[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [VMI] Possible race-condition in altp2m APIs

Le vendredi, mai 10, 2019 5:21 PM, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> a 
écrit :

> On 10/05/2019 16:17, Mathieu Tarral wrote:
>
> > Le jeudi, mai 9, 2019 6:42 PM, Andrew Cooper andrew.cooper3@xxxxxxxxxx a 
> > écrit :
> >
> > > Therefore, the conclusion to draw is that it is a logical bug somewhere.
> > The bug is still here, so we can exclude a microcode issue.
>
> Good - that is one further angle excluded.  Always make sure you are
> running with up-to-date microcode, but it looks like we back to
> investigating a logical bug in libvmi or Xen.

I played with tool/tests/xen-access this afternoon.

The tool is working, i could intercept breakpoints, cpuid, write and exec mem 
accesses, etc..

However, using altp2m related intercepts leads to a guest crash sometimes:

Windows 7 x64, 4 VCPUs
- altp2m_write: crash
- altp2m_exec: crash
- altp2m_write_no_gpt: frozen

Windows 7 x64, 1 VCPU
- altp2m_write: crash
- altp2m_exec: OK
- altp2m_write_no_gpt: frozen

"frozen" means that xen-access receives VMI events, bug the guest is frozen 
until I decide to stop xen-access.
I'm wondering what kind of exec events it received because they are not the 
same, so it's not looping
over the same RIP over and over. (?)

Here is an example output I have when I run sudo ./xen-access <dom_id> 
altp2m_write

...
Got event from Xen
Singlestep: rip=fffff800026e60dc, vcpu 1, altp2m 0
        Switching altp2m to view 1!
Error -1 getting mem_access event

Singlestep: rip=fffff800026e6054, vcpu 3, altp2m 0
        Switching altp2m to view 1!
Singlestep: rip=fffff800026d64c5, vcpu 0, altp2m 0
        Switching altp2m to view 1!
xenaccess shutting down on signal -1
Got event from Xen
PAGE ACCESS: rw- for GFN 21cef (offset 000fb8) gla fffff88002039fb8 (valid: y; 
fault in gpt: n; fault with gla: y) (vcpu 1 [p], altp2m view 1)
        Switching back to default view!
PAGE ACCESS: rw- for GFN 1debc (offset 0004b0) gla fffff880022ed4b0 (valid: y; 
fault in gpt: n; fault with gla: y) (vcpu 3 [p], altp2m view 1)
        Switching back to default view!
PAGE ACCESS: rw- for GFN b9a (offset 000ae8) gla fffff80000b9aae8 (valid: y; 
fault in gpt: n; fault with gla: y) (vcpu 0 [p], altp2m view 1)
        Switching back to default view!
xenaccess shut down on signal -1
xenaccess exit code -1

@Tamas: if you added support for altp2m in xen-access, did you remember 
crashing your guest ?
Or was it working at the time you tested ?

Mathieu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.