From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: Intermittent fatal page fault with XEN 4.3.1
 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
Date: Thu, 7 Nov 2013 17:02:27 +0000
Message-ID: <527BC7A3.7030405@citrix.com>
References: <CAOqnZH4TzORy6cTjP3AFHMkUVazvWbObzfh4QzFfD013=3K-Rg@mail.gmail.com>
	<5278D0BB02000078000FF6E4@nat28.tlf.novell.com>
	<527912E9.3010304@xen.org>
	<5E2B3362-4D93-4FEF-987A-E477B0DCEE51@mcafee.com>
	<527A5BB50200007800100255@nat28.tlf.novell.com>
	<4E8EC677-8D22-4672-9C5C-12DD094107D2@McAfee.com>
	<1383754737.26213.136.camel@kazak.uk.xensource.com>
	<A7EFF1D5-8892-4625-868B-C36AC3B84844@McAfee.com>
	<527A7454.9060309@citrix.com>
	<1383757590.26213.139.camel@kazak.uk.xensource.com>
	<527A7769.8070700@citrix.com>
	<527B67280200007800100817@nat28.tlf.novell.com>
	<1383816652.26213.143.camel@kazak.uk.xensource.com>
	<24B7017F-1AC7-4900-93EB-F54C11002491@McAfee.com>
	<527BC68A0200007800100CD0@nat28.tlf.novell.com>
	<68C961D4-1162-4673-B044-179A4F9F8865@McAfee.com>
	<527BD38E0200007800100DA4@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <Andrew.Cooper3@citrix.com>) id 1VeSzU-0006f5-HL
	for xen-devel@lists.xenproject.org; Thu, 07 Nov 2013 17:03:32 +0000
In-Reply-To: <527BD38E0200007800100DA4@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: lars.kurth.xen@gmail.com, xen-devel@lists.xenproject.org, lars.kurth@xen.org, Jeff_Zimmerman@McAfee.com, Ian.Campbell@citrix.com
List-Id: xen-devel@lists.xenproject.org

On 07/11/13 16:53, Jan Beulich wrote:
>>>> On 07.11.13 at 17:02, <Jeff_Zimmerman@McAfee.com> wrote:
>> On Nov 7, 2013, at 7:57 AM, Jan Beulich <JBeulich@suse.com>
>>  wrote:
>>
>>>>>> On 07.11.13 at 16:41, <Jeff_Zimmerman@McAfee.com> wrote:
>>>> On Nov 7, 2013, at 1:30 AM, Ian Campbell <Ian.Campbell@citrix.com>  wrote:
>>>>> I was also wondering about the behaviour of using vmx instructions in a
>>>>> guest despite vmx not being visible in cpuid...
>>>>>
>>>> We have found in our situation this is exactly the case. To verify we wrote 
>>>> some
>>>> test code that makes vmx calls without checking cupid. On bare hardware the 
>>>> program
>>>> executes as expected. In a VM on Xen it causes the hypervisor to panic.
>>> You trying it doesn't yet imply that Windows also does so.
>>>
>>> Also, you say "program" - are you using these from user mode code?
>> Yes, from windows run as a privileged user. Windows XP sp3 can cause the 
>> crash.
>> It seems windows 7 has better security, we cannot crash the system from a 
>> win7 guest.
> Which is sort of odd. Anyway - care to try the attached patch?
>
> Jan
>

While the patch does look plausible, there is still clearly an issue
that an HVM guest with nested_virt disabled can even use the VMX
instructions, rather than getting flat out #UD exceptions.

~Andrew