[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/VT-x: Don't activate VMCS Shadowing outside of nested vmx mode

> From: Andrew Cooper [mailto:andrew.cooper3@xxxxxxxxxx]
> Sent: Saturday, December 8, 2018 4:07 AM
> nested vmx mode
> By default on capable hardware,
> activated unilaterally.  The VMCS Link pointer is initialised to ~0, but the
> VMREAD/VMWRITE bitmap pointers are not.
> This causes the 16bit IVT and Bios Data Area get interpreted as the
> read/write
> permission bitmap for guests which blindly execute VMREAD/VMWRITE
> instructions.
> This is not a security issue because the VMCS Link pointer being ~0 causes
> VMREAD/VMWRITE to complete with VMFailInvalid (rather than modifying
> a
> potential shadow VMCS), and the contents of MFN 0 has already been
> determined
> not to contain any interesting data because of L1TF's ability to read that 4k
> frame.
> Leave VMCS Shadowing disabled by default, and toggle it in
> nvmx_{set,clear}_vmcs_pointer().  This isn't the most efficient course of
> action, but it is the most simple way of leaving nested-virt working as it did
> before.
> While editing construct_vmcs(), collect all default secondary_exec_control
> modifications together.  The disabling of PML is latently buggy because it
> happens after secondary_exec_control are written into the VMCS, although
> there
> is an unconditional update later which writes the correct value into
> hardware.
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Acked-by: Kevin Tian <kevin.tian@xxxxxxxxx>
Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.