[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] Debugging DomU

On Fri, 2015-05-01 at 19:16 +0000, Chris Brand wrote:
> > I think xenctx (from $prefix/lib/xen/bin) should work, which will get you 
> > at least register state including, hopefully, a useful r15 which gdb or 
> > addr2line can convert back to a source line in the kernel.
> Thanks, Ian. That does give me something to go on, at least. One thing that 
> leaps out is "PC = 0000000c".

That usually suggests that the kernel has taken an abort before the
vector table has been initialised...

You might find that the LR register for the current mode gives you the
PC where the fault occurred, but often these things are recursive since
there is nothing mapped at address 0 so it just keeps on faulting which
clobbers the LR repeatedly.

For dom0 I have in the past used the patch below to turn such events
into something more useful, you could try applying something similar to
the userspace domain builder. Perhaps bodge something into
tools/libxc/xc_dom_arm.c e.g. in alloc_magic_pages or maybe

If you do get something like that working then posting it (maybe to
-devel) so people can pull it from the archives next time (since I would
assume it would be too ugly to actually apply) would be very useful. Be
sure to say "Potentially useful debug hack, not to be applied" to warn
off potential reviewers ;-)


commit 731d32f462353635deeddc24ae530acd5702ec80
Author: Ian Campbell <ian.campbell@xxxxxxxxxx>
Date:   Fri Dec 6 10:00:58 2013 +0000

    DEBUG-HACK: Add hypervisor traps to page at address 0
    This catches any early guest traps and redirects them to the hypervisor.

diff --git a/xen/arch/arm/domain_build.c b/xen/arch/arm/domain_build.c
index e501d2a..5fefdab 100644
--- a/xen/arch/arm/domain_build.c
+++ b/xen/arch/arm/domain_build.c
@@ -958,6 +958,34 @@ static void initrd_load(struct kernel_info *kinfo)
         offs += l;
+static void ma_zero_hack(struct domain *d)
+    paddr_t ma = 0;
+    uint32_t *dst;
+    int res;
+//    return;
+    /*
+     * Set temporary guest traps with 0xe14fff7c which is hvc(0xfffc) a hyp
+     * panic! TODO: Find why:
+     *  1) Xen abort directly after local_abort_enable when
+     *  the p2m_populate_ram is not here.
+     *  2) Linux doesn't start without this trick
+     */
+    p2m_populate_ram(d, 0x0, 0x1000 - 1);
+    res = gvirt_to_maddr(0, &ma);
+    if ( res )
+        panic(XENLOG_ERR "Unable to translate guest address\n");
+    printk("MA0 hack MFN at %"PRIpaddr"\n", ma);
+    dst = map_domain_page(ma >> PAGE_SHIFT);
+//    dst[0] = dst[1] = dst[2] = 0xe14fff7f;
+    dst[0] = dst[1] = dst[2] = 0xe14fff7c;
+    dst[3] = dst[4] = dst[5] = 0xe14fff7c;
+    unmap_domain_page(dst);
 int construct_dom0(struct domain *d)
@@ -1015,6 +1043,8 @@ int construct_dom0(struct domain *d)
+    ma_zero_hack(d);
     v->is_initialised = 1;

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.