[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] Emulation and active (valid) interrupts



On 8/9/18 11:35 AM, Jan Beulich wrote:
>>>> On 09.08.18 at 10:20, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>> On 8/9/18 10:54 AM, Jan Beulich wrote:
>>>>>> On 08.08.18 at 16:26, <rcojocaru@xxxxxxxxxxxxxxx> wrote:
>>>> 1. Is it possible to already have a valid interrupt written in
>>>> VM_ENTRY_INTR_INFO at EXIT_REASON_EPT_VIOLATION-time in
>>>> vmx_vmexit_handler()?
>>>
>>> You mean right after the exit? Where would that come from? I'm
>>> afraid I don't see the connection to your issue (or the call traces
>>> you've provided).
>>
>> I mean right before the exit
> 
> Before? Iirc the CPU doesn't itself write VM_ENTRY_* fields,
> other than to clear them (presumably during VM exit processing).

I've dumped the backtraces of all places that
__vmwrite(VM_ENTRY_INTR_INFO, ...), and it appears that the last place
that does that before a domain crash caused by invalid guest state is
vmx_idtv_reinject(), which in my Xen 4.7.5 sources is called in
vmx_vmexit_handler(), and regardless of exit_reason.

I've reproduced this most easily with Tamas' old test:
https://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.html

RFLAGS.IF is 0 there, but with a valid interrupt as well. Here's my
latest log:

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Xen call trace:
   [<ffff82d0802027ec>] vmx_vmexit_handler+0x68a/0x1bf7
   [<ffff82d080208a9a>] vmx_asm_vmexit_handler+0xfa/0x260

Failed vm entry (exit reason 0x80000021) caused by invalid guest state (0).
************* VMCS Area **************
*** Guest State ***
CR0: actual=0x000000008001003b, shadow=0x000000008001003b,
gh_mask=ffffffffffffffff
CR4: actual=0x00000000000426f9, shadow=0x00000000000406f9,
gh_mask=ffffffffffffffff
CR3 = 0x0000000000185000
PDPTE0 = 0x0000000000186001  PDPTE1 = 0x0000000000187001
PDPTE2 = 0x0000000000188001  PDPTE3 = 0x0000000000189001
RSP = 0x000000008078ad10 (0x000000008078ad10)  RIP = 0x00000000826c1781
(0x00000000826c1781)
RFLAGS=0x00000046 (0x00000046)  DR7 = 0x0000000000000400
Sysenter RSP=000000008078b000 CS:RIP=0008:00000000826880c0
       sel  attr  limit   base
  CS: 0008 0c09b ffffffff 0000000000000000
  DS: 0023 0c0f3 ffffffff 0000000000000000
  SS: 0010 0c093 ffffffff 0000000000000000
  ES: 0023 0c0f3 ffffffff 0000000000000000
  FS: 0030 04093 00003748 0000000082775c00
  GS: 0000 1c000 ffffffff 0000000000000000
GDTR:            000003ff 0000000080b95000
LDTR: 0000 1c000 ffffffff 0000000000000000
IDTR:            000007ff 0000000080b95400
  TR: 0028 0008b 000020ab 00000000801da000
EFER = 0x0000000000000000  PAT = 0x0007010600070106
PreemptionTimer = 0x00000000  SM Base = 0x00000000
DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
PerfGlobCtl = 0x0000000000000000  BndCfgS = 0x0000000000000000
Interruptibility = 00000000  ActivityState = 00000000
*** Host State ***
RIP = 0xffff82d0802089a0 (vmx_asm_vmexit_handler)  RSP = 0xffff830c5a537f70
CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 GS=0000 TR=e040
FSBase=0000000000000000 GSBase=0000000000000000 TRBase=ffff830c5a53ec80
GDTBase=ffff830c5a52f000 IDTBase=ffff830c5a53b000
CR0=0000000080050033 CR3=0000000b0a110000 CR4=00000000003526e0
Sysenter RSP=ffff830c5a537fa0 CS:RIP=e008:ffff82d0802509c0
EFER = 0x0000000000000000  PAT = 0x0000050100070406
*** Control State ***
PinBased=0000003f CPUBased=bea065fa SecondaryExec=001054eb
EntryControls=000151ff ExitControls=008fefff
ExceptionBitmap=00060002 PFECmask=00000000 PFECmatch=00000000
VMEntry: intr_info=800000d1 errcode=00000000 ilen=00000000
VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
        reason=80000021 qualification=0000000000000000
IDTVectoring: info=800000d1 errcode=00000000
TSC Offset = 0xffdba7f7b150188c  TSC Multiplier = 0x0000000000000000
TPR Threshold = 0x00  PostedIntrVec = 0x00
EPT pointer = 0x0000000b0a02e01e  EPTP index = 0x0000
PLE Gap=00000080 Window=00001000
Virtual processor ID = 0x1adb VMfunc controls = 0000000000000000
**************************************
domain_crash called from vmx.c:3388
Domain 1 (vcpu#0) crashed on cpu#1:
----[ Xen-4.7.5  x86_64  debug=y  Not tainted ]----
CPU:    1
RIP:    0008:[<00000000826c1781>]
RFLAGS: 0000000000000046   CONTEXT: hvm guest (d1v0)
rax: 000000008078ad4c   rbx: 000000008078ad4c   rcx: 000000008e9b6ed0
rdx: 0000000000000000   rsi: 000000008078ad80   rdi: 0000000085ba3d48
rbp: 000000008078ad34   rsp: 000000008078ad10   r8:  0000000000000000
r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
r15: 0000000000000000   cr0: 000000008001003b   cr4: 00000000000406f9
cr3: 0000000000185000   cr2: 0000000093d5e800
fsb: 0000000082775c00   gsb: 0000000000000000   gss: 0000000000000002
ds: 0023   es: 0023   fs: 0030   gs: 0000   ss: 0010   cs: 0008


Thanks,
Razvan

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.