Xen project Mailing List

[Xen-devel] Crash with nested HVM and Linux v5.1+

To: "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

From: Sarah Newman <srn@xxxxxxxxx>

Date: Fri, 20 Sep 2019 16:14:25 -0700

Delivery-date: Fri, 20 Sep 2019 23:14:35 +0000

Dkim-filter: OpenDKIM Filter v2.11.0 mail.prgmr.com A693372008B

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

With nestedhvm=1, the L2 HVM guest is either hanging (Xen 4.8) or crashing (Xen 4.12.1) the L1 Xen hypervisor with recent versions of Linux. We

isolated the commit to:

commit 093ae8f9a86a974c920b613860f1f7fd5bbd70ab Author: Borislav Petkov <bp@xxxxxxx> Date: Thu Apr 12 13:11:36 2018 +0200 x86/TSC: Use RDTSCP Currently, the kernel uses [LM]FENCE; RDTSC in the timekeeping code, to guarantee monotonicity of time where the *FENCE is selected based on vendor. Replace that sequence with RDTSCP which is faster or on-par and gives the same guarantees. A microbenchmark on Intel shows that the change is on-par. On AMD, the change is either on-par with the current LFENCE-prefixed RDTSC or slightly better with RDTSCP. The comparison is done with the LFENCE-prefixed RDTSC (and not with the MFENCE-prefixed one, as one would normally expect) because all modern AMD families make LFENCE serializing and thus avoid the heavy MFENCE by effectively enabling X86_FEATURE_LFENCE_RDTSC.

I could not find RDTSCP instruction being used by Linux before the given commit, which is present in Linux v5.1 and newer. As expected, masking off

the RDTSCP cpuid flag in leaf 0x80000001 prevents a cooperative guest from using that instruction and therefore prevents the crash.

--Sarah _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.