On 2/20/19 12:18 AM, Andrew Cooper wrote: > Modificaitons to an altp2m mark the p2m as needing flushing, but this was > never wired up in the return-to-guest path. As a result, stale TLB entries > can remain after resuming the guest. > > In practice, this manifests as a missing EPT_VIOLATION or #VE exception when > the guest subsequently accesses a page which has had its permissions reduced. > > vmx_vmenter_helper() now has 11 p2ms to potentially invalidate, but issuing 11 > INVEPT instructions isn't clever. Instead, count how many contexts need > invalidating, and use INVEPT_ALL_CONTEXT if two or more are in need of > flushing. > > This doesn't have an XSA because altp2m is not yet a security-supported > feature. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> Reviewed-by: Razvan Cojocaru <rcojoc...@bitdefender.com>
Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
