projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1d7fbc5) | patch
x86/vmx: Revert "VMX: use a single, global APIC access page"
authorAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 24 Aug 2022 13:16:44 +0000 (14:16 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 1 Nov 2022 13:05:44 +0000 (13:05 +0000)
commit3b5beaf49033cddf4b2cc4e4d391b966f4203471
tree262ae775a4a8b2eb4e9097544d860b1e012454a9tree | snapshot
parent1d7fbc535d1d37bdc2cc53ede360b0f6651f7de1commit | diff
x86/vmx: Revert "VMX: use a single, global APIC access page"

The claim "No accesses would ever go to this page." is false.  A consequence
of how Intel's APIC Acceleration works, and Xen's choice to have per-domain
P2Ms (rather than per-vCPU P2Ms) means that the APIC page is fully read-write
to any vCPU which is not in xAPIC mode.

This reverts commit 58850b9074d3e7affdf3bc94c84e417ecfa4d165.

This is XSA-412 / CVE-2022-42327.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/include/asm/hvm/vmx/vmcs.h diff | blob | history
xen/arch/x86/include/asm/mm.h diff | blob | history
xen/arch/x86/mm/shadow/set.c diff | blob | history
xen/arch/x86/mm/shadow/types.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.