Xen project Mailing List

Re: [Xen-devel] [PATCH RFC] x86/emulate: implement hvmemul_cmpxchg() with an actual CMPXCHG

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Tue, 4 Apr 2017 15:01:39 +0300

Cc: andrew.cooper3@xxxxxxxxxx, paul.durrant@xxxxxxxxxx, Tim Deegan <tim@xxxxxxx>, xen-devel@xxxxxxxxxxxxx

Delivery-date: Tue, 04 Apr 2017 12:01:46 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

On 04/04/2017 12:07 PM, Jan Beulich wrote: >>>> On 03.04.17 at 20:36, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >> Another log, making sure that the MMIO emulation fail really happens on >> the same processor as the preceding (identical bytes) fail: >> >> (XEN) [8] gfn: 0x276f >> (XEN) [11] virtual address: 0x8276f09c, rc: 0 >> (XEN) [8] virtual address: 0x8276f09c, rc: 4 >> (XEN) Dump follows for VCPU 8 >> (XEN) Mem event (RETRY) emulation failed: d3v8 32bit @ 0008:826a3861 -> >> f0 0f ba 30 00 72 07 8b cb e8 da 4b ff ff 8b 45 > > So what does your code do following this? Namely is there any exit > back to guest context prior to the retried operation succeeding (e.g. > are you allowing the instruction to be re-executed)? If there is, I'd > suspect you don't clean up some internal state and ... That code is called from hvm_do_resume() ... >> (XEN) [11] gfn: 0x276f >> (XEN) [11] virtual address: 0x8276f0d0, rc: 0 >> (XEN) [11] gfn: 0x276f >> (XEN) [11] virtual address: 0x8276f09c, rc: 0 >> (XEN) [11] gfn: 0x276f >> (XEN) [11] virtual address: 0x8276f0cc, rc: 0 >> (XEN) [11] gfn: 0x276f >> (XEN) [11] virtual address: 0x8276f09c, rc: 0 >> (XEN) [8] gfn: 0xfed00 >> (XEN) !page >> (XEN) hvmemul_vaddr_to_mfn() fail >> (XEN) [8] virtual address: 0xffd080f0, rc: 1 >> (XEN) Dump follows for VCPU 8 >> (XEN) MMIO emulation failed: d3v8 32bit @ 0008:8263df3c -> f0 0f ba 30 >> 00 72 07 8b cb e8 da 4b ff ff 8b 45 > > ... this then happens in the context of an interrupt taken on > the instruction to be re-executed (i.e. before it actually gets > re-executed). "Normal" retry processing is not supposed to > reach guest context again, i.e. the retry is being performed > from (iirc) hvm_do_resume(). Hence it can re-use previously > collected information on the instruction and its operand(s). > Any exit to guest context, otoh, would require invalidation of > such internally cached state. ... which does nothing if hvm_emulate_one_vm_event() fails. It doesn't even check the return code. That's why I have added the do { } while ( rc == X86EMUL_RETRY ); loop around the code in hvm_emulate_one_vm_event() and noticed that the BSODs appear much later (and they're timeout BSODs, presumably because of a taking-too-long RETRY loop), or the guest becomes unresponsive. I'm not sure what cached state that would be, I'll take a closer look at the code. I'll retest as soon as possible (it's been a very busy time, sorry for the late replies). Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.