|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen stable-4.2] VMX: disable EPT when !cpu_has_vmx_pat
commit f1e0df14412ccc6933a68eda66ac5b7d89186b62
Author: Liu Jinsong <jinsong.liu@xxxxxxxxx>
AuthorDate: Mon Dec 9 14:40:51 2013 +0100
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Dec 9 14:40:51 2013 +0100
VMX: disable EPT when !cpu_has_vmx_pat
Recently Oracle developers found a Xen security issue as DOS affecting,
named as XSA-60. Please refer http://xenbits.xen.org/xsa/advisory-60.html
Basically it involves how to handle guest cr0.cd setting, which under
some environment it consumes much time resulting in DOS-like behavior.
This is a preparing patch for fixing XSA-60. Later patch will fix XSA-60
via PAT under Intel EPT case, which depends on cpu_has_vmx_pat.
This is CVE-2013-2212 / XSA-60.
Signed-off-by: Liu Jinsong <jinsong.liu@xxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Tim Deegan <tim@xxxxxxx>
Acked-by: Jun Nakajima <jun.nakajima@xxxxxxxxx>
master commit: c13b0d65ddedd74508edef5cd66defffe30468fc
master date: 2013-11-06 10:11:18 +0100
---
xen/arch/x86/hvm/vmx/vmcs.c | 4 ++--
xen/arch/x86/hvm/vmx/vmx.c | 10 +++++++---
2 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
index 11c19f1..049267e 100644
--- a/xen/arch/x86/hvm/vmx/vmcs.c
+++ b/xen/arch/x86/hvm/vmx/vmcs.c
@@ -779,7 +779,7 @@ static int construct_vmcs(struct vcpu *v)
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_CS);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_ESP);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP);
- if ( cpu_has_vmx_pat && paging_mode_hap(d) )
+ if ( paging_mode_hap(d) )
vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT);
}
@@ -905,7 +905,7 @@ static int construct_vmcs(struct vcpu *v)
#endif
}
- if ( cpu_has_vmx_pat && paging_mode_hap(d) )
+ if ( paging_mode_hap(d) )
{
u64 host_pat, guest_pat;
diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
index 1e30557..f40c276 100644
--- a/xen/arch/x86/hvm/vmx/vmx.c
+++ b/xen/arch/x86/hvm/vmx/vmx.c
@@ -972,7 +972,7 @@ static unsigned long vmx_get_shadow_gs_base(struct vcpu *v)
static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
{
- if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ if ( !paging_mode_hap(v->domain) )
return 0;
vmx_vmcs_enter(v);
@@ -986,7 +986,7 @@ static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat)
{
- if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ if ( !paging_mode_hap(v->domain) )
return 0;
vmx_vmcs_enter(v);
@@ -1593,7 +1593,11 @@ struct hvm_function_table * __init start_vmx(void)
return NULL;
}
- if ( cpu_has_vmx_ept )
+ /*
+ * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole
+ * (refer to http://xenbits.xen.org/xsa/advisory-60.html).
+ */
+ if ( cpu_has_vmx_ept && cpu_has_vmx_pat )
{
vmx_function_table.hap_supported = 1;
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.2
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |