Xen project Mailing List

Re: [Xen-devel] [PATCH] VMX: XSA-60 workaround

To: Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: "Zhang, Yang Z" <yang.z.zhang@xxxxxxxxx>

Date: Tue, 20 Aug 2013 06:51:44 +0000

Accept-language: en-US

Cc: "Dong, Eddie" <eddie.dong@xxxxxxxxx>, "Xu, Dongxiao" <dongxiao.xu@xxxxxxxxx>, Keir Fraser <keir@xxxxxxx>, "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>

Delivery-date: Tue, 20 Aug 2013 06:52:32 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AQHOmEOYTWu8PFs/0k2qoQUdc+i3NJmdpdiQ

Thread-topic: [Xen-devel] [PATCH] VMX: XSA-60 workaround

Jan Beulich wrote on 2013-08-14: > Considering that there's still no real progress towards a resolution > for XSA-60, I'd like to propose turning off the probelamtic code by > default, allowing it to be turned back on via command line option. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> > > --- a/xen/arch/x86/hvm/vmx/vmx.c > +++ b/xen/arch/x86/hvm/vmx/vmx.c > @@ -57,6 +57,14 @@ > #include <asm/hvm/nestedhvm.h> > #include <asm/event.h> > +/* + * Option to allow VMX guests to run with caches disabled. This is > exposing + * the host to DoS attacks (due to the way vmx_set_uc_mode() > works), and hence + * needs to be disabled by default. + */ +static > bool_t __read_mostly opt_permit_cache_disable; > +boolean_param("vmx-permit-cache-disable", opt_permit_cache_disable); + > enum handler_return { HNDL_done, HNDL_unhandled, > HNDL_exception_raised }; > > static void vmx_ctxt_switch_from(struct vcpu *v); > @@ -1133,6 +1141,8 @@ static void vmx_update_guest_cr(struct v > > v->arch.hvm_vcpu.hw_cr[0] = > v->arch.hvm_vcpu.guest_cr[0] | hw_cr0_mask; > + if ( !opt_permit_cache_disable ) > + v->arch.hvm_vcpu.hw_cr[0] &= ~(X86_CR0_CD | > X86_CR0_NW); > __vmwrite(GUEST_CR0, v->arch.hvm_vcpu.hw_cr[0]); > __vmwrite(CR0_READ_SHADOW, v->arch.hvm_vcpu.guest_cr[0]); > @@ -1603,6 +1613,9 @@ const struct hvm_function_table * __init > vmx_function_table.sync_pir_to_irr = NULL; > } > + if ( !opt_permit_cache_disable ) > + vmx_function_table.set_uc_mode = NULL; > + > setup_vmcs_dump(); > > return &vmx_function_table; > Shouldn't it cause problem with DMA of pass-through device? Guest modified the content of DMA buffer without flushing cache if he set CR0.CD, but the modification still caching in hardware since the CD bit isn't really set in CR0. Then device may read from memory directly and it will get the wrong data. Best regards, Yang _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.