Linux Meltdown Patches and different DTB values

Skip to first unread message

Benjamin Taubmann

May 16, 2018, 3:54:26 AM5/16/18
to vmitools

We had some issues with the function vmi_dtb_to_pid and tracing userspace Linux applications.

What we need to do is to find the PID whenever a userspace breakpoint is reached. 
However, on systems with meltdown patches the vmi_dtb_to_pid function does not work when we just use the content of the CR3 register for the translation.

As a possible fix I implemented the following solution:

vmi_get_vcpureg(vmi, &dtb, CR3, 0);
dtb &= ~0x1fff;

It sets the PCID (lowest 12 bits of the CR3 registers) [1] of the CR3 register to zero to get the kernel space page table of the process.
I am setting currently 13 bits to zero and I am not really sure if this is correct but it works for me so far.

Should this maybe be included in the vmi_dtb_to_pid function?


Tamas K Lengyel

May 16, 2018, 9:55:52 AM5/16/18
Yes, please feel free to open a PR with the fix.


You received this message because you are subscribed to the Google Groups "vmitools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To post to this group, send email to
Visit this group at
For more options, visit
Reply all
Reply to author
0 new messages