[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Xen-unstable 4.8: HVM domain_crash called from emulate.c:144 RIP: c000:[<000000000000336a>]



On 06/15/2016 10:20 AM, Boris Ostrovsky wrote:
> On 06/15/2016 10:07 AM, Jan Beulich wrote:
>>>>> On 15.06.16 at 15:58, <linux@xxxxxxxxxxxxxx> wrote:
>>> Wednesday, June 15, 2016, 2:48:55 PM, you wrote:
>>>> Apart from that, and just to see whether there are other differences
>>>> between your guest(s) and mine, could you post a guest config from
>>>> one that's affected?
>>> Hope you are not too disappointed it's rather sparse:
>> In no way.
>>
>>> builder='hvm'
>>> device_model_version = 'qemu-xen'
>>> device_model_user = 'root'
>>> memory = 512
>>> name = 'test_guest'
>>> vcpus = 4
>>> cpu_weight = 768
>>> vif = [ 'bridge=xen_bridge, ip=192.168.1.15, mac=00:16:3E:C4:72:83, 
>>> model=e1000' ]
>>> disk = [ 'phy:/dev/xen_vms/test_guest1,hda,w', 
>>> 'phy:/dev/xen_vms/test_guest2,hdb,w' ]
>>> on_crash = 'preserve'
>>> boot='c'
>>> vnc=0
>>> serial='pty'
>> I wonder whether mine having
>>
>> stdvga=0
>>
>> matters. Albeit a quick test passing stdvga=1 works here. And I
>> don't think the vnc= setting should have an effect here.
> Our nightly picked up this crash as well on an AMD box (Intel passed).
>
> I believe this is due to
>
> +       if ( *reps * bytes_per_rep > bytes )
> +            *reps = bytes / bytes_per_rep;
>
> in hvmemul_rep_stos() and then, as you pointed out in another message,
> we fail p.count > *reps comparison.
>
> -boris
>
> -boris
> in hvmemul_rep_stos.
>


So perhaps we shouldn't latch data for anything over page size.
Something like this (it seems to work):

diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
index d164092..6fabb76 100644
--- a/xen/arch/x86/hvm/emulate.c
+++ b/xen/arch/x86/hvm/emulate.c
@@ -1195,7 +1195,8 @@ static int hvmemul_rep_movs(
         if ( rc != X86EMUL_OKAY )
             return rc;
 
-        latch_linear_to_phys(vio, saddr, sgpa, 0);
+        if ( *reps * bytes_per_rep <= PAGE_SIZE)
+            latch_linear_to_phys(vio, saddr, sgpa, 0);
     }
 
     bytes = PAGE_SIZE - (daddr & ~PAGE_MASK);
@@ -1214,7 +1215,8 @@ static int hvmemul_rep_movs(
         if ( rc != X86EMUL_OKAY )
             return rc;
 
-        latch_linear_to_phys(vio, daddr, dgpa, 1);
+        if ( *reps * bytes_per_rep <= PAGE_SIZE)
+            latch_linear_to_phys(vio, daddr, dgpa, 1);
     }
 
     /* Check for MMIO ops */
@@ -1339,7 +1341,8 @@ static int hvmemul_rep_stos(
         if ( rc != X86EMUL_OKAY )
             return rc;
 
-        latch_linear_to_phys(vio, addr, gpa, 1);
+        if ( *reps * bytes_per_rep <= PAGE_SIZE)
+            latch_linear_to_phys(vio, addr, gpa, 1);
     }
 
     /* Check for MMIO op */


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.