On 1/24/19 8:28 PM, Andrew Cooper wrote: > Code clearing the "Suppress VE" bit in an EPT entry isn't nececsserily running > in current context. In ALTP2M_external mode, it definitely is not, and in PV > context, vcpu_altp2m(current) acts upon the HVM union. > > Even if we could sensibly resolve the target vCPU, it may legitimately not be > fully set up at this point, so rejecting the EPT modification would be buggy. > > There is a path in hvm_hap_nested_page_fault() which explicitly emulates #VE > in the cpu_has_vmx_virt_exceptions case, so the -EOPNOTSUPP part of this > condition is also wrong. > > Drop the !sve check entirely. > > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> > --- > CC: Razvan Cojocaru <rcojoc...@bitdefender.com> > CC: Tamas K Lengyel <ta...@tklengyel.com> > CC: Jun Nakajima <jun.nakaj...@intel.com> > CC: Kevin Tian <kevin.t...@intel.com> > CC: Jan Beulich <jbeul...@suse.com> > CC: Wei Liu <wei.l...@citrix.com> > CC: Roger Pau Monné <roger....@citrix.com> > CC: Juergen Gross <jgr...@suse.com> > > Discovered while trying to fix the gaping security hole with ballooning out > the #VE info page. The risk for 4.12 is very minimal - altp2m is off by > default, not security supported, and the ability to clearing sve is limited to > introspection code paths.
Reviewed-by: Razvan Cojocaru <rcojoc...@bitdefender.com> Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
