Xen project Mailing List

Re: [Xen-devel] Fix VGA logdirty related display freezes with altp2m

To: Tamas K Lengyel <tamas.k.lengyel@xxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

From: Razvan Cojocaru <rcojocaru@xxxxxxxxxxxxxxx>

Date: Tue, 23 Oct 2018 01:15:35 +0300

Cc: Kevin Tian <kevin.tian@xxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxxxxx>, Jun Nakajima <jun.nakajima@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Mon, 22 Oct 2018 22:15:50 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

>>>> With the config fixed it boots but when I run DRAKVUF on the domain I >>>> get the following crash: >>>> >>>> (XEN) ----[ Xen-4.12-unstable x86_64 debug=y Not tainted ]---- >>>> (XEN) CPU: 0 >>>> (XEN) RIP: e008:[<000000007bdb630c>] 000000007bdb630c >>>> (XEN) RFLAGS: 0000000000010282 CONTEXT: hypervisor (d0v5) >>>> (XEN) rax: 00000000ee138470 rbx: 0000000000000000 rcx: 000000008000b098 >>>> (XEN) rdx: 0000000000000cf8 rsi: 0000000000000000 rdi: 000000046d2ef000 >>>> (XEN) rbp: 0000000000000000 rsp: ffff83005da27a10 r8: 0000000000000cf8 >>>> (XEN) r9: 0000000000000cf8 r10: ffff83005da27ab8 r11: ffff83005da27a08 >>>> (XEN) r12: 0000000000000000 r13: 0000000000000000 r14: 0000000000000065 >>>> (XEN) r15: 00000000000005a7 cr0: 0000000080050033 cr4: 0000000000372660 >>>> (XEN) cr3: 000000046d2ef000 cr2: 00000000ee138470 >>>> (XEN) fsb: 00007fe46d97bbc0 gsb: ffff880467f40000 gss: 0000000000000000 >>>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 >>>> (XEN) Xen code around <000000007bdb630c> (000000007bdb630c): >>>> (XEN) 80 74 0b 05 70 84 00 00 <c7> 00 00 00 00 e0 80 3d 7a 34 00 00 00 75 >>>> 64 48 >>>> (XEN) Xen stack trace from rsp=ffff83005da27a10:(XEN) Xen stack trace >>>> from rsp=ffff83005da27a10: >>>> (XEN) 0000000000000000 0000000000000065 ffff83005da27a50 >>>> ffff82d08037aafc >>>> (XEN) 00000000fffffffe ffff82d08037ae14 0000000000000000 >>>> ffff83005da27a90 >>>> (XEN) 0000000000372660 000000046d2ef000 0000000393e91000 >>>> ffff82d0809602b0 >>>> (XEN) 000000fe00000000 ffff82d0802a3b98 ffffffffffffffff >>>> ffff83005da27ab8 >>>> (XEN) ffff83005da27b08 ffff82d0802a3511 ffff82d08046b028 >>>> ffff83005da27b08 >>>> (XEN) ffff82d0802a3511 ffff83005da27fff 0000138800000292 >>>> 000082d0808176a0 >>>> (XEN) 0000000000000000 ffff82d08023b889 0000000000000292 >>>> ffff82d08046b028 >>>> (XEN) ffff82d080451ac8 ffff82d080454af2 00000000000005a7 >>>> ffff83005da27b78 >>>> (XEN) ffff82d080251d6f ffff82d080250fcd 0000000000000028 >>>> ffff83005da27b88 >>>> (XEN) ffff83005da27b38 000000000000e010 ffff82d080454c73 >>>> ffff82d080451ac8 >>>> (XEN) ffff82d080454af2 00000000000005a7 0000000000000030 >>>> ffff83005da27bf8 >>>> (XEN) ffff82d080454c73 ffff83005da27be8 ffff82d0802aaebc >>>> ffff82d08033f3dc >>>> (XEN) ffff82d080451ac8 ffff82d08037d969 ffff82d08037d95d >>>> ffff82d08037d969 >>>> (XEN) 0b0f82d08037d95d ffff82d08037d969 ffff83005fe5b000 >>>> 0000000000000000 >>>> (XEN) 0000000000000000 ffff83005da27fff 0000000000000000 >>>> 00007cffa25d83e7 >>>> (XEN) ffff82d08037da2d deadbeefdeadf00d ffff83018caf2530 >>>> ffff83005da27d38 >>>> (XEN) ffff83040a492830 ffff83005da27cc8 ffff83040bab2880 >>>> 0000000000000000 >>>> (XEN) 0000000000000000 deadbeefdeadf00d deadbeefdeadf00d >>>> 0000000000000000 >>>> (XEN) 0000000000000000 ffff830451835000 0000000000000000 >>>> ffff83040a492000 >>>> (XEN) 0000000600000000 ffff82d08033f3da 000000000000e008 >>>> 0000000000010282 >>>> (XEN) Xen call trace: >>>> (XEN) [<000000007bdb630c>] 000000007bdb630c >>>> (XEN) >>>> (XEN) Pagetable walk from 00000000ee138470: >>>> (XEN) L4[0x000] = 000000046d2ee063 ffffffffffffffff >>>> (XEN) L3[0x003] = 000000005da11063 ffffffffffffffff >>>> (XEN) L2[0x170] = 0000000000000000 ffffffffffffffff >>>> (XEN) >>>> (XEN) **************************************** >>>> (XEN) Panic on CPU 0: >>>> (XEN) FATAL PAGE FAULT >>>> (XEN) [error_code=0002] >>>> (XEN) Faulting linear address: 00000000ee138470 >>>> (XEN) **************************************** >>>> (XEN) >>>> (XEN) Reboot in five seconds... >>> This one I'm not sure about. What does your introspection agent do at >>> that point? >> >> This crash is bizarre. Xen has most likely followed a corrupt function >> pointer, because none of Xen's .text section live just below the 2G boundary >> > > It's reproducible and happens immediately after a successful call to > xc_altp2m_set_domain_state to enable altp2m. That can't be all that's needed. I assure you I've tested this with much more that just calling xc_altp2m_set_domain_state() with no crashes at all. Something else must happen as well. Could you write a simple C test application that does the minimum ammount of work needed to produce this crash? Thanks, Razvan _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.