From: Andrew Cooper <andrew.cooper3@citrix.com>
To: "Roger Pau Monné" <roger.pau@citrix.com>,
"Paul Durrant" <Paul.Durrant@citrix.com>,
xen-devel <xen-devel@lists.xenproject.org>
Subject: Re: [BUG] Emulation issues
Date: Thu, 30 Jul 2015 11:27:23 +0100 [thread overview]
Message-ID: <55B9FC0B.3050608@citrix.com> (raw)
In-Reply-To: <55B9FB76.50403@citrix.com>
On 30/07/15 11:24, Andrew Cooper wrote:
> On 30/07/15 11:16, Roger Pau Monné wrote:
>> El 30/07/15 a les 12.12, Paul Durrant ha escrit:
>>>> -----Original Message-----
>>>> From: Roger Pau Monné [mailto:roger.pau@citrix.com]
>>>> Sent: 29 July 2015 14:54
>>>> To: Paul Durrant; xen-devel; Andrew Cooper
>>>> Subject: Re: [BUG] Emulation issues
>>>> I've applied your patch and the one from Andrew, so my current diff is:
>>>>
>>>> diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
>>>> index 30acb78..1bc3cc9 100644
>>>> --- a/xen/arch/x86/hvm/emulate.c
>>>> +++ b/xen/arch/x86/hvm/emulate.c
>>>> @@ -145,6 +145,8 @@ static int hvmemul_do_io(
>>>> return X86EMUL_UNHANDLEABLE;
>>>> goto finish_access;
>>>> default:
>>>> + gprintk(XENLOG_ERR, "weird emulation state %u\n",
>>>> + vio->io_req.state);
>>>> return X86EMUL_UNHANDLEABLE;
>>>> }
>>>>
>>>> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
>>>> index ec1d797..38d6d99 100644
>>>> --- a/xen/arch/x86/hvm/hvm.c
>>>> +++ b/xen/arch/x86/hvm/hvm.c
>>>> @@ -2747,6 +2747,7 @@ int hvm_send_ioreq(struct hvm_ioreq_server *s,
>>>> ioreq_t *proto_p,
>>>> }
>>>> }
>>>>
>>>> + gprintk(XENLOG_ERR, "unable to contact device model\n");
>>>> return X86EMUL_UNHANDLEABLE;
>>>> }
>>>>
>>>> diff --git a/xen/arch/x86/hvm/io.c b/xen/arch/x86/hvm/io.c
>>>> index d3b9cae..12d50c2 100644
>>>> --- a/xen/arch/x86/hvm/io.c
>>>> +++ b/xen/arch/x86/hvm/io.c
>>>> @@ -163,7 +163,9 @@ int handle_pio(uint16_t port, unsigned int size, int dir)
>>>> break;
>>>> default:
>>>> gdprintk(XENLOG_ERR, "Weird HVM ioemulation status %d.\n", rc);
>>>> - domain_crash(curr->domain);
>>>> + show_execution_state(&curr->arch.user_regs);
>>>> + dump_execution_state();
>>>> + domain_crash_synchronous();
>>>> break;
>>>> }
>>>>
>>>> And got the following panic while doing a `xl shutdown -w -a` of 20 HVM
>>>> guests:
>>>>
>>>> (XEN) irq.c:386: Dom19 callback via changed to Direct Vector 0x93
>>>> (XEN) irq.c:276: Dom19 PCI link 0 changed 5 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 1 changed 10 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 2 changed 11 -> 0
>>>> (XEN) irq.c:276: Dom19 PCI link 3 changed 5 -> 0
>>>> (XEN) d10v0 weird emulation state 1
>>>> (XEN) io.c:165:d10v0 Weird HVM ioemulation status 1.
>>>> (XEN) Assertion 'diff < STACK_SIZE' failed at traps.c:91
>>>> (XEN) ----[ Xen-4.6-unstable x86_64 debug=y Tainted: C ]----
>>>> (XEN) CPU: 0
>>>> (XEN) RIP: e008:[<ffff82d080234b83>] show_registers+0x60/0x32f
>>>> (XEN) RFLAGS: 0000000000010212 CONTEXT: hypervisor (d10v0)
>>>> (XEN) rax: 000000001348fc88 rbx: ffff8300cc668290 rcx: 0000000000000000
>>>> (XEN) rdx: ffff8300dfaf0000 rsi: ffff8300cc668358 rdi: ffff8300dfaf7bb8
>>>> (XEN) rbp: ffff8300dfaf7bd8 rsp: ffff8300dfaf7a98 r8: ffff83019d270000
>>>> (XEN) r9: 0000000000000004 r10: 0000000000000004 r11: 0000000000000001
>>>> (XEN) r12: ffff8300cc668000 r13: 0000000000000000 r14: ffff82c00026c000
>>>> (XEN) r15: ffff830198bf9000 cr0: 000000008005003b cr4: 00000000000026e0
>>>> (XEN) cr3: 00000000cc77b000 cr2: ffff880002762df8
>>>> (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: e010 cs: e008
>>>> (XEN) Xen stack trace from rsp=ffff8300dfaf7a98:
>>>> (XEN) ffff8300dfaf7ac8 ffff82d080144b11 0000000000000046
>>>> ffff8300dfaf7ac8
>>>> (XEN) 0000000000000046 0000000000000092 ffff8300dfaf7ae0
>>>> ffff82d08012cfd3
>>>> (XEN) ffff82d0802a1bc0 ffff8300dfaf7af8 0000000000000046
>>>> 0000000000002001
>>>> (XEN) 0000000000002001 fffff80002089e28 0000000000000001
>>>> fffffe00003829c0
>>>> (XEN) 000000000000b004 0000000000000000 0000000000000014
>>>> 0000000000000002
>>>> (XEN) 000000000000b004 0000000000002001 000000000000b005
>>>> 000000000000b004
>>>> (XEN) 0000000000002001 000000000000b004
>>>> 0000beef0000beef<G><0>d15v0 weird emulation state 1
>>>> (XEN) ffffffff8036fa45<G><0>io.c:165:d15v0 Weird HVM ioemulation status
>>>> 1.
>>>> (XEN)
>>>> (XEN) Assertion 'diff < STACK_SIZE' failed at traps.c:91
>>>> (XEN) 000000bf0000beef----[ Xen-4.6-unstable x86_64 debug=y Tainted:
>>>> C ]----
>>>> (XEN) 0000000000000046CPU: 6
>>>> (XEN) fffffe00003829c0RIP: e008:[<ffff82d080234b83>] 000000000000beef
>>>> show_registers+0x60/0x32f
>>>> (XEN)
>>>> (XEN) RFLAGS: 0000000000010212 0000000000000000CONTEXT: hypervisor
>>>> 0000000000000000 (d15v0) 0000000000000000
>>>> (XEN) rax: 0000000121dd3c88 rbx: ffff83007b4c4290 rcx: 0000000000000000
>>>> (XEN) 0000000000000000rdx: ffff83019d290000 rsi: ffff83007b4c4358 rdi:
>>>> ffff83019d297bb8
>>>> (XEN)
>>>> (XEN) rbp: ffff83019d297bd8 rsp: ffff83019d297a98 r8: ffff83019d270000
>>>> (XEN) ffff8300cc668290r9: 0000000000000001 r10: 0000000000000001 r11:
>>>> 0000000000000001
>>>> (XEN) ffff8300cc668000r12: ffff83007b4c4000 r13: 0000000000000000 r14:
>>>> ffff82c000299000
>>>> (XEN) 0000000000000000r15: ffff830198bf9000 cr0: 000000008005003b cr4:
>>>> 00000000000026e0
>>>> (XEN) ffff82c00026c000cr3: 000000007b5d7000 cr2: ffff8800026b14d8
>>>> (XEN)
>>>> (XEN) ds: 002b es: 002b fs: 0000 gs: 0000 ss: e010 cs: e008
>>>> (XEN) ffff8300dfaf7bf8Xen stack trace from rsp=ffff83019d297a98:
>>>> (XEN) ffff82d08018dd4d ffff82d0802685bf 0000000000000001
>>>> ffff830198bf9000 0000000000000002 00007cfe62d68527
>>>> (XEN) ffff82d08023b132 ffff8300dfaf7c38
>>>> (XEN) ffff82d0801caff0 ffff830198bf9000 ffff8300dfaf7c38 ffff82d0802685bf
>>>> 0000000000002001 ffff83019d297b70
>>>> (XEN) 0000000000000200 ffff8300cc7da000
>>>> (XEN) ffff83019d29ecc0 ffff83019d297b98 ffff8300cc668000
>>>> 0000000000000000 ffff8300cc7da250 0000000000000001
>>>> (XEN) 0000000000002001 ffff8300dfaf7db8
>>>> (XEN) ffff82d0801c5934 0000000000002001 8000000000000000
>>>> fffff80002089e28 ffff8300cc7da000 0000000000000001
>>>> (XEN) fffffe00003829c0 ffff8300dfaf0000
>>>> (XEN) ffff8300cc7da250 000000000000b004 ffff8300dfaf7cf8
>>>> 0000000000000000 00000000000cc277 0000000000000014
>>>> (XEN) 0000000000000002 0000000000000000
>>>> (XEN) 0000000000000001 000000000000b004 00000000000feff0
>>>> 0000000000002001 ffff8300ccfec820 000000000000b005
>>>> (XEN) 000000000000b004 ffff8300dfaf7d08
>>>> (XEN) ffff82d0801f2009 0000000000002001 ffffffffffffffff 000000000000b004
>>>> ffffffffffffffff 0000beef0000beef
>>>> (XEN) ffffffff8036fa45 00000000000001f0
>>>> (XEN) 000000004003b000 000000bf0000beef ffff8300cc7da000
>>>> 0000000000000046 0000000000000000 fffffe00003829c0
>>>> (XEN) 000000000000beef ffff8300ccfec820
>>>> (XEN) 00000000000cc278 0000000000000000 ffff8300ccfec820
>>>> 0000000000000000 ffff8300cc7da000 0000000000000000
>>>> (XEN) 0000000000000000 ffff8300dfaf7da8
>>>> (XEN) ffff82d080122c5a ffff83007b4c4290 ffff8300dfaf7db8
>>>> ffff83007b4c4000 ffff8300dfaf7d28 0000000000000000
>>>> (XEN) ffff82c000299000Xen call trace:
>>>> (XEN)
>>>> (XEN) [<ffff82d080234b83>] show_registers+0x60/0x32f
>>>> (XEN) ffff83019d297bf8 [<ffff82d08018dd4d>]
>>>> show_execution_state+0x11/0x20
>>>> (XEN) ffff82d08018dd4d [<ffff82d0801caff0>] handle_pio+0x129/0x158
>>>> (XEN) 0000000000000001 [<ffff82d0801c5934>]
>>>> hvm_do_resume+0x258/0x33e
>>>> (XEN) 0000000000000002 [<ffff82d0801e3166>]
>>>> vmx_do_resume+0x12b/0x142
>>> Ok, so this is a handle_pio() that's being called to pick up the results of an I/O that was sent to an external emulator. Did you manage to apply my patch too? I'd really like to know what part of the emulation handling is actually returning X86EMUL_UNHANDLEABLE.
>> Yes, I've applied both patches at the same time and this is the output I
>> got. You can see my diff above the trace. Do you want me to apply only
>> your patch?
> This patch is in my queue for 4.7, and should prevent the interleaving
> of the messages.
Ahem! take two, without a missing unlock path.
~Andrew
diff --git a/xen/arch/x86/traps.c b/xen/arch/x86/traps.c
index 58ba4ea..5a808d4 100644
--- a/xen/arch/x86/traps.c
+++ b/xen/arch/x86/traps.c
@@ -417,18 +417,37 @@ void show_stack_overflow(unsigned int cpu, const
struct cpu_user_regs *regs)
void show_execution_state(const struct cpu_user_regs *regs)
{
+ /*
+ * Avoid interleaving the concurrent results from two cpus, but fault
+ * handlers need to take priority.
+ */
+ static DEFINE_SPINLOCK(lock);
+
+ spin_lock_recursive(&lock);
+
show_registers(regs);
show_stack(regs);
+
+ spin_unlock_recursive(&lock);
}
void vcpu_show_execution_state(struct vcpu *v)
{
+ /*
+ * Avoid interleaving the concurrent results from two cpus, but fault
+ * handlers need to take priority.
+ */
+ static DEFINE_SPINLOCK(lock);
+
+ spin_lock_recursive(&lock);
+
printk("*** Dumping Dom%d vcpu#%d state: ***\n",
v->domain->domain_id, v->vcpu_id);
if ( v == current )
{
show_execution_state(guest_cpu_user_regs());
+ spin_unlock_recursive(&lock);
return;
}
@@ -439,6 +458,8 @@ void vcpu_show_execution_state(struct vcpu *v)
show_guest_stack(v, &v->arch.user_regs);
vcpu_unpause(v);
+
+ spin_unlock_recursive(&lock);
}
static const char *trapstr(unsigned int trapnr)
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
prev parent reply other threads:[~2015-07-30 10:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-29 10:17 [BUG] Emulation issues Roger Pau Monné
2015-07-29 10:27 ` Paul Durrant
2015-07-29 10:36 ` Roger Pau Monné
2015-07-29 10:37 ` Paul Durrant
2015-07-29 12:08 ` Andrew Cooper
2015-07-29 12:41 ` Paul Durrant
2015-07-29 13:54 ` Roger Pau Monné
2015-07-30 10:12 ` Paul Durrant
2015-07-30 10:16 ` Roger Pau Monné
2015-07-30 10:21 ` Paul Durrant
2015-07-30 10:59 ` Paul Durrant
2015-07-30 13:06 ` Roger Pau Monné
2015-07-30 13:12 ` Paul Durrant
2015-07-30 13:19 ` Andrew Cooper
2015-07-30 13:20 ` Paul Durrant
2015-07-31 10:22 ` Paul Durrant
2015-07-31 11:11 ` Sander Eikelenboom
2015-07-31 11:39 ` Roger Pau Monné
2015-07-31 11:39 ` Paul Durrant
2015-07-31 11:41 ` Roger Pau Monné
2015-07-31 11:42 ` Paul Durrant
2015-07-31 12:21 ` Paul Durrant
2015-07-31 14:19 ` Paul Durrant
2015-07-31 15:15 ` Roger Pau Monné
2015-07-30 10:24 ` Andrew Cooper
2015-07-30 10:27 ` Andrew Cooper [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55B9FC0B.3050608@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=Paul.Durrant@citrix.com \
--cc=roger.pau@citrix.com \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.