Xen project Mailing List

Re: [Xen-devel] Emulation and active (valid) interrupts

To: Jan Beulich <JBeulich@xxxxxxxx>, Tamas K Lengyel <tamas@xxxxxxxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Mon, 13 Aug 2018 14:55:41 +0300

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Mon, 13 Aug 2018 11:56:08 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 8/9/18 11:35 AM, Jan Beulich wrote: >>>> On 09.08.18 at 10:20, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >> On 8/9/18 10:54 AM, Jan Beulich wrote: >>>>>> On 08.08.18 at 16:26, <rcojocaru@xxxxxxxxxxxxxxx> wrote: >>>> 1. Is it possible to already have a valid interrupt written in >>>> VM_ENTRY_INTR_INFO at EXIT_REASON_EPT_VIOLATION-time in >>>> vmx_vmexit_handler()? >>> >>> You mean right after the exit? Where would that come from? I'm >>> afraid I don't see the connection to your issue (or the call traces >>> you've provided). >> >> I mean right before the exit > > Before? Iirc the CPU doesn't itself write VM_ENTRY_* fields, > other than to clear them (presumably during VM exit processing). I've dumped the backtraces of all places that __vmwrite(VM_ENTRY_INTR_INFO, ...), and it appears that the last place that does that before a domain crash caused by invalid guest state is vmx_idtv_reinject(), which in my Xen 4.7.5 sources is called in vmx_vmexit_handler(), and regardless of exit_reason. I've reproduced this most easily with Tamas' old test: https://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.html RFLAGS.IF is 0 there, but with a valid interrupt as well. Here's my latest log: Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Xen call trace: [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7 [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260 Failed vm entry (exit reason 0x80000021) caused by invalid guest state (0). ************* VMCS Area ************** *** Guest State *** CR0: actual=0x000000008001003b, shadow=0x000000008001003b, gh_mask=ffffffffffffffff CR4: actual=0x00000000000426f9, shadow=0x00000000000406f9, gh_mask=ffffffffffffffff CR3 = 0x0000000000185000 PDPTE0 = 0x0000000000186001 PDPTE1 = 0x0000000000187001 PDPTE2 = 0x0000000000188001 PDPTE3 = 0x0000000000189001 RSP = 0x000000008078ad10 (0x000000008078ad10) RIP = 0x00000000826c1781 (0x00000000826c1781) RFLAGS=0x00000046 (0x00000046) DR7 = 0x0000000000000400 Sysenter RSP=000000008078b000 CS:RIP=0008:00000000826880c0 sel attr limit base CS: 0008 0c09b ffffffff 0000000000000000 DS: 0023 0c0f3 ffffffff 0000000000000000 SS: 0010 0c093 ffffffff 0000000000000000 ES: 0023 0c0f3 ffffffff 0000000000000000 FS: 0030 04093 00003748 0000000082775c00 GS: 0000 1c000 ffffffff 0000000000000000 GDTR: 000003ff 0000000080b95000 LDTR: 0000 1c000 ffffffff 0000000000000000 IDTR: 000007ff 0000000080b95400 TR: 0028 0008b 000020ab 00000000801da000 EFER = 0x0000000000000000 PAT = 0x0007010600070106 PreemptionTimer = 0x00000000 SM Base = 0x00000000 DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 PerfGlobCtl = 0x0000000000000000 BndCfgS = 0x0000000000000000 Interruptibility = 00000000 ActivityState = 00000000 *** Host State *** RIP = 0xffff82d0802089a0 (vmx_asm_vmexit_handler) RSP = 0xffff830c5a537f70 CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 GS=0000 TR=e040 FSBase=0000000000000000 GSBase=0000000000000000 TRBase=ffff830c5a53ec80 GDTBase=ffff830c5a52f000 IDTBase=ffff830c5a53b000 CR0=0000000080050033 CR3=0000000b0a110000 CR4=00000000003526e0 Sysenter RSP=ffff830c5a537fa0 CS:RIP=e008:ffff82d0802509c0 EFER = 0x0000000000000000 PAT = 0x0000050100070406 *** Control State *** PinBased=0000003f CPUBased=bea065fa SecondaryExec=001054eb EntryControls=000151ff ExitControls=008fefff ExceptionBitmap=00060002 PFECmask=00000000 PFECmatch=00000000 VMEntry: intr_info=800000d1 errcode=00000000 ilen=00000000 VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 reason=80000021 qualification=0000000000000000 IDTVectoring: info=800000d1 errcode=00000000 TSC Offset = 0xffdba7f7b150188c TSC Multiplier = 0x0000000000000000 TPR Threshold = 0x00 PostedIntrVec = 0x00 EPT pointer = 0x0000000b0a02e01e EPTP index = 0x0000 PLE Gap=00000080 Window=00001000 Virtual processor ID = 0x1adb VMfunc controls = 0000000000000000 ************************************** domain_crash called from vmx.c:3388 Domain 1 (vcpu#0) crashed on cpu#1: ----[ Xen-4.7.5 x86_64 debug=y Not tainted ]---- CPU: 1 RIP: 0008:[<00000000826c1781>] RFLAGS: 0000000000000046 CONTEXT: hvm guest (d1v0) rax: 000000008078ad4c rbx: 000000008078ad4c rcx: 000000008e9b6ed0 rdx: 0000000000000000 rsi: 000000008078ad80 rdi: 0000000085ba3d48 rbp: 000000008078ad34 rsp: 000000008078ad10 r8: 0000000000000000 r9: 0000000000000000 r10: 0000000000000000 r11: 0000000000000000 r12: 0000000000000000 r13: 0000000000000000 r14: 0000000000000000 r15: 0000000000000000 cr0: 000000008001003b cr4: 00000000000406f9 cr3: 0000000000185000 cr2: 0000000093d5e800 fsb: 0000000082775c00 gsb: 0000000000000000 gss: 0000000000000002 ds: 0023 es: 0023 fs: 0030 gs: 0000 ss: 0010 cs: 0008 Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.