From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Cooper Subject: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling Date: Wed, 23 Oct 2013 11:16:23 +0100 Message-ID: <5267A1F7.6050408@citrix.com> References: <20131022152619.GB30504@deinos.phlegethon.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20131022152619.GB30504@deinos.phlegethon.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Tim Deegan Cc: "Liu, Jinsong" , Keir Fraser , Jan Beulich , "zhenzhong.duan@oracle.com" , "xen-devel@lists.xen.org" , "Auld, Will" , "Nakajima, Jun" , "sherry.hurwitz@amd.com" , "suravee.suthikulpanit@amd.com" List-Id: xen-devel@lists.xenproject.org On 22/10/13 16:26, Tim Deegan wrote: > At 15:55 +0000 on 21 Oct (1382367312), Liu, Jinsong wrote: >> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001 >> From: Liu Jinsong >> Date: Thu, 17 Oct 2013 05:49:23 +0800 >> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling >> >> This patch solves XSA-60 security hole: >> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need >> do nothing, since hardware snoop mechanism has ensured cache coherency. >> >> 2. For guest with VT-d but non-snooped, cache coherency can not be >> guaranteed by h/w snoop, therefore it need emulate UC type to guest: >> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that >> guest memory type are all UC. >> 2.2). if it works w/ shadow, drop all shadows so that any new ones would >> be created on demand w/ UC. >> >> This patch also fix a bug of shadow cr0.cd setting. Current shadow has a >> small window between cache flush and TLB invalidation, resulting in possilbe >> cache pollution. This patch pause vcpus so that no vcpus context involved >> into the window. >> >> Signed-off-by: Liu Jinsong > Reviewed-by: Tim Deegan Reviewed-by: Andrew Cooper