[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 4/4] XSA-60 security hole: flush cache when vmentry back to UC guest
Jan Beulich wrote: >>>> On 30.10.13 at 17:07, "Liu, Jinsong" <jinsong.liu@xxxxxxxxx> wrote: >> From 159251a04afcdcd8ca08e9f2bdfae279b2aa5471 Mon Sep 17 00:00:00 >> 2001 >> From: Liu Jinsong <jinsong.liu@xxxxxxxxx> >> Date: Thu, 31 Oct 2013 06:38:15 +0800 >> Subject: [PATCH 4/4] XSA-60 security hole: flush cache when vmentry >> back to UC guest >> >> This patch flush cache when vmentry back to UC guest, to prevent >> cache polluted by hypervisor access guest memory during UC mode. >> >> The elegant way to do this is, simply add wbinvd just before vmentry. >> However, currently wbinvd before vmentry will mysteriously trigger >> lapic timer interrupt storm, hung booting stage for 10s ~ 60s. We >> still >> didn't dig out the root cause of interrupt storm, so currently this >> patch add flag indicating hypervisor access UC guest memory to >> prevent >> interrupt storm problem. Whenever the interrupt storm got root caused >> and fixed, the protection flag can be removed. > > Yeah, almost, except that > - the flag should be per-vCPU > - you should mention in the description that this still leaves aspects > un-addressed (speculative reads at least, and multi-vCPU issues, > and I'm sure there are more that I didn't think of so far) > > Jan > Update, thanks! Jinsong _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |