From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: Jinsong Liu <jinsong.liu@intel.com>, Keir Fraser <keir@xen.org>,
Jun Nakajima <jun.nakajima@intel.com>, Tim Deegan <tim@xen.org>,
"zhenzhong.duan@oracle.com" <zhenzhong.duan@oracle.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
Will Auld <will.auld@intel.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"sherry.hurwitz@amd.com" <sherry.hurwitz@amd.com>
Subject: Re: [PATCH 1/3] XSA-60 security hole: disable EPT when !cpu_has_vmx_pat
Date: Thu, 17 Oct 2013 11:05:30 +0100 [thread overview]
Message-ID: <525FB66A.50705@citrix.com> (raw)
In-Reply-To: <525FD0DB02000078000FBC11@nat28.tlf.novell.com>
On 17/10/13 10:58, Jan Beulich wrote:
>>>> On 16.10.13 at 20:33, "Liu, Jinsong" <jinsong.liu@intel.com> wrote:
>> From 9ec2ca512979e99a229d333038f849a2d5a7fde5 Mon Sep 17 00:00:00 2001
>> From: Liu Jinsong <jinsong.liu@intel.com>
>> Date: Thu, 17 Oct 2013 04:00:49 +0800
>> Subject: [PATCH 1/3] XSA-60 security hole: disable EPT when !cpu_has_vmx_pat
>>
>> Recently Oracle developers found a Xen security issue as DOS affecting,
>> named as XSA-60. Please refer http://xenbits.xen.org/xsa/advisory-60.html
>> Basically it involves how to handle guest cr0.cd setting, which under
>> some environment it consumes much time resulting in DOS-like behavior.
>>
>> This is a preparing patch for fixing XSA-60. Later patch will fix XSA-60
>> via PAT under Intel EPT case, which depends on cpu_has_vmx_pat.
>>
>> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
>> ---
>> xen/arch/x86/hvm/vmx/vmcs.c | 4 ++--
>> xen/arch/x86/hvm/vmx/vmx.c | 10 +++++++---
>> 2 files changed, 9 insertions(+), 5 deletions(-)
>>
>> diff --git a/xen/arch/x86/hvm/vmx/vmcs.c b/xen/arch/x86/hvm/vmx/vmcs.c
>> index 6526504..6916c6d 100644
>> --- a/xen/arch/x86/hvm/vmx/vmcs.c
>> +++ b/xen/arch/x86/hvm/vmx/vmcs.c
>> @@ -921,7 +921,7 @@ static int construct_vmcs(struct vcpu *v)
>> vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_CS, MSR_TYPE_R |
>> MSR_TYPE_W);
>> vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_ESP, MSR_TYPE_R
>> | MSR_TYPE_W);
>> vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP, MSR_TYPE_R
>> | MSR_TYPE_W);
>> - if ( cpu_has_vmx_pat && paging_mode_hap(d) )
>> + if ( paging_mode_hap(d) )
>> vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, MSR_TYPE_R |
>> MSR_TYPE_W);
>> }
>>
>> @@ -1063,7 +1063,7 @@ static int construct_vmcs(struct vcpu *v)
>> __vmwrite(EPT_POINTER, ept_get_eptp(ept));
>> }
>>
>> - if ( cpu_has_vmx_pat && paging_mode_hap(d) )
>> + if ( paging_mode_hap(d) )
>> {
>> u64 host_pat, guest_pat;
>>
>> diff --git a/xen/arch/x86/hvm/vmx/vmx.c b/xen/arch/x86/hvm/vmx/vmx.c
>> index 9ca8632..b59bf59 100644
>> --- a/xen/arch/x86/hvm/vmx/vmx.c
>> +++ b/xen/arch/x86/hvm/vmx/vmx.c
>> @@ -908,7 +908,7 @@ static unsigned long vmx_get_shadow_gs_base(struct vcpu
>> *v)
>>
>> static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
>> {
>> - if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
>> + if ( !paging_mode_hap(v->domain) )
>> return 0;
>>
>> vmx_vmcs_enter(v);
>> @@ -919,7 +919,7 @@ static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
>>
>> static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat)
>> {
>> - if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
>> + if ( !paging_mode_hap(v->domain) )
>> return 0;
>>
>> vmx_vmcs_enter(v);
>> @@ -1591,7 +1591,11 @@ const struct hvm_function_table * __init
>> start_vmx(void)
>> return NULL;
>> }
>>
>> - if ( cpu_has_vmx_ept )
>> + /*
>> + * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole
>> + * which refer to http://xenbits.xen.org/xsa/advisory-60.html
>> + */
>> + if ( cpu_has_vmx_ept && cpu_has_vmx_pat )
>> {
>> vmx_function_table.hap_supported = 1;
>>
>> --
>> 1.7.1
>
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
prev parent reply other threads:[~2013-10-17 10:05 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-16 18:33 [PATCH 1/3] XSA-60 security hole: disable EPT when !cpu_has_vmx_pat Liu, Jinsong
2013-10-17 9:58 ` Jan Beulich
2013-10-17 10:05 ` Andrew Cooper [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=525FB66A.50705@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=JBeulich@suse.com \
--cc=jinsong.liu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=sherry.hurwitz@amd.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=will.auld@intel.com \
--cc=xen-devel@lists.xen.org \
--cc=zhenzhong.duan@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.