Yeah, sad thing is that NX feature has never been tapped correctly,
especially, after introduction of smx and tpm dependencies. I guess, it was
never dawned on security folks on how to tie-in segment level page execution
to MLE/no-dma stuff. Nonetheless, delayed crash on disabled nx bit 64 bit
system seems to be odd as I've known most cases related to processor
support.
If system crashes after sometime, and cat /proc/cpuinfo show nx on nx
disabled system, it may elude something's goofy with BIOS or CPU. One more
thing, after setting NX to off, make sure to 'power off' the system, many
options in the BIOS require a cold boot.
-----Original Message-----
From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jeremy
Fitzhardinge
Sent: Tuesday, December 14, 2010 2:19 PM
To: Kaushik Barde
Cc: 'Qiangmin Lin'; olaf@xxxxxxxxx; xen-devel@xxxxxxxxxxxxxxxxxxx;
'fanliang'
Subject: Re: [Xen-devel] Domain0 crash on Bad L1 flags 800000
On 12/14/2010 02:03 PM, Kaushik Barde wrote:
> True, I was referring to NX bit disablement causing boot issues 32-bit
> kernel without PAE support. Has anyone tested 64 bit kernels without NX
bit?
It does get tested occasionally, and there are some old Intel 64-bit
CPUs which don't support NX. But running without NX is pretty uncommon
these days, so I'm wondering what the reason for doing so is here.
If there is a genuine NX problem, then it should crash very early. If
this crash is happening after some amount of uptime, then it suggests
there's some memory corruption setting NX by accident.
J
> -----Original Message-----
> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jeremy
> Fitzhardinge
> Sent: Tuesday, December 14, 2010 1:57 PM
> To: Kaushik Barde
> Cc: 'Qiangmin Lin'; olaf@xxxxxxxxx; xen-devel@xxxxxxxxxxxxxxxxxxx;
> 'fanliang'
> Subject: Re: [Xen-devel] Domain0 crash on Bad L1 flags 800000
>
> On 12/14/2010 01:20 PM, Kaushik Barde wrote:
>> Maybe kernel compiled with PAE (and HIGHMEM64) options, Try recompiling
>> kernel without and see.
> 32-bit kernels must be compiled with PAE - non-PAE 32-bit PV kernels are
> not supported.
>
> Neither option is relevant on 64-bit.
>
> J
>
>> -Kaushik
>>
>> -----Original Message-----
>> From: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
>> [mailto:xen-devel-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Jeremy
>> Fitzhardinge
>> Sent: Tuesday, December 14, 2010 12:37 PM
>> To: Qiangmin Lin
>> Cc: olaf@xxxxxxxxx; xen-devel@xxxxxxxxxxxxxxxxxxx; fanliang
>> Subject: Re: [Xen-devel] Domain0 crash on Bad L1 flags 800000
>>
>> On 12/08/2010 06:53 PM, Qiangmin Lin wrote:
>>> Hi all, My dom0 kernel is 2.6.32.12-xen and Xen 3.4.2.
>>> I had closed "No Execute" in BIOS, but I see flags 800000 which mean
>> _PAGE_NX in crash information.
>>
>> This looks like the same bug your colleague fanliang reported to me. Was
>> this after a long period of uptime? What was running at the time?
>>
>> I'm curious why you're using that particular kernel, and why you're
>> running with NX disabled.
>>
>> Thanks,
>> J
>>
>>>
>>> (XEN) mm.c:720:d0 Bad L1 flags 800000
>>> (XEN) mm.c:4203:d0 ptwr_emulate: could not get_page_from_l1e()
>>> (XEN) domain_crash_sync called from entry.S
>>> (XEN) Domain 0 (vcpu#2) crashed on cpu#2:
>>> (XEN) ----[ Xen-3.4.2 x86_64 debug=n Not tainted ]----
>>> (XEN) CPU: 2
>>> (XEN) RIP: e033:[<ffffffffa0375fcc>]
>>> (XEN) RFLAGS: 0000000000010292 EM: 0 CONTEXT: pv guest
>>> (XEN) rax: ffffffffa0376120 rbx: ffff880075222000 rcx:
>> 0000000000000001
>>> (XEN) rdx: ffff88000402b000 rsi: 0000000000000000 rdi:
>> ffff880075222048
>>> (XEN) rbp: ffff880075222000 rsp: ffff8800a5db5ff8 r8:
>> ffffe8ffffeb0588
>>> (XEN) r9: 0000000000000001 r10: 0000000000000000 r11:
>> ffffffffa0376120
>>> (XEN) r12: ffff880075222048 r13: ffff8800c8a69000 r14:
>> ffff880075222058
>>> (XEN) r15: 00007f44fd7802d0 cr0: 0000000080050033 cr4:
>> 00000000000026f0
>>> (XEN) cr3: 00000008dbaf8000 cr2: ffff8800a5db5ff0
>>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e02b cs: e033
>>> (XEN) Guest stack trace from rsp=ffff8800a5db5ff8:
>>> (XEN) ffff8800c8a69000 ffff880075222000 ffff88002bcc6500
>> ffffffffa0376144
>>> (XEN) ffff8800c8a69000 ffff8800888f7380 ffff8800c8a690f8
>> ffffffffa0377e3c
>>> (XEN) 0000000000000000 0000000000000000 0000000000000000
>> 0000000000000000
>>> (XEN) ffff8800c8a69000 ffff880075222000 ffff88002bcc6500
>> ffff8800c8a69000
>>> (XEN) ffff880075222058 ffffffffa0376161 ffff8800c8a69000
>> ffff8800888f7380
>>> (XEN) ffff8800c8a690f8 ffffffffa0377e3c 0000000000000000
>> 0000000000000000
>>> (XEN) 0000000000000000 0000000000000000 ffff8800c8a69000
>> ffff880075222000
>>> (XEN) ffff88002bcc6500 ffff8800c8a69000 ffff880075222058
>> ffffffffa0376161
>>> (XEN) ffff8800c8a69000 ffff8800888f7380 ffff8800c8a690f8
>> ffffffffa0377e3c
>>> (XEN) 0000000000000000 0000000000000000 0000000000000000
>> 0000000000000000
>>> (XEN) ffff8800c8a69000 ffff880075222000 ffff88002bcc6500
>> ffff8800c8a69000
>>> (XEN) ffff880075222058 ffffffffa0376161 ffff8800c8a69000
>> ffff8800888f7380
>>> (XEN) ffff8800c8a690f8 ffffffffa0377e3c 0000000000000000
>> 0000000000000000
>>> (XEN) 0000000000000000 0000000000000000 ffff8800c8a69000
>> ffff880075222000
>>> (XEN) ffff88002bcc6500 ffff8800c8a69000 ffff880075222058
>> ffffffffa0376161
>>> (XEN) ffff8800c8a69000 ffff8800888f7380 ffff8800c8a690f8
>> ffffffffa0377e3c
>>> (XEN) 0000000000000000 0000000000000000 0000000000000000
>> 0000000000000000
>>> (XEN) ffff8800c8a69000 ffff880075222000 ffff88002bcc6500
>> ffff8800c8a69000
>>> (XEN) ffff880075222058 ffffffffa0376161 ffff8800c8a69000
>> ffff8800888f7380
>>> (XEN) ffff8800c8a690f8 ffffffffa0377e3c 0000000000000000
>> 0000000000000000
>>> (XEN) Domain 0 crashed: rebooting machine in 5 seconds.
>>> [1182692.327659] BUG: unable to handle kernel
>>> please help me
>>> L
>>>
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>>> http://lists.xensource.com/xen-devel
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-devel
>>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-devel
>
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|