This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-devel] Bug: Xen panics with #UD in acpi_processor_idle()

To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Bug: Xen panics with #UD in acpi_processor_idle()
From: Rafal Wojtczuk <rafal@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 22 Nov 2010 14:02:07 +0100
Delivery-date: Mon, 22 Nov 2010 05:07:53 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-12-10)

There seems to be an issue with handling of
is that Xen panics because of #UD after trying to execute "monitor"
instruction. Most likely Xen does not bother to set this bit, leaving
it to BIOS. If I understand correctly, it is mere reliability issue, not
triggerable from any domain.

The problem can be reproduced with Xen-4.0.1 or tip of xen-4.0-testing.hg, 
dom0 being taken from
http://fedorapeople.org/~myoung/dom0. Processor is i5-650 on Intel Q57.
Panic happens just after starting dom0. 
I have verified (by adding rdmsr(MSR_IA32_MISC_ENABLE) in the panic code)
that indeed MSR_IA32_MISC_ENABLE_MONITOR_ENABLE is not set (it is 810088).
The same value is present in the msr when in init_done() function.
If I hardcode setting this bit just before __monitor(), all is fine. So it
looks like my crappy BIOS has not set this bit, and Xen has not either, yet
it tried to use monitor/mwait ? 

Somehow offtopic: what is the purpose of cheating about
MSR_IA32_MISC_ENABLE_MONITOR_ENABLE state to dom0 in rdmsr emulation ?
        case MSR_IA32_MISC_ENABLE:
            if ( rdmsr_safe(regs->ecx, regs->eax, regs->edx) )
                goto fail;
            regs->eax &= ~(MSR_IA32_MISC_ENABLE_PERF_AVAIL |
            regs->eax |= MSR_IA32_MISC_ENABLE_BTS_UNAVAIL |
                         MSR_IA32_MISC_ENABLE_PEBS_UNAVAIL |

Rafal Wojtczuk

(XEN) ----[ Xen-4.0.2-rc1-pre  x86_64  debug=n  Not tainted ]----
(XEN) CPU:    0
(XEN) RIP:    e008:[<ffff82c48018db7f>] acpi_processor_idle+0x3cf/0x810
(XEN) RFLAGS: 0000000000010086   CONTEXT: hypervisor
(XEN) rax: ffff8300cacfc000   rbx: ffff830121634840   rcx: 0000000000000000
(XEN) rdx: 0000000000000000   rsi: 0000000000000020   rdi: 0000000000000000
(XEN) rbp: ffff830121634900   rsp: ffff82c480367e80   r8:  000000020bc8ef41
(XEN) r9:  0000000000000004   r10: ffff82c480397120   r11: 0000000000000001
(XEN) r12: 00000000000000c0   r13: 0000000000f977e3   r14: ffff8300cacfc000
(XEN) r15: 0000000000000002   cr0: 000000008005003b   cr4: 00000000000026f0
(XEN) cr3: 0000000119001000   cr2: ffff880000736860
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: e010   cs: e008
(XEN) Xen stack trace from rsp=ffff82c480367e80:
(XEN)    ffffffffffffffff ffff82c48025f100 ffff82c48011f537 ffff8300cacfc000
(XEN)    ffffffffffffffff ffffffff817db6b0 0000000000000000 0000000000000000
(XEN)    000000008037a980 000003c7000003c7 ffff82c48037e980 ffff82c480367f28
(XEN)    ffff82c48025fb00 ffff82c480367f28 ffff82c480367e18 ffff8300cacfc000
(XEN)    0000000000000002 ffff82c48014f02e ffff8300cacfc000 ffff8300cb4f8000
(XEN)    00000000ffffffff 0000000000000000 ffffffffffffffff 0000000000000000
(XEN)    ffffffff817db6b0 ffffffff81683f10 ffffffff81682000 0000000000000246
(XEN)    0000000000015740 ffff8800077e6160 0000000000000000 0000000000000000
(XEN)    ffffffff810093aa 0000000000000246 0000000000000000 0000000000000001
(XEN)    0000010000000000 ffffffff810093aa 000000000000e033 0000000000000246
(XEN)    ffffffff81683ef8 000000000000e02b 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 ffff8300cacfc000
(XEN) Xen call trace:
(XEN)    [<ffff82c48018db7f>] acpi_processor_idle+0x3cf/0x810
(XEN)    [<ffff82c48011f537>] timer_softirq_action+0x227/0x370
(XEN)    [<ffff82c48014f02e>] idle_loop+0x2e/0x90
(XEN) ****************************************
(XEN) Panic on CPU 0:
(XEN) FATAL TRAP: vector = 6 (invalid opcode)
(XEN) ****************************************
(XEN) Reboot in five seconds...

[root@f13q45 xen]# gdb xen-syms 
Reading symbols from /root/xen/xen-4.0-testing.hg/xen/xen-syms...done.
(gdb) x/2i 0xffff82c48018db7f
   0xffff82c48018db7f <acpi_processor_idle+975>:        monitor %rax,%rcx,%rdx
   0xffff82c48018db82 <acpi_processor_idle+978>:        mfence

Xen-devel mailing list

<Prev in Thread] Current Thread [Next in Thread>