[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)

To: <Ian.Campbell@xxxxxxxxxx>
From: <Jeff_Zimmerman@xxxxxxxxxx>
Date: Thu, 7 Nov 2013 15:41:04 +0000
Accept-language: en-US
Cc: lars.kurth.xen@xxxxxxxxx, andrew.cooper3@xxxxxxxxxx, lars.kurth@xxxxxxx, JBeulich@xxxxxxxx, xen-devel@xxxxxxxxxxxxxxxxxxxx
Delivery-date: Thu, 07 Nov 2013 15:41:15 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>
Thread-index: AQHO2g5pegkO3uVzyku8kKT4/tfL9JoXPbaAgABhmoCAARWXgIAAH/gAgAAEJoCAAAhkgIAAAZsAgAADSgCAAABjgIABDQkAgAAFmwCAAGdzgA==
Thread-topic: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)

On Nov 7, 2013, at 1:30 AM, Ian Campbell <Ian.Campbell@xxxxxxxxxx>
 wrote:

> On Thu, 2013-11-07 at 09:10 +0000, Jan Beulich wrote:
>>>>> On 06.11.13 at 18:07, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>>> On 06/11/13 17:06, Ian Campbell wrote:
>>>> On Wed, 2013-11-06 at 16:54 +0000, Andrew Cooper wrote:
>>>>> I looked over the xl code and thought that nestedhvm should default to
>>>>> false, but I would prefer someone more familar with libxl and the idl to
>>>>> confirm what the default should be.
>>>> libxl thinks the default is false and will set HVM_PARAM_NESTEDHVM to 0
>>>> in that case. Is there some way to query the hypervisor for what it
>>>> thinks the setting is?
>>> 
>>> A get hvmparam hypercall will retrieve the value, but it is initialised
>>> to 0 and only ever set by a set hvmparam hypercall.
>> 
>> Which makes me start suspecting that the guest might be deriving
>> its information on VMX being available from something other than
>> CPUID. Of course we ought to confirm that we don't unintentionally
>> return the VMX flag set (and that the config file doesn't override it
>> in this way - I think we shouldn't be suppressing user overrides
>> here, but I didn't go check whether we do).
> 
> I was also wondering about the behaviour of using vmx instructions in a
> guest despite vmx not being visible in cpuid...
> 
> Ian.
> 
> 
We have found in our situation this is exactly the case. To verify we wrote some
test code that makes vmx calls without checking cupid. On bare hardware the 
program
executes as expected. In a VM on Xen it causes the hypervisor to panic.

From a security standpoint this is very very bad. It might be a good idea to 
provide either
a run-time or build-time option to disable nestedhvm. Just turning off the vmx 
bit is not enough
as malicious or badly written code can cause a system crash.

For us it looks like we can disable these instructions and avoid the crash.

Jeff.
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jan Beulich
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Andrew Cooper

References:
- [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Lars Kurth
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jan Beulich
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Lars Kurth
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jan Beulich
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jeff_Zimmerman
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Ian Campbell
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jeff_Zimmerman
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Andrew Cooper
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Ian Campbell
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Andrew Cooper
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Jan Beulich
- Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
  - From: Ian Campbell

Prev by Date: Re: [Xen-devel] [PATCH v14 07/17] pvh: vmx-specific changes
Next by Date: Re: [Xen-devel] [PATCH v14 07/17] pvh: vmx-specific changes
Previous by thread: Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
Next by thread: Re: [Xen-devel] Intermittent fatal page fault with XEN 4.3.1 (Centos 6.3 DOM0 with linux kernel 3.10.16.)
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.