[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Fwd: Xen-4.1.6.1 backport for XSA156



On 20.11.2015 17:10, Stefan Bader wrote:
> On 20.11.2015 16:59, Jan Beulich wrote:
>>>>> On 20.11.15 at 16:03, <stefan.bader@xxxxxxxxxxxxx> wrote:
>>> I am currently trying to backport the changes of XSA156 back to Xen-4.1.x 
>>> and I
>>> am struggling with the VMX side. I did see the backports made for 4.2 and 
>>> 3.4 on
>>> the security mailing list but I am not sure the 3.4 backport is not having 
>>> the
>>> same issues (or similar ones).
>>>
>>> Trying to write down my understanding of the changes: For the 3.4 backport 
>>> there
>>> are only changes to the toggles for debugging and the general trap mask. So 
>>> if I
>>> understand this right, before the change, TRAP_debug and TRAP_int3 were only
>>> handled in vmexit when a debugger was attached to the domain. Now, only
>>> TRAP_int3 will be toggled and TRAP_debug is always handled.
>>
>> I've never looked at that 3.4 backport, but not changing the VMEXIT
>> handling certainly sounds wrong. I'll attach what I have done for 4.1.
>> Please report back any problems you encounter.
> 
> If I am not missing any detail your 4.1 patch looks exactly the same as the
> version I ended up with (basically dropping some trace).
> Have you tested the resulting HV on an Intel/VMX box and tried to use ptrace
> inside the HVM guest?
> 
> This is where my problems come from. Or potentially your 
> vmx_inject_hw_exception
> has been modified since stable-4.1.6.1?

So this is a quick hack I just tried and that keeps the HVM alive:

@@ -1294,7 +1288,6 @@ void vmx_inject_hw_exception(int trap, i
     switch ( trap )
     {
     case TRAP_debug:
-        type = X86_EVENTTYPE_SW_EXCEPTION;
         if ( guest_cpu_user_regs()->eflags & X86_EFLAGS_TF )
         {
             __restore_debug_registers(curr);
@@ -1302,6 +1295,13 @@ void vmx_inject_hw_exception(int trap, i
         }
         if ( cpu_has_monitor_trap_flag )
             break;
+        if ( curr->domain->debugger_attached )
+        {
+            /* Debug/Int3: Trap to debugger. */
+            domain_pause_for_debugger();
+            return;
+        }
+        break;
     case TRAP_int3:
         if ( curr->domain->debugger_attached )
         {

Though this looks like an ugly hack and probably is wrong in the other case of
TRAP_debug caused by an opcode...

-Stefan

> 
> -Stefan
>>
>> Jan
>>
> 
> 
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxx
> http://lists.xen.org/xen-devel
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.