Xen project Mailing List

Re: [Xen-devel] [PATCH v2] x86: fix a crash in SPEC_CTRL_ENTRY_FROM_INTR_IST

From: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Date: Wed, 14 Feb 2018 09:27:13 +0000

Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Delivery-date: Wed, 14 Feb 2018 09:27:26 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Wed, Feb 14, 2018 at 01:09:28AM -0700, Jan Beulich wrote: > In an IBRS available env, bootup panic when bti=0 like below: > > (XEN) Speculative mitigation facilities: > (XEN) Hardware features: SMEP IBRS/IBPB STIBP > (XEN) BTI mitigations: Thunk N/A, Others: IBRS- SMEP > (XEN) ----[ Xen-4.4.4OVM x86_64 debug=n Tainted: C ]---- > (XEN) CPU: 0 > (XEN) RIP: e008:[<ffff82d0802041bb>] > entry.o#handle_ist_exception+0xd1/0x176 > (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor > (XEN) rax: 0000000000000000 rbx: 0000000000000000 rcx: 0000000000000048 > (XEN) rdx: 0000000000000001 rsi: 0000000000000000 rdi: 0000000000000000 > (XEN) rbp: 0000000000000000 rsp: ffff82d080529f58 r8: 0000000000000000 > (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 > (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: ffff82d08052ffff > (XEN) r15: 0000000000000000 cr0: 000000008005003b cr4: 00000000001506f0 > (XEN) cr3: 0000000076fbe000 cr2: 0000000000000000 > (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0000 cs: e008 > (XEN) Xen stack trace from rsp=ffff82d080529f58: > (XEN) 0000000000000018 00000000ffffffff 0000000000000002 ffff82d080528000 > (XEN) 0000000000000000 ffff82d0802a50e0 ffff82d08052fd98 ffff82d08072fc00 > (XEN) 0000000000000000 0000000000010000 0000000000000400 0000000000000830 > (XEN) 0000000000000000 000000000000000a ffff82d0803f0fc0 0000000200000000 > (XEN) ffff82d080298876 000000000000e008 0000000000000046 ffff82d08052fdf8 > (XEN) 0000000000000000 > (XEN) Xen call trace: > (XEN) [<ffff82d0802041bb>] entry.o#handle_ist_exception+0xd1/0x176 > (XEN) > (XEN) > (XEN) **************************************** > (XEN) Panic on CPU 0: > (XEN) GENERAL PROTECTION FAULT > (XEN) [error_code=0000] > (XEN) **************************************** > > It's due to %edx isn't cleared to zero before wrmsr. > > DO_OVERWRITE_RSB clobbers %eax and happend to cover the bug in certain case so > we didn't reproduce without bti=0. > > Signed-off-by: Zhenzhong Duan <zhenzhong.duan@xxxxxxxxxx> > > Re-do actual code change. Also drop an unused label. > > Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> Reviewed-by: Roger Pau Monné <roger.pau@xxxxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.