Re: [Xen-devel] [PATCH v2 0/2] x86/xen: avoid 32-bit writes to PTEs in PV PAE guests

From: Jason Andryuk
Date: Mon Aug 27 2018 - 12:03:48 EST

On Tue, Aug 21, 2018 at 11:40 AM Juergen Gross <jgross@xxxxxxxx> wrote:
> While the hypervisor emulates plain writes to PTEs happily, this is
> much slower than issuing a hypercall for PTE modifcations. And writing
> a PTE via two 32-bit write instructions (especially when clearing the
> PTE) will result in an intermediate L1TF vulnerable PTE.
> Writes to PAE PTEs should always be done with 64-bit writes or via
> hypercalls.
> Juergen Gross (2):
> x86/xen: don't write ptes directly in 32-bit PV guests
> x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear

I tested both patches on 4.14, changing patch 2 to atomic64_xchg since
arch_atomic64_xchg doesn't exist.

I haven't seen
trigger since incorporating these patch. Without the patches, I would
have seen it trigger by now. Also, I've confirmed Xen does not enable
page table shadowing. For what it's worth, the PTEs that would
trigger Xen shadowing (0x8000'0002'0000'0000) are the same as those
that triggered bug 198497. There was at least 1 non-Xen user affected
by 198497, but this at least seems to fix it for me.

Tested-by: Jason Andryuk <jandryuk@xxxxxxxxx>

Thank you.