From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stefan Bader <stefan.bader@canonical.com>
Subject: Re: Fwd: Xen-4.1.6.1 backport for XSA156
Date: Fri, 20 Nov 2015 17:15:07 +0100
Message-ID: <564F470B.2030908@canonical.com>
References: <564F0603.2080708@canonical.com> <564F363B.3010802@canonical.com>
	<564F518602000078000B7496@prv-mh.provo.novell.com>
	<564F45DE.1010504@canonical.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4188951722623881823=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <stefan.bader@canonical.com>) id 1ZzoL8-0000AF-Ng
	for xen-devel@lists.xenproject.org; Fri, 20 Nov 2015 16:15:10 +0000
In-Reply-To: <564F45DE.1010504@canonical.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4188951722623881823==
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="apoSveVvnqOFPljou5Uhh1nppQipqMFho"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--apoSveVvnqOFPljou5Uhh1nppQipqMFho
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 20.11.2015 17:10, Stefan Bader wrote:
> On 20.11.2015 16:59, Jan Beulich wrote:
>>>>> On 20.11.15 at 16:03, <stefan.bader@canonical.com> wrote:
>>> I am currently trying to backport the changes of XSA156 back to Xen-4=
=2E1.x and I
>>> am struggling with the VMX side. I did see the backports made for 4.2=
 and 3.4 on
>>> the security mailing list but I am not sure the 3.4 backport is not h=
aving the
>>> same issues (or similar ones).
>>>
>>> Trying to write down my understanding of the changes: For the 3.4 bac=
kport there
>>> are only changes to the toggles for debugging and the general trap ma=
sk. So if I
>>> understand this right, before the change, TRAP_debug and TRAP_int3 we=
re only
>>> handled in vmexit when a debugger was attached to the domain. Now, on=
ly
>>> TRAP_int3 will be toggled and TRAP_debug is always handled.
>>
>> I've never looked at that 3.4 backport, but not changing the VMEXIT
>> handling certainly sounds wrong. I'll attach what I have done for 4.1.=

>> Please report back any problems you encounter.
>=20
> If I am not missing any detail your 4.1 patch looks exactly the same as=
 the
> version I ended up with (basically dropping some trace).
> Have you tested the resulting HV on an Intel/VMX box and tried to use p=
trace
> inside the HVM guest?
>=20
> This is where my problems come from. Or potentially your vmx_inject_hw_=
exception
> has been modified since stable-4.1.6.1?

So this is a quick hack I just tried and that keeps the HVM alive:

@@ -1294,7 +1288,6 @@ void vmx_inject_hw_exception(int trap, i
     switch ( trap )
     {
     case TRAP_debug:
-        type =3D X86_EVENTTYPE_SW_EXCEPTION;
         if ( guest_cpu_user_regs()->eflags & X86_EFLAGS_TF )
         {
             __restore_debug_registers(curr);
@@ -1302,6 +1295,13 @@ void vmx_inject_hw_exception(int trap, i
         }
         if ( cpu_has_monitor_trap_flag )
             break;
+        if ( curr->domain->debugger_attached )
+        {
+            /* Debug/Int3: Trap to debugger. */
+            domain_pause_for_debugger();
+            return;
+        }
+        break;
     case TRAP_int3:
         if ( curr->domain->debugger_attached )
         {

Though this looks like an ugly hack and probably is wrong in the other ca=
se of
TRAP_debug caused by an opcode...

-Stefan

>=20
> -Stefan
>>
>> Jan
>>
>=20
>=20
>=20
>=20
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xen.org
> http://lists.xen.org/xen-devel
>=20



--apoSveVvnqOFPljou5Uhh1nppQipqMFho
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBCgAGBQJWT0cMAAoJEOhnXe7L7s6jagwP/0tAW5SiX9/tiBqSUzOPCaT1
nGHvcIacPq6bcq4/yL8TjojiBR2Oj/P0Vythnb6X5he57Y+EZH0+WrPGW1kpnM/l
cs8Z/CLxQmE8ecUrlkIcCP07I8hSVmZKlWhExGeuoTQtD0aMGYKELQp4Xw0GnWit
vuzUUEfIptnSp4g8i2VicMIxG5fvdq7Uo2TW01gYQOzS4gy2jVDqPOzsUbIeGH24
a1PgfuocvQO5C8rwxicNtzJhkf8P0CwE9984iRktnLVePJdJLODjwTnREjiTEIUg
Pqin89eTtVNMkr4wLyY/ckxRfyDQY4jzpCJAapjoQAaxPwtQVcG4jL6rQfvZv2LT
F0SjUrw4sEYkdUg6OC/r5OM+B1MTSHn5WudfRogEl5YoQFmJF0XxBG1BrNaZA8uf
QmSDQInvAW6MPIctc7yhU7I27oTskIfVXAB0CCW2X0Epfbgb9kXi2Adm6vK41G5z
0t+v63W41vBWAyh8igPd+HWyIC701nE8wapMRh+wi5Bf/e30jVZzrL/xbLMCdIiq
pUieeHsUOVA2XSfykULHenNkK5tyuU0YtqN7vznYft1xV1LLY+vrBZj9LItbSsy+
IFJqagM9KZPPcvCGpuKMfly9lBeB5w0t8g2LZ1Kmk0RZgPuIKaLsEGmTrifb2kgb
/xtI1xqmEY1Oeh/0UuoX
=z7WT
-----END PGP SIGNATURE-----

--apoSveVvnqOFPljou5Uhh1nppQipqMFho--


--===============4188951722623881823==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============4188951722623881823==--