From: Keir Fraser <keir.xen@gmail.com>
To: "Liu, Jinsong" <jinsong.liu@intel.com>,
Jan Beulich <JBeulich@suse.com>, Tim Deegan <tim@xen.org>,
Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Keir Fraser <keir@xen.org>,
"Nakajima, Jun" <jun.nakajima@intel.com>,
"zhenzhong.duan@oracle.com" <zhenzhong.duan@oracle.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>,
"Auld, Will" <will.auld@intel.com>,
"suravee.suthikulpanit@amd.com" <suravee.suthikulpanit@amd.com>,
"sherry.hurwitz@amd.com" <sherry.hurwitz@amd.com>
Subject: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Date: Tue, 05 Nov 2013 21:06:04 +0000 [thread overview]
Message-ID: <CE9F0E3C.3D201%keir.xen@gmail.com> (raw)
In-Reply-To: <DE8DF0795D48FD4CA783C40EC8292335013A64FF@SHSMSX101.ccr.corp.intel.com>
On 21/10/2013 16:55, "Liu, Jinsong" <jinsong.liu@intel.com> wrote:
> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001
> From: Liu Jinsong <jinsong.liu@intel.com>
> Date: Thu, 17 Oct 2013 05:49:23 +0800
> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
>
> This patch solves XSA-60 security hole:
> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need
> do nothing, since hardware snoop mechanism has ensured cache coherency.
>
> 2. For guest with VT-d but non-snooped, cache coherency can not be
> guaranteed by h/w snoop, therefore it need emulate UC type to guest:
> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that
> guest memory type are all UC.
> 2.2). if it works w/ shadow, drop all shadows so that any new ones would
> be created on demand w/ UC.
>
> This patch also fix a bug of shadow cr0.cd setting. Current shadow has a
> small window between cache flush and TLB invalidation, resulting in possilbe
> cache pollution. This patch pause vcpus so that no vcpus context involved
> into the window.
>
> Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Acked-by: Keir Fraser <keir@xen.org>
prev parent reply other threads:[~2013-11-05 21:06 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-21 15:55 [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling Liu, Jinsong
2013-10-22 14:55 ` Jan Beulich
2013-10-23 8:48 ` DuanZhenzhong
2013-10-23 16:29 ` Nakajima, Jun
2013-10-23 16:38 ` Jan Beulich
2013-10-24 16:19 ` Liu, Jinsong
2013-10-24 16:39 ` Liu, Jinsong
2013-10-28 7:29 ` Jan Beulich
2013-10-28 8:31 ` Liu, Jinsong
2013-10-28 9:29 ` Jan Beulich
2013-10-29 16:52 ` Liu, Jinsong
2013-10-29 17:20 ` Andrew Cooper
2013-10-30 15:21 ` Liu, Jinsong
2013-10-30 15:27 ` Jan Beulich
2013-10-30 8:05 ` Jan Beulich
2013-10-30 15:41 ` Liu, Jinsong
2013-10-22 15:26 ` Tim Deegan
2013-10-23 10:16 ` Andrew Cooper
2013-11-04 8:49 ` Zhenzhong Duan
2013-11-04 9:05 ` kexec spin lock issue (was: Re: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling) Jan Beulich
2013-11-06 12:30 ` [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling Jan Beulich
2013-11-05 21:06 ` Keir Fraser [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CE9F0E3C.3D201%keir.xen@gmail.com \
--to=keir.xen@gmail.com \
--cc=JBeulich@suse.com \
--cc=andrew.cooper3@citrix.com \
--cc=jinsong.liu@intel.com \
--cc=jun.nakajima@intel.com \
--cc=keir@xen.org \
--cc=sherry.hurwitz@amd.com \
--cc=suravee.suthikulpanit@amd.com \
--cc=tim@xen.org \
--cc=will.auld@intel.com \
--cc=xen-devel@lists.xen.org \
--cc=zhenzhong.duan@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).