[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] Fwd: Xen-4.1.6.1 backport for XSA156
On 20.11.2015 17:10, Stefan Bader wrote: > On 20.11.2015 16:59, Jan Beulich wrote: >>>>> On 20.11.15 at 16:03, <stefan.bader@xxxxxxxxxxxxx> wrote: >>> I am currently trying to backport the changes of XSA156 back to Xen-4.1.x >>> and I >>> am struggling with the VMX side. I did see the backports made for 4.2 and >>> 3.4 on >>> the security mailing list but I am not sure the 3.4 backport is not having >>> the >>> same issues (or similar ones). >>> >>> Trying to write down my understanding of the changes: For the 3.4 backport >>> there >>> are only changes to the toggles for debugging and the general trap mask. So >>> if I >>> understand this right, before the change, TRAP_debug and TRAP_int3 were only >>> handled in vmexit when a debugger was attached to the domain. Now, only >>> TRAP_int3 will be toggled and TRAP_debug is always handled. >> >> I've never looked at that 3.4 backport, but not changing the VMEXIT >> handling certainly sounds wrong. I'll attach what I have done for 4.1. >> Please report back any problems you encounter. > > If I am not missing any detail your 4.1 patch looks exactly the same as the > version I ended up with (basically dropping some trace). > Have you tested the resulting HV on an Intel/VMX box and tried to use ptrace > inside the HVM guest? > > This is where my problems come from. Or potentially your > vmx_inject_hw_exception > has been modified since stable-4.1.6.1? So this is a quick hack I just tried and that keeps the HVM alive: @@ -1294,7 +1288,6 @@ void vmx_inject_hw_exception(int trap, i switch ( trap ) { case TRAP_debug: - type = X86_EVENTTYPE_SW_EXCEPTION; if ( guest_cpu_user_regs()->eflags & X86_EFLAGS_TF ) { __restore_debug_registers(curr); @@ -1302,6 +1295,13 @@ void vmx_inject_hw_exception(int trap, i } if ( cpu_has_monitor_trap_flag ) break; + if ( curr->domain->debugger_attached ) + { + /* Debug/Int3: Trap to debugger. */ + domain_pause_for_debugger(); + return; + } + break; case TRAP_int3: if ( curr->domain->debugger_attached ) { Though this looks like an ugly hack and probably is wrong in the other case of TRAP_debug caused by an opcode... -Stefan > > -Stefan >> >> Jan >> > > > > > _______________________________________________ > Xen-devel mailing list > Xen-devel@xxxxxxxxxxxxx > http://lists.xen.org/xen-devel > Attachment:
signature.asc _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |