From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Deegan <Tim.Deegan@citrix.com>
Subject: Re: 3.1/2 live migration panic
Date: Tue, 22 Jan 2008 09:45:41 +0000
Message-ID: <20080122094541.GC12891@york.uk.xensource.com>
References: <20080117024248.GA5331@totally.trollied.org.uk>
	<C3B4BDE7.12504%Keir.Fraser@cl.cam.ac.uk>
	<20080117105312.GB15867@york.uk.xensource.com>
	<20080117222503.GA22568@totally.trollied.org.uk>
	<20080118094105.GA20334@york.uk.xensource.com>
	<20080118165324.GA21072@york.uk.xensource.com>
	<20080120165536.GA25077@totally.trollied.org.uk>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="9amGYk9869ThD9tj"
Return-path: <xen-devel-bounces@lists.xensource.com>
Content-Disposition: inline
In-Reply-To: <20080120165536.GA25077@totally.trollied.org.uk>
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: John Levon <levon@movementarian.org>
Cc: xen-devel@lists.xensource.com
List-Id: xen-devel@lists.xenproject.org


--9amGYk9869ThD9tj
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline

At 16:55 +0000 on 20 Jan (1200848136), John Levon wrote:
> On Fri, Jan 18, 2008 at 04:53:24PM +0000, Tim Deegan wrote:
> > So: another patch for you; can you see if this makes the crashes go away?
> 
> I'm afraid not:

Argh.  Well, here's more debugging, since you seem to hit the _l1e case
more often.  This patch includes the previous two as well. 

Cheers,

Tim.

-- 
Tim Deegan <Tim.Deegan@citrix.com>
Principal Software Engineer, Citrix Systems (R&D) Ltd.
[Company #02300071, SL9 0DZ, UK.]

--9amGYk9869ThD9tj
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: attachment; filename=patch

diff -r 81d41461e030 xen/arch/x86/mm/shadow/common.c
--- a/xen/arch/x86/mm/shadow/common.c	Fri Jan 18 13:54:44 2008 +0000
+++ b/xen/arch/x86/mm/shadow/common.c	Tue Jan 22 09:40:05 2008 +0000
@@ -662,11 +662,14 @@ int shadow_write_guest_entry(struct vcpu
  * appropriately.  Returns 0 if we page-faulted, 1 for success. */
 {
     int failed;
-    shadow_lock(v->domain);
+    struct domain *d = v->domain;
+    shadow_lock(d);
     failed = __copy_to_user(p, &new, sizeof(new));
     if ( failed != sizeof(new) )
-        sh_validate_guest_entry(v, gmfn, p, sizeof(new));
-    shadow_unlock(v->domain);
+        if ( sh_validate_guest_entry(v, gmfn, p, sizeof(new)) 
+             & SHADOW_SET_FLUSH )
+            flush_tlb_mask(d->domain_dirty_cpumask);
+    shadow_unlock(d);
     return (failed == 0);
 }
 
@@ -678,13 +681,16 @@ int shadow_cmpxchg_guest_entry(struct vc
  * cmpxchg itself was successful. */
 {
     int failed;
+    struct domain *d = v->domain;
     intpte_t t = *old;
-    shadow_lock(v->domain);
+    shadow_lock(d);
     failed = cmpxchg_user(p, t, new);
     if ( t == *old )
-        sh_validate_guest_entry(v, gmfn, p, sizeof(new));
+        if ( sh_validate_guest_entry(v, gmfn, p, sizeof(new))
+             & SHADOW_SET_FLUSH )
+            flush_tlb_mask(d->domain_dirty_cpumask);
     *old = t;
-    shadow_unlock(v->domain);
+    shadow_unlock(d);
     return (failed == 0);
 }
 
diff -r 81d41461e030 xen/arch/x86/mm/shadow/multi.c
--- a/xen/arch/x86/mm/shadow/multi.c	Fri Jan 18 13:54:44 2008 +0000
+++ b/xen/arch/x86/mm/shadow/multi.c	Tue Jan 22 09:42:20 2008 +0000
@@ -1888,11 +1888,28 @@ static shadow_l1e_t * shadow_get_and_cre
                                                 fetch_type_t ft)
 {
     mfn_t sl2mfn;
-    shadow_l2e_t *sl2e;
+    shadow_l2e_t *sl2e, tmp;
 
     /* Get the l2e */
     sl2e = shadow_get_and_create_l2e(v, gw, &sl2mfn, ft);
     if ( sl2e == NULL ) return NULL;
+
+    if ( __copy_from_user(&tmp, sl2e, sizeof(tmp)) != 0 )
+    {
+        local_flush_tlb();
+        if ( __copy_from_user(&tmp, sl2e, sizeof(tmp)) != 0 )
+            SHADOW_ERROR("Can't see the l2e, even with TLB flush");
+        else
+            SHADOW_ERROR("TLB flush made the l2e readable!");
+        show_page_walk((unsigned long) sl2e);
+        print_gw(gw);
+        show_page_walk(gw->va);
+        printk("v->arch.shadow_table[0] == %#lx\n", 
+               pagetable_get_pfn(v->arch.shadow_table[0]));
+        printk("CR3 = %#lx\n", read_cr3());
+        WARN();
+    }
+
     /* Install the sl1 in the l2e if it wasn't there or if we need to
      * re-do it to fix a PSE dirty bit. */
     if ( shadow_l2e_get_flags(*sl2e) & _PAGE_PRESENT 
@@ -2835,6 +2852,25 @@ static int sh_page_fault(struct vcpu *v,
         return 0;
     }
 
+    { 
+        shadow_l1e_t tmp;
+        if ( __copy_from_user(&tmp, ptr_sl1e, sizeof(tmp)) != 0 )
+        {
+            local_flush_tlb();
+            if ( __copy_from_user(&tmp, ptr_sl1e, sizeof(tmp)) != 0 )
+                SHADOW_ERROR("Can't see the l1e, even with TLB flush");
+            else
+                SHADOW_ERROR("TLB flush made the l1e readable!");
+            show_page_walk((unsigned long) ptr_sl1e);
+            print_gw(&gw);
+            show_page_walk(gw.va);
+            printk("v->arch.shadow_table[0] == %#lx\n", 
+                   pagetable_get_pfn(v->arch.shadow_table[0]));
+            printk("CR3 = %#lx\n", read_cr3());
+            WARN();
+        }
+    }
+
     /* Calculate the shadow entry and write it */
     l1e_propagate_from_guest(v, (gw.l1e) ? gw.l1e : &gw.eff_l1e, gw.l1mfn, 
                              gmfn, &sl1e, ft, mmio);

--9amGYk9869ThD9tj
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel

--9amGYk9869ThD9tj--