Re: [Xen-devel] [VMI] Possible race-condition in altp2m APIs

[Mathieu Tarral <mathieu.tarral@xxxxxxxxxxxxxx>]

Le jeudi, mai 9, 2019 8:08 PM, Tamas K Lengyel <tamas@xxxxxxxxxxxxx> a écrit :
> > > > I already suggested to Mathieu to try to reproduce the issue using the
> > > > xen-access test tool that's in the Xen tree to cut out all that
> > > > complexity.
> >
> > xen-access is ok, but I've never encountered a situation where I haven't
> > had to modify it first to get it usable.
>
> Right, it would likely have to be modified.
>
> > I have some plans to replace it with something far more usable, as part
> > of tying together some XTF-based VMI testing, but none of that is
> > remotely ready yet.
>
> Yes, that would be fantastic to have.
>
> > > Without being able to limit the scope of the bug and being
> > > able to reproducible trigger it I see little chance of finding the
> > > root cause. Unfortunately I don't have the time to do that myself.
> >
> > I can probably help out with some suggestions, but I agree that we are
> > going to have to cut out some of the complexity here to figure out
> > exactly what is going on.
> > Alternatively, if there are some sufficiently detailed instructions for
> > how to put together a repro of the problem using libvmi/etc, I might be
> > able to start debugging from that, but I definitely don't have time to
> > do that in the next week.
>
> The instructions are onhttps://drakvuf.com. AFAICT Mathieu is running
> into the issue with simply running it on a up-to-date Windows 10 guest
> but not in any way that I would call reproducible. Running it "for a
> minute or two" is really not a reproducible bug description.

I think there are 2 separate issues,
one is the race-condition i'm describing, impacting both Windows 7 and Windows 
10 (which I have tested.).
second is a crash linked to KPTI (the crash happens really fast, and Windows 10 
without kpti is quite stable under Drakvuf monitoring.

Regarding how reproductible it is, what I have for now is a PyTest based test 
suite,
that will inject the sample using either Drakvuf's method 
(createproc/shellexec) or Ansible/WinRM.

The execution is monitored and when I detect that the process terminated, I 
validate the test.

On Windows 7 x64, with 4 VCPUs, it crashes around ~10 tests.
@Andrew would you like to give this a try, and repro the issue on your side 
with the test suite ?
That's the best "reproducibility" I can offer you at the moment.

My next objective will be to look at xen-access tool, and modify it to inject 
steath breakpoints,
the same way drakvuf does, to build bug repro as small as possible.

Mathieu

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel