projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 57483c0) | patch
x86/shadow: Infrastructure to force a PV guest into shadow mode
authorJuergen Gross <jgross@suse.com>
Mon, 23 Jul 2018 06:11:40 +0000 (07:11 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 16:15:14 +0000 (17:15 +0100)
commit02d2c660935cfd6ff2438afb3892776dfc7db711
tree60145e2873d3f95718a2f32cebcbd901e7f0aefetree | snapshot
parent57483c09ef4fe9489ec4214989a97949916fecc0commit | diff
x86/shadow: Infrastructure to force a PV guest into shadow mode

To mitigate L1TF, we cannot alter an architecturally-legitimate PTE a PV guest
chooses to write, but we can force the PV domain into shadow mode so Xen
controls the PTEs which are reachable by the CPU pagewalk.

Introduce new shadow mode, PG_SH_forced, and a tasklet to perform the
transition.  Later patches will introduce the logic to enable this mode at the
appropriate time.

To simplify vcpu cleanup, make tasklet_kill() idempotent with respect to
tasklet_init(), which involves adding a helper to check for an uninitialised
list head.

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit b76ec3946bf6caca2c3950b857c008bc8db6723f)
xen/arch/x86/mm/paging.c diff | blob | history
xen/arch/x86/mm/shadow/common.c diff | blob | history
xen/arch/x86/pv/domain.c diff | blob | history
xen/common/tasklet.c diff | blob | history
xen/include/asm-x86/domain.h diff | blob | history
xen/include/asm-x86/paging.h diff | blob | history
xen/include/asm-x86/shadow.h diff | blob | history
xen/include/xen/list.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.