[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] possible I/O emulation state machine issue

  • To: 'Jan Beulich' <JBeulich@xxxxxxxx>, Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • From: Paul Durrant <Paul.Durrant@xxxxxxxxxx>
  • Date: Fri, 23 Mar 2018 10:43:05 +0000
  • Accept-language: en-GB, en-US
  • Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Fri, 23 Mar 2018 10:43:19 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHTwfBBi5adLpVHTEqlkIU9odoDI6PcUJSAgAEMYgCAAEUU0A==
  • Thread-topic: [Xen-devel] possible I/O emulation state machine issue
> -----Original Message-----
> From: Xen-devel [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf
> Of Jan Beulich
> Sent: 23 March 2018 07:30
> To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
> Cc: xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>; Paul Durrant
> <Paul.Durrant@xxxxxxxxxx>
> Subject: Re: [Xen-devel] possible I/O emulation state machine issue
> 
> >>> On 22.03.18 at 16:29, <andrew.cooper3@xxxxxxxxxx> wrote:
> > On 22/03/18 15:12, Jan Beulich wrote:
> >> Paul,
> >>
> >> our PV driver person has found a reproducible crash with ws2k8,
> >> triggered by one of the WHQL tests. The guest get crashed because
> >> the re-issue check of an ioreq close to the top of hvmemul_do_io()
> >> fails. I've handed him a first debugging patch, output of which
> >> suggests that we're dealing with a completely new request, which
> >> in turn would mean that we've run into stale STATE_IORESP_READY
> >> state:
> >>
> >> (XEN) d2v3: t=0/1 a=3c4/fed000f0 s=2/4 c=1/1 d=0/1 f=0/0 p=0/0
> > v=100/ffff831873f27a30
> >> (XEN) ----[ Xen-4.10.0_15-0  x86_64  debug=n   Tainted:  C   ]----
> >
> > Irrespective of the issue at hand, can testing be tried with a debug
> > build to see if any of the assertions are hit?
> 
> Nothing, unfortunately. But at least the stack trace can be relied
> upon this way.
> 

Jan,

  I'm assuming the debug line above is indicating the former emulation before 
the '/' and the latter after? In which case it looks like an MMIO to the HPET 
(I think that's what's at 0xfed000f0) clashing with a port IO to the graphics 
device. So, why is the HPET emulation making it to QEMU? Are you trying to run 
Windows with Xen's HPET emulation turned on?

  Paul

> Jan
> 
> (XEN) d2v3: t=0/1 a=3ce/fed000f0 s=2/4 c=1/1 d=0/1 f=0/0 p=0/0
> v=406/ffff83387d21fa30
> (XEN) ----[ Xen-4.10.0_15-0  x86_64  debug=y   Tainted:  C   ]----
> (XEN) CPU:    62
> (XEN) RIP:    e008:[<ffff82d0802e58fc>]
> emulate.c#hvmemul_do_io+0x169/0x445
> (XEN) RFLAGS: 0000000000010292   CONTEXT: hypervisor (d2v3)
> (XEN) rax: ffff8308796f602c   rbx: ffff830007d26000   rcx: 0000000000000000
> (XEN) rdx: ffff83387d21ffff   rsi: 000000000000000a   rdi: ffff82d0804823b8
> (XEN) rbp: ffff83387d21f788   rsp: ffff83387d21f6a8   r8:  ffff830879d00000
> (XEN) r9:  0000000000000030   r10: 000000000000000f   r11: 00000000ffffffee
> (XEN) r12: 0000000000000004   r13: 0000000000000000   r14: ffff83387d21f850
> (XEN) r15: 0000000000000001   cr0: 0000000080050033   cr4: 00000000000026e0
> (XEN) cr3: 00000037d2026000   cr2: fffff880051d17ac
> (XEN) fsb: 0000000000000000   gsb: 0000000000000000   gss: 000007fffff98000
> (XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: e008
> (XEN) Xen code around <ffff82d0802e58fc>
> (emulate.c#hvmemul_do_io+0x169/0x445):
> (XEN)  00 00 00 e8 f5 e2 f6 ff <0f> 0b 48 83 c4 60 ba ab 00 00 00 48 8d 35 89 
> cd
> (XEN) Xen stack trace from rsp=ffff83387d21f6a8:
> (XEN)    0000000000000002 0000000000000004 0000000000000001
> 0000000000000001
> (XEN)    0000000000000000 0000000000000001 0000000000000000
> 0000000000000000
> (XEN)    0000000000000000 0000000000000000 0000000000000406
> ffff83387d21fa30
> (XEN)    ffff83387d21f798 00000000fed000f0 ffff831187beb000
> 000000017d21f914
> (XEN)    0000000000000000 000000000000014c 00000000000003ce
> 0000000000000406
> (XEN)    0000000200000001 0000000000000000 000000000000014c
> 0000000000000004
> (XEN)    0000000000000001 ffff83387d21fa30 00000000fed000f0
> ffff830007d269c8
> (XEN)    ffff83387d21f7c8 ffff82d0802e5c06 0000000000000000
> ffff83387d21fa30
> (XEN)    0000000000000004 0000000000000004 0000000000000000
> 00000000fed000f0
> (XEN)    ffff83387d21f898 ffff82d0802e6264 ffff83387d21fa30
> 0000000000000003
> (XEN)    ffff83387d21f860 ffff83387d21f858 0000000000000004 ffffffffffd070f0
> (XEN)    0000000000000003 ffff83387d21fc58 0000000400000001
> ffff83387d21f850
> (XEN)    0000000000000000 ffff83387d21fa30 01ff833800000004
> ffff83387d21fa30
> (XEN)    0000000000001b41 0000000000000001 0000000000000001
> 00000000fed000f0
> (XEN)    ffff8318ad778380 0000000000000004 ffff83387d21fc58
> 0000000000000001
> (XEN)    0000000000000002 ffff830007d26000 ffff83387d21f918
> ffff82d0802e725f
> (XEN)    0000000000000001 0000000000000000 ffff82d0803e6da0
> ffff83387d21fa30
> (XEN)    0000000000000001 ffffffffffd070f0 0000000000861efd
> 0000000000000004
> (XEN)    000000000000008b ffff83387d21f9c0 ffff83387d21fc58
> ffff82d0803e6da0
> (XEN)    ffff83387d21fef8 000000000000008b ffff83387d21f928
> ffff82d0802e73c3
> (XEN) Xen call trace:
> (XEN)    [<ffff82d0802e58fc>] emulate.c#hvmemul_do_io+0x169/0x445
> (XEN)    [<ffff82d0802e5c06>] emulate.c#hvmemul_do_io_buffer+0x2e/0x68
> (XEN)    [<ffff82d0802e6264>]
> emulate.c#hvmemul_linear_mmio_access+0x2b9/0x3fc
> (XEN)    [<ffff82d0802e725f>] emulate.c#__hvmemul_read+0x163/0x1fa
> (XEN)    [<ffff82d0802e73c3>] emulate.c#hvmemul_read+0x1c/0x2a
> (XEN)    [<ffff82d0802ab5e2>] x86_emulate.c#read_ulong+0x13/0x15
> (XEN)    [<ffff82d0802aeeb1>] x86_emulate+0x47d/0x1efa3
> (XEN)    [<ffff82d0802cd9fd>] x86_emulate_wrapper+0x26/0x5f
> (XEN)    [<ffff82d0802e6cf0>] emulate.c#_hvm_emulate_one+0x54/0x173
> (XEN)    [<ffff82d0802e6e1f>] hvm_emulate_one+0x10/0x12
> (XEN)    [<ffff82d0802f4cc3>] hvm_emulate_one_insn+0x42/0x130
> (XEN)    [<ffff82d0802f4e00>] handle_mmio_with_translation+0x4f/0x51
> (XEN)    [<ffff82d0802ec25e>] hvm_hap_nested_page_fault+0x1e4/0x6b6
> (XEN)    [<ffff82d0803191ea>] vmx_vmexit_handler+0x1796/0x1d3d
> (XEN)    [<ffff82d08031e6e8>] vmx_asm_vmexit_handler+0xe8/0x250
> (XEN)
> (XEN) domain_crash called from emulate.c:171
> (XEN) Domain 2 (vcpu#3) crashed on cpu#62:
> (XEN) ----[ Xen-4.10.0_15-0  x86_64  debug=y   Tainted:  C   ]----
> (XEN) CPU:    62
> (XEN) RIP:    0010:[<fffff80001b4111e>]
> (XEN) RFLAGS: 0000000000010046   CONTEXT: hvm guest (d2v3)
> (XEN) rax: ffffffffffd07000   rbx: 0000000000000000   rcx: 0000000c800022a5
> (XEN) rdx: fffffffffffffd5b   rsi: fffffa60019dba00   rdi: fffffa80049bf3e0
> (XEN) rbp: fffffa80049da440   rsp: fffffa60019ffcd8   r8:  0000000000000000
> (XEN) r9:  0000000000000001   r10: 0000000000000000   r11: 0000000000000000
> (XEN) r12: 0000000000000000   r13: 0000000000000912   r14: fffffa8003c20950
> (XEN) r15: 0000000000019274   cr0: 0000000080050031   cr4: 00000000000006f8
> (XEN) cr3: 0000000000124000   cr2: fffff880051d17ac
> (XEN) fsb: 00000000fff9a000   gsb: fffffa60019d8000   gss: 000007fffffa2000
> (XEN) ds: 002b   es: 002b   fs: 0053   gs: 002b   ss: 0018   cs: 0010
> 
> 
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxxx
> https://lists.xenproject.org/mailman/listinfo/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.