Xen project Mailing List

[BUG] RIP panic when using gdbsx and CONFIG_GDBSX is not set

From: Cheyenne Wills <cheyenne.wills@xxxxxxxxx>

Date: Fri, 15 Apr 2022 23:50:31 -0600

Delivery-date: Sat, 16 Apr 2022 05:51:00 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

I have a reproducible Xen hypervisor crash (tried 4.15 and 4.16) when using gdbsx to perform debugging on a guest. steps to reproduce: xen host system built without CONFIG_GDBSX configured start a linux guest attach gdbsx to the guest (e.g. gdbsx -a {domid} 64 9999 on a remote system, set up a debugging session for the linux kernel on the guest (in linux source tree that matches the guest) gdb vmlinux target remote {remotexen}:9999 lx-symbol At this point the xen system will have crashed with a RIP panic Rebuilding the xen hypervisor with CONFIG_GDBSX fixes the panic. ----- I'm using a gentoo system for the host DOM0 system and used the gentoo xen/xen-tools ebuild packages. I've tried the: xen-4.15.2-r2.ebuild and xen-4.16.0-r5.ebuild I was able to resolve the problem by stepping through their ebuild steps and performing a manual "make menuconfig" to enable CONFIG_GDBSX right before the compile step. ---- capture from xen serial console ---- ----- (XEN) ----[ Xen-4.16.0 x86_64 debug=n Not tainted ]---- (XEN) CPU: 6 (XEN) RIP: e008:[<ffff82d040269984>] iommu_do_domctl+0x4/0x30 (XEN) RFLAGS: 0000000000010202 CONTEXT: hypervisor (d0v0) (XEN) rax: 00000000000003e8 rbx: ffff830856277ef8 rcx: ffff830856277fff (XEN) rdx: 0000560164cad1e0 rsi: 0000000000000000 rdi: ffff830856277db0 (XEN) rbp: 0000560164cad1e0 rsp: ffff830856277c90 r8: 0000000000000001 (XEN) r9: 0000000000000001 r10: 0000000000000000 r11: 0000000000000000 (XEN) r12: ffff830856277db0 r13: 0000000000000000 r14: ffff83085624f000 (XEN) r15: 0000000000000000 cr0: 0000000080050033 cr4: 0000000000372660 (XEN) cr3: 00000004e64e4000 cr2: 0000000000000144 (XEN) fsb: 00007f02cdbbb740 gsb: ffff888173a00000 gss: 0000000000000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008 (XEN) Xen code around <ffff82d040269984> (iommu_do_domctl+0x4/0x30): (XEN) 00 0f 1f 00 f3 0f 1e fa <f6> 86 44 01 00 00 20 74 0b 0f ae e8 e9 ab 1b 00 (XEN) Xen stack trace from rsp=ffff830856277c90: (XEN) ffff82d04035cd5f 0000000000000000 ffffffff8109e860 ffff830856277ef8 (XEN) ffffffff0c926d00 0000000000000000 aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa (XEN) aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa (XEN) aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa ffff82d040580120 ffff8308562834b0 (XEN) ffff82d040461d00 0000000000000000 ffff830856277e68 0000560164cad1e0 (XEN) 0000560164cad1e0 ffff830856277db0 0000000000000000 ffff82d040239e46 (XEN) ffffc90040ebbb0c 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 00000000c0000102 0000000000000000 (XEN) ffffc90040ebbaa8 00000000c0000102 0000000d00000000 ffffffff8109e860 (XEN) 00000014000003e8 0000000000000001 0000000000000000 ffffffff82a15ec0 (XEN) 00005601656f06c0 0000000000000004 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 0000000000000000 ffff830856277ef8 ffff82d040238ff0 (XEN) 0000560164cad1e0 0000000000000000 0000000000000000 ffff83085623c000 (XEN) ffff82d0402f8c59 0000000000000000 0000000000000000 0000000000000000 (XEN) 0000000000000000 ffffffffffffffff 0000000000000000 0000000000000000 (XEN) ffff830856277ef8 ffff82d0402f5161 ffff83085623c000 0000000000000000 (XEN) 0000000000000000 0000000000000000 0000000000000000 0000000000000000 (XEN) ffff82d040366288 0000000000000000 ffff88811703ad00 00007ffcb2259d60 (XEN) Xen call trace: (XEN) [<ffff82d040269984>] R iommu_do_domctl+0x4/0x30 (XEN) [<ffff82d04035cd5f>] S arch_do_domctl+0x7f/0x2330 (XEN) [<ffff82d040239e46>] S do_domctl+0xe56/0x1930 (XEN) [<ffff82d040238ff0>] S do_domctl+0/0x1930 (XEN) [<ffff82d0402f8c59>] S pv_hypercall+0x99/0x110 (XEN) [<ffff82d0402f5161>] S arch/x86/pv/domain.c#_toggle_guest_pt+0x11/0x90 (XEN) [<ffff82d040366288>] S lstar_enter+0x128/0x130 (XEN) (XEN) Pagetable walk from 0000000000000144: (XEN) L4[0x000] = 0000000000000000 ffffffffffffffff (XEN) (XEN) **************************************** (XEN) Panic on CPU 6: (XEN) FATAL PAGE FAULT (XEN) [error_code=0000] (XEN) Faulting linear address: 0000000000000144 (XEN) **************************************** (XEN)

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.