From mboxrd@z Thu Jan  1 00:00:00 1970
From: DuanZhenzhong <zhenzhong.duan@oracle.com>
Subject: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Date: Wed, 23 Oct 2013 16:48:14 +0800
Message-ID: <52678D4E.1000603@oracle.com>
References: <DE8DF0795D48FD4CA783C40EC8292335013A64FF@SHSMSX101.ccr.corp.intel.com>
	<5266AE0D02000078000FCB84@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <5266AE0D02000078000FCB84@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: Jinsong Liu <jinsong.liu@intel.com>, Tim Deegan <tim@xen.org>, Keir Fraser <keir@xen.org>, "suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>, Andrew Cooper <andrew.cooper3@citrix.com>, Eddie Dong <eddie.dong@intel.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Will Auld <will.auld@intel.com>, Jun Nakajima <jun.nakajima@intel.com>, "sherry.hurwitz@amd.com" <sherry.hurwitz@amd.com>
List-Id: xen-devel@lists.xenproject.org

Jan Beulich wrote:
>>>> On 21.10.13 at 17:55, "Liu, Jinsong" <jinsong.liu@intel.com> wrote:
>>>>         
>> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001
>> From: Liu Jinsong <jinsong.liu@intel.com>
>> Date: Thu, 17 Oct 2013 05:49:23 +0800
>> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
>>
>> This patch solves XSA-60 security hole:
>> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need
>> do nothing, since hardware snoop mechanism has ensured cache coherency.
>>
>> 2. For guest with VT-d but non-snooped, cache coherency can not be
>> guaranteed by h/w snoop, therefore it need emulate UC type to guest:
>> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that
>> guest memory type are all UC.
>> 2.2). if it works w/ shadow, drop all shadows so that any new ones would
>> be created on demand w/ UC.
>>
>> This patch also fix a bug of shadow cr0.cd setting. Current shadow has a
>> small window between cache flush and TLB invalidation, resulting in possilbe
>> cache pollution. This patch pause vcpus so that no vcpus context involved
>> into the window. 
>>
>> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
>>     
>
> This looks fine to me now, but will need acks/reviews at least from
> - Keir (whose blessing of the pausing construct I'd like to have even
>   if this didn't involve changing non-x86 files)
> - one of the VMX maintainers
> - one or both of Tim and Andrew
>
> And of course I'd really appreciate if Oracle could arrange for
> testing this, to confirm their performance problem is also gone with
> this.
>   
I am try finding an env to test it. I'll reply after test.

zduan