[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling

To: Tim Deegan <tim@xxxxxxx>
From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Date: Wed, 23 Oct 2013 11:16:23 +0100
Cc: "Liu, Jinsong" <jinsong.liu@xxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, "zhenzhong.duan@xxxxxxxxxx" <zhenzhong.duan@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, "Auld, Will" <will.auld@xxxxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>, "sherry.hurwitz@xxxxxxx" <sherry.hurwitz@xxxxxxx>, "suravee.suthikulpanit@xxxxxxx" <suravee.suthikulpanit@xxxxxxx>
Delivery-date: Wed, 23 Oct 2013 10:17:02 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 22/10/13 16:26, Tim Deegan wrote:
> At 15:55 +0000 on 21 Oct (1382367312), Liu, Jinsong wrote:
>> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001
>> From: Liu Jinsong <jinsong.liu@xxxxxxxxx>
>> Date: Thu, 17 Oct 2013 05:49:23 +0800
>> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
>>
>> This patch solves XSA-60 security hole:
>> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need
>> do nothing, since hardware snoop mechanism has ensured cache coherency.
>>
>> 2. For guest with VT-d but non-snooped, cache coherency can not be
>> guaranteed by h/w snoop, therefore it need emulate UC type to guest:
>> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that
>> guest memory type are all UC.
>> 2.2). if it works w/ shadow, drop all shadows so that any new ones would
>> be created on demand w/ UC.
>>
>> This patch also fix a bug of shadow cr0.cd setting. Current shadow has a
>> small window between cache flush and TLB invalidation, resulting in possilbe
>> cache pollution. This patch pause vcpus so that no vcpus context involved
>> into the window. 
>>
>> Signed-off-by: Liu Jinsong <jinsong.liu@xxxxxxxxx>
> Reviewed-by: Tim Deegan <tim@xxxxxxx>

Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Liu, Jinsong
- Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Tim Deegan

Prev by Date: [Xen-devel] [xen-unstable test] 21085: tolerable FAIL
Next by Date: Re: [Xen-devel] [PATCH] xen: arm: correct XEN_COMPILE_ARCH autodetection for arm64
Previous by thread: Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Next by thread: [Xen-devel] [qemu-upstream-unstable test] 21054: regressions - FAIL
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.