[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUG] Invalid guest state in Xen master, dom0 linux-5.3.6, domU windows 10


  • To: Håkon Alstadheim <hakon@xxxxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Mon, 4 Nov 2019 13:31:42 +0000
  • Authentication-results: esa5.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@xxxxxxxxxx; spf=Pass smtp.mailfrom=Andrew.Cooper3@xxxxxxxxxx; spf=None smtp.helo=postmaster@xxxxxxxxxxxxxxx
  • Autocrypt: addr=andrew.cooper3@xxxxxxxxxx; prefer-encrypt=mutual; keydata= mQINBFLhNn8BEADVhE+Hb8i0GV6mihnnr/uiQQdPF8kUoFzCOPXkf7jQ5sLYeJa0cQi6Penp VtiFYznTairnVsN5J+ujSTIb+OlMSJUWV4opS7WVNnxHbFTPYZVQ3erv7NKc2iVizCRZ2Kxn srM1oPXWRic8BIAdYOKOloF2300SL/bIpeD+x7h3w9B/qez7nOin5NzkxgFoaUeIal12pXSR Q354FKFoy6Vh96gc4VRqte3jw8mPuJQpfws+Pb+swvSf/i1q1+1I4jsRQQh2m6OTADHIqg2E ofTYAEh7R5HfPx0EXoEDMdRjOeKn8+vvkAwhviWXTHlG3R1QkbE5M/oywnZ83udJmi+lxjJ5 YhQ5IzomvJ16H0Bq+TLyVLO/VRksp1VR9HxCzItLNCS8PdpYYz5TC204ViycobYU65WMpzWe LFAGn8jSS25XIpqv0Y9k87dLbctKKA14Ifw2kq5OIVu2FuX+3i446JOa2vpCI9GcjCzi3oHV e00bzYiHMIl0FICrNJU0Kjho8pdo0m2uxkn6SYEpogAy9pnatUlO+erL4LqFUO7GXSdBRbw5 gNt25XTLdSFuZtMxkY3tq8MFss5QnjhehCVPEpE6y9ZjI4XB8ad1G4oBHVGK5LMsvg22PfMJ ISWFSHoF/B5+lHkCKWkFxZ0gZn33ju5n6/FOdEx4B8cMJt+cWwARAQABtClBbmRyZXcgQ29v cGVyIDxhbmRyZXcuY29vcGVyM0BjaXRyaXguY29tPokCOgQTAQgAJAIbAwULCQgHAwUVCgkI CwUWAgMBAAIeAQIXgAUCWKD95wIZAQAKCRBlw/kGpdefoHbdD/9AIoR3k6fKl+RFiFpyAhvO 59ttDFI7nIAnlYngev2XUR3acFElJATHSDO0ju+hqWqAb8kVijXLops0gOfqt3VPZq9cuHlh IMDquatGLzAadfFx2eQYIYT+FYuMoPZy/aTUazmJIDVxP7L383grjIkn+7tAv+qeDfE+txL4 SAm1UHNvmdfgL2/lcmL3xRh7sub3nJilM93RWX1Pe5LBSDXO45uzCGEdst6uSlzYR/MEr+5Z JQQ32JV64zwvf/aKaagSQSQMYNX9JFgfZ3TKWC1KJQbX5ssoX/5hNLqxMcZV3TN7kU8I3kjK mPec9+1nECOjjJSO/h4P0sBZyIUGfguwzhEeGf4sMCuSEM4xjCnwiBwftR17sr0spYcOpqET ZGcAmyYcNjy6CYadNCnfR40vhhWuCfNCBzWnUW0lFoo12wb0YnzoOLjvfD6OL3JjIUJNOmJy RCsJ5IA/Iz33RhSVRmROu+TztwuThClw63g7+hoyewv7BemKyuU6FTVhjjW+XUWmS/FzknSi dAG+insr0746cTPpSkGl3KAXeWDGJzve7/SBBfyznWCMGaf8E2P1oOdIZRxHgWj0zNr1+ooF /PzgLPiCI4OMUttTlEKChgbUTQ+5o0P080JojqfXwbPAyumbaYcQNiH1/xYbJdOFSiBv9rpt TQTBLzDKXok86LkCDQRS4TZ/ARAAkgqudHsp+hd82UVkvgnlqZjzz2vyrYfz7bkPtXaGb9H4 Rfo7mQsEQavEBdWWjbga6eMnDqtu+FC+qeTGYebToxEyp2lKDSoAsvt8w82tIlP/EbmRbDVn 7bhjBlfRcFjVYw8uVDPptT0TV47vpoCVkTwcyb6OltJrvg/QzV9f07DJswuda1JH3/qvYu0p vjPnYvCq4NsqY2XSdAJ02HrdYPFtNyPEntu1n1KK+gJrstjtw7KsZ4ygXYrsm/oCBiVW/OgU g/XIlGErkrxe4vQvJyVwg6YH653YTX5hLLUEL1NS4TCo47RP+wi6y+TnuAL36UtK/uFyEuPy wwrDVcC4cIFhYSfsO0BumEI65yu7a8aHbGfq2lW251UcoU48Z27ZUUZd2Dr6O/n8poQHbaTd 6bJJSjzGGHZVbRP9UQ3lkmkmc0+XCHmj5WhwNNYjgbbmML7y0fsJT5RgvefAIFfHBg7fTY/i kBEimoUsTEQz+N4hbKwo1hULfVxDJStE4sbPhjbsPCrlXf6W9CxSyQ0qmZ2bXsLQYRj2xqd1 bpA+1o1j2N4/au1R/uSiUFjewJdT/LX1EklKDcQwpk06Af/N7VZtSfEJeRV04unbsKVXWZAk uAJyDDKN99ziC0Wz5kcPyVD1HNf8bgaqGDzrv3TfYjwqayRFcMf7xJaL9xXedMcAEQEAAYkC HwQYAQgACQUCUuE2fwIbDAAKCRBlw/kGpdefoG4XEACD1Qf/er8EA7g23HMxYWd3FXHThrVQ HgiGdk5Yh632vjOm9L4sd/GCEACVQKjsu98e8o3ysitFlznEns5EAAXEbITrgKWXDDUWGYxd pnjj2u+GkVdsOAGk0kxczX6s+VRBhpbBI2PWnOsRJgU2n10PZ3mZD4Xu9kU2IXYmuW+e5KCA vTArRUdCrAtIa1k01sPipPPw6dfxx2e5asy21YOytzxuWFfJTGnVxZZSCyLUO83sh6OZhJkk b9rxL9wPmpN/t2IPaEKoAc0FTQZS36wAMOXkBh24PQ9gaLJvfPKpNzGD8XWR5HHF0NLIJhgg 4ZlEXQ2fVp3XrtocHqhu4UZR4koCijgB8sB7Tb0GCpwK+C4UePdFLfhKyRdSXuvY3AHJd4CP 4JzW0Bzq/WXY3XMOzUTYApGQpnUpdOmuQSfpV9MQO+/jo7r6yPbxT7CwRS5dcQPzUiuHLK9i nvjREdh84qycnx0/6dDroYhp0DFv4udxuAvt1h4wGwTPRQZerSm4xaYegEFusyhbZrI0U9tJ B8WrhBLXDiYlyJT6zOV2yZFuW47VrLsjYnHwn27hmxTC/7tvG3euCklmkn9Sl9IAKFu29RSo d5bD8kMSCYsTqtTfT6W4A3qHGvIDta3ptLYpIAOD2sY3GYq2nf3Bbzx81wZK14JdDDHUX2Rs 6+ahAA==
  • Delivery-date: Mon, 04 Nov 2019 13:31:51 +0000
  • Ironport-sdr: 3xOCxHTsuQ6CtdfhgYllrpB5vlKflVG4VSNCZAyBxy05JelvCKMbgB8pAaZciLVc11gMXvpOlA BinJHGi1xOdMfEYMOGQtDRhoO70rE8jhICcJHkV5EHH1nlX+VoP8VlYmtW37oD7A52MXQP3spi WmZvr2E6N3M/AUBUK5a5SBjFTIduFa7+uV51UBOrd5gpuvhD25jKBLJCU/VIVEz8ZvlsNvKdc3 2s9f+iRSo8mReeHGHeGeCqriuH6P+UskMdVYxLldamtSDHw0HdJ8g2xUynBVjdlAxqTBWkca9E tFQ=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Openpgp: preference=signencrypt

