[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Guest-vs-Host MTRR/PAT conflict and a crash?

  • To: "Xen Developers" <xen-devel@xxxxxxxxxxxxxxxxxxx>
  • From: "David Stone" <unclestoner@xxxxxxxxx>
  • Date: Wed, 12 Dec 2007 17:13:29 -0500
  • Delivery-date: Wed, 12 Dec 2007 14:13:51 -0800
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=Bnr/EpCXlk+KRMhj8nOZIXnJvGvtk7DJMS1b+bd6UkMhBUFYAjKRLC8ZI+25xBwgM+NryAlBNWO4FHIS1qW42ioovreJj4dKC1+KXkl0vuQvGwmSOfb/xjnb635/1peaVbB7AtVdpHuHgi08/vj0RpiHcQ2/M8QfsK7LFJBlUtY=
  • List-id: Xen developer discussion <xen-devel.lists.xensource.com>

Hi, I'm doing an experiment in which I try to pass through a PCI
Express graphics card to a Windows DomU via VT-D.  There is another
thread in which the overall feasibility of this is discussed, but here
I'd at least like to better understand the crash I'm seeing when I do
this.  (I can pass through a PCI NIC via VT-D no problem).

I hide the graphics card from Dom0 (and I have Xen and Grub using the
serial port rather than than the graphics card for output) and pass it
through to my Windows DomU.  About 20 seconds or so after I create my
Windows DomU, the (physical) machine reboots.  I found that when I'm
lucky I get this message from Xen right before the reboot, which I'm
assuming is related:

[root@localhost xen]# (XEN) mtrr.c:552:d1 Conflict occurs for a given
guest l1e flags:63 at 10000000 (the effective mm type:6), because the
host mtrr type is:0
(XEN) CPU 1: Machine Check Exception: 0000000000000005
(XEN) Bank 0: b200004000000800
(XEN) Bank 5: b200121020080400
(XEN) ****************************************
(XEN) Panic on CPU 1:
(XEN) CPU context corrupt****************************************
(XEN) Reboot in five seconds..

I'd like to better understand how Xen handles MTRR/PAT in its page
table shadowing.  I do generally understand page table shadowing, and
just now having read the relevant section of the Intel System
Programming maual, so I have good idea of what MTRR and PAT is about.

I looked at the code that generates the "Conflict" message above...is
is contained in get_pat_flags() .../xen/arch/x86/hvm/mtrr.c
(reproduced below) and is getting called from _sh_propagate().  I can
more-or-less follow the code...I guess it's figuring out what the
guest thinks the MTRR/PAT memory type should be, "combining" this with
what the host says the memory type actually is according to the real
MTRR, and using that to create the real ("shadow") PTE.  The error
message shows that the guest wants the memory to be write-back
cacheable, which doesn't match the real MTRR for that system memory
address which is uncacheable.

I guess my question is can someone give a higher-level explaination of
how MTRR/PAT is supposed to work between Xen (the real MTRRs and real
PATs in the real ("shadow") PTEs) and an HVM DomU (virtual MTRRs and
fake PATs in the fake PTEs)?


uint32_t get_pat_flags(struct vcpu *v,
                       uint32_t gl1e_flags,
                       paddr_t gpaddr,
                       paddr_t spaddr)
    uint8_t guest_eff_mm_type;
    uint8_t shadow_mtrr_type;
    uint8_t pat_entry_value;
    uint64_t pat = v->arch.hvm_vcpu.pat_cr;
    struct mtrr_state *g = &v->arch.hvm_vcpu.mtrr;

    /* 1. Get the effective memory type of guest physical address,
     * with the pair of guest MTRR and PAT
    guest_eff_mm_type = effective_mm_type(g, pat, gpaddr, gl1e_flags);
    /* 2. Get the memory type of host physical address, with MTRR */
    shadow_mtrr_type = get_mtrr_type(&mtrr_state, spaddr);

    /* 3. Find the memory type in PAT, with host MTRR memory type
     * and guest effective memory type.
    pat_entry_value = mtrr_epat_tbl[shadow_mtrr_type][guest_eff_mm_type];
    /* If conflit occurs(e.g host MTRR is UC, guest memory type is
     * WB),set UC as effective memory. Here, returning PAT_TYPE_UNCACHABLE will
     * always set effective memory as UC.
    if ( pat_entry_value == INVALID_MEM_TYPE )
                 "Conflict occurs for a given guest l1e flags:%x "
                 "at %"PRIx64" (the effective mm type:%d), "
                 "because the host mtrr type is:%d\n",
                 gl1e_flags, (uint64_t)gpaddr, guest_eff_mm_type,
        pat_entry_value = PAT_TYPE_UNCACHABLE;
    /* 4. Get the pte flags */
    return pat_type_2_pte_flags(pat_entry_value);

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.