[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dom0 PV looping on search_pre_exception_table()

On Wed, Dec 09, 2020 at 01:28:54PM +0000, Andrew Cooper wrote:
> 
> Pagefaults on IRET come either from stack accesses for operands (not the
> case here as Xen is otherwise working fine), or from segement selector
> loads for %cs and %ss.
> 
> In this example, %ss is in the LDT, which specifically does use
> pagefaults to promote the frame to PGT_segdesc.
> 
> I suspect that what is happening is that handle_ldt_mapping_fault() is
> failing to promote the page (for some reason), and we're taking the "In
> hypervisor mode? Leave it to the #PF handler to fix up." path due to the
> confusion in context, and Xen's #PF handler is concluding "nothing else
> to do".
> 
> The older behaviour of escalating to the failsafe callback would have
> broken this cycle by rewriting %ss and re-entering the kernel.
> 
> 
> Please try the attached debugging patch, which is an extension of what I
> gave you yesterday.  First, it ought to print %cr2, which I expect will
> point to Xen's virtual mapping of the vcpu's LDT.  The logic ought to
> loop a few times so we can inspect the hypervisor codepaths which are
> effectively livelocked in this state, and I've also instrumented
> check_descriptor() failures because I've got a gut feeling that is the
> root cause of the problem.

here's the output:
(XEN) IRET fault: #PF[0000]                                            [23/1999]
(XEN) %cr2 ffff820000010040                                                    
(XEN) IRET fault: #PF[0000]                                                    
(XEN) %cr2 ffff820000010040                                                 
(XEN) IRET fault: #PF[0000]
(XEN) %cr2 ffff820000010040
(XEN) IRET fault: #PF[0000]
(XEN) %cr2 ffff820000010040
(XEN) domain_crash called from extable.c:216
(XEN) Domain 0 (vcpu#0) crashed on cpu#0:
(XEN) ----[ Xen-4.15-unstable  x86_64  debug=y   Tainted:   C   ]----
(XEN) CPU:    0
(XEN) RIP:    0047:[<00007f7ff60007d0>]
(XEN) RFLAGS: 0000000000000202   EM: 0   CONTEXT: pv guest (d0v0)
(XEN) rax: ffff82d04038c309   rbx: 0000000000000000   rcx: 000000000000e008
(XEN) rdx: 0000000000010086   rsi: ffff83007fcb7f78   rdi: 000000000000e010
(XEN) rbp: 0000000000000000   rsp: 00007f7fff4876c0   r8:  0000000e00000000
(XEN) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
(XEN) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
(XEN) r15: 0000000000000000   cr0: 0000000080050033   cr4: 0000000000002660
(XEN) cr3: 0000000079cdb000   cr2: ffffa1000000a040
(XEN) fsb: 0000000000000000   gsb: 0000000000000000   gss: ffffffff80cf2dc0
(XEN) ds: 0023   es: 0023   fs: 0000   gs: 0000   ss: 003f   cs: 0047
(XEN) Guest stack trace from rsp=00007f7fff4876c0:
(XEN)    0000000000000001 00007f7fff487bd8 0000000000000000 0000000000000000
(XEN)    0000000000000003 00000000aee00040 0000000000000004 0000000000000038
(XEN)    0000000000000005 0000000000000008 0000000000000006 0000000000001000
(XEN)    0000000000000007 00007f7ff6000000 0000000000000008 0000000000000000
(XEN)    0000000000000009 00000000aee01cd0 00000000000007d0 0000000000000000
(XEN)    00000000000007d1 0000000000000000 00000000000007d2 0000000000000000
(XEN)    00000000000007d3 0000000000000000 000000000000000d 00007f7fff488000
(XEN)    00000000000007de 00007f7fff4877c0 0000000000000000 0000000000000000
(XEN)    6e692f6e6962732f 0000000000007469 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN)    0000000000000000 0000000000000000 0000000000000000 0000000000000000
(XEN) Hardware Dom0 crashed: rebooting machine in 5 seconds.

-- 
Manuel Bouyer <bouyer@xxxxxxxxxxxxxxx>
     NetBSD: 26 ans d'experience feront toujours la difference
--

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.