Running ia32 binaries causes double fault on x86_64. We used to have USE_INT80 defined, re-enabling fixes my systems. ffffffff8011caa0 T ia32_sysenter_target (XEN) CPU: 0 (XEN) RIP: 0010:[<ffffffff8011caa0>] ??? (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor (XEN) rax: 0000000000000021 rbx: 0000000000c201ae rcx: 0000000000000000 (XEN) rdx: 0000000000c22108 rsi: 0000000000c22008 rdi: 0000000000000002 (XEN) rbp: 00000000ffffc4ac rsp: 0000000000000000 r8: 0000000000000000 (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: 0000000000000000 (XEN) r15: 0000000000000000 cr0: 000000008005003b cr3: 000000004b3a7000 (XEN) Xen stack trace from rsp=0000000000000000: (XEN) Stack empty. (XEN) Xen call trace: (XEN) [<ffffffff8011caa0>] ??? (XEN) (XEN) ************************************ (XEN) CPU0 FATAL TRAP 8 (double fault), ERROR_CODE 0000, IN INTERRUPT CONTEXT. (XEN) System shutting down -- need manual reset. (XEN) ************************************ Signed-off-by: Chris Wright <chrisw@sous-sol.org> --- diff -r 0defafc42af4 linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c --- a/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c Mon Feb 6 17:04:45 2006 +0100 +++ b/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c Tue Feb 7 02:37:25 2006 -0500 @@ -14,6 +14,7 @@ #include <asm/tlbflush.h> #include <asm/ia32_unistd.h> +#define USE_INT80 #ifdef USE_INT80 extern unsigned char syscall32_int80[], syscall32_int80_end[]; #endif diff -r 0defafc42af4 linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S --- a/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S Mon Feb 6 17:04:45 2006 +0100 +++ b/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S Tue Feb 7 02:37:25 2006 -0500 @@ -2,6 +2,7 @@ .section ".init.data","aw" +#define USE_INT80 #ifdef USE_INT80 .globl syscall32_int80 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Jan Beulich
2006-Feb-07 14:22 UTC
Re: [Xen-devel] [PATCH] fix x86_64 ia32 userspace support
Even with this fixed in the guest kernel I''d consider this a security hole if so, since executing a sysenter instruction in 32-bit user mode would then be a way to bring the whole system down. Jan>>> Chris Wright <chrisw@sous-sol.org> 07.02.06 09:46:19 >>>Running ia32 binaries causes double fault on x86_64. We used to have USE_INT80 defined, re-enabling fixes my systems. ffffffff8011caa0 T ia32_sysenter_target (XEN) CPU: 0 (XEN) RIP: 0010:[<ffffffff8011caa0>] ??? (XEN) RFLAGS: 0000000000010046 CONTEXT: hypervisor (XEN) rax: 0000000000000021 rbx: 0000000000c201ae rcx: 0000000000000000 (XEN) rdx: 0000000000c22108 rsi: 0000000000c22008 rdi: 0000000000000002 (XEN) rbp: 00000000ffffc4ac rsp: 0000000000000000 r8: 0000000000000000 (XEN) r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: 0000000000000000 (XEN) r15: 0000000000000000 cr0: 000000008005003b cr3: 000000004b3a7000 (XEN) Xen stack trace from rsp=0000000000000000: (XEN) Stack empty. (XEN) Xen call trace: (XEN) [<ffffffff8011caa0>] ??? (XEN) (XEN) ************************************ (XEN) CPU0 FATAL TRAP 8 (double fault), ERROR_CODE 0000, IN INTERRUPT CONTEXT. (XEN) System shutting down -- need manual reset. (XEN) ************************************ Signed-off-by: Chris Wright <chrisw@sous-sol.org> --- diff -r 0defafc42af4 linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c --- a/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c Mon Feb 6 17:04:45 2006 +0100 +++ b/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32-xen.c Tue Feb 7 02:37:25 2006 -0500 @@ -14,6 +14,7 @@ #include <asm/tlbflush.h> #include <asm/ia32_unistd.h> +#define USE_INT80 #ifdef USE_INT80 extern unsigned char syscall32_int80[], syscall32_int80_end[]; #endif diff -r 0defafc42af4 linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S --- a/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S Mon Feb 6 17:04:45 2006 +0100 +++ b/linux-2.6-xen-sparse/arch/x86_64/ia32/syscall32_syscall-xen.S Tue Feb 7 02:37:25 2006 -0500 @@ -2,6 +2,7 @@ .section ".init.data","aw" +#define USE_INT80 #ifdef USE_INT80 .globl syscall32_int80 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Keir Fraser
2006-Feb-07 15:01 UTC
Re: [Xen-devel] [PATCH] fix x86_64 ia32 userspace support
On 7 Feb 2006, at 14:22, Jan Beulich wrote:> Even with this fixed in the guest kernel I''d consider this a security > hole if so, since executing a sysenter instruction > in 32-bit user mode would then be a way to bring the whole system > down. JanThe hole turns out to be dom0 only. I''ve now checked in a fix. Christian will check in Chris''s int80 fix shortly. -- Keir _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Chris Wright
2006-Feb-07 18:17 UTC
Re: [Xen-devel] [PATCH] fix x86_64 ia32 userspace support
* Jan Beulich (JBeulich@novell.com) wrote:> Even with this fixed in the guest kernel I''d consider this a security hole if so, since executing a sysenter instruction > in 32-bit user mode would then be a way to bring the whole system down. JanYes, Absolutely agreed. Sorry, meant to mention that in the original email. thanks, -chris _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel