|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [BUG] Invalid guest state in Xen master, dom0 linux-5.3.6, domU windows 10
On 04/11/2019 15:40, Andrew Cooper wrote: > On 04/11/2019 15:33, Håkon Alstadheim wrote: >> Den 04.11.2019 14:31, skrev Andrew Cooper: >>> On 03/11/2019 10:23, Håkon Alstadheim wrote: >>> >>>> (XEN) [2019-11-02 14:09:46] d2v0 vmentry failure (reason 0x80000021): >>>> Invalid guest state (0) >>>> (XEN) [2019-11-02 14:09:46] ************* VMCS Area ************** >>>> (XEN) [2019-11-02 14:09:46] *** Guest State *** >>>> (XEN) [2019-11-02 14:09:46] CR0: actual=0x0000000080050031, >>>> shadow=0x0000000080050031, gh_mask=ffffffffffffffff >>>> (XEN) [2019-11-02 14:09:46] CR4: actual=0x0000000000172678, >>>> shadow=0x0000000000170678, gh_mask=ffffffffffe8f860 >>>> (XEN) [2019-11-02 14:09:46] CR3 = 0x00000000001aa002 >>>> (XEN) [2019-11-02 14:09:46] RSP = 0xffff8c0f4dd71e98 >>>> (0xffff8c0f4dd71e98) RIP = 0xffffd18a040bb75e (0xffffd18a040bb75e) >>>> (XEN) [2019-11-02 14:09:46] RFLAGS=0x00000187 (0x00000187) DR7 = >>>> 0x0000000000000400 >>>> (XEN) [2019-11-02 14:09:46] Sysenter RSP=0000000000000000 >>>> CS:RIP=0000:0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] sel attr limit base >>>> (XEN) [2019-11-02 14:09:46] CS: 0010 0209b 00000000 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] DS: 002b 0c0f3 ffffffff 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] SS: 0018 04093 00000000 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] ES: 002b 0c0f3 ffffffff 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] FS: 0053 040f3 00003c00 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] GS: 002b 0c0f3 ffffffff fffff8044ff80000 >>>> (XEN) [2019-11-02 14:09:46] GDTR: 00000057 fffff80459c61fb0 >>>> (XEN) [2019-11-02 14:09:46] LDTR: 0000 1c000 ffffffff 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] IDTR: 0000012f ffffd18a014a0980 >>>> (XEN) [2019-11-02 14:09:46] TR: 0040 0008b 00000067 fffff80459c60000 >>>> (XEN) [2019-11-02 14:09:46] EFER(VMCS) = 0x0000000000000d01 PAT = >>>> 0x0007010600070106 >>>> (XEN) [2019-11-02 14:09:46] PreemptionTimer = 0x00000000 SM Base = >>>> 0x00000000 >>>> (XEN) [2019-11-02 14:09:46] DebugCtl = 0x0000000000000000 >>>> DebugExceptions = 0x0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] Interruptibility = 00000002 ActivityState >>>> = 00000000 >>>> (XEN) [2019-11-02 14:09:46] InterruptStatus = 0000 >>>> (XEN) [2019-11-02 14:09:46] *** Host State *** >>>> (XEN) [2019-11-02 14:09:46] RIP = 0xffff82d080341950 >>>> (vmx_asm_vmexit_handler) RSP = 0xffff83083ff0ff70 >>>> (XEN) [2019-11-02 14:09:46] CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 >>>> GS=0000 TR=e040 >>>> (XEN) [2019-11-02 14:09:46] FSBase=0000000000000000 >>>> GSBase=0000000000000000 TRBase=ffff83083ff14000 >>>> (XEN) [2019-11-02 14:09:46] GDTBase=ffff83083ff03000 >>>> IDTBase=ffff83083ff07000 >>>> (XEN) [2019-11-02 14:09:46] CR0=0000000080050033 CR3=000000054dbea000 >>>> CR4=00000000001526e0 >>>> (XEN) [2019-11-02 14:09:46] Sysenter RSP=ffff83083ff0ffa0 >>>> CS:RIP=e008:ffff82d080395440 >>>> (XEN) [2019-11-02 14:09:46] EFER = 0x0000000000000d01 PAT = >>>> 0x0000050100070406 >>>> (XEN) [2019-11-02 14:09:46] *** Control State *** >>>> (XEN) [2019-11-02 14:09:46] PinBased=000000bf CPUBased=b62065fa >>>> SecondaryExec=000017eb >>>> (XEN) [2019-11-02 14:09:46] EntryControls=0000d3ff >>>> ExitControls=002fefff >>>> (XEN) [2019-11-02 14:09:46] ExceptionBitmap=00060002 PFECmask=00000000 >>>> PFECmatch=00000000 >>>> (XEN) [2019-11-02 14:09:46] VMEntry: intr_info=80000501 >>>> errcode=00000000 ilen=00000001 >>>> (XEN) [2019-11-02 14:09:46] VMExit: intr_info=80000501 >>>> errcode=00000000 ilen=00000001 >>>> (XEN) [2019-11-02 14:09:46] reason=80000021 >>>> qualification=0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] IDTVectoring: info=00000000 >>>> errcode=00000000 >>>> (XEN) [2019-11-02 14:09:46] TSC Offset = 0xfffff45ded46dd57 TSC >>>> Multiplier = 0x0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] TPR Threshold = 0x00 PostedIntrVec = 0xf5 >>>> (XEN) [2019-11-02 14:09:46] EPT pointer = 0x000000054e3a701e EPTP >>>> index = 0x0000 >>>> (XEN) [2019-11-02 14:09:46] PLE Gap=00000080 Window=00001000 >>>> (XEN) [2019-11-02 14:09:46] Virtual processor ID = 0x5a02 VMfunc >>>> controls = 0000000000000000 >>>> (XEN) [2019-11-02 14:09:46] ************************************** >>>> (XEN) [2019-11-02 14:09:46] domain_crash called from vmx.c:3335 >>>> (XEN) [2019-11-02 14:09:46] Domain 2 (vcpu#0) crashed on cpu#2: >>> Interruptibility = 00000002 (Blocked by Mov SS) and VMEntry: >>> intr_info=80000501 (ICEBP) >>> >>> Dare I ask what you're running in your windows guest? Unless it is a >>> vulnerability test suite, I'm rather concerned. >> Because I have pulled out all stops ? Well no particular reason. I've >> asked my kids nicely not to poke any /more/ holes in the security on >> the system. Probably should tighten up the ship. I have some conflict >> going on between the hardware pci USB cards in the machine, so I >> thought I'd see what would happen if I gave ASUS and whatever no-name >> Taiwanese I have in there free rein. Nothing gained as far as I can >> see, so I'll see about closing some of the more gaping holes. At least >> as far as getting rid of deprecation warnings go :-) . >> >> I hope "they" never get serious about requiring a license to own a >> computer with Internet access. :-) > Something in the VM is attempting to exploit XSA-260 / CVE-2018-8897 > against the guest kernel, using a variation of the attack. > > Xen should cope with the entry conditions correctly, and I think I've > figured out a fairly non-invasive way of fixing this particular case > without the full-blown #DB rework. Ok - something more complicated is going on here. I can't reproduce the corner case in the obvious way. Can you apply this debugging patch and try to reproduce the issue? I want to confirm which instructions the guest is executing. ~Andrew Attachment:
dbg.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |