Xen project Mailing List

Re: [Xen-devel] Xen 4.6.1 crash with altp2m enabled bydefault

To: <JBeulich@xxxxxxxx>

From: <Kevin.Mayer@xxxxxxxx>

Date: Fri, 5 Aug 2016 12:51:55 +0000

Accept-language: de-DE, en-US

Cc: andrew.cooper3@xxxxxxxxxx, xen-devel@xxxxxxxxxxxxx

Delivery-date: Fri, 05 Aug 2016 12:52:13 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AdHpan9MOz4yjQpsRm+be9rxBdX5KAABXWeAAMyAUGAAAdu7AAA3ibpA///sXYD//lvYcIADUtwA//58UxA=

Thread-topic: AW: AW: [Xen-devel] Xen 4.6.1 crash with altp2m enabled by default

According to the xen dmesg (XEN) RIP: e008:[<ffff82d0801fd23a>] vmx_vmenter_helper+0x27e/0x30a (XEN) RFLAGS: 0000000000010003 CONTEXT: hypervisor (XEN) rax: 000000008005003b rbx: ffff8300e72fc000 rcx: 0000000000000000 (XEN) rdx: 0000000000006c00 rsi: ffff830617fd7fc0 rdi: ffff8300e6fc0000 (XEN) rbp: ffff830617fd7c40 rsp: ffff830617fd7c30 r8: 0000000000000000 (XEN) r9: ffff830be8dc9310 r10: 0000000000000000 r11: 00003475e9cf85d0 (XEN) r12: 0000000000000006 r13: ffff830c14ee1000 r14: ffff8300e6fc0000 (XEN) r15: ffff830617fd0000 cr0: 000000008005003b cr4: 00000000000026e0 (XEN) cr3: 00000001bd665000 cr2: 0000000004510000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0000 cs: e008 0xffff82d0801fa0c3 <vmx_ctxt_switch_from+85>: mov $0x6c00,%edx 0xffff82d0801fa0c8 <vmx_ctxt_switch_from+90>: vmwrite %rax,%rdx The vmwrite tries to write 0x000000008005003b to 0x6c00. But the active VCPU has a 0-vmcs-pointer. > -----Ursprüngliche Nachricht----- > Von: Jan Beulich [mailto:JBeulich@xxxxxxxx] > Gesendet: Donnerstag, 4. August 2016 17:36 > An: Mayer, Kevin <Kevin.Mayer@xxxxxxxx> > Cc: andrew.cooper3@xxxxxxxxxx; xen-devel@xxxxxxxxxxxxx > Betreff: Re: AW: AW: [Xen-devel] Xen 4.6.1 crash with altp2m enabled by > default > > >>> On 04.08.16 at 17:08, <Kevin.Mayer@xxxxxxxx> wrote: > > crash> x /130x 0xffff830bd0da1000 > > 0xffff830bd0da1000: 0x000000000000000e 0x0000000000000000 > > 0xffff830bd0da1010: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1020: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1030: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1040: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1050: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1060: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1070: 0x0000000000000000 0x0000000bd0da3000 > > 0xffff830bd0da1080: 0x0000000c17e36000 0x0000000000000000 > > 0xffff830bd0da1090: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da10a0: 0x00000000e7512000 0x00000000e7513000 > > 0xffff830bd0da10b0: 0x0000000bd0da0000 0x0000000000000000 > > 0xffff830bd0da10c0: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da10d0: 0x0000000000000000 0x0000006fedea809b > > 0xffff830bd0da10e0: 0x00000001a379e000 0x0000000610f9101e > > 0xffff830bd0da10f0: 0x0000000000000000 0xffffffffffffffff > > 0xffff830bd0da1100: 0x0000000000000000 0x0007010600070106 > > 0xffff830bd0da1110: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1120: 0x0000006bb6a075fa 0x000600420000003f > > 0xffff830bd0da1130: 0x0000000000000000 0x000fefff00000000 > > 0xffff830bd0da1140: 0x0000000000000000 0x00000000000051ff > > 0xffff830bd0da1150: 0x0000000000000041 0x0000000000000000 > > 0xffff830bd0da1160: 0x0000000000000000 0x0000000c00000000 > > 0xffff830bd0da1170: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1180: 0x0000000000000001 0x0000000000000000 > > 0xffff830bd0da1190: 0x0000000800000000 0x0000000000000000 > > 0xffff830bd0da11a0: 0x0000000000000001 0x0000000000000096 > > 0xffff830bd0da11b0: 0xffff82d0802bc208 0x00000000806f6dbc > > 0xffff830bd0da11c0: 0x0000000000000000 0x0000000000000400 > > 0xffff830bd0da11d0: 0x0000000080550f34 0x00000000f0e48161 > > 0xffff830bd0da11e0: 0x0000000000000246 0x0000000000000000 > > 0xffff830bd0da11f0: 0x00000000f79c3000 0x00000000804de6f0 > > 0xffff830bd0da1200: 0x0000000000000023 0x0000000000000000 > > 0xffff830bd0da1210: 0x00c0f300ffffffff 0x0000000000000008 > > 0xffff830bd0da1220: 0x0000000000000000 0x00c09b00ffffffff > > 0xffff830bd0da1230: 0x0000000000000010 0x0000000000000000 > > 0xffff830bd0da1240: 0x00c09300ffffffff 0x0000000000000023 > > 0xffff830bd0da1250: 0x0000000000000000 0x00c0f300ffffffff > > 0xffff830bd0da1260: 0x0000000000000030 0x00000000ffdff000 > > 0xffff830bd0da1270: 0x00c0930000001fff 0x0000000000000000 > > 0xffff830bd0da1280: 0x0000000000000000 0x01c00000ffffffff > > 0xffff830bd0da1290: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da12a0: 0x01c00000ffffffff 0x0000000000000028 > > 0xffff830bd0da12b0: 0x0000000080042000 0x00008b00000020ab > > 0xffff830bd0da12c0: 0x000000008003f000 0x000000008003f400 > > 0xffff830bd0da12d0: 0x000007ff000003ff 0x000000008001003b > > 0xffff830bd0da12e0: 0x0000000000039000 0x00000000000026d9 > > 0xffff830bd0da12f0: 0x000000000000dc3c 0x0000000000000000 > > 0xffff830bd0da1300: 0x0000e00800000000 0x0000000000000000 > > 0xffff830bd0da1310: 0x0000000000000000 0x000000000000e040 > > 0xffff830bd0da1320: 0x0000050100070406 0x0000000000000000 > > 0xffff830bd0da1330: 0x0000000000000000 0x0000000080050033 > > 0xffff830bd0da1340: 0x00000001bd665000 0x00000000000026e0 > > 0xffff830bd0da1350: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1360: 0xffff830c17e38c80 0xffff830617fd3000 > > 0xffff830bd0da1370: 0xffff830617fcf000 0xffff830617fd7fc0 > > 0xffff830bd0da1380: 0xffff82d08024e150 0xffff830617fd7f90 > > 0xffff830bd0da1390: 0xffff82d080201bb0 0x000000000000e008 > > 0xffff830bd0da13a0: 0x0000006000000000 0x0000000000000000 > > 0xffff830bd0da13b0: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da13c0: 0xffffffffffffffff 0xffffffffffffffff > > 0xffff830bd0da13d0: 0x000000008001003b 0x00000000000006d9 > > 0xffff830bd0da13e0: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da13f0: 0x0000000000000000 0x0000000000000000 > > 0xffff830bd0da1400: 0x0000000000000000 0x0000000000000000 > > > > I don't quite understand the Intel developer manual at this point. How > > do I have to read this data? > > I don't think this is formally specified anywhere (publicly). After all > that's why > one has to use vmread/vmwrite. > > > Since if ( !(v->arch.hvm_vmx.host_cr0 & X86_CR0_TS) ) must be true I > > assume the __vmwrite tries to | 0x8 into the host_cr0 leading to the > > 0x0000000080050033 for the current host_cr0 ( or better the 0x80050033 ). > > Well, together with the disassembly it should be possible without consulting > the crash dump to tell what value it was that was attempted to be written > (the disassembly tells you which register and the state dumped to the log > tells you the value). If it is (as you indicated earlier up) indeed zero that > gets > written, then you'd want to try to find out where that zero is coming from. > > Jan ____________ Virus checked by G Data MailSecurity Version: AVA 25.7740 dated 05.08.2016 Virus news: www.antiviruslab.com _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.