From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jeremy Fitzhardinge Subject: Re: pvops dom0 work roadmap Date: Thu, 20 Aug 2009 16:39:49 -0700 Message-ID: <4A8DDEC5.9090109@goop.org> References: <4A8AF65A.2040904@goop.org> <4A8C268A.2060306@goop.org> <4A8C4D9E.3090607@goop.org> <4A8D7851.7070702@goop.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: M A Young Cc: Xen-devel List-Id: xen-devel@lists.xenproject.org On 08/20/09 16:17, M A Young wrote: > On Thu, 20 Aug 2009, Jeremy Fitzhardinge wrote: > >> On i386, if %gs hasn't been loaded properly then using it as a base for >> a memory access will GP. >> >> Try this: >> >> diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c >> index 2e58099..3ebcbb2 100644 >> --- a/arch/x86/xen/enlighten.c >> +++ b/arch/x86/xen/enlighten.c >> @@ -51,6 +51,7 @@ >> #include >> #include >> #include >> +#include >> >> #include "xen-ops.h" >> #include "mmu.h" >> @@ -1013,13 +1014,8 @@ asmlinkage void __init xen_start_kernel(void) >> pv_apic_ops = xen_apic_ops; >> pv_mmu_ops = xen_mmu_ops; >> >> -#ifdef CONFIG_X86_64 >> - /* >> - * Setup percpu state. We only need to do this for 64-bit >> - * because 32-bit already has %fs set properly. >> - */ >> - load_percpu_segment(0); >> -#endif >> + setup_stack_canary_segment(0); >> + switch_to_new_gdt(0); >> >> xen_init_irq_ops(); >> xen_init_cpuid_mask(); > > It crashes with this patch (x86_64 also crashes) as follows Yeah that was a bit of a shot in the dark; I'd been avoiding setting the GDT that early because its all a bit fragile, and aside from stack-protector we can get away with Xen's GDT for quite a while. Hm, its pretty fiddly... Let me see what I can come up with. > > (XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch > input to Xen) > (XEN) Freed 116kB init memory. > (XEN) d0:v0: unhandled page fault (ec=0000) > (XEN) Pagetable walk from 00000014: > (XEN) L3[0x000] = 000000003a032001 00002032 > (XEN) L2[0x000] = 0000000000000000 ffffffff > (XEN) domain_crash_sync called from entry.S (ff1b221e) > (XEN) Domain 0 (vcpu#0) crashed on cpu#0: > (XEN) ----[ Xen-3.4.1 x86_32p debug=n Not tainted ]---- > (XEN) CPU: 0 > (XEN) EIP: e019:[] > (XEN) EFLAGS: 00000282 EM: 1 CONTEXT: pv guest > (XEN) eax: c0b1c0e0 ebx: c0b1c0e0 ecx: 00000010 edx: 0000001c > (XEN) esi: c0aa3fd8 edi: c0a1592c ebp: c0aa3fb8 esp: c0aa3f94 > (XEN) cr0: 8005003b cr4: 000006f0 cr3: 3a031000 cr2: 00000014 > (XEN) ds: e021 es: e021 fs: e021 gs: e021 ss: e021 cs: e019 > (XEN) Guest stack trace from esp=c0aa3f94: > (XEN) 00000000 c04064cc 0001e019 00010082 00000000 00000000 > 00000010 c0aa3fd8 > > (XEN) c0a1592c c0aa3fcc c0403e3f 00000010 c0ae93f4 c0a1592c > c0aa3ffc c0aab798 > > (XEN) 00000010 e0f00018 c04090b1 00000000 00000000 00000000 > 00000000 00000000 > > (XEN) c2030000 00000000 00000000 > (XEN) Domain 0 crashed: rebooting machine in 5 seconds. > > The instruction and context is > (gdb) x/i 0xc04064cc > 0xc04064cc : mov %gs:0x14,%eax > (gdb) x/15i arbitrary_virt_to_machine > 0xc04064bc : push %ebp > 0xc04064bd : mov %esp,%ebp > 0xc04064bf : push %edi > 0xc04064c0 : push %esi > 0xc04064c1 : push %ebx > 0xc04064c2 : sub $0x8,%esp > 0xc04064c5 : call 0xc040bc14 > 0xc04064ca : mov %eax,%ebx > 0xc04064cc : mov %gs:0x14,%eax > 0xc04064d2 : mov %eax,-0x10(%ebp) > 0xc04064d5 : xor %eax,%eax > 0xc04064d7 : mov %ebx,%eax > 0xc04064d9 : > call 0xc042f95c <__virt_addr_valid> > 0xc04064de : test %al,%al > 0xc04064e0 : > je 0xc040650e > > Michael Young > Thanks, J