xenbits.xensource.com Git - xen.git/commit

author	Juergen Gross <jgross@suse.com>
	Mon, 23 Jul 2018 06:11:40 +0000 (07:11 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 14 Aug 2018 15:56:47 +0000 (16:56 +0100)
commit	b76ec3946bf6caca2c3950b857c008bc8db6723f
tree	954d51cc0ba90b861344e60e3b87071d002682ae	tree
parent	66a4e986819a86ba66ca2fe9d925e62a4fd30114	commit \| diff

x86/shadow: Infrastructure to force a PV guest into shadow mode

To mitigate L1TF, we cannot alter an architecturally-legitimate PTE a PV guest
chooses to write, but we can force the PV domain into shadow mode so Xen
controls the PTEs which are reachable by the CPU pagewalk.

Introduce new shadow mode, PG_SH_forced, and a tasklet to perform the
transition. Later patches will introduce the logic to enable this mode at the
appropriate time.

To simplify vcpu cleanup, make tasklet_kill() idempotent with respect to
tasklet_init(), which involves adding a helper to check for an uninitialised
list head.

This is part of XSA-273 / CVE-2018-3620.

Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Tim Deegan <tim@xen.org>
Reviewed-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/mm/paging.c		diff \| blob \| blame \| history
xen/arch/x86/mm/shadow/common.c		diff \| blob \| blame \| history
xen/arch/x86/pv/domain.c		diff \| blob \| blame \| history
xen/common/tasklet.c		diff \| blob \| blame \| history
xen/include/asm-x86/domain.h		diff \| blob \| blame \| history
xen/include/asm-x86/paging.h		diff \| blob \| blame \| history
xen/include/asm-x86/shadow.h		diff \| blob \| blame \| history
xen/include/xen/list.h		diff \| blob \| blame \| history