[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling

To: Jan Beulich <JBeulich@xxxxxxxx>
From: "Nakajima, Jun" <jun.nakajima@xxxxxxxxx>
Date: Wed, 23 Oct 2013 09:29:20 -0700
Cc: Jinsong Liu <jinsong.liu@xxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Keir Fraser <keir@xxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Eddie Dong <eddie.dong@xxxxxxxxx>, "zhenzhong.duan@xxxxxxxxxx" <zhenzhong.duan@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>, Will Auld <will.auld@xxxxxxxxx>, "suravee.suthikulpanit@xxxxxxx" <suravee.suthikulpanit@xxxxxxx>, "sherry.hurwitz@xxxxxxx" <sherry.hurwitz@xxxxxxx>
Delivery-date: Wed, 23 Oct 2013 16:29:35 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Tue, Oct 22, 2013 at 7:55 AM, Jan Beulich <JBeulich@xxxxxxxx> wrote:

>>> On 21.10.13 at 17:55, "Liu, Jinsong" <jinsong.liu@xxxxxxxxx> wrote:
> From 4ff1e2955f67954e60562b29a00adea89e5b93ae Mon Sep 17 00:00:00 2001
> From: Liu Jinsong <jinsong.liu@xxxxxxxxx>
> Date: Thu, 17 Oct 2013 05:49:23 +0800
> Subject: [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
>
> This patch solves XSA-60 security hole:
> 1. For guest w/o VT-d, and for guest with VT-d but snooped, Xen need
> do nothing, since hardware snoop mechanism has ensured cache coherency.
>
> 2. For guest with VT-d but non-snooped, cache coherency can not be
> guaranteed by h/w snoop, therefore it need emulate UC type to guest:
> 2.1). if it works w/ Intel EPT, set guest IA32_PAT fields as UC so that
> guest memory type are all UC.

Can you make sure that "setting guest IA32_PAT fields as UC" doesn't have a conflict with the existing (other) settings done by the guest?

Jun

Intel Open Source Technology Center

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Jan Beulich

References:
- [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Liu, Jinsong
- Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
  - From: Jan Beulich

Prev by Date: [Xen-devel] [PATCH] xen/arm: add_to_physmap_one: Avoid to map mfn 0 if an error occurs
Next by Date: Re: [Xen-devel] BUG: bad page map under Xen
Previous by thread: Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Next by thread: Re: [Xen-devel] [PATCH 3/3 V3] XSA-60 security hole: cr0.cd handling
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.