From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753295AbbG1RME (ORCPT ); Tue, 28 Jul 2015 13:12:04 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:20461 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752207AbbG1RMD (ORCPT ); Tue, 28 Jul 2015 13:12:03 -0400 Message-ID: <55B7B791.2050208@oracle.com> Date: Tue, 28 Jul 2015 13:10:41 -0400 From: Boris Ostrovsky User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Andy Lutomirski , Andrew Cooper CC: "security@kernel.org" , Peter Zijlstra , X86 ML , "linux-kernel@vger.kernel.org" , Steven Rostedt , xen-devel , Borislav Petkov , Jan Beulich , Sasha Levin Subject: Re: [Xen-devel] [PATCH v4 0/3] x86: modify_ldt improvement, test, and config option References: <55B64FEA.70204@oracle.com> <55B659EC.5030009@oracle.com> <55B75993.90909@citrix.com> <55B7AE39.7000101@citrix.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07/28/2015 01:07 PM, Andy Lutomirski wrote: > On Tue, Jul 28, 2015 at 9:30 AM, Andrew Cooper > wrote: >> I suspect that the set_ldt(NULL, 0) call hasn't reached Xen before >> xen_free_ldt() is attempting to nab back the pages which Xen still has >> mapped as an LDT. >> > I just instrumented it with yet more LSL instructions. I'm pretty > sure that set_ldt really is clearing at least LDT entry zero. > Nonetheless the free_ldt call still oopses. > Yes, I added some instrumentation to the hypervisor and we definitely set LDT to NULL before failing. -boris