* [PATCH]fix xen0 hang when start seconds vmx guest
@ 2005-11-10 6:39 Ling, Xiaofeng
2005-11-10 7:46 ` Ling, Xiaofeng
0 siblings, 1 reply; 3+ messages in thread
From: Ling, Xiaofeng @ 2005-11-10 6:39 UTC (permalink / raw)
To: xen-devel
For vmx domain, because shadow_mode_reference is set later in
vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
is not do get_page, while when destroying, put_page is called,
so there is one page, the count=-1, and when a new domain allocate
this page, it will take it as cpumask 0xffffffff, this cause
flash_tlb_mask goes into dead loop.(How new bios/microcode can deal with
it? maybe some differnet in sending IPI?)
The warning:
(XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
is also caused by this, for vmx domain, the page is net get_type.
I think bug 128, 131, 351 are all caused by this issue.
diff -r 07070a351156 -r 833b086cc0e8 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
+++ b/xen/arch/x86/domain.c Thu Nov 10 14:05:11 2005 +0800
@@ -389,7 +389,12 @@
if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
return -EINVAL;
}
- else if ( !(c->flags & VGCF_VMX_GUEST) )
+ else if ( (c->flags & VGCF_VMX_GUEST) )
+ {
+ if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
+ return -EINVAL;
+ }
+ else
{
if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
PGT_base_page_table) )
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH]fix xen0 hang when start seconds vmx guest
2005-11-10 6:39 [PATCH]fix xen0 hang when start seconds vmx guest Ling, Xiaofeng
@ 2005-11-10 7:46 ` Ling, Xiaofeng
2005-11-10 9:54 ` Ling, Xiaofeng
0 siblings, 1 reply; 3+ messages in thread
From: Ling, Xiaofeng @ 2005-11-10 7:46 UTC (permalink / raw)
To: Ling, Xiaofeng; +Cc: xen-devel
[-- Attachment #1: Type: text/plain, Size: 1611 bytes --]
Attach patch can satisfy the audit.
For vmx domain, we also call get_type.
Ling, Xiaofeng wrote:
> For vmx domain, because shadow_mode_reference is set later in
> vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
> is not do get_page, while when destroying, put_page is called,
> so there is one page, the count=-1, and when a new domain allocate
> this page, it will take it as cpumask 0xffffffff, this cause
> flash_tlb_mask goes into dead loop.(How new bios/microcode can deal with
> it? maybe some differnet in sending IPI?)
> The warning:
> (XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
> is also caused by this, for vmx domain, the page is net get_type.
>
> I think bug 128, 131, 351 are all caused by this issue.
>
> diff -r 07070a351156 -r 833b086cc0e8 xen/arch/x86/domain.c
> --- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
> +++ b/xen/arch/x86/domain.c Thu Nov 10 14:05:11 2005 +0800
> @@ -389,7 +389,12 @@
> if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
> return -EINVAL;
> }
> - else if ( !(c->flags & VGCF_VMX_GUEST) )
> + else if ( (c->flags & VGCF_VMX_GUEST) )
> + {
> + if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
> + return -EINVAL;
> + }
> + else
> {
> if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
> PGT_base_page_table) )
>
>
> _______________________________________________
> Xen-devel mailing list
> Xen-devel@lists.xensource.com
> http://lists.xensource.com/xen-devel
[-- Attachment #2: vmxgetpagefix.patch --]
[-- Type: text/x-patch, Size: 1517 bytes --]
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID 833b086cc0e82af98fb5149cebfce08e5e65b4b1
# Parent 07070a3511560287314082abf5f3514d4bfdd0dd
For vmx domain, because shadow_mode_reference is set later in
vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
is not do get_page, while when destroying, put_page is called,
so there is one page, the count=-1, and when a new domain allocate
this page, it will take it as cpumask 0xffffffff, this cause flash_tlb_mask
goes into dead loop.
