Advisory: XSA-170

XSA-170 concerns a vmentry quirk on VMX hardware, which causes the vmentry to fail if %rip is non-canonical. This bug does not affect SVM hardware, where vmentries are permitted with a non-canonical %rip.

There are legitimate circumstances which can arise, requiring Xen to re-enter the guest with a non-canonical %rip (tested below), and this bug prevents Xen from providing architectural behaviour to the guest.

The important aspect is that Xen doesn't suffer a vmentry failure and crash the guest due to userspace actions.

See also: tests/xsa-170/main.c