thr3ads.net - Xen devel - [Xen-devel] Invalid PDE entry in vmx domain will crash system. [Jan 2006]

If this information is useful, please help other people find it:
Share via:

Li, Xin B

2006-Jan-12 12:53 UTC

[Xen-devel] Invalid PDE entry in vmx domain will crash system.

Hi Keir, we found invalid PDE entry in vmx domain will crash the whole
system, the code is in update_hl2e():

static inline void
update_hl2e(struct vcpu *v, unsigned long va)
{
    int index = l2_table_offset(va);
    unsigned long mfn;
    l2_pgentry_t gl2e = v->arch.guest_vtable[index];
    l1_pgentry_t old_hl2e, new_hl2e;
    int need_flush = 0;

    ASSERT(shadow_mode_translate(v->domain));

    old_hl2e = v->arch.hl2_vtable[index];

    if ( (l2e_get_flags(gl2e) & _PAGE_PRESENT) &&
         VALID_MFN(mfn = get_mfn_from_pfn(l2e_get_pfn(gl2e))) )
        new_hl2e = l1e_from_pfn(mfn, __PAGE_HYPERVISOR);
    else
        new_hl2e = l1e_empty();

... ...
}

Here, if there is an invalid PDE entry in VMX domain (For example, a VMX
domain only has 512M RAM, but a PDE entry is 0x40000063, the pfn is
beyond 512M RAM), so this invalid PDE entry will cause mfn
get_mfn_from_pfn(l2e_get_pfn(gl2e)) return the invalid mfn = 0xFFFFFFFF,
and then a bad PTE is set into hl2 table, and later while trying to get
the gl1e of VMX guest, a page fault happened in Xen, and crashed the
system.

The problem here is, even there is an invalid PDE entry in VMX guest,
xen HV should not crash. We need a patch to protect Xen HV here, two
pieces of code need change:
1) if VALID_MFN(mfn = get_mfn_from_pfn(l2e_get_pfn(gl2e))) is true, this
function should fail. But seems xenlinux also uses this function, will
such change impact on xenlinux? Or only fail when it''s external mode.
2) Jun suggested when accessing linear_pg_table, we should use
copy_from_user, change 
    orig_gpte = gpte = linear_pg_table[l1_linear_offset(va)];
To
    if ( !(__copy_from_user(&gpte,
&linear_pg_table[l1_linear_offset(va)],
                           sizeof(gpte)) == 0) )
    {
        printk("Bad guest PDE entry: gpde = 0x%x, va = 0x%lx\n",
               l2e_get_intpte(gpde), va);
        //fail handling...
    }

If you think it''s OK, I will send a patch later.

-Xin

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Keir Fraser

2006-Jan-12 13:31 UTC

head link

Re: [Xen-devel] Invalid PDE entry in vmx domain will crash system.

On 12 Jan 2006, at 12:53, Li, Xin B wrote:
> If you think it''s OK, I will send a patch later.
Fine by me.

  -- Keir


_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

Xen devel - Jan 2006 - Invalid PDE entry in vmx domain will crash system.

[Xen-devel] Invalid PDE entry in vmx domain will crash system.

Re: [Xen-devel] Invalid PDE entry in vmx domain will crash system.