diff options
| author | Andrei Vagin <avagin@gmail.com> | 2021-03-30 21:40:07 -0700 |
|---|---|---|
| committer | Andrei Vagin <avagin@gmail.com> | 2021-04-01 13:28:15 -0700 |
| commit | eb9b8e53a3ef7bb96dcb59a0121fa9ed22f01bfd (patch) | |
| tree | d01a7b7aae854e5b2a89c156d809e1b6aafc4640 /pkg/ring0 | |
| parent | 6c10c772e46ffe8d27cffe77aed24f0d334d611c (diff) | |
platform/kvm/x86: restore mxcsr when switching from guest to sentry
Goruntime sets mxcsr once and never changes it.
Reported-by: syzbot+ec55cea6e57ec083b7a6@syzkaller.appspotmail.com
Fixes: #5754
Diffstat (limited to 'pkg/ring0')
| -rw-r--r-- | pkg/ring0/kernel_amd64.go | 11 | ||||
| -rw-r--r-- | pkg/ring0/lib_amd64.go | 6 | ||||
| -rw-r--r-- | pkg/ring0/lib_amd64.s | 12 |
3 files changed, 29 insertions, 0 deletions
diff --git a/pkg/ring0/kernel_amd64.go b/pkg/ring0/kernel_amd64.go index 92d2330cb..6e17fb796 100644 --- a/pkg/ring0/kernel_amd64.go +++ b/pkg/ring0/kernel_amd64.go @@ -250,6 +250,7 @@ func (c *CPU) SwitchToUser(switchOpts SwitchOpts) (vector Vector) { } SaveFloatingPoint(switchOpts.FloatingPointState.BytePointer()) // escapes: no. Copy out floating point. WriteFS(uintptr(c.registers.Fs_base)) // escapes: no. Restore kernel FS. + ldmxcsr(&kernelMXCSR) // escapes: no. Restore kernel MXCSR. return } @@ -321,3 +322,13 @@ func SetCPUIDFaulting(on bool) bool { func ReadCR2() uintptr { return readCR2() } + +// kernelMXCSR is the value of the mxcsr register in the Sentry. +// +// The MXCSR control configuration is initialized once and never changed. Look +// at src/cmd/compile/abi-internal.md in the golang sources for more details. +var kernelMXCSR uint32 + +func init() { + stmxcsr(&kernelMXCSR) +} diff --git a/pkg/ring0/lib_amd64.go b/pkg/ring0/lib_amd64.go index 0ec5c3bc5..3e6bb9663 100644 --- a/pkg/ring0/lib_amd64.go +++ b/pkg/ring0/lib_amd64.go @@ -61,6 +61,12 @@ func wrgsbase(addr uintptr) // wrgsmsr writes to the GS_BASE MSR. func wrgsmsr(addr uintptr) +// stmxcsr reads the MXCSR control and status register. +func stmxcsr(addr *uint32) + +// ldmxcsr writes to the MXCSR control and status register. +func ldmxcsr(addr *uint32) + // readCR2 reads the current CR2 value. func readCR2() uintptr diff --git a/pkg/ring0/lib_amd64.s b/pkg/ring0/lib_amd64.s index 2fe83568a..70a43e79e 100644 --- a/pkg/ring0/lib_amd64.s +++ b/pkg/ring0/lib_amd64.s @@ -198,3 +198,15 @@ TEXT ·rdmsr(SB),NOSPLIT,$0-16 MOVL AX, ret+8(FP) MOVL DX, ret+12(FP) RET + +// stmxcsr reads the MXCSR control and status register. +TEXT ·stmxcsr(SB),NOSPLIT,$0-8 + MOVQ addr+0(FP), SI + STMXCSR (SI) + RET + +// ldmxcsr writes to the MXCSR control and status register. +TEXT ·ldmxcsr(SB),NOSPLIT,$0-8 + MOVQ addr+0(FP), SI + LDMXCSR (SI) + RET |