1. Patchew
  2. Xen
  3. View series

[PATCH] x86/svm: Always flush TLB using TLB_CTRL_FLUSH_ALL

Teddy Astie posted 1 patch 3 months, 1 week ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/ead69886558e6c18662a4755f4a11382e66fa810.1753193439.git.teddy.astie@vates.tech
xen/arch/x86/hvm/svm/asid.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
[PATCH] x86/svm: Always flush TLB using TLB_CTRL_FLUSH_ALL
Posted by Teddy Astie 3 months, 1 week ago 
Xen currently uses an ASID scheme where:
- ASIDs are cycled where a "TLB flush" is performed
- When ASIDs wrap around, perform a full TLB flush
- In exceptional cases, stop using ASIDs

However, the TLB control mode used only flushes the current active ASID of
the logical processor. Which mean that will supply "stale" ASIDs (not flushed),
because it hasn't been actually flushed (TLB_CTRL_FLUSH_ASID only performs a
TLB flush of the ASID set in VMCB).

This affects CPUs where flush-by-asid is available (Fam15h (2011) and later).

To fix this, always flush all ASIDs even when flush-by-asid is available.

Fixes: 64b1da5a2fcf ("x86/svm: Use flush-by-asid when available")
Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---
This patch has been sent first at the security mailing list (security@xenproject.org)
which asked me to publish it publicly due to it being actually safe in practice.

 xen/arch/x86/hvm/svm/asid.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/xen/arch/x86/hvm/svm/asid.c b/xen/arch/x86/hvm/svm/asid.c
index 7977a8e86b..b2ca639539 100644
--- a/xen/arch/x86/hvm/svm/asid.c
+++ b/xen/arch/x86/hvm/svm/asid.c
@@ -46,9 +46,8 @@ void svm_asid_handle_vmrun(void)
     if ( vmcb_get_asid(vmcb) != p_asid->asid )
         vmcb_set_asid(vmcb, p_asid->asid);
 
-    vmcb->tlb_control =
-        !need_flush ? TLB_CTRL_NO_FLUSH :
-        cpu_has_svm_flushbyasid ? TLB_CTRL_FLUSH_ASID : TLB_CTRL_FLUSH_ALL;
+    /* We can't rely on TLB_CTRL_FLUSH_ASID as all ASIDs are stale here. */
+    vmcb->tlb_control = need_flush ? TLB_CTRL_FLUSH_ALL : TLB_CTRL_NO_FLUSH;
 }
 
 /*
-- 
2.50.1



Teddy Astie | Vates XCP-ng Developer

XCP-ng & Xen Orchestra - Vates solutions

web: https://vates.tech
Re: [PATCH] x86/svm: Always flush TLB using TLB_CTRL_FLUSH_ALL
Posted by Andrew Cooper 3 months, 1 week ago 
On 22/07/2025 3:20 pm, Teddy Astie wrote:
> Xen currently uses an ASID scheme where:
> - ASIDs are cycled where a "TLB flush" is performed
> - When ASIDs wrap around, perform a full TLB flush
> - In exceptional cases, stop using ASIDs
>
> However, the TLB control mode used only flushes the current active ASID of
> the logical processor. Which mean that will supply "stale" ASIDs (not flushed),
> because it hasn't been actually flushed (TLB_CTRL_FLUSH_ASID only performs a
> TLB flush of the ASID set in VMCB).
>
> This affects CPUs where flush-by-asid is available (Fam15h (2011) and later).
>
> To fix this, always flush all ASIDs even when flush-by-asid is available.
>
> Fixes: 64b1da5a2fcf ("x86/svm: Use flush-by-asid when available")
> Signed-off-by: Teddy Astie <teddy.astie@vates.tech>
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> ---
> This patch has been sent first at the security mailing list (security@xenproject.org)
> which asked me to publish it publicly due to it being actually safe in practice.

Having talked to AMD, we believe the algorithm Xen uses (and has done
since it's introduction) happens to be safe for microarchitectural reasons.

Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>

~Andrew

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.