Re: [Xen-devel] [PATCH] x86/HVM: correct notion of new CPL in task switch emulation

[Andrew Cooper <andrew.cooper3@xxxxxxxxxx>]

On 06/06/17 08:06, Jan Beulich wrote:
>>>> On 02.06.17 at 22:33, <andrew.cooper3@xxxxxxxxxx> wrote:
>> On 02/06/17 21:02, Andrew Cooper wrote:
>>> On 01/06/17 13:11, Jan Beulich wrote:
>>>> Reported-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>>>> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
>>> I have finally managed to reproduce the original vmentry failure with an
>>> XTF test.
>> FWIW, the vmentry failure is quite subtle.
>>
>> %es gets reloaded first.  If the new TSS uses RPL0 data selectors, the
>> load fails, and #TS[%es] is yielded.
>>
>> (d3) Going to userspace
>> (XEN) ** d3v0 Inject event { v 0x02, t 2, ec ffffffff }
>> (XEN) ** d3v0 Inject event { v 0x0a, t 3, ec 0018 }
>> (XEN) ** d3v0 Inject event { v 0x0a, t 3, ec 0018 }
>> (XEN) d3v0 Triple fault - invoking HVM shutdown action 1
>> (XEN) *** Dumping Dom3 vcpu#0 state: ***
>> (XEN) ----[ Xen-4.10-unstable  x86_64  debug=y   Tainted:    H ]----
>>
>> For some reason I haven't gotten to the bottom of yet, end up calling
>> __vmx_inject_exception() twice while handling the task switch path.  We
>> shouldn't be.
> There's no sign of #DF above - how are you handling that? Is the
> above perhaps a 2nd task switch to handle #DF?

The sequence of events is:

d3v0 raises self NMI.
(XEN) ** d3v0 Inject event { v 0x02, t 2, ec ffffffff }
vmentry
vmexit(task_switch)
(XEN) ** d3v0 Inject event { v 0x0a, t 3, ec 0018 }
(XEN) ** d3v0 Inject event { v 0x0a, t 3, ec 0018 }
vmentry
vmexit(triple_fault)

I expect the triple fault is something to do with the fact that we had a
incomplete update of the segment registers.

~Andrew

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel