|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH v2] x86/svm: Separate STI and VMRUN instructions in svm_asm_do_resume()
On 2/18/25 3:45 PM, Andrew Cooper
wrote:
On 18/02/2025 2:42 pm, Jan Beulich wrote:On 18.02.2025 15:37, Andrew Cooper wrote:There is a corner case in the VMRUN instruction where its INTR_SHADOW state leaks into guest state if a VMExit occurs before the VMRUN is complete. An example of this could be taking #NPF due to event injection. Xen can safely execute STI anywhere between CLGI and VMRUN, as CLGI blocks external interrupts too. However, an exception (while fatal) will appear to be in an irqs-on region (as GIF isn't considered), so position the STI after the speculation actions but prior to the GPR pops. Link: https://lore.kernel.org/all/CADH9ctBs1YPmE4aCfGPNBwA10cA8RuAk2gO7542DjMZgs4uzJQ@xxxxxxxxxxxxxx/ Fixes: 66b245d9eaeb ("SVM: limit GIF=0 region") Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> --- v2: * Move after the speculation actions. Emailed out just for completeness. I've queued it in my for-4.21 branch.It'll want backporting, so I wonder if we should persuade Oleksii into taking it for 4.20. Based on that ... If Oleksii is happy, I can put it into 4.20. ... Release-Acked-by: Oleksii Kurochko <oleksii.kurochko@xxxxxxxxx> Thanks. ~ Oleksii
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |