|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] Fix a panic in SPEC_CTRL_ENTRY_FROM_INTR_IST
在 2018/2/14 15:56, Jan Beulich 写道: On 14.02.18 at 05:03, <zhenzhong.duan@xxxxxxxxxx> wrote:On on IBRS available env, bootup panic when bti=0 like below: (XEN) Speculative mitigation facilities: (XEN) Hardware features: SMEP IBRS/IBPB STIBP (XEN) BTI mitigations: Thunk N/A, Others: IBRS- SMEP (XEN) ----[ Xen-4.4.4OVM x86_64 debug=n Tainted: C ]---- (XEN) CPU: 0 (XEN) RIP: e008:[<ffff82d0802041bb>] entry.o#handle_ist_exception+0xd1/0x176 (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor (XEN) rax: 0000000000000000 rbx: 0000000000000000 rcx: 0000000000000048 (XEN) rdx: 0000000000000001 rsi: 0000000000000000 rdi: 0000000000000000 (XEN) rbp: 0000000000000000 rsp: ffff82d080529f58 r8: 0000000000000000 (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: ffff82d08052ffff (XEN) r15: 0000000000000000 cr0: 000000008005003b cr4: 00000000001506f0 (XEN) cr3: 0000000076fbe000 cr2: 0000000000000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0000 cs: e008 (XEN) Xen stack trace from rsp=ffff82d080529f58: (XEN) 0000000000000018 00000000ffffffff 0000000000000002 ffff82d080528000 (XEN) 0000000000000000 ffff82d0802a50e0 ffff82d08052fd98 ffff82d08072fc00 (XEN) 0000000000000000 0000000000010000 0000000000000400 0000000000000830 (XEN) 0000000000000000 000000000000000a ffff82d0803f0fc0 0000000200000000 (XEN) ffff82d080298876 000000000000e008 0000000000000046 ffff82d08052fdf8 (XEN) 0000000000000000 (XEN) Xen call trace: (XEN) [<ffff82d0802041bb>] entry.o#handle_ist_exception+0xd1/0x176 (XEN) (XEN) (XEN) **************************************** (XEN) Panic on CPU 0: (XEN) GENERAL PROTECTION FAULT (XEN) [error_code=0000] (XEN) **************************************** It's due to %edx isn't cleared to zero before wrmsr. DO_OVERWRITE_RSB clobbers %eax and happend to cover the bug in certain case so we didn't reproduce without bti=0. Change to use %edx. Reviewed-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> Tested-by: Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx> Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx>Two formal things: Please put tags in sequential (in time) order: reporter, author(s), reviewers/testers. And please follow patch submission rules - send them _to_ the list, with maintainers (and other interested parties) on _cc_. Got it. --- a/xen/include/asm-x86/spec_ctrl_asm.h +++ b/xen/include/asm-x86/spec_ctrl_asm.h @@ -269,16 +269,16 @@ * This is logical merge of DO_OVERWRITE_RSB and DO_SPEC_CTRL_ENTRY * maybexen=1, but with conditionals rather than alternatives. */ - movzbl STACK_CPUINFO_FIELD(bti_ist_info)(%r14), %eax + movzbl STACK_CPUINFO_FIELD(bti_ist_info)(%r14), %edx- testb $BTI_IST_RSB, %al Right, I missed this part, thanks for point. Your v2 patch looks good for me. -- thanks zduan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |