[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] 4.11.0 RC1 panic



>>> On 12.06.18 at 18:29, <andrew.cooper3@xxxxxxxxxx> wrote:
> On 12/06/18 17:00, Manuel Bouyer wrote:
>> On Tue, Jun 12, 2018 at 04:54:30PM +0100, Andrew Cooper wrote:
>>> On 12/06/18 16:38, Manuel Bouyer wrote:
>>>> On Tue, Jun 12, 2018 at 01:39:05PM +0200, Manuel Bouyer wrote:
>>>>> I applied this patch to 4.11rc4 (let's not change too much things at the
>>>>> same time) and rebooted my test host. Hopefully I'll have some data to 
>>>>> report
>>>>> soon
>>>> Got the first panic (still from a i386 domU):
>>>> login: (XEN) d4v0 Hit #DB in Xen context: e008:ffff82d08036eb00 
>>>> [overflow], stk 0000:ffff8301bf117f78, dr6 ffff0ff0
>>>> (XEN) d4v0 Hit #DB in Xen context: e008:ffff82d08036eb00 [overflow], stk 
>>>> 0000:ffff8301bf117f78, dr6 ffff0ff0
>>>> (XEN) d4v0 Hit #DB in Xen context: e008:ffff82d08036eb00 [overflow], stk 
>>>> 0000:ffff8301bf117f78, dr6 ffff0ff0
>>>> (XEN) d4v0 Hit #DB in Xen context: e008:ffff82d08036eb00 [overflow], stk 
>>>> 0000:ffff8301bf117f78, dr6 ffff0ff0
>>>> (XEN) d4v0 Hit #DB in Xen context: e008:ffff82d08036eb00 [overflow], stk 
>>>> 0000:ffff8301bf117f78, dr6 ffff0ff0
>>>> (XEN) d4v2 Hit #DB in Xen context: e008:ffff82d08036eb00 [overflow], stk 
>>>> 0000:ffff8301bf077f78, dr6 ffff0ff0
>>> I presume you're running a XSA-263 (MovSS) exploit in testing?
>> Not intentionally, these are the NetBSD test suite and I don't think any
>> specifically targets this (there are 759 tests at this time).
>> But these includes network tests, so there is probably in kernel bpf code 
>> tests.
> 
> This specific message can only be triggered (so far as we know) by a
> MovSS-deferred #DB, in this case over an `into` instruction.
> 
> If this isn't a dedicated test, then whatever you've got in your test
> suite came dangerously close to discovering the MovSS issue.

So maybe, instead of logging CS and SS in the above message, it would
be more helpful to log the guest mode RIP here, to help understand the
origin?

Jan



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.