[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH] x86/hvm: fix domain crash when CR3 has the noflush bit set

To: xen-devel@xxxxxxxxxxxxx
From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Date: Fri, 26 Jan 2018 11:39:36 +0200
Cc: andrew.cooper3@xxxxxxxxxx, bitweasil@xxxxxxxxxxxxxx, tamas@xxxxxxxxxxxxx, Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>, jbeulich@xxxxxxxx
Delivery-date: Fri, 26 Jan 2018 09:40:09 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

The emulation layers of Xen lack PCID support, and as we only offer
PCID to HAP guests, all writes to CR3 are handled by hardware,
except when introspection is involved. Consequently, trying to set
CR3 when the noflush bit is set in hvm_set_cr3() leads to domain
crashes. The workaround is to clear the noflush bit in
hvm_set_cr3() (and, for completeness, to compare old vs new
CR3 values in hvm_monitor_cr() after clearing the noflush bit
for them as well).

Signed-off-by: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>
Reported-by: Bitweasil <bitweasil@xxxxxxxxxxxxxx>
Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
 xen/arch/x86/hvm/hvm.c     | 3 +++
 xen/arch/x86/hvm/monitor.c | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
index 2689046..1ab2522 100644
--- a/xen/arch/x86/hvm/hvm.c
+++ b/xen/arch/x86/hvm/hvm.c
@@ -2324,6 +2324,9 @@ int hvm_set_cr3(unsigned long value, bool_t may_defer)
         }
     }
 
+    if ( hvm_pcid_enabled(v) ) /* Clear the noflush bit. */
+        value &= ((1ull << 63) - 1);
+
     if ( hvm_paging_enabled(v) && !paging_mode_hap(v->domain) &&
          (value != v->arch.hvm_vcpu.guest_cr[3]) )
     {
diff --git a/xen/arch/x86/hvm/monitor.c b/xen/arch/x86/hvm/monitor.c
index 131b852..e0f0530 100644
--- a/xen/arch/x86/hvm/monitor.c
+++ b/xen/arch/x86/hvm/monitor.c
@@ -36,6 +36,12 @@ bool hvm_monitor_cr(unsigned int index, unsigned long value, 
unsigned long old)
     struct arch_domain *ad = &curr->domain->arch;
     unsigned int ctrlreg_bitmask = monitor_ctrlreg_bitmask(index);
 
+    if ( index == 3 && hvm_pcid_enabled(curr) ) /* Clear the noflush bit. */
+    {
+        value &= ((1ull << 63) - 1);
+        old &= ((1ull << 63) - 1);
+    }
+
     if ( (ad->monitor.write_ctrlreg_enabled & ctrlreg_bitmask) &&
          (!(ad->monitor.write_ctrlreg_onchangeonly & ctrlreg_bitmask) ||
           value != old) &&
-- 
2.7.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] x86/hvm: fix domain crash when CR3 has the noflush bit set
  - From: Jan Beulich

Prev by Date: [Xen-devel] [seabios test] 118328: regressions - FAIL
Next by Date: Re: [Xen-devel] [PATCH v10 09/11] x86/ctxt: Issue a speculation barrier between vcpu contexts
Previous by thread: [Xen-devel] [seabios test] 118328: regressions - FAIL
Next by thread: Re: [Xen-devel] [PATCH] x86/hvm: fix domain crash when CR3 has the noflush bit set
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.