xpti: fix bug in double fault handling

When entering the hypervisor via the double fault handler resetting
xen_cr3 was missing. This led to switching to pv_cr3 when returning
from the next following exception, so repair this in order to allow
exception handling to work even after a double fault.

Signed-off-by: Juergen Gross <jgross@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Tested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
master commit: d80af845de7a4db01a4a3b4d779e0e0dcb5e738b
master date: 2018-04-23 16:13:01 +0200

(cherry picked from commit 210bd51a2e7ba0063fe5695fef441ac2d52d8f2e)

Gbp-Pq: Name xpti-fix-bug-in-double-fault-handling.patch

diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S
index 8f47947cc8178d03469ebae5655385cf83a79988..f61dd258d9ed8b75bcc2d1a8a589f224de17b4f4 100644 (file)
--- a/xen/arch/x86/x86_64/entry.S
+++ b/xen/arch/x86/x86_64/entry.S
@@ -784,12 +784,14 @@ ENTRY(double_fault)
         /* WARNING! `ret`, `call *`, `jmp *` not safe before this point. */
 
         mov   STACK_CPUINFO_FIELD(xen_cr3)(%r14), %rbx
-        test  %rbx, %rbx
+        neg   %rbx
         jz    .Ldblf_cr3_okay
         jns   .Ldblf_cr3_load
+        mov   %rbx, STACK_CPUINFO_FIELD(xen_cr3)(%r14)
         neg   %rbx
 .Ldblf_cr3_load:
         mov   %rbx, %cr3
+        movq $0, STACK_CPUINFO_FIELD(xen_cr3)(%r14)
 .Ldblf_cr3_okay:
 
         movq  %rsp,%rdi