On 22/07/2025 3:20 pm, Teddy Astie wrote:
> Xen currently uses an ASID scheme where:
> - ASIDs are cycled where a "TLB flush" is performed
> - When ASIDs wrap around, perform a full TLB flush
> - In exceptional cases, stop using ASIDs
>
> However, the TLB control mode used only flushes the current active ASID of
> the logical processor. Which mean that will supply "stale" ASIDs (not
> flushed),
> because it hasn't been actually flushed (TLB_CTRL_FLUSH_ASID only performs a
> TLB flush of the ASID set in VMCB).
>
> This affects CPUs where flush-by-asid is available (Fam15h (2011) and later).
>
> To fix this, always flush all ASIDs even when flush-by-asid is available.
>
> Fixes: 64b1da5a2fcf ("x86/svm: Use flush-by-asid when available")
> Signed-off-by: Teddy Astie <teddy.as...@vates.tech>
> Reviewed-by: Jan Beulich <jbeul...@suse.com>
> ---
> This patch has been sent first at the security mailing list
> (secur...@xenproject.org)
> which asked me to publish it publicly due to it being actually safe in
> practice.
Having talked to AMD, we believe the algorithm Xen uses (and has done
since it's introduction) happens to be safe for microarchitectural reasons.
Reviewed-by: Andrew Cooper <andrew.coop...@citrix.com>
~Andrew
