Xen project Mailing List

Re: [Xen-devel] [PATCH] x86/PV: properly populate descriptor tables

To: Jan Beulich <JBeulich@xxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Wed, 23 Sep 2015 16:47:14 +0100

Cc: Wei Liu <wei.liu2@xxxxxxxxxx>, Keir Fraser <keir@xxxxxxx>

Delivery-date: Wed, 23 Sep 2015 15:47:24 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 23/09/15 16:34, Jan Beulich wrote:

Us extending the GDT limit past the Xen descriptors so far meant that
guests (including user mode programs) accessing any descriptor table
slot above the original OS'es limit but below the first Xen descriptor
caused a #PF, converted to a #GP in our #PF handler. Which is quite
different from the native behavior, where some of such accesses (LAR
and LSL) don't fault. Mimic that behavior by mapping a blank page into
unused slots.

While not strictly required, treat the LDT the same for consistency.

Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

Oh - thanks for doing this. (Luckily, I hadn't yet had enough time to

look into it.)

Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

---
Not sure about 4.6 here: Beyond Andrew noticing I don't think anyone
ran into this issue in a real world environment, and hence it doesn't
seem to be too critical to get this fixed.

This bug causes unexpected #GP faults being handed to PV guests which

would not occur on native, when using the `lsl` and `lsr` instructions.

I expect it is the rarity of those instructions which is why this has

gone unnoticed for so long.

It probably should be backported. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.