From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?UTF-8?B?Um9nZXIgUGF1IE1vbm7DqQ==?= <roger.pau@citrix.com>
Subject: Re: [BUG] Emulation issues
Date: Thu, 30 Jul 2015 15:06:06 +0200
Message-ID: <55BA213E.2080605@citrix.com>
References: <55B8A825.5020608@citrix.com>
	<9AAE0902D5BC7E449B7C8E4E778ABCD02F55E620@AMSPEX01CL02.citrite.net>
	<55B8ACB0.6060406@citrix.com>
	<9AAE0902D5BC7E449B7C8E4E778ABCD02F55E941@AMSPEX01CL02.citrite.net>
	<55B8DB02.8000904@citrix.com>
	<9AAE0902D5BC7E449B7C8E4E778ABCD02F55FBC0@AMSPEX01CL02.citrite.net>
	<55B9F98F.1000906@citrix.com>
	<9AAE0902D5BC7E449B7C8E4E778ABCD02F55FBF8@AMSPEX01CL02.citrite.net>
	<9AAE0902D5BC7E449B7C8E4E778ABCD02F55FCB3@AMSPEX01CL02.citrite.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <prvs=64634e9eb=roger.pau@citrix.com>)
	id 1ZKnXk-0003cb-TN
	for xen-devel@lists.xenproject.org; Thu, 30 Jul 2015 13:06:41 +0000
In-Reply-To: <9AAE0902D5BC7E449B7C8E4E778ABCD02F55FCB3@AMSPEX01CL02.citrite.net>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Paul Durrant <Paul.Durrant@citrix.com>, xen-devel <xen-devel@lists.xenproject.org>, Andrew Cooper <Andrew.Cooper3@citrix.com>
List-Id: xen-devel@lists.xenproject.org

El 30/07/15 a les 12.59, Paul Durrant ha escrit:
>> -----Original Message-----
> [big snip]
>> Sorry, missed that in the noise. So, the problem is that there is no in-flight I/O
>> even though pio completion is being attempted. Something has got out of
>> sync.
>>
> 
> I think I understand what may be happening... The code in hvmemul_do_io() basically expects to be called either to issue an I/O or to extract info from a completed one. However it is being called unconditionally (in the PIO case) out of hvm_do_resume, rather than only if the in-flight I/O state has been updated to STATE_IORESP_READY.
> 
> Can you try this patch (also containing my previous debug patch)?
> 
> diff --git a/xen/arch/x86/hvm/emulate.c b/xen/arch/x86/hvm/emulate.c
> index 30acb78..1bc3cc9 100644
> --- a/xen/arch/x86/hvm/emulate.c
> +++ b/xen/arch/x86/hvm/emulate.c
> @@ -145,6 +145,8 @@ static int hvmemul_do_io(
>              return X86EMUL_UNHANDLEABLE;
>          goto finish_access;
>      default:
> +        gprintk(XENLOG_ERR, "weird emulation state %u\n",
> +                vio->io_req.state);
>          return X86EMUL_UNHANDLEABLE;
>      }
> 
> diff --git a/xen/arch/x86/hvm/hvm.c b/xen/arch/x86/hvm/hvm.c
> index ec1d797..a476271 100644
> --- a/xen/arch/x86/hvm/hvm.c
> +++ b/xen/arch/x86/hvm/hvm.c
> @@ -472,7 +472,6 @@ void hvm_do_resume(struct vcpu *v)
>      struct hvm_vcpu_io *vio = &v->arch.hvm_vcpu.hvm_io;
>      struct domain *d = v->domain;
>      struct hvm_ioreq_server *s;
> -    enum hvm_io_completion io_completion;
> 
>      check_wakeup_from_wait();
> 
> @@ -499,33 +498,38 @@ void hvm_do_resume(struct vcpu *v)
>          }
>      }
> 
> -    io_completion = vio->io_completion;
> -    vio->io_completion = HVMIO_no_completion;
> -
> -    switch ( io_completion )
> -    {
> -    case HVMIO_no_completion:
> -        break;
> -    case HVMIO_mmio_completion:
> -        handle_mmio();
> -        break;
> -    case HVMIO_pio_completion:
> -        (void)handle_pio(vio->io_req.addr, vio->io_req.size,
> -                         vio->io_req.dir);
> -        break;
> -    case HVMIO_realmode_completion:
> +    if ( vio->io_req.state == STATE_IORESP_READY )
>      {
> -        struct hvm_emulate_ctxt ctxt;
> +        enum hvm_io_completion io_completion;
> 
> -        hvm_emulate_prepare(&ctxt, guest_cpu_user_regs());
> -        vmx_realmode_emulate_one(&ctxt);
> -        hvm_emulate_writeback(&ctxt);
> +        io_completion = vio->io_completion;
> +        vio->io_completion = HVMIO_no_completion;
> 
> -        break;
> -    }
> -    default:
> -        ASSERT_UNREACHABLE();
> -        break;
> +        switch ( io_completion )
> +        {
> +        case HVMIO_no_completion:
> +            break;
> +        case HVMIO_mmio_completion:
> +            handle_mmio();
> +            break;
> +        case HVMIO_pio_completion:
> +            (void)handle_pio(vio->io_req.addr, vio->io_req.size,
> +                             vio->io_req.dir);
> +            break;
> +        case HVMIO_realmode_completion:meet
> +        {
> +            struct hvm_emulate_ctxt ctxt;
> +
> +            hvm_emulate_prepare(&ctxt, guest_cpu_user_regs());
> +            vmx_realmode_emulate_one(&ctxt);
> +            hvm_emulate_writeback(&ctxt);
> +
> +            break;
> +        }
> +        default:
> +            ASSERT_UNREACHABLE();
> +            break;
> +        }
>      }
> 
>      if ( unlikely(d->arch.event_write_data) )
> @@ -2747,6 +2751,7 @@ int hvm_send_ioreq(struct hvm_ioreq_server *s, ioreq_t *proto_p,
>          }
>      }
> 
> +    gprintk(XENLOG_ERR, "unable to contact device model\n");
>      return X86EMUL_UNHANDLEABLE;
>  }

With this (and only this) patch applied I get the following output:

(XEN) irq.c:276: Dom18 PCI link 2 changed 11 -> 0
(XEN) irq.c:276: Dom18 PCI link 3 changed 5 -> 0
(XEN) irq.c:276: Dom19 PCI link 0 changed 5 -> 0
(XEN) irq.c:276: Dom19 PCI link 1 changed 10 -> 0
(XEN) irq.c:276: Dom19 PCI link 2 changed 11 -> 0
(XEN) irq.c:276: Dom19 PCI link 3 changed 5 -> 0
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166
(XEN) d19v0 weird emulation state 1
(XEN) io.c:165:d19v0 Weird HVM ioemulation status 1.
(XEN) domain_crash called from io.c:166

Roger.