projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c612481) | patch
x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE
authorJuergen Gross <jgross@suse.com>
Mon, 23 Jul 2018 06:11:40 +0000 (08:11 +0200)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Tue, 14 Aug 2018 15:56:47 +0000 (16:56 +0100)
commit06e8b622d3f3c0fa5075e91b041c6f45549ad70a
treefa94ae6ae860ff11b9f32d4767c0b39f231723b1tree | snapshot
parentc612481d1c9232c6abf91b03ec655e92f808805fcommit | diff
x86/pv: Force a guest into shadow mode when it writes an L1TF-vulnerable PTE

See the comment in shadow.h for an explanation of L1TF and the safety
consideration of the PTEs.

In the case that CONFIG_SHADOW_PAGING isn't compiled in, crash the domain
instead.  This allows well-behaved PV guests to function, while preventing
L1TF from being exploited.  (Note: PV guest kernels which haven't been updated
with L1TF mitigations will likely be crashed as soon as they try paging a
piece of userspace out to disk.)

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/mm.c diff | blob | history
xen/arch/x86/pv/ro-page-fault.c diff | blob | history
xen/include/asm-x86/shadow.h diff | blob | history
xen/include/xen/tasklet.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.