Cui, Dexuan
2007-Nov-27 04:37 UTC
[Xen-devel] [PATCH][HVM] Inject #GP for un-emulated instructions rather than crash guest
The CrashMe stress test (a process repeatedly forks child processes, and
the child processes initialize a buffer with random numbers, then treat
the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest
easily; this is because we haven''t emulated all the instructions in
handle_mmio() yet.
The CrashMe process runs with root rights, and can access MMIO space in
an unknown way ("strace -f" shows the random codes running at CPL=3
don''t call mmap(), and don''t open any special files in /dev/
"); the gpa
may look like 0xa**** or 0xb****, or 0xfee0****.
After running CrashMe for several hours, I have found 24 un-emulated
instructions may be hit...
This patch may serve as a workaround.
Signed-off-by: Dexuan Cui <dexuan.cui@intel.com>
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
Keir Fraser
2007-Nov-27 07:55 UTC
[Xen-devel] Re: [PATCH][HVM] Inject #GP for un-emulated instructions rather than crash guest
Okay, but would #UD be a better exception to deliver in this case? Less overloaded than #GP and more appropriate? -- Keir On 27/11/07 04:37, "Cui, Dexuan" <dexuan.cui@intel.com> wrote:> The CrashMe stress test (a process repeatedly forks child processes, and > the child processes initialize a buffer with random numbers, then treat > the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1 guest > easily; this is because we haven''t emulated all the instructions in > handle_mmio() yet. > > The CrashMe process runs with root rights, and can access MMIO space in > an unknown way ("strace -f" shows the random codes running at CPL=3 > don''t call mmap(), and don''t open any special files in /dev/ "); the gpa > may look like 0xa**** or 0xb****, or 0xfee0****. > After running CrashMe for several hours, I have found 24 un-emulated > instructions may be hit... > > This patch may serve as a workaround. > > Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> >_______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
Nakajima, Jun
2007-Nov-27 17:16 UTC
RE: [Xen-devel] Re: [PATCH][HVM] Inject #GP for un-emulated instructions rather than crash guest
Keir Fraser wrote:> Okay, but would #UD be a better exception to deliver in this case?Less> overloaded than #GP and more appropriate?Since delivering #UD would provide more hints for guests to detect inconsistency (i.e. incomplete emulation) with instruction handling in the VM, I think delivering #GP should be more appropriate as a workaround.> > -- Keir > > On 27/11/07 04:37, "Cui, Dexuan" <dexuan.cui@intel.com> wrote: > > > The CrashMe stress test (a process repeatedly forks child processes,and> > the child processes initialize a buffer with random numbers, thentreat> > the buffer as code, and execute it) can crash 32-bit HVM RHEL5.1guest> > easily; this is because we haven''t emulated all the instructions in > > handle_mmio() yet. > > > > The CrashMe process runs with root rights, and can access MMIO spacein> > an unknown way ("strace -f" shows the random codes running at CPL=3 > > don''t call mmap(), and don''t open any special files in /dev/ "); thegpa> > may look like 0xa**** or 0xb****, or 0xfee0****. > > After running CrashMe for several hours, I have found 24 un-emulated > > instructions may be hit... > > > > This patch may serve as a workaround. > > > > Signed-off-by: Dexuan Cui <dexuan.cui@intel.com> > > >Jun --- Intel Open Source Technology Center _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel