[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen Introspection, KPTI, and CR3 bit 63 leads to guest VMENTRY failures during introspection

>>> On 24.01.18 at 23:31, <bitweasil@xxxxxxxxxxxxxx> wrote:
> I've recently discovered that if you attempt to use introspection to
> capture CR3 changes with the new KPTI enabled kernels, the guest dies
> shortly after the start of introspection with failed VM entry due to
> invalid guest state.
> I believe the invalid state here is the high bit being set in CR3 - while
> this is how one indicates that PCID should not invalidate the various page
> table caches, introspection leads to this being set in the VMCS, which
> appears to be wrong.
> With the XenServer 4.7.1 code base (which is my working code base at the
> moment), I have not found a way around this, as the vm_event_set_registers
> function (xen/arch/x86/vm_event.c) does not set the CR3 value, and
> vm_event_register_write_resume only allows inhibiting the write, not
> writing a modified value.
> I've attempted several ways to work around this with a livepatch, and have
> not (yet) been successful.
> Masking at the top of hvm_set_cr3 allows the guest to continue, but appears
> to do the wrong thing with regards to the guest (tasks begin dying quickly
> from invalid opcode errors).

I have difficulty seeing the reason for this: Doing a TLB flush when
none is needed should have no effect other than reduced
performance. Without seeing your change it is of course difficult to
judge whether there's something I'm overlooking, or whether
perhaps your change happens at the wrong point or is insufficient.


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.