Recently Oracle developers found a Xen security issue as DOS affecting,
named as XSA-60. Please refer http://xenbits.xen.org/xsa/advisory-60.html
Basically it involves how to handle guest cr0.cd setting, which under
some environment it consumes much time resulting in DOS-like behavior.
This is a preparing patch for fixing XSA-60. Later patch will fix XSA-60
via PAT under Intel EPT case, which depends on cpu_has_vmx_pat.
This is CVE-2013-2212 / XSA-60.
Signed-off-by: Liu Jinsong <jinsong.liu@intel.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Acked-by: Jun Nakajima <jun.nakajima@intel.com>
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_CS, MSR_TYPE_R | MSR_TYPE_W);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_ESP, MSR_TYPE_R | MSR_TYPE_W);
vmx_disable_intercept_for_msr(v, MSR_IA32_SYSENTER_EIP, MSR_TYPE_R | MSR_TYPE_W);
- if ( cpu_has_vmx_pat && paging_mode_hap(d) )
+ if ( paging_mode_hap(d) )
vmx_disable_intercept_for_msr(v, MSR_IA32_CR_PAT, MSR_TYPE_R | MSR_TYPE_W);
}
__vmwrite(EPT_POINTER, ept_get_eptp(ept));
}
- if ( cpu_has_vmx_pat && paging_mode_hap(d) )
+ if ( paging_mode_hap(d) )
{
u64 host_pat, guest_pat;
static int vmx_set_guest_pat(struct vcpu *v, u64 gpat)
{
- if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ if ( !paging_mode_hap(v->domain) )
return 0;
vmx_vmcs_enter(v);
static int vmx_get_guest_pat(struct vcpu *v, u64 *gpat)
{
- if ( !cpu_has_vmx_pat || !paging_mode_hap(v->domain) )
+ if ( !paging_mode_hap(v->domain) )
return 0;
vmx_vmcs_enter(v);
return NULL;
}
- if ( cpu_has_vmx_ept )
+ /*
+ * Do not enable EPT when (!cpu_has_vmx_pat), to prevent security hole
+ * (refer to http://xenbits.xen.org/xsa/advisory-60.html).
+ */
+ if ( cpu_has_vmx_ept && cpu_has_vmx_pat )
{
vmx_function_table.hap_supported = 1;
projects / xen.git / commitdiff