On 18/02/2025 2:42 pm, Jan Beulich wrote: > On 18.02.2025 15:37, Andrew Cooper wrote: >> There is a corner case in the VMRUN instruction where its INTR_SHADOW state >> leaks into guest state if a VMExit occurs before the VMRUN is complete. An >> example of this could be taking #NPF due to event injection. >> >> Xen can safely execute STI anywhere between CLGI and VMRUN, as CLGI blocks >> external interrupts too. However, an exception (while fatal) will appear to >> be in an irqs-on region (as GIF isn't considered), so position the STI after >> the speculation actions but prior to the GPR pops. >> >> Link: >> https://lore.kernel.org/all/cadh9ctbs1ypme4acfgpnbwa10ca8ruak2go7542djmzgs4u...@mail.gmail.com/ >> Fixes: 66b245d9eaeb ("SVM: limit GIF=0 region") >> Signed-off-by: Andrew Cooper <[email protected]> >> Reviewed-by: Jan Beulich <[email protected]> >> --- >> v2: >> * Move after the speculation actions. >> >> Emailed out just for completeness. I've queued it in my for-4.21 branch. > It'll want backporting, so I wonder if we should persuade Oleksii into > taking it for 4.20.
If Oleksii is happy, I can put it into 4.20. ~Andrew
