Information leak on XSAVE/XRSTOR capable AMD CPUs

On AMD processors supporting XSAVE/XRSTOR (family 15h and up), when an exception is pending, these instructions save/restore only the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR. This allows one domain to determine portions of the state of floating point instructions of other domains.

improper error handling (do not save/restore some information)

即在有exception pending的情况下,XSAVE/XRSTOR指令只会save/restore FOP,FIP and FDP,而不会save/restore一些信息诸如the last instruction and operand pointers as well as the last opcode。因此可能造成某个guest决定其它guest的一些相关floating pointer的状态。



x86/xsave: fix information leak on AMD CPUs

Just like for FXSAVE/FXRSTOR, XSAVE/XRSTOR also don’t save/restore the last instruction and operand pointers as well as the last opcode if there’s no pending unmasked exception.

While the FXSR solution sits in the save path, I prefer to have this in the restore path because there the handling is simpler (namely in the context of the pending changes to properly save the selector values for 32-bit guest code).

--- a/xen/arch/x86/i387.c
+++ b/xen/arch/x86/i387.c
@@ -44,6 +44,21 @@ static void xrstor(struct vcpu *v)
     struct xsave_struct *ptr = v->arch.xsave_area;
+    /*
+     * AMD CPUs don't save/restore FDP/FIP/FOP unless an exception
+     * is pending. Clear the x87 state here by setting it to fixed
+     * values. The hypervisor data segment can be sometimes 0 and
+     * sometimes new user value. Both should be ok. Use the FPU saved
+     * data block as a safe address because it should be in L1.
+     */
+    if ( (ptr->xsave_hdr.xstate_bv & XSTATE_FP) &&
+         !(ptr->fpu_sse.fsw & 0x0080) &&
+         boot_cpu_data.x86_vendor == X86_VENDOR_AMD )
+        asm volatile ( "fnclex\n\t"        /* clear exceptions */
+                       "ffree %%st(7)\n\t" /* clear stack tag */
+                       "fildl %0"          /* load to clear state */
+                       : : "m" (ptr->fpu_sse) );
     asm volatile (
         ".byte " REX_PREFIX "0x0f,0xae,0x2f"


A malicious domain may be able to leverage this to obtain sensitive information such as cryptographic keys from another domain.

information leak