Xen project Mailing List

Re: Linux 6.0.8 generates L1TF-vulnerable PTE if Xen's PAT is modified

To: Demi Marie Obenour <demi@xxxxxxxxxxxxxxxxxxxxxx>

From: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>

Date: Sun, 11 Dec 2022 05:34:23 +0100

Cc: Xen developer discussion <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>

Delivery-date: Sun, 11 Dec 2022 04:34:47 +0000

Feedback-id: i1568416f:Fastmail

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Fri, Dec 09, 2022 at 01:40:53PM -0500, Demi Marie Obenour wrote: > If Xen is patched to use the same PAT Linux does, it appears to break > L1TF mitigations in PV Linux 6.0.8. Linux 5.15.81 works fine. The > symptom is that Linux fails to boot, with Xen complaining about an > L1TF-vulnerable PTE with shadow paging disabled. > > Details are at https://github.com/QubesOS/qubes-issues/issues/7935. Call trace: (early) [ 0.417527] RIP: e030:xen_hypercall_mmu_update+0x8/0x20 (early) [ 0.417534] Code: cc cc 51 41 53 b8 00 00 00 00 0f 05 41 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 51 41 53 b8 01 00 00 00 <0f> 05 41 5b 59 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc (early) [ 0.417537] RSP: e02b:ffffffff82c03d68 EFLAGS: 00000046 (early) [ 0.417540] RAX: 0000000000000001 RBX: 000000039f788000 RCX: ffffffff81e2502a (early) [ 0.417543] RDX: 0000000000000000 RSI: 0000000080000001 RDI: ffffffff82c03d80 (early) [ 0.417546] RBP: 8010000013600066 R08: ffff888018f88000 R09: 0000000000000000 (early) [ 0.417548] R10: 0000000000007ff0 R11: 0000000000000246 R12: 0000000000000000 (early) [ 0.417550] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 (early) [ 0.417557] FS: 0000000000000000(0000) GS:ffff888013e00000(0000) knlGS:0000000000000000 (early) [ 0.417560] CS: 10000e030 DS: 0000 ES: 0000 CR0: 0000000080050033 (early) [ 0.417562] CR2: ffffc900007cf000 CR3: 0000000002c10000 CR4: 0000000000040660 (early) [ 0.417567] Call Trace: (early) [ 0.417570] <TASK> (early) [ 0.417573] ? __xen_set_pte+0xdc/0x210 (early) [ 0.417578] ? kfence_protect_page+0x68/0xd0 (early) [ 0.417582] ? kfence_init_pool+0x12d/0x280 (early) [ 0.417586] ? kfence_init_pool_early+0x4c/0x281 (early) [ 0.417591] ? kfence_init+0x3f/0xc4 (early) [ 0.417594] ? start_kernel+0x40d/0x6ef (early) [ 0.417599] ? xen_start_kernel+0x5c4/0x5e9 (early) [ 0.417603] ? startup_xen+0x1f/0x1f (early) [ 0.417607] </TASK> Automated bisect in progress. -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab

Attachment: signature.asc
Description: PGP signature

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.