On 04/11/2019 15:33, Håkon Alstadheim wrote: > > Den 04.11.2019 14:31, skrev Andrew Cooper: >> On 03/11/2019 10:23, Håkon Alstadheim wrote: >> >>> (XEN) [2019-11-02 14:09:46] d2v0 vmentry failure (reason 0x80000021): >>> Invalid guest state (0) >>> (XEN) [2019-11-02 14:09:46] ************* VMCS Area ************** >>> (XEN) [2019-11-02 14:09:46] *** Guest State *** >>> (XEN) [2019-11-02 14:09:46] CR0: actual=0x0000000080050031, >>> shadow=0x0000000080050031, gh_mask=ffffffffffffffff >>> (XEN) [2019-11-02 14:09:46] CR4: actual=0x0000000000172678, >>> shadow=0x0000000000170678, gh_mask=ffffffffffe8f860 >>> (XEN) [2019-11-02 14:09:46] CR3 = 0x00000000001aa002 >>> (XEN) [2019-11-02 14:09:46] RSP = 0xffff8c0f4dd71e98 >>> (0xffff8c0f4dd71e98) RIP = 0xffffd18a040bb75e (0xffffd18a040bb75e) >>> (XEN) [2019-11-02 14:09:46] RFLAGS=0x00000187 (0x00000187) DR7 = >>> 0x0000000000000400 >>> (XEN) [2019-11-02 14:09:46] Sysenter RSP=0000000000000000 >>> CS:RIP=0000:0000000000000000 >>> (XEN) [2019-11-02 14:09:46] sel attr limit base >>> (XEN) [2019-11-02 14:09:46] CS: 0010 0209b 00000000 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] DS: 002b 0c0f3 ffffffff 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] SS: 0018 04093 00000000 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] ES: 002b 0c0f3 ffffffff 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] FS: 0053 040f3 00003c00 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] GS: 002b 0c0f3 ffffffff fffff8044ff80000 >>> (XEN) [2019-11-02 14:09:46] GDTR: 00000057 fffff80459c61fb0 >>> (XEN) [2019-11-02 14:09:46] LDTR: 0000 1c000 ffffffff 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] IDTR: 0000012f ffffd18a014a0980 >>> (XEN) [2019-11-02 14:09:46] TR: 0040 0008b 00000067 fffff80459c60000 >>> (XEN) [2019-11-02 14:09:46] EFER(VMCS) = 0x0000000000000d01 PAT = >>> 0x0007010600070106 >>> (XEN) [2019-11-02 14:09:46] PreemptionTimer = 0x00000000 SM Base = >>> 0x00000000 >>> (XEN) [2019-11-02 14:09:46] DebugCtl = 0x0000000000000000 >>> DebugExceptions = 0x0000000000000000 >>> (XEN) [2019-11-02 14:09:46] Interruptibility = 00000002 ActivityState >>> = 00000000 >>> (XEN) [2019-11-02 14:09:46] InterruptStatus = 0000 >>> (XEN) [2019-11-02 14:09:46] *** Host State *** >>> (XEN) [2019-11-02 14:09:46] RIP = 0xffff82d080341950 >>> (vmx_asm_vmexit_handler) RSP = 0xffff83083ff0ff70 >>> (XEN) [2019-11-02 14:09:46] CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 >>> GS=0000 TR=e040 >>> (XEN) [2019-11-02 14:09:46] FSBase=0000000000000000 >>> GSBase=0000000000000000 TRBase=ffff83083ff14000 >>> (XEN) [2019-11-02 14:09:46] GDTBase=ffff83083ff03000 >>> IDTBase=ffff83083ff07000 >>> (XEN) [2019-11-02 14:09:46] CR0=0000000080050033 CR3=000000054dbea000 >>> CR4=00000000001526e0 >>> (XEN) [2019-11-02 14:09:46] Sysenter RSP=ffff83083ff0ffa0 >>> CS:RIP=e008:ffff82d080395440 >>> (XEN) [2019-11-02 14:09:46] EFER = 0x0000000000000d01 PAT = >>> 0x0000050100070406 >>> (XEN) [2019-11-02 14:09:46] *** Control State *** >>> (XEN) [2019-11-02 14:09:46] PinBased=000000bf CPUBased=b62065fa >>> SecondaryExec=000017eb >>> (XEN) [2019-11-02 14:09:46] EntryControls=0000d3ff >>> ExitControls=002fefff >>> (XEN) [2019-11-02 14:09:46] ExceptionBitmap=00060002 PFECmask=00000000 >>> PFECmatch=00000000 >>> (XEN) [2019-11-02 14:09:46] VMEntry: intr_info=80000501 >>> errcode=00000000 ilen=00000001 >>> (XEN) [2019-11-02 14:09:46] VMExit: intr_info=80000501 >>> errcode=00000000 ilen=00000001 >>> (XEN) [2019-11-02 14:09:46] reason=80000021 >>> qualification=0000000000000000 >>> (XEN) [2019-11-02 14:09:46] IDTVectoring: info=00000000 >>> errcode=00000000 >>> (XEN) [2019-11-02 14:09:46] TSC Offset = 0xfffff45ded46dd57 TSC >>> Multiplier = 0x0000000000000000 >>> (XEN) [2019-11-02 14:09:46] TPR Threshold = 0x00 PostedIntrVec = 0xf5 >>> (XEN) [2019-11-02 14:09:46] EPT pointer = 0x000000054e3a701e EPTP >>> index = 0x0000 >>> (XEN) [2019-11-02 14:09:46] PLE Gap=00000080 Window=00001000 >>> (XEN) [2019-11-02 14:09:46] Virtual processor ID = 0x5a02 VMfunc >>> controls = 0000000000000000 >>> (XEN) [2019-11-02 14:09:46] ************************************** >>> (XEN) [2019-11-02 14:09:46] domain_crash called from vmx.c:3335 >>> (XEN) [2019-11-02 14:09:46] Domain 2 (vcpu#0) crashed on cpu#2: >> Interruptibility = 00000002 (Blocked by Mov SS) and VMEntry: >> intr_info=80000501 (ICEBP) >> >> Dare I ask what you're running in your windows guest? Unless it is a >> vulnerability test suite, I'm rather concerned. > > Because I have pulled out all stops ? Well no particular reason. I've > asked my kids nicely not to poke any /more/ holes in the security on > the system. Probably should tighten up the ship. I have some conflict > going on between the hardware pci USB cards in the machine, so I > thought I'd see what would happen if I gave ASUS and whatever no-name > Taiwanese I have in there free rein. Nothing gained as far as I can > see, so I'll see about closing some of the more gaping holes. At least > as far as getting rid of deprecation warnings go :-) . > > I hope "they" never get serious about requiring a license to own a > computer with Internet access. :-)
Something in the VM is attempting to exploit XSA-260 / CVE-2018-8897 against the guest kernel, using a variation of the attack. Xen should cope with the entry conditions correctly, and I think I've figured out a fairly non-invasive way of fixing this particular case without the full-blown #DB rework. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel
