[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] fxsave, fnsave, ltr hang for guest OS.



> Keir Fraser <keir.xen@xxxxxxxxx> wrote on 11/12/2010 04:34:05 PM:
> KF> On 12/11/2010 21:27, "alarson@xxxxxxxx" <alarson@xxxxxxxx> wrote:
> ...
AL> (XEN) sh_page_fault va=303b90, regs->error_code=3
AL> (XEN) x86_emulate: b=dd, modrm=31, modrm_reg=6
> ...
KF> Since you end up in a loop not progressing past the fnsave
KF> instruction, it seems quite likely that you have a bug and are
KF> writing to a pagetable page.  In fact a pagetable page that maps
KF> something that is needed to execute the fnsave instruction. You
KF> need that page to both be writable (so that fnsave can write its
KF> data) and read-only (because it is a pagetable page that maps
KF> something that is used by the fnsave instruction) and so I'm
KF> guessing you end up in an endless loop with that page flipping
KF> between being read-only and read-write in the shadow page table.

KF> Hope that makes sense. :-)

AL> I understand what you are saying, but I'm confident that's not what's
AL> happening.  Just to be sure, I modified one of our analysis programs
AL> to list all the page tables and the PDT and confirmed that the page at
AL> virtual address 303b90 doesn't map to any of them.  In fact I verified
AL> that none of the present pages maps to any PT or the PDT.

Just to report final resolution.  The problem turned out to be that
the destination of the fnsave was to a page specifying read only
access and the OS was depending on CR0.WP=0 to permit write access in
kernel mode.  Xen doesn't allow this configuration unless using HAP
(Hardware Assisted Paging).

Many thanks to Keir for his invaluable assistance with this.

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.