Re: port-amd64/49150: xrstor is privileged in Xen

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,jnemeth%CornerstoneService.ca@localhost
Subject: Re: port-amd64/49150: xrstor is privileged in Xen
From: John Nemeth <jnemeth%cue.bc.ca@localhost>
Date: Mon, 25 Aug 2014 08:30:01 +0000 (UTC)

The following reply was made to PR port-amd64/49150; it has been noted by GNATS.

From: John Nemeth <jnemeth%cue.bc.ca@localhost>
To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>, 
gnats-bugs%NetBSD.org@localhost
Cc: port-amd64-maintainer%NetBSD.org@localhost, 
gnats-admin%NetBSD.org@localhost,
        netbsd-bugs%NetBSD.org@localhost
Subject: Re: port-amd64/49150: xrstor is privileged in Xen
Date: Mon, 25 Aug 2014 01:24:43 -0700

 On Aug 25,  9:54am, Manuel Bouyer wrote:
 } On Mon, Aug 25, 2014 at 05:25:00AM +0000, 
jnemeth%CornerstoneService.ca@localhost wrote:
 } > >Description:
 } >    The xrstor instruction is privileged in Xen and the use of
 } > it leads to a panic, "fatal privileged instruction fault in supervisor
 } > mode".
 } > >How-To-Repeat:
 } >    Attempt to boot a NetBSD 7 BETA domu kernel and watch it go
 } > boom at mountroot time.
 } 
 } that's strange, amd64 XEN3_DOMU boots fine here:
 } http://www-soc.lip6.fr/~bouyer/NetBSD-tests/xen/netbsd-7/
 } 
 } Can you give more details about your setup (CPU, xen version) ?

      It's Xen Kernel 4.1.2.  I see that it's out of date.  However,
 it is a production mission critical server.  I can't reboot it
 randomly; I have to plan downtime.

      The details on the CPU are:

 cpu0: AMD Family 15h (686-class), id 0x600f12
 cpu0: features  0x178bfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR>
 cpu0: features  0x178bfbff<PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2>
 cpu0: features  0x178bfbff<HTT>
 cpu0: features2 0x1698220b<SSE3,PCLMULQDQ,MONITOR,SSSE3,CX16,SSE41,SSE42>
 cpu0: features2 0x1698220b<POPCNT,AES,XSAVE,AVX>
 cpu0: features3 0x2fd3fbff<SYSCALL/SYSRET,NOX,MXX,FFXSR,P1GB,RDTSCP,LONG>
 cpu0: features4 0x1c9bfff<LAHF,CMPLEGACY,SVM,EAPIC,ALTMOVCR0,LZCNT,SSE4A>
 cpu0: features4 0x1c9bfff<MISALIGNSSE,3DNOWPREFETCH,OSVW,IBS,XOP,SKINIT,WDT>
 cpu0: features4 0x1c9bfff<LWP,FMA4,NodeID,TopoExt,B23,B24>
 cpu0: "AMD Opteron(TM) Processor 6272                 "
 cpu0: I-cache 64KB 64B/line 2-way, D-cache 16KB 64B/line 4-way
 cpu0: L2 cache 2MB 64B/line 16-way
 cpu0: L3 cache 12MB 64B/line 128-way
 cpu0: ITLB 48 4KB entries fully associative, 24 2MB entries fully associative
 cpu0: DTLB 32 4KB entries fully associative, 32 2MB entries fully associative
 cpu0: L2 ITLB 512 4KB entries 4-way
 cpu0: L2 DTLB 1024 4KB entries 8-way, 1024 2MB entries 8-way
 cpu0: L1 1GB page ITLB 24 1GB entries fully associative
 cpu0: L1 1GB page DTLB 32 1GB entries fully associative
 cpu0: L2 1GB page DTLB 1024 1GB entries 8-way
 cpu0: Initial APIC ID 0
 cpu0: AMD Power Management features: 0x3d9<TS,TTP,HTC,100,HWP,TSC,CPB>
 cpu0: SVM Rev. 1
 cpu0: SVM NASID 65536
 cpu0: SVM features 0x14ff<NP,LbrVirt,SVML,NRIPS,TSCRate,VMCBCleanBits>
 cpu0: SVM features 0x14ff<FlushByASID,DecodeAssist,PauseFilter,B12>
 cpu0: family 0f model 01 extfamily 06 extmodel 00 stepping 02
 cpu0: UCode version: 0x6000629

      Some quick googling seems to indicate that it is related to
 XSA-52 / CVE-2013-2076.  In particular, you need to have an AMD
 cpu that is family 15h and up.

 }-- End of excerpt from Manuel Bouyer

Prev by Date: Re: port-amd64/49150: xrstor is privileged in Xen
Next by Date: Re: port-amd64/49150: xrstor is privileged in Xen
Previous by Thread: Re: port-amd64/49150: xrstor is privileged in Xen
Next by Thread: Re: port-amd64/49150: xrstor is privileged in Xen
Indexes:

Home | Main Index | Thread Index | Old Index