Xen project Mailing List

Re: [Xen-devel] [PATCH] xen: only clobber multicall elements without error

From: Juergen Gross <jgross@xxxxxxxx>

Date: Mon, 26 Nov 2018 16:29:02 +0100

Autocrypt: addr=jgross@xxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFOMcBYBCACgGjqjoGvbEouQZw/ToiBg9W98AlM2QHV+iNHsEs7kxWhKMjrioyspZKOB ycWxw3ie3j9uvg9EOB3aN4xiTv4qbnGiTr3oJhkB1gsb6ToJQZ8uxGq2kaV2KL9650I1SJve dYm8Of8Zd621lSmoKOwlNClALZNew72NjJLEzTalU1OdT7/i1TXkH09XSSI8mEQ/ouNcMvIJ NwQpd369y9bfIhWUiVXEK7MlRgUG6MvIj6Y3Am/BBLUVbDa4+gmzDC9ezlZkTZG2t14zWPvx XP3FAp2pkW0xqG7/377qptDmrk42GlSKN4z76ELnLxussxc7I2hx18NUcbP8+uty4bMxABEB AAHNHkp1ZXJnZW4gR3Jvc3MgPGpncm9zc0BzdXNlLmRlPsLAeQQTAQIAIwUCU4xw6wIbAwcL CQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJELDendYovxMvi4UH/Ri+OXlObzqMANruTd4N zmVBAZgx1VW6jLc8JZjQuJPSsd/a+bNr3BZeLV6lu4Pf1Yl2Log129EX1KWYiFFvPbIiq5M5 kOXTO8Eas4CaScCvAZ9jCMQCgK3pFqYgirwTgfwnPtxFxO/F3ZcS8jovza5khkSKL9JGq8Nk czDTruQ/oy0WUHdUr9uwEfiD9yPFOGqp4S6cISuzBMvaAiC5YGdUGXuPZKXLpnGSjkZswUzY d9BVSitRL5ldsQCg6GhDoEAeIhUC4SQnT9SOWkoDOSFRXZ+7+WIBGLiWMd+yKDdRG5RyP/8f 3tgGiB6cyuYfPDRGsELGjUaTUq3H2xZgIPfOwE0EU4xwFgEIAMsx+gDjgzAY4H1hPVXgoLK8 B93sTQFN9oC6tsb46VpxyLPfJ3T1A6Z6MVkLoCejKTJ3K9MUsBZhxIJ0hIyvzwI6aYJsnOew cCiCN7FeKJ/oA1RSUemPGUcIJwQuZlTOiY0OcQ5PFkV5YxMUX1F/aTYXROXgTmSaw0aC1Jpo w7Ss1mg4SIP/tR88/d1+HwkJDVW1RSxC1PWzGizwRv8eauImGdpNnseneO2BNWRXTJumAWDD pYxpGSsGHXuZXTPZqOOZpsHtInFyi5KRHSFyk2Xigzvh3b9WqhbgHHHE4PUVw0I5sIQt8hJq 5nH5dPqz4ITtCL9zjiJsExHuHKN3NZsAEQEAAcLAXwQYAQIACQUCU4xwFgIbDAAKCRCw3p3W KL8TL0P4B/9YWver5uD/y/m0KScK2f3Z3mXJhME23vGBbMNlfwbr+meDMrJZ950CuWWnQ+d+ Ahe0w1X7e3wuLVODzjcReQ/v7b4JD3wwHxe+88tgB9byc0NXzlPJWBaWV01yB2/uefVKryAf AHYEd0gCRhx7eESgNBe3+YqWAQawunMlycsqKa09dBDL1PFRosF708ic9346GLHRc6Vj5SRA UTHnQqLetIOXZm3a2eQ1gpQK9MmruO86Vo93p39bS1mqnLLspVrL4rhoyhsOyh0Hd28QCzpJ wKeHTd0MAWAirmewHXWPco8p1Wg+V+5xfZzuQY0f4tQxvOpXpt4gQ1817GQ5/Ed/wsDtBBgB CAAgFiEEhRJncuj2BJSl0Jf3sN6d1ii/Ey8FAlrd8NACGwIAgQkQsN6d1ii/Ey92IAQZFggA HRYhBFMtsHpB9jjzHji4HoBcYbtP2GO+BQJa3fDQAAoJEIBcYbtP2GO+TYsA/30H/0V6cr/W V+J/FCayg6uNtm3MJLo4rE+o4sdpjjsGAQCooqffpgA+luTT13YZNV62hAnCLKXH9n3+ZAgJ RtAyDWk1B/0SMDVs1wxufMkKC3Q/1D3BYIvBlrTVKdBYXPxngcRoqV2J77lscEvkLNUGsu/z W2pf7+P3mWWlrPMJdlbax00vevyBeqtqNKjHstHatgMZ2W0CFC4hJ3YEetuRBURYPiGzuJXU pAd7a7BdsqWC4o+GTm5tnGrCyD+4gfDSpkOT53S/GNO07YkPkm/8J4OBoFfgSaCnQ1izwgJQ jIpcG2fPCI2/hxf2oqXPYbKr1v4Z1wthmoyUgGN0LPTIm+B5vdY82wI5qe9uN6UOGyTH2B3p hRQUWqCwu2sqkI3LLbTdrnyDZaixT2T0f4tyF5Lfs+Ha8xVMhIyzNb1byDI5FKCb

Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Konrad Rzeszutek Wilk <konrad.wilk@xxxxxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Tim Deegan <tim@xxxxxxx>, Julien Grall <julien.grall@xxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 26 Nov 2018 15:29:07 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Openpgp: preference=signencrypt

On 26/11/2018 15:58, Jan Beulich wrote: >>>> On 26.11.18 at 15:23, <jgross@xxxxxxxx> wrote: >> On 26/11/2018 15:01, Jan Beulich wrote: >>>>>> On 26.11.18 at 14:52, <jgross@xxxxxxxx> wrote: >>>> I don't think the hypervisor should explicitly try to make it as hard as >>>> possible for the guest to find problems in the code. >>> >>> That's indeed not the hypervisor's goal. Instead it tries to make >>> it as hard as possible for the guest (developer) to make wrong >>> assumptions. >> >> Let's look at the current example why I wrote this patch: >> >> The Linux kernel's use of multicalls should never trigger any single >> call to return an error (return value < 0). A kernel compiled for >> productive use will catch such errors, but has no knowledge which >> single call has failed, as it doesn't keep track of the single entries >> (non-productive kernels have an option available in the respective >> source to copy the entries before doing the multicall in order to have >> some diagnostic data available in case of such an error). Catching an >> error from a multicall right now means a WARN() with a stack backtrace >> (for the multicall itself, not for the entry causing the error). >> >> I have a customer report for a case where such a backtrace was produced >> and a kernel crash some seconds later, obviously due to illegally >> unmapped memory pages resulting from the failed multicall. Unfortunately >> there are multiple possibilities what might have gone wrong and I don't >> know which one was the culprit. The problem can't be a very common one, >> because there is only one such report right now, which might depend on >> a special driver. >> >> Finding this bug without a known reproducer and the current amount of >> diagnostic data is next to impossible. So I'd like to have more data >> available without having to hurt performance for the 99.999999% of the >> cases where nothing bad happens. >> >> In case you have an idea how to solve this problem in another way I'd be >> happy to follow that route. I'd really like to be able to have a better >> clue in case such an error occurs in future. > > Since you have a production kernel, I assume you also have a > production hypervisor. This hypervisor doesn't clobber the > arguments if I'm not mistaken. Therefore > - in the debugging scenario you (can) have all data available by > virtue of the information getting copied in the kernel, > - in the release scenario you have all data available since it's > left un-clobbered. > Am I missing anything (I don't view mixed debug/release setups > of kernel and hypervisor as overly important here)? No, you are missing nothing here. OTOH a debug hypervisor destroying debug data is kind of weird, so I posted this patch. I'll add the related Linux kernel patch (in case it is acked by Boris) with or without this hypervisor patch, but I thought it would be better to have the hypervisor patch in place, especially as e.g. a hypervisor from xen-unstable might have a bug which could be easier to diagnose with this patch in place. Juergen _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.