[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Xen-devel] about the memory paging



Do you meet this issue on Linux guest also?

 

Is your windows 2003 guest a PAE guest? If yes, can you check if it is a "mov cr3" instruction? You can either add a hook in xen hypervisor to dump the guest memory around the RIP (0x8088dc37), or connect to the guest through windbg with paging off, and disassmble it.

 

I suspect it is because the page used as guest CR3 is paging out, and for PAE guest, that will cause a EPT violation with GLA_VALID bit cleared. And then in fact the hvm_hap_nested_page_fault() function is not called at all.

 

The easist experiment is, remove the check for the GLA_VALID and see the result.

 

CC Xin who knows EPT better than me.

 

I didn't check log 2, so no idea of the reason.

 

Thanks

--jyh

 

From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of linqaingmin
Sent: Saturday, September 04, 2010 4:56 PM
To: Patrick Colp
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-devel] about the memory paging

 

hi

 

We run windows2003 HVM on xen4.0.1, The VM is 2048MB, 2 VCPU

 

run command "xenpaging domID 260000" and want to paging 1024MB in xen.

 

It causes two different crashes.

 

1) the first one
the xm dmesg context is follow

 

(XEN) vmx.c:2150:d6 EPT violation 0x1 (r--/---), gpa 0x0000007fbba020, mfn 0xffffffffff, type 10.
(XEN) p2m-ept.c:533:d6 Walking EPT tables for domain 6 gfn 7fbba
(XEN) p2m-ept.c:552:d6  epte 435b38007
(XEN) p2m-ept.c:552:d6  epte 4395b3007
(XEN) p2m-ept.c:552:d6  epte 433f7f007
(XEN) p2m-ept.c:552:d6  epte ffffffffffa00
(XEN) domain_crash called from vmx.c:2160
(XEN) Domain 6 (vcpu#1) crashed on cpu#14:
(XEN) ----[ Xen-4.0.1  x86_64  debug=n  Not tainted ]----
(XEN) CPU:    14
(XEN) RIP:    0008:[<000000008088dc37>]
(XEN) RFLAGS: 0000000000010246   CONTEXT: hvm guest
(XEN) rax: 000000007fbba020   rbx: 00000000f7727000   rcx: 0000000000000000
(XEN) rdx: 0000000080010031   rsi: 000000008996a418   rdi: 00000000f772a090
(XEN) rbp: 0000000089d88648   rsp: 00000000baf2ace0   r8:  0000000000000000
(XEN) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
(XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
(XEN) r15: 0000000000000000   cr0: 000000008001003b   cr4: 00000000000006f9
(XEN) cr3: 0000000000790000   cr2: 00000000c3cfb008
(XEN) ds: 0023   es: 0023   fs: 0030   gs: 0000   ss: 0010   cs: 0008

 

this is the guest linear-address field is invalid. GLA ; 0x7fbba020

 


2) another crash is the qemu-dm Segmentation fault , the "s" parameter is NULL

 

log is following :

 

Program terminated with signal 11, Segmentation fault.   
#0  0x00000000004451d2 in ide_read_dma_cb (opaque=0xb79028, ret=0) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/hw/ide.c:1232   
1232        if (!s->bs) return; /* ouch! (see ide_flush_cb) */ 
  
(gdb) bt   
#0  0x00000000004451d2 in ide_read_dma_cb (opaque=0xb79028, ret=0) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/hw/ide.c:1232   
#1  0x000000000041745d in dma_bdrv_cb (opaque=0xbbb1f0, ret=0) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/dma-helpers.c:97   
#2  0x00000000004172f2 in reschedule_dma (opaque=0xbbb1f0) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/dma-helpers.c:63   
#3  0x000000000040c48a in qemu_bh_poll () at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/vl.c:3427   
#4  0x000000000040cfe2 in main_loop_wait (timeout=10) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/vl.c:3831   
#5  0x00000000004c2daf in main_loop () at helper2.c:577   
#6  0x000000000041056e in main (argc=28, argv=0x7fff9eeee288, envp=0x7fff9eeee370) at /home/Lucifer/xen-4.0.1/tools/ioemu-dir/vl.c:6153   
(gdb) 

 

When the Guest OS have install PV Driver. only first crash

 

lin

----- Original Message -----

From: Patrick Colp

Sent: Friday, September 03, 2010 11:08 PM

Subject: Re: [Xen-devel] about the memory paging

 

Hi,

Sorry, I'm not quite sure what you're asking and/or if you ran into a
problem? Are you just asking how the xenpaging mechanism works?


Patrick


2010/9/2 linqaingmin <linqiangmin@xxxxxxxxxx>:
> hi all
>
> Generate ept entry violation into function of ept_handle_violation .
>
> then call function of hvm_hap_nested_page_fault,this judge page type into
> p2m_mem_paging_populate();
>
> Here the event to notify the user space "xenpaging" process to paging in,
> but not Complete the page in on the next step Instruction;
>
> i thrink p2m_mem_paging_populate -->
> p2m_mem_paging_prep-->p2m_mem_paging_resume ,Complete the process before you
> start the implementation of the above.
>
> Is that right?
>
> tkx
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.