On 26/10/17 08:57, Jan Beulich wrote: > load_segments() writes selector registers before doing any of the base > address updates. Any of these selector loads can cause a page fault in > case it references the LDT, and the LDT page accessed was only recently > installed. Therefore the call tree map_ldt_shadow_page() -> > guest_get_eff_kern_l1e() -> toggle_guest_mode() would in such a case > wrongly latch the outgoing vCPU's GS.base into the incoming vCPU's > recorded state. > > Split page table toggling from GS handling - neither > guest_get_eff_kern_l1e() nor guest_io_okay() need more than the page > tables being the kernel ones for the memory access they want to do. > > Signed-off-by: Jan Beulich <jbeul...@suse.com>
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com> Julien: This should be a 4.10 candidate, as it causes thread-local-storage to become corrupt in guest context. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel
