From: Matthew Barnes <matthew.barnes@cloud.com>
To: Andrew Cooper <andrew.cooper3@citrix.com>
Cc: Anthony PERARD <anthony@xenproject.org>,
Xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [XEN PATCH] tools/misc: xen-hvmcrash: Inject #DF instead of overwriting RIP
Date: Wed, 26 Jun 2024 15:12:20 +0100 [thread overview]
Message-ID: <667c21d0.170a0220.bf390.0f32@mx.google.com> (raw)
In-Reply-To: <7ffabe8b-7993-4cc5-97fe-dd1cbd35798e@citrix.com>
On Tue, Jun 25, 2024 at 10:02:42PM +0100, Andrew Cooper wrote:
> On 03/06/2024 3:59 pm, Matthew Barnes wrote:
> > xen-hvmcrash would previously save records, overwrite the instruction
> > pointer with a bogus value, and then restore them to crash a domain
> > just enough to cause the guest OS to memdump.
> >
> > This approach is found to be unreliable when tested on a guest running
> > Windows 10 x64, with some executions doing nothing at all.
> >
> > Another approach would be to trigger NMIs. This approach is found to be
> > unreliable when tested on Linux (Ubuntu 22.04), as Linux will ignore
> > NMIs if it is not configured to handle such.
> >
> > Injecting a double fault abort to all vCPUs is found to be more
> > reliable at crashing and invoking memdumps from Windows and Linux
> > domains.
>
> Why every CPU?
>
> We never did that before, and I don't see any it ought to be necessary
> now either.
We do: at the moment, xen-hvmcrash iterates through
hvm_save_descriptors after pausing the domain, overwriting the EIP/RIP of
each cpu it finds.
Is there a reason not to inject #DF into each domain vCPU? Wouldn't that
crash the domain more reliably?
> > diff --git a/tools/misc/xen-hvmcrash.c b/tools/misc/xen-hvmcrash.c
> > index 1d058fa40a47..8ef1beb388f8 100644
> > --- a/tools/misc/xen-hvmcrash.c
> > +++ b/tools/misc/xen-hvmcrash.c
> > @@ -38,22 +38,21 @@
> > #include <sys/stat.h>
> > #include <arpa/inet.h>
> >
> > +#define XC_WANT_COMPAT_DEVICEMODEL_API
>
> Please don't introduce this. We want to purge it from the codebase, not
> propagate it.
>
> You want to open and use a libxendevicemodel handle. (Sadly you also
> need a xenctrl handle too, until we sort out the userspace ABIs).
>
> > #include <xenctrl.h>
> > #include <xen/xen.h>
> > #include <xen/domctl.h>
> > #include <xen/hvm/save.h>
> >
> > +#define X86_ABORT_DF 8
>
> #include <xen/asm/x86-defns.h>
>
> and use X86_EXC_DF.
Understood: this will be reflected in patch v2.
Matt
prev parent reply other threads:[~2024-06-26 14:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-03 14:59 [XEN PATCH] tools/misc: xen-hvmcrash: Inject #DF instead of overwriting RIP Matthew Barnes
2024-06-21 15:38 ` Anthony PERARD
[not found] ` <667ae6e4.050a0220.21f03.212f@mx.google.com>
2024-06-25 15:51 ` Matthew Barnes
2024-06-25 21:02 ` Andrew Cooper
2024-06-26 14:12 ` Matthew Barnes [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=667c21d0.170a0220.bf390.0f32@mx.google.com \
--to=matthew.barnes@cloud.com \
--cc=andrew.cooper3@citrix.com \
--cc=anthony@xenproject.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.