vmx realmode: HOST_CR0.TS must be cleared when restoring guest FPU

state, otherwise in-Xen CR0.TS value becomes set again on next
vmexit. Then we crash the next time we try to emulate an FPU
instruction.
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>

diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 4ecbccef661e569f4e32396d180bafb7732461a5..079b673f9c3ea9c31aaf1e7f381c6d7bb92f74fa 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -489,7 +489,8 @@ static int construct_vmcs(struct vcpu *v)
     __vmwrite(HOST_GS_BASE, 0);
 
     /* Host control registers. */
-    __vmwrite(HOST_CR0, read_cr0() | X86_CR0_TS);
+    v->arch.hvm_vmx.host_cr0 = read_cr0() | X86_CR0_TS;
+    __vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0);
     __vmwrite(HOST_CR4, mmu_cr4_features);
 
     /* Host CS:RIP. */

diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 05dba0511636abc9a1727d1e1eb4be8611fc62a2..aa46de15486567f98c41a41180f6489f00fab119 100644 (file)
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -742,6 +742,13 @@ static int vmx_load_vmcs_ctxt(struct vcpu *v, struct hvm_hw_cpu *ctxt)
 
 static void vmx_ctxt_switch_from(struct vcpu *v)
 {
+    ASSERT(read_cr0() & X86_CR0_TS);
+    if ( !(v->arch.hvm_vmx.host_cr0 & X86_CR0_TS) )
+    {
+        v->arch.hvm_vmx.host_cr0 |= X86_CR0_TS;
+        __vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0);
+    }
+
     vmx_save_guest_msrs(v);
     vmx_restore_host_msrs();
     vmx_save_dr(v);
@@ -1232,6 +1239,10 @@ void vmx_do_no_device_fault(void)
     setup_fpu(current);
     __vm_clear_bit(EXCEPTION_BITMAP, TRAP_no_device);
 
+    ASSERT(v->arch.hvm_vmx.host_cr0 & X86_CR0_TS);
+    v->arch.hvm_vmx.host_cr0 &= ~X86_CR0_TS;
+    __vmwrite(HOST_CR0, v->arch.hvm_vmx.host_cr0);
+
     /* Disable TS in guest CR0 unless the guest wants the exception too. */
     if ( !(v->arch.hvm_vcpu.guest_cr[0] & X86_CR0_TS) )
     {

diff --git a/xen/include/asm-x86/hvm/vmx/cpu.h b/xen/include/asm-x86/hvm/vmx/cpu.h
index c988b1334323c445e24af4643f63725b29741946..decd01e8297ea6a1a9e3df376bf807f756d13a33 100644 (file)
--- a/xen/include/asm-x86/hvm/vmx/cpu.h
+++ b/xen/include/asm-x86/hvm/vmx/cpu.h
@@ -19,19 +19,6 @@
 #ifndef __ASM_X86_HVM_VMX_CPU_H__
 #define __ASM_X86_HVM_VMX_CPU_H__
 
-/*
- * Virtual CPU
- */
-struct arch_state_struct {
-    unsigned long       mode_flags; /* vm86, 32-bit, 64-bit, etc. */
-    /* debug registers */
-    /* MSRs */
-};
-
-#define VMX_MF_VM86     0
-#define VMX_MF_32       1
-#define VMX_MF_64       2
-
 #define NUM_CORES_RESET_MASK                 0x00003FFF
 #define NUM_THREADS_RESET_MASK               0xFF00FFFF
 

diff --git a/xen/include/asm-x86/hvm/vmx/vmcs.h b/xen/include/asm-x86/hvm/vmx/vmcs.h
index 2b92b30446d1c0966b2b45017dfa51d5132b02bc..7f8080739c58f1638c7696cab30c0005c021b4d6 100644 (file)
--- a/xen/include/asm-x86/hvm/vmx/vmcs.h
+++ b/xen/include/asm-x86/hvm/vmx/vmcs.h
@@ -92,6 +92,8 @@ struct arch_vmx_struct {
     unsigned int         host_msr_count;
     struct vmx_msr_entry *host_msr_area;
 
+    unsigned long        host_cr0;
+
 #ifdef VMXASSIST
     unsigned long        vmxassist_enabled:1;
     unsigned long        irqbase_mode:1;