[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 4/4] XSA-60 security hole: flush cache when vmentry back to UC guest
From 159251a04afcdcd8ca08e9f2bdfae279b2aa5471 Mon Sep 17 00:00:00 2001 From: Liu Jinsong <jinsong.liu@xxxxxxxxx> Date: Thu, 31 Oct 2013 06:38:15 +0800 Subject: [PATCH 4/4] XSA-60 security hole: flush cache when vmentry back to UC guest This patch flush cache when vmentry back to UC guest, to prevent cache polluted by hypervisor access guest memory during UC mode. The elegant way to do this is, simply add wbinvd just before vmentry. However, currently wbinvd before vmentry will mysteriously trigger lapic timer interrupt storm, hung booting stage for 10s ~ 60s. We still didn't dig out the root cause of interrupt storm, so currently this patch add flag indicating hypervisor access UC guest memory to prevent interrupt storm problem. Whenever the interrupt storm got root caused and fixed, the protection flag can be removed. Suggested-by: Jan Beulich <jbeulich@xxxxxxxx> Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Signed-off-by: Liu Jinsong <jinsong.liu@xxxxxxxxx> --- xen/arch/x86/hvm/hvm.c | 7 +++++++ xen/arch/x86/hvm/vmx/vmx.c | 7 +++++++ xen/include/asm-x86/hvm/hvm.h | 1 + 3 files changed, 15 insertions(+), 0 deletions(-) diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c index df021de..47eb18d 100644 --- a/xen/arch/x86/hvm/hvm.c +++ b/xen/arch/x86/hvm/hvm.c @@ -68,6 +68,7 @@ #include <public/mem_event.h> bool_t __read_mostly hvm_enabled; +bool_t __read_mostly hypervisor_access_uc_hvm_memory; unsigned int opt_hvm_debug_level __read_mostly; integer_param("hvm_debug", opt_hvm_debug_level); @@ -2483,6 +2484,9 @@ static enum hvm_copy_result __hvm_copy( return HVMCOPY_unhandleable; #endif + if ( unlikely(curr->arch.hvm_vcpu.cache_mode == NO_FILL_CACHE_MODE) ) + hypervisor_access_uc_hvm_memory = 1; + while ( todo > 0 ) { count = min_t(int, PAGE_SIZE - (addr & ~PAGE_MASK), todo); @@ -2596,6 +2600,9 @@ static enum hvm_copy_result __hvm_clear(paddr_t addr, int size) return HVMCOPY_unhandleable; #endif + if ( unlikely(curr->arch.hvm_vcpu.cache_mode == NO_FILL_CACHE_MODE) ) + hypervisor_access_uc_hvm_memory = 1; + while ( todo > 0 ) { count = min_t(int, PAGE_SIZE - (addr & ~PAGE_MASK), todo); diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c index d846a9c..1cea5a3 100644 --- a/xen/arch/x86/hvm/vmx/vmx.c +++ b/xen/arch/x86/hvm/vmx/vmx.c @@ -2974,6 +2974,13 @@ void vmx_vmenter_helper(const struct cpu_user_regs *regs) struct hvm_vcpu_asid *p_asid; bool_t need_flush; + /* In case hypervisor accessor hvm memory when guest uc mode */ + if ( unlikely(hypervisor_access_uc_hvm_memory) ) + { + hypervisor_access_uc_hvm_memory = 0; + wbinvd(); + } + if ( !cpu_has_vmx_vpid ) goto out; if ( nestedhvm_vcpu_in_guestmode(curr) ) diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h index c9afb56..c7ac6b8 100644 --- a/xen/include/asm-x86/hvm/hvm.h +++ b/xen/include/asm-x86/hvm/hvm.h @@ -197,6 +197,7 @@ struct hvm_function_table { extern struct hvm_function_table hvm_funcs; extern bool_t hvm_enabled; +extern bool_t hypervisor_access_uc_hvm_memory; extern bool_t cpu_has_lmsl; extern s8 hvm_port80_allowed; -- 1.7.1 Attachment:
0004-XSA-60-security-hole-flush-cache-when-vmentry-back-t.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |