> From: Andrew Cooper [mailto:andrew.coop...@citrix.com] > Sent: Wednesday, February 20, 2019 6:19 AM > > Modificaitons to an altp2m mark the p2m as needing flushing, but this was
Modifications > never wired up in the return-to-guest path. As a result, stale TLB entries > can remain after resuming the guest. > > In practice, this manifests as a missing EPT_VIOLATION or #VE exception > when > the guest subsequently accesses a page which has had its permissions > reduced. > > vmx_vmenter_helper() now has 11 p2ms to potentially invalidate, but issuing > 11 > INVEPT instructions isn't clever. Instead, count how many contexts need > invalidating, and use INVEPT_ALL_CONTEXT if two or more are in need of > flushing. > > This doesn't have an XSA because altp2m is not yet a security-supported > feature. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> Acked-by: Kevin Tian <kevin.t...@intel.com> _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
