On 08/20/09 16:17, M A Young wrote:
> On Thu, 20 Aug 2009, Jeremy Fitzhardinge wrote:
>
>> On i386, if %gs hasn't been loaded properly then using it as a base for
>> a memory access will GP.
>>
>> Try this:
>>
>> diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
>> index 2e58099..3ebcbb2 100644
>> --- a/arch/x86/xen/enlighten.c
>> +++ b/arch/x86/xen/enlighten.c
>> @@ -51,6 +51,7 @@
>> #include <asm/pgtable.h>
>> #include <asm/tlbflush.h>
>> #include <asm/reboot.h>
>> +#include <asm/stackprotector.h>
>>
>> #include "xen-ops.h"
>> #include "mmu.h"
>> @@ -1013,13 +1014,8 @@ asmlinkage void __init xen_start_kernel(void)
>> pv_apic_ops = xen_apic_ops;
>> pv_mmu_ops = xen_mmu_ops;
>>
>> -#ifdef CONFIG_X86_64
>> - /*
>> - * Setup percpu state. We only need to do this for 64-bit
>> - * because 32-bit already has %fs set properly.
>> - */
>> - load_percpu_segment(0);
>> -#endif
>> + setup_stack_canary_segment(0);
>> + switch_to_new_gdt(0);
>>
>> xen_init_irq_ops();
>> xen_init_cpuid_mask();
>
> It crashes with this patch (x86_64 also crashes) as follows
Yeah that was a bit of a shot in the dark; I'd been avoiding setting the
GDT that early because its all a bit fragile, and aside from
stack-protector we can get away with Xen's GDT for quite a while.
Hm, its pretty fiddly... Let me see what I can come up with.
>
> (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch
> input to Xen)
> (XEN) Freed 116kB init memory.
> (XEN) d0:v0: unhandled page fault (ec=0000)
> (XEN) Pagetable walk from 00000014:
> (XEN) L3[0x000] = 000000003a032001 00002032
> (XEN) L2[0x000] = 0000000000000000 ffffffff
> (XEN) domain_crash_sync called from entry.S (ff1b221e)
> (XEN) Domain 0 (vcpu#0) crashed on cpu#0:
> (XEN) ----[ Xen-3.4.1 x86_32p debug=n Not tainted ]----
> (XEN) CPU: 0
> (XEN) EIP: e019:[<c04064cc>]
> (XEN) EFLAGS: 00000282 EM: 1 CONTEXT: pv guest
> (XEN) eax: c0b1c0e0 ebx: c0b1c0e0 ecx: 00000010 edx: 0000001c
> (XEN) esi: c0aa3fd8 edi: c0a1592c ebp: c0aa3fb8 esp: c0aa3f94
> (XEN) cr0: 8005003b cr4: 000006f0 cr3: 3a031000 cr2: 00000014
> (XEN) ds: e021 es: e021 fs: e021 gs: e021 ss: e021 cs: e019
> (XEN) Guest stack trace from esp=c0aa3f94:
> (XEN) 00000000 c04064cc 0001e019 00010082 00000000 00000000
> 00000010 c0aa3fd8
>
> (XEN) c0a1592c c0aa3fcc c0403e3f 00000010 c0ae93f4 c0a1592c
> c0aa3ffc c0aab798
>
> (XEN) 00000010 e0f00018 c04090b1 00000000 00000000 00000000
> 00000000 00000000
>
> (XEN) c2030000 00000000 00000000
> (XEN) Domain 0 crashed: rebooting machine in 5 seconds.
>
> The instruction and context is
> (gdb) x/i 0xc04064cc
> 0xc04064cc <arbitrary_virt_to_machine+16>: mov %gs:0x14,%eax
> (gdb) x/15i arbitrary_virt_to_machine
> 0xc04064bc <arbitrary_virt_to_machine>: push %ebp
> 0xc04064bd <arbitrary_virt_to_machine+1>: mov %esp,%ebp
> 0xc04064bf <arbitrary_virt_to_machine+3>: push %edi
> 0xc04064c0 <arbitrary_virt_to_machine+4>: push %esi
> 0xc04064c1 <arbitrary_virt_to_machine+5>: push %ebx
> 0xc04064c2 <arbitrary_virt_to_machine+6>: sub $0x8,%esp
> 0xc04064c5 <arbitrary_virt_to_machine+9>: call 0xc040bc14 <mcount>
> 0xc04064ca <arbitrary_virt_to_machine+14>: mov %eax,%ebx
> 0xc04064cc <arbitrary_virt_to_machine+16>: mov %gs:0x14,%eax
> 0xc04064d2 <arbitrary_virt_to_machine+22>: mov %eax,-0x10(%ebp)
> 0xc04064d5 <arbitrary_virt_to_machine+25>: xor %eax,%eax
> 0xc04064d7 <arbitrary_virt_to_machine+27>: mov %ebx,%eax
> 0xc04064d9 <arbitrary_virt_to_machine+29>:
> call 0xc042f95c <__virt_addr_valid>
> 0xc04064de <arbitrary_virt_to_machine+34>: test %al,%al
> 0xc04064e0 <arbitrary_virt_to_machine+36>:
> je 0xc040650e <arbitrary_virt_to_machine+82>
>
> Michael Young
>
Thanks,
J
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
Home