|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4/4] XSA-60 security hole: flush cache when vmentry back to UC guest
>>> On 30.10.13 at 17:07, "Liu, Jinsong" <jinsong.liu@xxxxxxxxx> wrote:
> From 159251a04afcdcd8ca08e9f2bdfae279b2aa5471 Mon Sep 17 00:00:00 2001
> From: Liu Jinsong <jinsong.liu@xxxxxxxxx>
> Date: Thu, 31 Oct 2013 06:38:15 +0800
> Subject: [PATCH 4/4] XSA-60 security hole: flush cache when vmentry back to
> UC guest
>
> This patch flush cache when vmentry back to UC guest, to prevent
> cache polluted by hypervisor access guest memory during UC mode.
>
> The elegant way to do this is, simply add wbinvd just before vmentry.
> However, currently wbinvd before vmentry will mysteriously trigger
> lapic timer interrupt storm, hung booting stage for 10s ~ 60s. We still
> didn't dig out the root cause of interrupt storm, so currently this
> patch add flag indicating hypervisor access UC guest memory to prevent
> interrupt storm problem. Whenever the interrupt storm got root caused
> and fixed, the protection flag can be removed.
Yeah, almost, except that
- the flag should be per-vCPU
- you should mention in the description that this still leaves aspects
un-addressed (speculative reads at least, and multi-vCPU issues,
and I'm sure there are more that I didn't think of so far)
Jan
> Suggested-by: Jan Beulich <jbeulich@xxxxxxxx>
> Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> Signed-off-by: Liu Jinsong <jinsong.liu@xxxxxxxxx>
> ---
> xen/arch/x86/hvm/hvm.c | 7 +++++++
> xen/arch/x86/hvm/vmx/vmx.c | 7 +++++++
> xen/include/asm-x86/hvm/hvm.h | 1 +
> 3 files changed, 15 insertions(+), 0 deletions(-)
>
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index df021de..47eb18d 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -68,6 +68,7 @@
> #include <public/mem_event.h>
>
> bool_t __read_mostly hvm_enabled;
> +bool_t __read_mostly hypervisor_access_uc_hvm_memory;
>
> unsigned int opt_hvm_debug_level __read_mostly;
> integer_param("hvm_debug", opt_hvm_debug_level);
> @@ -2483,6 +2484,9 @@ static enum hvm_copy_result __hvm_copy(
> return HVMCOPY_unhandleable;
> #endif
>
> + if ( unlikely(curr->arch.hvm_vcpu.cache_mode == NO_FILL_CACHE_MODE) )
> + hypervisor_access_uc_hvm_memory = 1;
> +
> while ( todo > 0 )
> {
> count = min_t(int, PAGE_SIZE - (addr & ~PAGE_MASK), todo);
> @@ -2596,6 +2600,9 @@ static enum hvm_copy_result __hvm_clear(paddr_t addr,
> int size)
> return HVMCOPY_unhandleable;
> #endif
>
> + if ( unlikely(curr->arch.hvm_vcpu.cache_mode == NO_FILL_CACHE_MODE) )
> + hypervisor_access_uc_hvm_memory = 1;
> +
> while ( todo > 0 )
> {
> count = min_t(int, PAGE_SIZE - (addr & ~PAGE_MASK), todo);
> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
> index d846a9c..1cea5a3 100644
> --- a/xen/arch/x86/hvm/vmx/vmx.c
> +++ b/xen/arch/x86/hvm/vmx/vmx.c
> @@ -2974,6 +2974,13 @@ void vmx_vmenter_helper(const struct cpu_user_regs
> *regs)
> struct hvm_vcpu_asid *p_asid;
> bool_t need_flush;
>
> + /* In case hypervisor accessor hvm memory when guest uc mode */
> + if ( unlikely(hypervisor_access_uc_hvm_memory) )
> + {
> + hypervisor_access_uc_hvm_memory = 0;
> + wbinvd();
> + }
> +
> if ( !cpu_has_vmx_vpid )
> goto out;
> if ( nestedhvm_vcpu_in_guestmode(curr) )
> diff --git a/xen/include/asm-x86/hvm/hvm.h b/xen/include/asm-x86/hvm/hvm.h
> index c9afb56..c7ac6b8 100644
> --- a/xen/include/asm-x86/hvm/hvm.h
> +++ b/xen/include/asm-x86/hvm/hvm.h
> @@ -197,6 +197,7 @@ struct hvm_function_table {
>
> extern struct hvm_function_table hvm_funcs;
> extern bool_t hvm_enabled;
> +extern bool_t hypervisor_access_uc_hvm_memory;
> extern bool_t cpu_has_lmsl;
> extern s8 hvm_port80_allowed;
>
> --
> 1.7.1
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |