[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dom0 PV looping on search_pre_exception_table()


  • To: Manuel Bouyer <bouyer@xxxxxxxxxxxxxxx>
  • From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • Date: Wed, 9 Dec 2020 16:00:02 +0000
  • Authentication-results: esa4.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 09 Dec 2020 16:00:17 +0000
  • Ironport-sdr: qAAMO42tiHbdG3unZHWa1BN7kCR2vVzwvIjP1g0jNOlWDlXLhRc7u609aSWX6+L2cFmYmxltU1 xvj1u+ZWjuDmTWtbfW/B5pXngGkSDJAI5dBt7wQM8t73WW6VPeDfZeIYBhhpj4ewtQrf9vhSFn ckmBqUzpSiP4DUoKsFO/guQqPbCY0OJss/dilmU0uMkabvhUkrf+nwo7Ij0JhfZQi5Hxs51b1P 4UdLhC/Tzw5+yLMdyTBAcukcVHp4LxBKgHP+r0k2agXY54OFiGkSfBhA9rIFTrVi8IJi/otkG9 X6w=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 09/12/2020 15:44, Manuel Bouyer wrote:
> On Wed, Dec 09, 2020 at 02:41:23PM +0000, Andrew Cooper wrote:
>> Huh, so it is the LDT, but we're not getting as far as inspecting the
>> target frame.
>>
>> I wonder if the LDT is set up correctly.
> I guess it is, otherwise it wouldn't boot with a Xen 4.13 kernel, isn't it ?

Well - you said you always saw it once on 4.13, which clearly shows that
something was wonky, but it managed to unblock itself.

>> How about this incremental delta?
> Here's the output
> (XEN) IRET fault: #PF[0000]                                                   
>  
> (XEN) %cr2 ffff820000010040, LDT base ffffc4800000a000, limit 0057            
>  
> (XEN) *** pv_map_ldt_shadow_page(0x40) failed                                 
>  
> (XEN) IRET fault: #PF[0000]                                                   
>  
> (XEN) %cr2 ffff820000010040, LDT base ffffc4800000a000, limit 0057            
>  
> (XEN) *** pv_map_ldt_shadow_page(0x40) failed                                 
>  
> (XEN) IRET fault: #PF[0000]                                                 

Ok, so the promotion definitely fails, but we don't get as far as
inspecting the content of the LDT frame.  This probably means it failed
to change the page type, which probably means there are still
outstanding writeable references.

I'm expecting the final printk to be the one which triggers.

~Andrew

diff --git a/xen/arch/x86/pv/mm.c b/xen/arch/x86/pv/mm.c
index 5d74d11cba..2823dc2894 100644
--- a/xen/arch/x86/pv/mm.c
+++ b/xen/arch/x86/pv/mm.c
@@ -87,14 +87,23 @@ bool pv_map_ldt_shadow_page(unsigned int offset)
 
     gl1e = guest_get_eff_kern_l1e(linear);
     if ( unlikely(!(l1e_get_flags(gl1e) & _PAGE_PRESENT)) )
+    {
+        printk(XENLOG_ERR "*** LDT: gl1e %"PRIpte" not present\n",
gl1e.l1);
         return false;
+    }
 
     page = get_page_from_gfn(currd, l1e_get_pfn(gl1e), NULL, P2M_ALLOC);
     if ( unlikely(!page) )
+    {
+        printk(XENLOG_ERR "*** LDT: failed to get gfn %05lx reference\n",
+               l1e_get_pfn(gl1e));
         return false;
+    }
 
     if ( unlikely(!get_page_type(page, PGT_seg_desc_page)) )
     {
+        printk(XENLOG_ERR "*** LDT: bad type: caf %016lx, taf=%016lx\n",
+               page->count_info, page->u.inuse.type_info);
         put_page(page);
         return false;
     }




 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.