From: David Vrabel <david.vrabel@citrix.com>
To: xen-devel <xen-devel@lists.xenproject.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
Kevin Tian <kevin.tian@intel.com>,
Paul Durrant <paul.durrant@citrix.com>,
Feng Wu <feng.wu@intel.com>, Jan Beulich <jbeulich@suse.com>
Subject: Restoring FPU exception state
Date: Wed, 17 Feb 2016 13:08:17 +0000 [thread overview]
Message-ID: <56C470C1.30503@citrix.com> (raw)
The FPU exception state includes 4 registers:
- 64-bit FIP
- 16-bit FCS
- 64-bit FDP
- 16-bit FDS
When a CPU takes an FPU exception in long mode, all 4 registers are
fully updated. This state can be saved with a combination of REX.W
prefixed XSAVE and FNSTENV. This state cannot be restored with any
combination of instructions as those that restore the 64-bit FIP/FDP
clear FCS and FDS; and those that restore FCS and FDS clear the upper
32-bits of FIP and FDP [1].
This causes problems when running Microsoft's Driver Verifier in a
64-bit Windows guest (seen with Windows 7 SP1, but other versions may
also be affected).
The Driver Verifier prior to calling a driver's interrupt handler will
save the FPU state, after the handler is called it will save the state
again and do a byte-by-byte compare to verify the state has not changed.
A 0x3D (INTERRUPT_EXCEPTION_NOT_HANDLED) BugCheck is raised if the
state does not match.
Windows uses XSAVE to save the FPU state, but it does not use a REX.W
prefixed XSAVE, and saves only the lower 32-bits of FIP/FDP and FCS/FDS.
If the VCPU is descheduled between these two checks, the contents of
FCS/FDS is lost, Windows will notice and BugCheck.
When saving a VCPUs FPU state, Xen first uses a REX.W prefixed XSAVE and
notices that FIP/FDP[64:32] is non-zero and assumes are REX.W prefixed
XRSTOR is required to restore the full 64-bits of FIP/FDP. This clears
FCS/FDS.
On processors with FPCSDS[2] (bit 13) set in CPUID leaf 0x7, sub-leaf
0x0, do not save FCS/FDS (they always write zeros) and this problem does
not occur, because FCS/FDS never needs to be restored.
Does anyone any thoughts of a solution for processors without the FPCSDS
feature?
David
[1] Intel SDM vol 1. section 8.1.8.
[2] http://www.sandpile.org/x86/cpuid.htm#level_0000_0007h
next reply other threads:[~2016-02-17 13:08 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-17 13:08 David Vrabel [this message]
2016-02-17 13:45 ` Restoring FPU exception state Jan Beulich
2016-02-18 6:30 ` Tian, Kevin
2016-02-18 8:16 ` Jan Beulich
2016-02-18 8:41 ` Paul Durrant
2016-02-18 8:49 ` Jan Beulich
2016-02-18 8:54 ` Paul Durrant
2016-02-18 9:24 ` Jan Beulich
2016-02-18 9:30 ` Paul Durrant
2016-02-24 10:33 ` Tian, Kevin
2016-02-24 10:42 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C470C1.30503@citrix.com \
--to=david.vrabel@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=feng.wu@intel.com \
--cc=jbeulich@suse.com \
--cc=kevin.tian@intel.com \
--cc=paul.durrant@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.