Linux Meltdown Patches and different DTB values

50 views

Skip to first unread message

Benjamin Taubmann

unread,

May 16, 2018, 3:54:26 AM5/16/18

to vmitools

Hi,

We had some issues with the function vmi_dtb_to_pid and tracing userspace Linux applications.

What we need to do is to find the PID whenever a userspace breakpoint is reached.

However, on systems with meltdown patches the vmi_dtb_to_pid function does not work when we just use the content of the CR3 register for the translation.

As a possible fix I implemented the following solution:

vmi_get_vcpureg(vmi, &dtb, CR3, 0);

dtb &= ~0x1fff;

vmi_dtb_to_pid(vmi,dtb,&pid);

It sets the PCID (lowest 12 bits of the CR3 registers) [1] of the CR3 register to zero to get the kernel space page table of the process.

I am setting currently 13 bits to zero and I am not really sure if this is correct but it works for me so far.

Should this maybe be included in the vmi_dtb_to_pid function?

Cheers,

Benjamin

[1] https://en.wikipedia.org/wiki/Control_register#CR3

Tamas K Lengyel

unread,

May 16, 2018, 9:55:52 AM5/16/18

to vmit...@googlegroups.com

Yes, please feel free to open a PR with the fix.

Tamas

--
You received this message because you are subscribed to the Google Groups "vmitools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vmitools+u...@googlegroups.com.
To post to this group, send email to vmit...@googlegroups.com.
Visit this group at https://groups.google.com/group/vmitools.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages