[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [BUG] Emulation issues



On 30/07/15 11:24, Andrew Cooper wrote:
> On 30/07/15 11:16, Roger Pau Monnà wrote:
>> El 30/07/15 a les 12.12, Paul Durrant ha escrit:
>>>> -----Original Message-----
>>>> From: Roger Pau Monnà [mailto:roger.pau@xxxxxxxxxx]
>>>> Sent: 29 July 2015 14:54
>>>> To: Paul Durrant; xen-devel; Andrew Cooper
>>>> Subject: Re: [BUG] Emulation issues
>>>> I've applied your patch and the one from Andrew, so my current diff is:
>>>>
>>>> diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
>>>> index 30acb78..1bc3cc9 100644
>>>> --- a/xen/arch/x86/hvm/emulate.c
>>>> +++ b/xen/arch/x86/hvm/emulate.c
>>>> @@ -145,6 +145,8 @@ static int hvmemul_do_io(
>>>>              return X86EMUL_UNHANDLEABLE;
>>>>          goto finish_access;
>>>>      default:
>>>> +        gprintk(XENLOG_ERR, "weird emulation state %u\n",
>>>> +                vio->io_req.state);
>>>>          return X86EMUL_UNHANDLEABLE;
>>>>      }
>>>>
>>>> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
>>>> index ec1d797..38d6d99 100644
>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>> @@ -2747,6 +2747,7 @@ int hvm_send_ioreq(struct hvm_ioreq_server *s,
>>>> ioreq_t *proto_p,
>>>>          }
>>>>      }
>>>>
>>>> +    gprintk(XENLOG_ERR, "unable to contact device model\n");
>>>>      return X86EMUL_UNHANDLEABLE;
>>>>  }
>>>>
>>>> diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
>>>> index d3b9cae..12d50c2 100644
>>>> --- a/xen/arch/x86/hvm/io.c
>>>> +++ b/xen/arch/x86/hvm/io.c
>>>> @@ -163,7 +163,9 @@ int handle_pio(uint16_t port, unsigned int size, int 
>>>> dir)
>>>>          break;
>>>>      default:
>>>>          gdprintk(XENLOG_ERR, "Weird HVM ioemulation status %d.\n", rc);
>>>> -        domain_crash(curr->domain);
>>>> +        show_execution_state(&curr->arch.user_regs);
>>>> +        dump_execution_state();
>>>> +        domain_crash_synchronous();
>>>>          break;
>>>>      }
>>>>
>>>> And got the following panic while doing a `xl shutdown -w -a` of 20 HVM
>>>> guests:
>>>>
>>>> (XEN) irq.c:386: Dom19 callback via changed to Direct Vector 0x93
>>>> (XEN) irq.c:276: Dom19 PCI link 0 changed 5 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 1 changed 10 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 2 changed 11 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 3 changed 5 -> 0
>>>> (XEN) d10v0 weird emulation state 1
>>>> (XEN) io.c:165:d10v0 Weird HVM ioemulation status 1.
>>>> (XEN) Assertion 'diff < STACK_SIZE' failed at traps.c:91
>>>> (XEN) ----[ Xen-4.6-unstable  x86_64  debug=y  Tainted:    C ]----
>>>> (XEN) CPU:    0
>>>> (XEN) RIP:    e008:[<ffff82d080234b83>] show_registers+0x60/0x32f
>>>> (XEN) RFLAGS: 0000000000010212   CONTEXT: hypervisor (d10v0)
>>>> (XEN) rax: 000000001348fc88   rbx: ffff8300cc668290   rcx: 0000000000000000
>>>> (XEN) rdx: ffff8300dfaf0000   rsi: ffff8300cc668358   rdi: ffff8300dfaf7bb8
>>>> (XEN) rbp: ffff8300dfaf7bd8   rsp: ffff8300dfaf7a98   r8:  ffff83019d270000
>>>> (XEN) r9:  0000000000000004   r10: 0000000000000004   r11: 0000000000000001
>>>> (XEN) r12: ffff8300cc668000   r13: 0000000000000000   r14: ffff82c00026c000
>>>> (XEN) r15: ffff830198bf9000   cr0: 000000008005003b   cr4: 00000000000026e0
>>>> (XEN) cr3: 00000000cc77b000   cr2: ffff880002762df8
>>>> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
>>>> (XEN) Xen stack trace from rsp=ffff8300dfaf7a98:
>>>> (XEN)    ffff8300dfaf7ac8 ffff82d080144b11 0000000000000046
>>>> ffff8300dfaf7ac8
>>>> (XEN)    0000000000000046 0000000000000092 ffff8300dfaf7ae0
>>>> ffff82d08012cfd3
>>>> (XEN)    ffff82d0802a1bc0 ffff8300dfaf7af8 0000000000000046
>>>> 0000000000002001
>>>> (XEN)    0000000000002001 fffff80002089e28 0000000000000001
>>>> fffffe00003829c0
>>>> (XEN)    000000000000b004 0000000000000000 0000000000000014
>>>> 0000000000000002
>>>> (XEN)    000000000000b004 0000000000002001 000000000000b005
>>>> 000000000000b004
>>>> (XEN)    0000000000002001 000000000000b004
>>>> 0000beef0000beef<G><0>d15v0 weird emulation state 1
>>>> (XEN)  ffffffff8036fa45<G><0>io.c:165:d15v0 Weird HVM ioemulation status
>>>> 1.
>>>> (XEN)
>>>> (XEN)   Assertion 'diff < STACK_SIZE' failed at traps.c:91
>>>> (XEN)  000000bf0000beef----[ Xen-4.6-unstable  x86_64  debug=y  Tainted:
>>>> C ]----
>>>> (XEN)  0000000000000046CPU:    6
>>>> (XEN)  fffffe00003829c0RIP:    e008:[<ffff82d080234b83>] 000000000000beef
>>>> show_registers+0x60/0x32f
>>>> (XEN)
>>>> (XEN) RFLAGS: 0000000000010212    0000000000000000CONTEXT: hypervisor
>>>> 0000000000000000 (d15v0) 0000000000000000
>>>> (XEN) rax: 0000000121dd3c88   rbx: ffff83007b4c4290   rcx: 0000000000000000
>>>> (XEN)  0000000000000000rdx: ffff83019d290000   rsi: ffff83007b4c4358   rdi:
>>>> ffff83019d297bb8
>>>> (XEN)
>>>> (XEN)   rbp: ffff83019d297bd8   rsp: ffff83019d297a98   r8:  
>>>> ffff83019d270000
>>>> (XEN)  ffff8300cc668290r9:  0000000000000001   r10: 0000000000000001   r11:
>>>> 0000000000000001
>>>> (XEN)  ffff8300cc668000r12: ffff83007b4c4000   r13: 0000000000000000   r14:
>>>> ffff82c000299000
>>>> (XEN)  0000000000000000r15: ffff830198bf9000   cr0: 000000008005003b   cr4:
>>>> 00000000000026e0
>>>> (XEN)  ffff82c00026c000cr3: 000000007b5d7000   cr2: ffff8800026b14d8
>>>> (XEN)
>>>> (XEN)   ds: 002b   es: 002b   fs: 0000   gs: 0000   ss: e010   cs: e008
>>>> (XEN)  ffff8300dfaf7bf8Xen stack trace from rsp=ffff83019d297a98:
>>>> (XEN)    ffff82d08018dd4d ffff82d0802685bf 0000000000000001
>>>> ffff830198bf9000 0000000000000002 00007cfe62d68527
>>>> (XEN)    ffff82d08023b132 ffff8300dfaf7c38
>>>> (XEN)    ffff82d0801caff0 ffff830198bf9000 ffff8300dfaf7c38 
>>>> ffff82d0802685bf
>>>> 0000000000002001 ffff83019d297b70
>>>> (XEN)    0000000000000200 ffff8300cc7da000
>>>> (XEN)    ffff83019d29ecc0 ffff83019d297b98 ffff8300cc668000
>>>> 0000000000000000 ffff8300cc7da250 0000000000000001
>>>> (XEN)    0000000000002001 ffff8300dfaf7db8
>>>> (XEN)    ffff82d0801c5934 0000000000002001 8000000000000000
>>>> fffff80002089e28 ffff8300cc7da000 0000000000000001
>>>> (XEN)    fffffe00003829c0 ffff8300dfaf0000
>>>> (XEN)    ffff8300cc7da250 000000000000b004 ffff8300dfaf7cf8
>>>> 0000000000000000 00000000000cc277 0000000000000014
>>>> (XEN)    0000000000000002 0000000000000000
>>>> (XEN)    0000000000000001 000000000000b004 00000000000feff0
>>>> 0000000000002001 ffff8300ccfec820 000000000000b005
>>>> (XEN)    000000000000b004 ffff8300dfaf7d08
>>>> (XEN)    ffff82d0801f2009 0000000000002001 ffffffffffffffff 
>>>> 000000000000b004
>>>> ffffffffffffffff 0000beef0000beef
>>>> (XEN)    ffffffff8036fa45 00000000000001f0
>>>> (XEN)    000000004003b000 000000bf0000beef ffff8300cc7da000
>>>> 0000000000000046 0000000000000000 fffffe00003829c0
>>>> (XEN)    000000000000beef ffff8300ccfec820
>>>> (XEN)    00000000000cc278 0000000000000000 ffff8300ccfec820
>>>> 0000000000000000 ffff8300cc7da000 0000000000000000
>>>> (XEN)    0000000000000000 ffff8300dfaf7da8
>>>> (XEN)    ffff82d080122c5a ffff83007b4c4290 ffff8300dfaf7db8
>>>> ffff83007b4c4000 ffff8300dfaf7d28 0000000000000000
>>>> (XEN)  ffff82c000299000Xen call trace:
>>>> (XEN)
>>>> (XEN)      [<ffff82d080234b83>] show_registers+0x60/0x32f
>>>> (XEN)  ffff83019d297bf8   [<ffff82d08018dd4d>]
>>>> show_execution_state+0x11/0x20
>>>> (XEN)  ffff82d08018dd4d   [<ffff82d0801caff0>] handle_pio+0x129/0x158
>>>> (XEN)  0000000000000001   [<ffff82d0801c5934>]
>>>> hvm_do_resume+0x258/0x33e
>>>> (XEN)  0000000000000002   [<ffff82d0801e3166>]
>>>> vmx_do_resume+0x12b/0x142
>>> Ok, so this is a handle_pio() that's being called to pick up the results of 
>>> an I/O that was sent to an external emulator. Did you manage to apply my 
>>> patch too? I'd really like to know what part of the emulation handling is 
>>> actually returning X86EMUL_UNHANDLEABLE.
>> Yes, I've applied both patches at the same time and this is the output I
>> got. You can see my diff above the trace. Do you want me to apply only
>> your patch?
> This patch is in my queue for 4.7, and should prevent the interleaving
> of the messages.

