projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c229b16) | patch
x86/vmx: Revert "VMX: use a single, global APIC access page"
authorAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 24 Aug 2022 13:16:44 +0000 (14:16 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 1 Nov 2022 14:07:24 +0000 (14:07 +0000)
commit62e7fb702db4adaa9415ac87d95e0f461e32d9ca
tree9bba632ce7cc40fadd80334eb82d1055e6603195tree | snapshot
parentc229b16ba3eb5579a9a5d470ab16dd9ad55e57d6commit | diff
x86/vmx: Revert "VMX: use a single, global APIC access page"

The claim "No accesses would ever go to this page." is false.  A consequence
of how Intel's APIC Acceleration works, and Xen's choice to have per-domain
P2Ms (rather than per-vCPU P2Ms) means that the APIC page is fully read-write
to any vCPU which is not in xAPIC mode.

This reverts commit 58850b9074d3e7affdf3bc94c84e417ecfa4d165.

This is XSA-412 / CVE-2022-42327.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit 3b5beaf49033cddf4b2cc4e4d391b966f4203471)
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/mm/shadow/set.c diff | blob | history
xen/arch/x86/mm/shadow/types.h diff | blob | history
xen/include/asm-x86/hvm/vmx/vmcs.h diff | blob | history
xen/include/asm-x86/mm.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.