On 03/11/2019 10:23, Håkon Alstadheim wrote:

> (XEN) [2019-11-02 14:09:46] d2v0 vmentry failure (reason 0x80000021):
> Invalid guest state (0)
> (XEN) [2019-11-02 14:09:46] ************* VMCS Area **************
> (XEN) [2019-11-02 14:09:46] *** Guest State ***
> (XEN) [2019-11-02 14:09:46] CR0: actual=0x0000000080050031,
> shadow=0x0000000080050031, gh_mask=ffffffffffffffff
> (XEN) [2019-11-02 14:09:46] CR4: actual=0x0000000000172678,
> shadow=0x0000000000170678, gh_mask=ffffffffffe8f860
> (XEN) [2019-11-02 14:09:46] CR3 = 0x00000000001aa002
> (XEN) [2019-11-02 14:09:46] RSP = 0xffff8c0f4dd71e98
> (0xffff8c0f4dd71e98)  RIP = 0xffffd18a040bb75e (0xffffd18a040bb75e)
> (XEN) [2019-11-02 14:09:46] RFLAGS=0x00000187 (0x00000187)  DR7 =
> 0x0000000000000400
> (XEN) [2019-11-02 14:09:46] Sysenter RSP=0000000000000000
> CS:RIP=0000:0000000000000000
> (XEN) [2019-11-02 14:09:46]        sel  attr  limit   base
> (XEN) [2019-11-02 14:09:46]   CS: 0010 0209b 00000000 0000000000000000
> (XEN) [2019-11-02 14:09:46]   DS: 002b 0c0f3 ffffffff 0000000000000000
> (XEN) [2019-11-02 14:09:46]   SS: 0018 04093 00000000 0000000000000000
> (XEN) [2019-11-02 14:09:46]   ES: 002b 0c0f3 ffffffff 0000000000000000
> (XEN) [2019-11-02 14:09:46]   FS: 0053 040f3 00003c00 0000000000000000
> (XEN) [2019-11-02 14:09:46]   GS: 002b 0c0f3 ffffffff fffff8044ff80000
> (XEN) [2019-11-02 14:09:46] GDTR:            00000057 fffff80459c61fb0
> (XEN) [2019-11-02 14:09:46] LDTR: 0000 1c000 ffffffff 0000000000000000
> (XEN) [2019-11-02 14:09:46] IDTR:            0000012f ffffd18a014a0980
> (XEN) [2019-11-02 14:09:46]   TR: 0040 0008b 00000067 fffff80459c60000
> (XEN) [2019-11-02 14:09:46] EFER(VMCS) = 0x0000000000000d01  PAT =
> 0x0007010600070106
> (XEN) [2019-11-02 14:09:46] PreemptionTimer = 0x00000000  SM Base =
> 0x00000000
> (XEN) [2019-11-02 14:09:46] DebugCtl = 0x0000000000000000 
> DebugExceptions = 0x0000000000000000
> (XEN) [2019-11-02 14:09:46] Interruptibility = 00000002  ActivityState
> = 00000000
> (XEN) [2019-11-02 14:09:46] InterruptStatus = 0000
> (XEN) [2019-11-02 14:09:46] *** Host State ***
> (XEN) [2019-11-02 14:09:46] RIP = 0xffff82d080341950
> (vmx_asm_vmexit_handler)  RSP = 0xffff83083ff0ff70
> (XEN) [2019-11-02 14:09:46] CS=e008 SS=0000 DS=0000 ES=0000 FS=0000
> GS=0000 TR=e040
> (XEN) [2019-11-02 14:09:46] FSBase=0000000000000000
> GSBase=0000000000000000 TRBase=ffff83083ff14000
> (XEN) [2019-11-02 14:09:46] GDTBase=ffff83083ff03000
> IDTBase=ffff83083ff07000
> (XEN) [2019-11-02 14:09:46] CR0=0000000080050033 CR3=000000054dbea000
> CR4=00000000001526e0
> (XEN) [2019-11-02 14:09:46] Sysenter RSP=ffff83083ff0ffa0
> CS:RIP=e008:ffff82d080395440
> (XEN) [2019-11-02 14:09:46] EFER = 0x0000000000000d01  PAT =
> 0x0000050100070406
> (XEN) [2019-11-02 14:09:46] *** Control State ***
> (XEN) [2019-11-02 14:09:46] PinBased=000000bf CPUBased=b62065fa
> SecondaryExec=000017eb
> (XEN) [2019-11-02 14:09:46] EntryControls=0000d3ff ExitControls=002fefff
> (XEN) [2019-11-02 14:09:46] ExceptionBitmap=00060002 PFECmask=00000000
> PFECmatch=00000000
> (XEN) [2019-11-02 14:09:46] VMEntry: intr_info=80000501
> errcode=00000000 ilen=00000001
> (XEN) [2019-11-02 14:09:46] VMExit: intr_info=80000501
> errcode=00000000 ilen=00000001
> (XEN) [2019-11-02 14:09:46]         reason=80000021
> qualification=0000000000000000
> (XEN) [2019-11-02 14:09:46] IDTVectoring: info=00000000 errcode=00000000
> (XEN) [2019-11-02 14:09:46] TSC Offset = 0xfffff45ded46dd57  TSC
> Multiplier = 0x0000000000000000
> (XEN) [2019-11-02 14:09:46] TPR Threshold = 0x00  PostedIntrVec = 0xf5
> (XEN) [2019-11-02 14:09:46] EPT pointer = 0x000000054e3a701e  EPTP
> index = 0x0000
> (XEN) [2019-11-02 14:09:46] PLE Gap=00000080 Window=00001000
> (XEN) [2019-11-02 14:09:46] Virtual processor ID = 0x5a02 VMfunc
> controls = 0000000000000000
> (XEN) [2019-11-02 14:09:46] **************************************
> (XEN) [2019-11-02 14:09:46] domain_crash called from vmx.c:3335
> (XEN) [2019-11-02 14:09:46] Domain 2 (vcpu#0) crashed on cpu#2:

Interruptibility = 00000002 (Blocked by Mov SS) and VMEntry:
intr_info=80000501 (ICEBP)

Dare I ask what you're running in your windows guest?  Unless it is a
vulnerability test suite, I'm rather concerned.

Anyway - there are plenty of #DB injection corner cases, some of which
I'm still working through with Intel.  This is a new one I wasn't aware
of before, but its not surprising in hindsight.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.