Ahem! take two, without a missing unlock path.

~Andrew

diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 58ba4ea..5a808d4 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -417,18 +417,37 @@ void show_stack_overflow(unsigned int cpu, const
struct cpu_user_regs *regs)
 
 void show_execution_state(const struct cpu_user_regs *regs)
 {
+    /*
+     * Avoid interleaving the concurrent results from two cpus, but fault
+     * handlers need to take priority.
+     */
+    static DEFINE_SPINLOCK(lock);
+
+    spin_lock_recursive(&lock);
+
     show_registers(regs);
     show_stack(regs);
+
+    spin_unlock_recursive(&lock);
 }
 
 void vcpu_show_execution_state(struct vcpu *v)
 {
+    /*
+     * Avoid interleaving the concurrent results from two cpus, but fault
+     * handlers need to take priority.
+     */
+    static DEFINE_SPINLOCK(lock);
+
+    spin_lock_recursive(&lock);
+
     printk("*** Dumping Dom%d vcpu#%d state: ***\n",
            v->domain->domain_id, v->vcpu_id);
 
     if ( v == current )
     {
         show_execution_state(guest_cpu_user_regs());
+        spin_unlock_recursive(&lock);
         return;
     }
 
@@ -439,6 +458,8 @@ void vcpu_show_execution_state(struct vcpu *v)
         show_guest_stack(v, &v->arch.user_regs);
 
     vcpu_unpause(v);
+
+    spin_unlock_recursive(&lock);
 }
 
 static const char *trapstr(unsigned int trapnr)

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.