From mboxrd@z Thu Jan  1 00:00:00 1970
From: Andrew Cooper <andrew.cooper3@citrix.com>
Subject: Re: Xen-4.4-rc2 - Some Nested Virt testing
Date: Wed, 22 Jan 2014 10:40:38 +0000
Message-ID: <52DFA026.507@citrix.com>
References: <52DEB887.8070409@citrix.com>
	<52DF9FAA0200007800115B3B@nat28.tlf.novell.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <52DF9FAA0200007800115B3B@nat28.tlf.novell.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Jan Beulich <JBeulich@suse.com>
Cc: George Dunlap <george.dunlap@eu.citrix.com>, Ian Campbell <ian.campbell@citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 22/01/14 09:38, Jan Beulich wrote:
>>>> On 21.01.14 at 19:12, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>> I have been giving nested virt a try, and have my first bug to report. 
>> This is still ongoing, and is by no means complete yet.
>>
>> Setup:
>> Each reference to XenServer is a trunk XenServer based on 4.4-rc2
>>
>> Single Intel Haswell SDP (Grantley platform):
>> Native hypervisor: XenServer
>>
>> Two L1 guests:
>>   XenServer (running with EPT)
>>   XenServer (running with shadow)
>>
>>
>> When attempting to create an L2 EPT HVM domain under an L1 shadow
>> domain, the L1 shadow domain is killed with:
>>
>> (XEN) <vm_launch_fail> error code 7
> Considering that 7 is "VM entry with invalid control field(s)", I think
> it would be quite helpful if we enhanced the error handling here to
> dump the VMCS.

Agreed.  I cannot find any further help from hardware to identify which
control field(s) is(are) invalid, so the best we appear to be able to
know is "At least one of these bits are wrong in the current context".

>
> Also - did you perhaps mean to Cc VMX folks on your original mail?
> Chances that they see your report without doing so are - according
> to my experience - rather slim...
>
> Jan
>
>

I wasn't really thinking that much - I had hoped to also try out
nested-virt on AMD, but have completely run out of time.

After 4.4 gets released, I will try to automate the environment setup,
and start investigating/reporting the encountered issues properly.

Until then sadly, I have more important issues to work on in the meantime.

~Andrew