[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] x86/emul: Poision the stubs with debug traps



On 20/03/17 11:50, Jan Beulich wrote:
>>>> On 20.03.17 at 11:58, <andrew.cooper3@xxxxxxxxxx> wrote:
>> ...rather than leaving fragments of old instructions in place.  This reduces
>> the chances of something going further-wrong (as the debug trap will be 
>> caught
>> and terminate the guest) in a cascade-failure where we end up executing the
>> instruction fragments.
>>
>> Before:
>>     (XEN) d2v0 exception 6 (ec=0000) in emulation stub (line 6239)
>>     (XEN) d2v0 stub: c4 e1 44 77 c3 80 d0 82 ff ff ff d1 90 ec 90
>>
>> After:
>>     (XEN) d3v0 exception 6 (ec=0000) in emulation stub (line 6239)
>>     (XEN) d3v0 stub: c4 e1 44 77 c3 cc cc cc cc cc cc cc cc cc cc
>>
>> To make this work, the int3 handler needs to be extended to attempt recovery
>> rather than simply returning back to Xen context.  This is a good general
>> precaution anyway, as nothing good will happen from letting Xen blindly
>> execute over 0xcc's.
> I partly disagree: It can be a very useful thing to not have to rebuild
> Xen with hard coded INT3 invocations removed/re-added between
> runs with or without a debugger attached.

What possible usecase is this for?  If you don't already modify
do_int3(), use of embedded int3's are of no use.

>
>> --- a/xen/arch/x86/traps.c
>> +++ b/xen/arch/x86/traps.c
>> @@ -1206,9 +1206,21 @@ void do_int3(struct cpu_user_regs *regs)
>>  
>>      if ( !guest_mode(regs) )
>>      {
>> -        debugger_trap_fatal(TRAP_int3, regs);
>> -        return;
>> -    } 
>> +        unsigned long fixup;
>> +
>> +        if ( (fixup = search_exception_table(regs)) != 0 )
>> +        {
>> +            this_cpu(last_extable_addr) = regs->rip;
>> +            regs->rip = fixup;
> Should this be accompanied by a dprintk(), like most other such
> cases are?

Perhaps.  I'm not fussed, and it should be a rare occurrence.

>
>> +            return;
>> +        }
>> +
>> +        if ( debugger_trap_fatal(TRAP_int3, regs) )
>> +            return;
>> +
>> +        show_execution_state(regs);
>> +        panic("FATAL TRAP: vector = %d (int3)", TRAP_int3);
> Along the lines of what I've said above, I'd like to see this being made
> conditional upon NDEBUG.

Without some further explanation, I don't buy it as a plausible scenario.

> Plus I think you want to call fatal_trap() here.

fatal_trap() however would be better.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.