This patch also eliminate the warning when creating vmx guest:
(XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
diff -r 07070a351156 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
+++ b/xen/arch/x86/domain.c Thu Nov 10 15:36:29 2005 +0800
@@ -389,7 +389,7 @@
if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
return -EINVAL;
}
- else if ( !(c->flags & VGCF_VMX_GUEST) )
+ else
{
if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
PGT_base_page_table) )
@@ -962,7 +962,7 @@
{
if ( (pfn = pagetable_get_pfn(v->arch.guest_table)) != 0 )
{
- if ( !shadow_mode_refcounts(d) )
+ if ( !shadow_mode_refcounts(d) || shadow_mode_external(d) )
put_page_type(pfn_to_page(pfn));
put_page(pfn_to_page(pfn));
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH]fix xen0 hang when start seconds vmx guest
2005-11-10 7:46 ` Ling, Xiaofeng
@ 2005-11-10 9:54 ` Ling, Xiaofeng
0 siblings, 0 replies; 3+ messages in thread
From: Ling, Xiaofeng @ 2005-11-10 9:54 UTC (permalink / raw)
To: Ling, Xiaofeng; +Cc: xen-devel
[-- Attachment #1: Type: text/plain, Size: 3520 bytes --]
Please ignore the previous patch,
We got a better patch.(see attach)
1:1 page table doesn't need to assign
to v->arch.guest_table, there is no shadow page for it.
Ling, Xiaofeng wrote:
> Attach patch can satisfy the audit.
> For vmx domain, we also call get_type.
>
> Ling, Xiaofeng wrote:
>
>> For vmx domain, because shadow_mode_reference is set later in
>> vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
>> is not do get_page, while when destroying, put_page is called,
>> so there is one page, the count=-1, and when a new domain allocate
>> this page, it will take it as cpumask 0xffffffff, this cause
>> flash_tlb_mask goes into dead loop.(How new bios/microcode can deal with
>> it? maybe some differnet in sending IPI?)
>> The warning:
>> (XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
>> is also caused by this, for vmx domain, the page is net get_type.
>>
>> I think bug 128, 131, 351 are all caused by this issue.
>>
>> diff -r 07070a351156 -r 833b086cc0e8 xen/arch/x86/domain.c
>> --- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
>> +++ b/xen/arch/x86/domain.c Thu Nov 10 14:05:11 2005 +0800
>> @@ -389,7 +389,12 @@
>> if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
>> return -EINVAL;
>> }
>> - else if ( !(c->flags & VGCF_VMX_GUEST) )
>> + else if ( (c->flags & VGCF_VMX_GUEST) )
>> + {
>> + if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
>> + return -EINVAL;
>> + }
>> + else
>> {
>> if (
>> !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
>> PGT_base_page_table) )
>>
>>
>> _______________________________________________
>> Xen-devel mailing list
>> Xen-devel@lists.xensource.com
>> http://lists.xensource.com/xen-devel
>
>
>
> ------------------------------------------------------------------------
>
> # HG changeset patch
> # User Xiaofeng Ling <xiaofeng.ling@intel.com>
> # Node ID 833b086cc0e82af98fb5149cebfce08e5e65b4b1
> # Parent 07070a3511560287314082abf5f3514d4bfdd0dd
> For vmx domain, because shadow_mode_reference is set later in
> vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
> is not do get_page, while when destroying, put_page is called,
> so there is one page, the count=-1, and when a new domain allocate
> this page, it will take it as cpumask 0xffffffff, this cause flash_tlb_mask
> goes into dead loop.
> This patch also eliminate the warning when creating vmx guest:
> (XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
>
> Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
>
> diff -r 07070a351156 xen/arch/x86/domain.c
> --- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
> +++ b/xen/arch/x86/domain.c Thu Nov 10 15:36:29 2005 +0800
> @@ -389,7 +389,7 @@
> if ( !get_page(&frame_table[phys_basetab>>PAGE_SHIFT], d) )
> return -EINVAL;
> }
> - else if ( !(c->flags & VGCF_VMX_GUEST) )
> + else
> {
> if ( !get_page_and_type(&frame_table[phys_basetab>>PAGE_SHIFT], d,
> PGT_base_page_table) )
> @@ -962,7 +962,7 @@
> {
> if ( (pfn = pagetable_get_pfn(v->arch.guest_table)) != 0 )
> {
> - if ( !shadow_mode_refcounts(d) )
> + if ( !shadow_mode_refcounts(d) || shadow_mode_external(d) )
> put_page_type(pfn_to_page(pfn));
> put_page(pfn_to_page(pfn));
>
[-- Attachment #2: vmxgetpagefix.patch --]
[-- Type: text/x-patch, Size: 1990 bytes --]
# HG changeset patch
# User Xiaofeng Ling <xiaofeng.ling@intel.com>
# Node ID 833b086cc0e82af98fb5149cebfce08e5e65b4b1
# Parent 07070a3511560287314082abf5f3514d4bfdd0dd
For vmx domain, because shadow_mode_reference is set later in
vmx_final_setup_guest, so in arch_set_info_guest, the phys_basetab
is not do get_page, while when destroying, put_page is called,
so there is one page, the count=-1, and when a new domain allocate
this page, it will take it as cpumask 0xffffffff, this cause flash_tlb_mask
goes into dead loop.
This patch also eliminate the warning when creating vmx guest:
(XEN) Audit 1: type count went below zero mfn=1e03d t=f0000000 ot=3654b
Signed-off-by: Xiaofeng Ling <xiaofeng.ling@intel.com>
Signed-off-by: Xin Li <xin.b.li@intel.com>
diff -r 07070a351156 xen/arch/x86/domain.c
--- a/xen/arch/x86/domain.c Thu Nov 10 12:18:23 2005 +0800
+++ b/xen/arch/x86/domain.c Thu Nov 10 17:30:05 2005 +0800
@@ -407,6 +407,7 @@
/* VMX uses the initially provided page tables as the P2M map. */
if ( !pagetable_get_paddr(d->arch.phys_table) )
d->arch.phys_table = v->arch.guest_table;
+ v->arch.guest_table = mk_pagetable(0);
/* Initialize monitor page table */
v->arch.monitor_table = mk_pagetable(0);
diff -r 07070a351156 xen/arch/x86/vmx.c
--- a/xen/arch/x86/vmx.c Thu Nov 10 12:18:23 2005 +0800
+++ b/xen/arch/x86/vmx.c Thu Nov 10 17:30:05 2005 +0800
diff -r 07070a351156 xen/arch/x86/vmx_vmcs.c
--- a/xen/arch/x86/vmx_vmcs.c Thu Nov 10 12:18:23 2005 +0800
+++ b/xen/arch/x86/vmx_vmcs.c Thu Nov 10 17:30:05 2005 +0800
@@ -332,7 +332,7 @@
error |= __vmwrite(GUEST_TR_BASE, 0);
error |= __vmwrite(GUEST_TR_LIMIT, 0xff);
- __vmwrite(GUEST_CR3, pagetable_get_paddr(v->arch.guest_table));
+ __vmwrite(GUEST_CR3, pagetable_get_paddr(v->domain->arch.phys_table));
__vmwrite(HOST_CR3, pagetable_get_paddr(v->arch.monitor_table));
__vmwrite(HOST_RSP, (unsigned long)get_stack_bottom());
[-- Attachment #3: Type: text/plain, Size: 138 bytes --]
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2005-11-10 9:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-11-10 6:39 [PATCH]fix xen0 hang when start seconds vmx guest Ling, Xiaofeng
2005-11-10 7:46 ` Ling, Xiaofeng
2005-11-10 9:54 ` Ling, Xiaofeng
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.