Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Linux 5.10 Xen Brings Security Updates - Includes Fixing ARM Guests With KPTI

Written by Michael Larabel in Virtualization on 20 October 2020 at 10:00 AM EDT. Add A Comment

VIRTUALIZATION

The Xen virtualization work for the Linux 5.10 kernel revolves around security.

Last week brought the initial Xen updates for the Linux 5.10 merge window which primarily consisted of fixes. The main change to point out though was a temporary fix for allowing Xen guests on ARM to work with Kernel Page Table Isolation (KPTI) enabled. A more long-term fix is still being worked on for Xen support in KPTI-enabled ARM environments.

The fix is around the VCPUOP_register_runstate_memory_area hypercall that under KPTI-protected guests would be passed an invalid virtual address, so the short term solution is to just avoid that call. ARM relies on Kernel Page Table Isolation as part of their mitigation against the Meltdown vulnerability on affected ARM Cortex processors, similar to the more well known usage on Intel processors.

Now this week is another pull of Xen changes and they are security focused. There is a fix for a Xen security issue where malicious guests could cause a denial of service for Dom0 by triggering null pointer dereferences or access to stale data. There is a larger patch series part of this pull as well for malicious guests being able to cause a Dom0 denial of service by sending events at a high frequency that would overwhelm the IRQ handling.

Add A Comment

Related News

Linux Developers Consider Ending 32-bit KVM Host Virtualization Support`

QEMU 9.2 Released With VirtIO GPU Vulkan Support, AVX10 & Experimental Rust Support

Rust Hypervisor Firmware v0.5 Supports For More CPUs & Improves EFI Support

Linux 6.13 KVM Eliminates An "Awful Idea", Many x86_64 Improvements

Virtual CPUFreq Driver Coming With Linux 6.13 For Better Power/Performance Within VMs

IBM Power11 CPUs Launching In 2025 - Linux 6.13 Preps KVM Nested Guests For Power11

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts

Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels

Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd

How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs

Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal

COSMIC Alpha 4 Released For System76's Rust-Based Desktop

GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd

KDE Starts December By Landing A Number Of New Features