Xen project Mailing List

Re: [Xen-devel] Fix VGA logdirty related display freezes with altp2m

To: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

From: Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>

Date: Mon, 22 Oct 2018 16:50:28 -0600

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 22 Oct 2018 22:51:18 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On Mon, Oct 22, 2018 at 4:15 PM Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx> wrote: > > >>>> With the config fixed it boots but when I run DRAKVUF on the domain I > >>>> get the following crash: > >>>> > >>>> (XEN) ----[ Xen-4.12-unstable x86_64 debug=y Not tainted ]---- > >>>> (XEN) CPU: 0 > >>>> (XEN) RIP: e008:[<000000007bdb630c>] 000000007bdb630c > >>>> (XEN) RFLAGS: 0000000000010282 CONTEXT: hypervisor (d0v5) > >>>> (XEN) rax: 00000000ee138470 rbx: 0000000000000000 rcx: > >>>> 000000008000b098 > >>>> (XEN) rdx: 0000000000000cf8 rsi: 0000000000000000 rdi: > >>>> 000000046d2ef000 > >>>> (XEN) rbp: 0000000000000000 rsp: ffff83005da27a10 r8: > >>>> 0000000000000cf8 > >>>> (XEN) r9: 0000000000000cf8 r10: ffff83005da27ab8 r11: > >>>> ffff83005da27a08 > >>>> (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: > >>>> 0000000000000065 > >>>> (XEN) r15: 00000000000005a7 cr0: 0000000080050033 cr4: > >>>> 0000000000372660 > >>>> (XEN) cr3: 000000046d2ef000 cr2: 00000000ee138470 > >>>> (XEN) fsb: 00007fe46d97bbc0 gsb: ffff880467f40000 gss: > >>>> 0000000000000000 > >>>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 > >>>> (XEN) Xen code around <000000007bdb630c> (000000007bdb630c): > >>>> (XEN) 80 74 0b 05 70 84 00 00 <c7> 00 00 00 00 e0 80 3d 7a 34 00 00 00 > >>>> 75 64 48 > >>>> (XEN) Xen stack trace from rsp=ffff83005da27a10:(XEN) Xen stack trace > >>>> from rsp=ffff83005da27a10: > >>>> (XEN) 0000000000000000 0000000000000065 ffff83005da27a50 > >>>> ffff82d08037aafc > >>>> (XEN) 00000000fffffffe ffff82d08037ae14 0000000000000000 > >>>> ffff83005da27a90 > >>>> (XEN) 0000000000372660 000000046d2ef000 0000000393e91000 > >>>> ffff82d0809602b0 > >>>> (XEN) 000000fe00000000 ffff82d0802a3b98 ffffffffffffffff > >>>> ffff83005da27ab8 > >>>> (XEN) ffff83005da27b08 ffff82d0802a3511 ffff82d08046b028 > >>>> ffff83005da27b08 > >>>> (XEN) ffff82d0802a3511 ffff83005da27fff 0000138800000292 > >>>> 000082d0808176a0 > >>>> (XEN) 0000000000000000 ffff82d08023b889 0000000000000292 > >>>> ffff82d08046b028 > >>>> (XEN) ffff82d080451ac8 ffff82d080454af2 00000000000005a7 > >>>> ffff83005da27b78 > >>>> (XEN) ffff82d080251d6f ffff82d080250fcd 0000000000000028 > >>>> ffff83005da27b88 > >>>> (XEN) ffff83005da27b38 000000000000e010 ffff82d080454c73 > >>>> ffff82d080451ac8 > >>>> (XEN) ffff82d080454af2 00000000000005a7 0000000000000030 > >>>> ffff83005da27bf8 > >>>> (XEN) ffff82d080454c73 ffff83005da27be8 ffff82d0802aaebc > >>>> ffff82d08033f3dc > >>>> (XEN) ffff82d080451ac8 ffff82d08037d969 ffff82d08037d95d > >>>> ffff82d08037d969 > >>>> (XEN) 0b0f82d08037d95d ffff82d08037d969 ffff83005fe5b000 > >>>> 0000000000000000 > >>>> (XEN) 0000000000000000 ffff83005da27fff 0000000000000000 > >>>> 00007cffa25d83e7 > >>>> (XEN) ffff82d08037da2d deadbeefdeadf00d ffff83018caf2530 > >>>> ffff83005da27d38 > >>>> (XEN) ffff83040a492830 ffff83005da27cc8 ffff83040bab2880 > >>>> 0000000000000000 > >>>> (XEN) 0000000000000000 deadbeefdeadf00d deadbeefdeadf00d > >>>> 0000000000000000 > >>>> (XEN) 0000000000000000 ffff830451835000 0000000000000000 > >>>> ffff83040a492000 > >>>> (XEN) 0000000600000000 ffff82d08033f3da 000000000000e008 > >>>> 0000000000010282 > >>>> (XEN) Xen call trace: > >>>> (XEN) [<000000007bdb630c>] 000000007bdb630c > >>>> (XEN) > >>>> (XEN) Pagetable walk from 00000000ee138470: > >>>> (XEN) L4[0x000] = 000000046d2ee063 ffffffffffffffff > >>>> (XEN) L3[0x003] = 000000005da11063 ffffffffffffffff > >>>> (XEN) L2[0x170] = 0000000000000000 ffffffffffffffff > >>>> (XEN) > >>>> (XEN) **************************************** > >>>> (XEN) Panic on CPU 0: > >>>> (XEN) FATAL PAGE FAULT > >>>> (XEN) [error_code=0002] > >>>> (XEN) Faulting linear address: 00000000ee138470 > >>>> (XEN) **************************************** > >>>> (XEN) > >>>> (XEN) Reboot in five seconds... > >>> This one I'm not sure about. What does your introspection agent do at > >>> that point? > >> > >> This crash is bizarre. Xen has most likely followed a corrupt function > >> pointer, because none of Xen's .text section live just below the 2G > >> boundary > >> > > > > It's reproducible and happens immediately after a successful call to > > xc_altp2m_set_domain_state to enable altp2m. > > That can't be all that's needed. I assure you I've tested this with much > more that just calling xc_altp2m_set_domain_state() with no crashes at > all. Something else must happen as well. > > Could you write a simple C test application that does the minimum > ammount of work needed to produce this crash? Not the same error but another crash when just using xen-access with altp2m_exec: (XEN) Assertion '!p2m->sync.logdirty_ranges' failed at p2m-ept.c:1447 (XEN) ----[ Xen-4.12-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 7 (XEN) RIP: e008:[<ffff82d08033f3da>] p2m_init_altp2m_ept+0xf8/0x101 (XEN) RFLAGS: 0000000000010282 CONTEXT: hypervisor (d0v1) (XEN) rax: 0000000000000000 rbx: ffff83044ff21880 rcx: 0000000000000000 (XEN) rdx: ffff830451aae000 rsi: 0000000000000000 rdi: ffff83044f500000 (XEN) rbp: ffff83046d237cc8 rsp: ffff83046d237ca8 r8: deadbeefdeadf00d (XEN) r9: deadbeefdeadf00d r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: ffff83044f500830 r13: ffff83046d237d38 r14: ffff83018caf24a0 (XEN) r15: deadbeefdeadf00d cr0: 0000000080050033 cr4: 0000000000372660 (XEN) cr3: 00000003b9719000 cr2: 00007ffcf624afb0 (XEN) fsb: 00007f31c4b1a140 gsb: ffff880467e40000 gss: 0000000000000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 (XEN) Xen code around <ffff82d08033f3da> (p2m_init_altp2m_ept+0xf8/0x101): (XEN) 41 5c 41 5d 41 5e 5d c3 <0f> 0b b8 f4 ff ff ff eb ee 55 48 89 e5 53 48 83 (XEN) Xen stack trace from rsp=ffff83046d237ca8: (XEN) ffff83044f500000 ffff83044f500830 ffff83046d237d38 0000000000000000 (XEN) ffff83046d237d08 ffff82d0803380be ffff83046d237ce8 ffff83044f500000 (XEN) 00007f31c4b36010 00000000ffffffff ffff82d0802fb4ab deadbeefdeadf00d (XEN) ffff83046d237d98 ffff82d0802f7efb ffff83046d237e48 ffff82d0802035ba (XEN) 0000000400000001 0000000000000001 000000000003ffff 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000019 00007f31c4b36010 (XEN) ffff83005fdfb000 ffff82d0802fb4ab ffff83046d237e48 ffff82d0802fc6f2 (XEN) ffff83046d237fff ffff83005fdfb000 ffff83046d237dc8 ffff82d08036fe71 (XEN) ffff83046d237e48 ffff82d08037512a 0000000600000001 0000000000000000 (XEN) 0000000000000202 00007f31c41ff5d7 ffff82d08037d444 ffff82d08037d438 (XEN) ffff82d08037d444 ffff82d08037d438 ffff82d08037d444 ffff83046d237ef8 (XEN) 0000000000000022 ffff83005fdfb000 ffff82d0802fb4ab deadbeefdeadf00d (XEN) ffff83046d237ee8 ffff82d080374b07 02ff82d08037d444 0000000000000019 (XEN) 00007f31c4b36010 deadbeefdeadf00d deadbeefdeadf00d deadbeefdeadf00d (XEN) ffff82d08037d444 ffff82d08037d438 ffff82d08037d444 ffff82d08037d438 (XEN) ffff82d08037d444 ffff82d08037d438 ffff82d08037d444 ffff83005fdfb000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 00007cfb92dc80e7 ffff82d08037d4a2 00007ffcf624d6b0 0000000000305000 (XEN) ffff880421adb400 00007ffcf624d6b0 ffffc90042c47e60 ffffffffffffffff (XEN) Xen call trace: (XEN) [<ffff82d08033f3da>] p2m_init_altp2m_ept+0xf8/0x101 (XEN) [<ffff82d0803380be>] p2m_init_next_altp2m+0x103/0x161 (XEN) [<ffff82d0802f7efb>] hvm.c#do_altp2m_op+0x413/0x779 (XEN) [<ffff82d0802fc6f2>] do_hvm_op+0x1247/0x1319 (XEN) [<ffff82d080374b07>] pv_hypercall+0x1dc/0x4bb (XEN) [<ffff82d08037d4a2>] lstar_enter+0x112/0x120 (XEN) (XEN) (XEN) **************************************** (XEN) Panic on CPU 7: (XEN) Assertion '!p2m->sync.logdirty_ranges' failed at p2m-ept.c:1447 (XEN) **************************************** (XEN) (XEN) Reboot in five seconds... (XEN) APIC error on CPU0: 40(00) I had to rebase your branch on staging to get it to compile, other then that, I don't know why the crash is not happening on your side. Tamas _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.