While the hypervisor emulates plain writes to PTEs happily, this is much slower than issuing a hypercall for PTE modifcations. And writing a PTE via two 32-bit write instructions (especially when clearing the PTE) will result in an intermediate L1TF vulnerable PTE.
Writes to PAE PTEs should always be done with 64-bit writes or via hypercalls. Juergen Gross (2): x86/xen: don't write ptes directly in 32-bit PV guests x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear arch/x86/include/asm/pgtable-3level.h | 7 +++---- arch/x86/xen/mmu_pv.c | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) -- 2.13.7 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
