On Thu, 18 Jan 2024 at 08:01, Michael Tokarev wrote:
>
> 15.12.2023 15:03, Max Filippov :
> > r[id]tlb[01], [iw][id]tlb opcodes use TLB way index passed in a register
> > by the guest. The host uses 3 bits of the index for ITLB indexing and 4
> > bits for DTLB, but there's only 7 entries in the IT
15.12.2023 15:03, Max Filippov :
r[id]tlb[01], [iw][id]tlb opcodes use TLB way index passed in a register
by the guest. The host uses 3 bits of the index for ITLB indexing and 4
bits for DTLB, but there's only 7 entries in the ITLB array and 10 in
the DTLB array, so a malicious guest may trigger
On Fri, 15 Dec 2023 at 12:05, Max Filippov wrote:
>
> r[id]tlb[01], [iw][id]tlb opcodes use TLB way index passed in a register
> by the guest. The host uses 3 bits of the index for ITLB indexing and 4
> bits for DTLB, but there's only 7 entries in the ITLB array and 10 in
> the DTLB array, so a ma
r[id]tlb[01], [iw][id]tlb opcodes use TLB way index passed in a register
by the guest. The host uses 3 bits of the index for ITLB indexing and 4
bits for DTLB, but there's only 7 entries in the ITLB array and 10 in
the DTLB array, so a malicious guest may trigger out-of-bound access to
these arrays
