Linux Meltdown Patches and different DTB values

47 views
Skip to first unread message

Benjamin Taubmann

unread,
May 16, 2018, 3:54:26 AM5/16/18
to vmitools
Hi,

We had some issues with the function vmi_dtb_to_pid and tracing userspace Linux applications.

What we need to do is to find the PID whenever a userspace breakpoint is reached. 
However, on systems with meltdown patches the vmi_dtb_to_pid function does not work when we just use the content of the CR3 register for the translation.

As a possible fix I implemented the following solution:

vmi_get_vcpureg(vmi, &dtb, CR3, 0);
dtb &= ~0x1fff;
vmi_dtb_to_pid(vmi,dtb,&pid);


It sets the PCID (lowest 12 bits of the CR3 registers) [1] of the CR3 register to zero to get the kernel space page table of the process.
I am setting currently 13 bits to zero and I am not really sure if this is correct but it works for me so far.

Should this maybe be included in the vmi_dtb_to_pid function?



Cheers,
Benjamin


Tamas K Lengyel

unread,
May 16, 2018, 9:55:52 AM5/16/18
to vmit...@googlegroups.com
Yes, please feel free to open a PR with the fix.

Tamas

--
You received this message because you are subscribed to the Google Groups "vmitools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vmitools+u...@googlegroups.com.
To post to this group, send email to vmit...@googlegroups.com.
Visit this group at https://groups.google.com/group/vmitools.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages