Re: Doamin crash when trying to install disk encryption (PointSec) on Windows HVM

[Keir Fraser <keir.fraser@eu.citrix.com>]

[-- Attachment #1: Type: text/plain, Size: 4224 bytes --]

Patch is attached. It is in addition to the LTR/LLDT patch.

 -- Keir

On 23/04/2009 18:16, "Keir Fraser" <keir.fraser@eu.citrix.com> wrote:

> A task switch reloads on segment registers, so it is impossible to enter
> vm86 mode with 'bad' segment state even via a task switch.
> 
> If the guest really is trying to enter vm86 mode via a task switch (which
> would be somewhat bizarre, although a valid thing to do) then
> hvm_load_segment_selector() needs updating to deal with VM86 mode. I'll make
> a patch.
> 
>  -- Keir
> 
> On 23/04/2009 17:10, "Tom Rotenberg" <tom.rotenberg@gmail.com> wrote:
> 
>> So, do u have any suggestion, on how can i fix this issue?
>> 
>> 2009/4/23 Tim Deegan <Tim.Deegan@citrix.com>
>>> At 16:57 +0100 on 23 Apr (1240505849), Tom Rotenberg wrote:
>>>> Keir,
>>>> 
>>>> After further testing, it seems like the flow of events were like this:
>>>> there was a VMEXIT with the reason of task switch, which changed to
>>>> vm86mode
>>>> (!), and upon trying to resume from this vmexit, the cpu raised an
>>>> exception.
>>>> 
>>>> And the question is why and how did the task switch caused the vm86
>>>> mode to be turned on? is it even legal?
>>> 
>>> Yes, task-switching into vm86 mode is legal; ISTR it and IRET are the
>>> only ways mentioned in the SDMs of getting into vm86.
>>> 
>>> Looks like Xen doesn't support it, though.  It would need special
>>> handling of the segment state to get round the extra restrictions that
>>> Intel imposed on VMENTER (which are stricter than the limits on using
>>> vm86 mode unvirtualized).
>>> 
>>> Cheers,
>>> 
>>> Tim.
>>> 
>>>> Tom
>>>> 
>>>> 2009/4/23 Keir Fraser
>>>> <keir.fraser@eu.citrix.com<mailto:keir.fraser@eu.citrix.com>>
>>>> All task switches are emulated, so you can add tracing to hvm_task_switch()
>>>> to check if a switch has occurred. An alternative is that the guest did
>>>> another LTR while not being emulated?
>>>> 
>>>> If you want to remember the last VMEXIT, you?ll have to add code to store
>>>> state away somewhere to pick up on the next VMENTRY.
>>>> 
>>>>  -- Keir
>>>> 
>>>> 
>>>> On 23/04/2009 15:08, "Tom Rotenberg"
>>>> <tom.rotenberg@gmail.com<http://tom.rotenberg@gmail.com <http://gmail.com>
>>>>>> wrote:
>>>> 
>>>> About the TR, i have re-checked it, and it seems like the TR value is still
>>>> 0x58, althoug the LTR operation put 0x50 into it. Since, i looked at the
>>>> LTR
>>>> code you sent me, and it seems ok, i tend to suspect, that there was some
>>>> kind of (hardware) task switch, which changed the TR value without me
>>>> knowing, is it possible? because otherwise, i can't really explain why the
>>>> TR value is different than what was loaded from the LTR operation...
>>>> 
>>>> BTW - how can i track what was the previous VMEXIT before this last VMENTRY
>>>> which caused the exception? i think, that probably the last VMEXIT caused
>>>> the "change" to vm86 mode, and this is waht causes the problem...
>>>> 
>>>> Tom
>>>> 
>>>> 2009/4/23 Keir Fraser
>>>> <keir.fraser@eu.citrix.com<http://keir.fraser@eu.citrix.com
>>>> <http://eu.citrix.com> >>
>>>> On 23/04/2009 12:44, "Tom Rotenberg"
>>>> <tom.rotenberg@gmail.com<http://tom.rotenberg@gmail.com <http://gmail.com>
>>>>>> wrote:
>>>> 
>>>>> However, from the VMCS dump, i saw data, which doesn't seem compatible
>>>>> with
>>>>> this, as the LDTR sellector is indeed 0, but has attributes and limit
>>>>> different from zero (although it should have been totaly disabled, by the
>>>>> LLDT, no?).
>>>> 
>>>> The 'unused' flag in the attributes word is set (bit 16) so LDTR is okay.
>>>> 
>>>>> And more important, the TR selector is 0x58, although from the LTR, it was
>>>>> supposed to be 0x50, no?
>>>> 
>>>> If 0x50 was loaded then the selector should certainly be 0x50.
>>>> 
>>>>  -- Keir
>>>> 
>>>>> (of-course it's possible that there were other instructions who changed it
>>>>> back, however, i am wondering if there is a problem here).
>>>> 
>>>> 
>>>> 
>>> 
>>> --
>>> Tim Deegan <Tim.Deegan@citrix.com>
>>> Principal Software Engineer, Citrix Systems (R&D) Ltd.
>>> [Company #02300071, SL9 0DZ, UK.]
>> 
> 


[-- Attachment #2: 00-vm86_tswitch --]
[-- Type: application/octet-stream, Size: 1844 bytes --]

diff -r 8b152638adaa xen/arch/x86/hvm/hvm.c
--- a/xen/arch/x86/hvm/hvm.c	Thu Apr 23 16:22:48 2009 +0100
+++ b/xen/arch/x86/hvm/hvm.c	Thu Apr 23 18:25:49 2009 +0100
@@ -1188,12 +1188,24 @@
 }
 
 static int hvm_load_segment_selector(
-    struct vcpu *v, enum x86_segment seg, uint16_t sel)
+    enum x86_segment seg, uint16_t sel)
 {
     struct segment_register desctab, cs, segr;
     struct desc_struct *pdesc, desc;
     u8 dpl, rpl, cpl;
     int fault_type = TRAP_invalid_tss;
+    struct cpu_user_regs *regs = guest_cpu_user_regs();
+    struct vcpu *v = current;
+
+    if ( regs->eflags & EF_VM )
+    {
+        segr.sel = sel;
+        segr.base = (uint32_t)sel << 4;
+        segr.limit = 0xffffu;
+        segr.attr.bytes = 0xf3;
+        hvm_set_segment_register(v, seg, &segr);
+        return 0;
+    }
 
     /* NULL selector? */
     if ( (sel & 0xfffc) == 0 )
@@ -1440,13 +1452,13 @@
     }
 
     exn_raised = 0;
-    if ( hvm_load_segment_selector(v, x86_seg_es, tss.es) ||
-         hvm_load_segment_selector(v, x86_seg_cs, tss.cs) ||
-         hvm_load_segment_selector(v, x86_seg_ss, tss.ss) ||
-         hvm_load_segment_selector(v, x86_seg_ds, tss.ds) ||
-         hvm_load_segment_selector(v, x86_seg_fs, tss.fs) ||
-         hvm_load_segment_selector(v, x86_seg_gs, tss.gs) ||
-         hvm_load_segment_selector(v, x86_seg_ldtr, tss.ldt) )
+    if ( hvm_load_segment_selector(x86_seg_es, tss.es) ||
+         hvm_load_segment_selector(x86_seg_cs, tss.cs) ||
+         hvm_load_segment_selector(x86_seg_ss, tss.ss) ||
+         hvm_load_segment_selector(x86_seg_ds, tss.ds) ||
+         hvm_load_segment_selector(x86_seg_fs, tss.fs) ||
+         hvm_load_segment_selector(x86_seg_gs, tss.gs) ||
+         hvm_load_segment_selector(x86_seg_ldtr, tss.ldt) )
         exn_raised = 1;
 
     rc = hvm_copy_to_guest_virt(

[-- Attachment #3: Type: text/plain, Size: 138 bytes --]

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel