[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] x86/svm: Fix a livelock when trying to run shadowed unpaged guests



On 09/29/2017 01:53 PM, Andrew Cooper wrote:
> On AMD processors which support SMEP (Some Fam16h processors) and SMAP (Zen,
> Fam17h), a guest which is running with shadow paging and clears CR0.PG while
> keeping CR4.{SMEP,SMAP} set will livelock, as hardware raises #PF which the
> shadow pagetable concludes shouldn't happen.
>
> This occurs because hardware is running with host paging settings, which
> causes the guests choice of SMEP/SMAP to actually take effect, even though
> they shouldn't from the guests point of view.

Reviewed-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>

although the commit message makes it sound as if this problem is
specific to AMD. This is not an issue on Intel because VMX already has
such code, no?

-boris

>
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>
> CC: Suravee Suthikulpanit <suravee.suthikulpanit@xxxxxxx>
>
> Discovered when trying to fix my comprehensive pagetable XTF test to run on
> Zen processors.
> ---
>  xen/arch/x86/hvm/svm/svm.c | 18 ++++++++++++++++++
>  1 file changed, 18 insertions(+)
>
> diff --git a/xen/arch/x86/hvm/svm/svm.c b/xen/arch/x86/hvm/svm/svm.c
> index 12ddc8a..b9cf423 100644
> --- a/xen/arch/x86/hvm/svm/svm.c
> +++ b/xen/arch/x86/hvm/svm/svm.c
> @@ -576,6 +576,24 @@ void svm_update_guest_cr(struct vcpu *v, unsigned int cr)
>          if ( paging_mode_hap(v->domain) )
>              value &= ~X86_CR4_PAE;
>          value |= v->arch.hvm_vcpu.guest_cr[4];
> +
> +        if ( !hvm_paging_enabled(v) )
> +        {
> +            /*
> +             * When the guest thinks paging is disabled, Xen may need to hide
> +             * the effects of shadow paging, as hardware runs with the host
> +             * paging settings, rather than the guests settings.
> +             *
> +             * Without CR0.PG, all memory accesses are user mode, so
> +             * _PAGE_USER must be set in the shadow pagetables for guest
> +             * userspace to function.  This in turn trips up guest supervisor
> +             * mode if SMEP/SMAP are left active in context.  They wouldn't
> +             * have any effect if paging was actually disabled, so hide them
> +             * behind the back of the guest.
> +             */
> +            value &= ~(X86_CR4_SMEP | X86_CR4_SMAP);
> +        }
> +
>          vmcb_set_cr4(vmcb, value);
>          break;
>      default:


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.