This is a common problem of shared-memory systems, and can be fixed by synchronising accesses to the page table. Unfortunately, the only way to achieve synchronisation between two or more processes is to synchronise their clocks. In a system like Xen, where the scheduler is free to determine when a task runs, synchronising the clocks would require a lot of coordination between the hypervisor and the hardware vendors, which is likely to be a non-trivial task. Moreover, Xen does not have any way to synchronise its clocks with the hardware clock. Therefore, the only option left for Xen is to synchronise accesses to the page table. Unfortunately, this too has its own problems.
A race between two concurrently running tasks to acquire a TLB line can result in one task being granted a TLB line before the other task has finished writing to the page table. This results in the second task reading stale data from the first task's page table, potentially leaking information that the second task does not have permission to read. The symptoms of this bug would be unpredictable behaviour of guest OSes, ranging from incorrect page table accesses to user-mode crashes.

CVE-2022-26363

This is a common problem of shared-memory systems, and can be fixed by synchronising accesses to the page table. Unfortunately, the only way to achieve synchronisation between two or more processes is to synchronise their clocks. In a system like Xen, where the scheduler is free to determine when a task runs, synchronising the clocks would require a lot of coordination between the hypervisor and the hardware vendors, which is likely to be a non-trivial task. Moreover, Xen does not have any way to synchronise its clocks with the hardware clock. Therefore, the only option left for Xen is to synchronise accesses to the page table. Unfortunately, this too has its own problems.
A race between two concurrently running tasks to acquire a TLB line can result in one task being granted a TLB line before the other task has finished writing to the page table. This results in the second task reading stale data from the first task's page table, potentially leaking information that the second task does not have permission to read. The symptoms of this bug would be unpredictable behaviour of guest OSes, ranging from incorrect page table accesses to user-mode crashes.>>END>>

References:

Meltem Demir, "Computer Performance Is Inversely Related to Memory-Bandwidth Productivity", iai.tau.ac.il/~demir/pubs/hplcs_2008.pdf

Timeline

Published on: 06/09/2022 17:15:00 UTC
Last modified on: 08/24/2022 18:35:00 UTC

References