-patched Xen 4.13
    
    xc_cpuid_apply_policy() provides compatibility for migration of a pre-4.14 
VM
    where no CPUID data was provided in the stream.
    
    It guesses the various max-leaf limits, based on what was true at the time 
of
    writing, but this was not correctly adapted when speculative security issues
    forced the advertisement of new feature bits.  Of note are:
    
     * LFENCE-DISPATCH, in leaf 0x80000021.eax
     * BHI-CTRL, in leaf 0x7[2].edx
    
    In both cases, a VM booted on a security-patched Xen 4.13, and then migrated
    on to any newer version of Xen on the same or compatible hardware would have
    these features stripped back because Xen is still editing the cpu-policy for
    sanity behind the back of the toolstack.
    
    For VMs using BHI_DIS_S to mitigate Native-BHI, this resulted in a failure 
to
    restore the guests MSR_SPEC_CTRL setting:
    
      (XEN) HVM d7v0 load MSR 0x48 with value 0x401 failed
      (XEN) HVM7 restore: failed to load entry 20/0 rc -6
    
    Fixes: e9b4fe263649 ("x86/cpuid: support LFENCE always serialising CPUID 
bit")
    Fixes: f3709b15fc86 ("x86/cpuid: Infrastructure for cpuid word 7:2.edx")
    Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
    master commit: 28301682f492c1df2ff9c3e01a0aab6262bd925a
    master date: 2024-12-03 12:20:41 +0000
---
 tools/libs/guest/xg_cpuid_x86.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tools/libs/guest/xg_cpuid_x86.c b/tools/libs/guest/xg_cpuid_x86.c
index 3a74bb2b37..4cef7ab72b 100644
--- a/tools/libs/guest/xg_cpuid_x86.c
+++ b/tools/libs/guest/xg_cpuid_x86.c
@@ -652,7 +652,8 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t 
domid, bool restore,
          *
          * This restore path is used for incoming VMs with no CPUID data
          * i.e. originated on Xen 4.13 or earlier.  We must invent a policy
-         * compatible with what Xen 4.13 would have done on the same hardware.
+         * compatible with what a security-patched Xen 4.13 would have done on
+         * the same hardware.
          *
          * Specifically:
          * - Clamp max leaves.
@@ -669,8 +670,8 @@ int xc_cpuid_apply_policy(xc_interface *xch, uint32_t 
domid, bool restore,
         }
 
         p->basic.max_leaf = min(p->basic.max_leaf, 0xdu);
-        p->feat.max_subleaf = 0;
-        p->extd.max_leaf = min(p->extd.max_leaf, 0x8000001c);
+        p->feat.max_subleaf = min(p->feat.max_subleaf, 0x2u);
+        p->extd.max_leaf = min(p->extd.max_leaf, 0x80000021);
     }
 
     if ( featureset )
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.18



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.