[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 0/4] x86/vvmx: XSA-278 followup fixes

Here are some of the easier fixes following on from the XSA-278 investigation.
This series removes the duplicated checks left over from the security fix.  I
did have some further plans, but the embargo breaking early means I haven't
had time to get them ready for posting.

A longer term plan is to model nested virt as an X86_EMU_ flag, but that
requires a fair amount of untangling of various toolstack actions during
create and migrate.

Andrew Cooper (4):
  x86/vvmx: Unconditionally initialise vmxon_region_pa during vcpu construction
  x86/vvmx: Drop the now-obsolete vmx_inst_check_privilege()
  x86/vvmx: INVVPID instructions should be handled at by L1
  x86/vvmx: Don't handle unknown nested vmexit reasons at L0

 xen/arch/x86/hvm/vmx/vmx.c  |  2 +
 xen/arch/x86/hvm/vmx/vvmx.c | 90 ++++++++++++---------------------------------
 2 files changed, 25 insertions(+), 67 deletions(-)


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.