From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kip Macy <kip.macy@gmail.com>
Subject: Re: writable page tables appear to be causing xen to lock
	up
Date: Tue, 19 Apr 2005 10:45:53 -0700
Message-ID: <b1fa2917050419104548b06592@mail.gmail.com>
References: <A95E2296287EAD4EB592B5DEEFCE0E9D1E3C1C@liverpoolst.ad.cl.cam.ac.uk>
	<b1fa291705041816246458653@mail.gmail.com>
	<b1fa29170504191028749ae9d1@mail.gmail.com>
Reply-To: Kip Macy <kip.macy@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Return-path: <xen-devel-bounces@lists.xensource.com>
In-Reply-To: <b1fa29170504191028749ae9d1@mail.gmail.com>
Content-Disposition: inline
List-Unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xensource.com>
List-Help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-Subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
Sender: xen-devel-bounces@lists.xensource.com
Errors-To: xen-devel-bounces@lists.xensource.com
To: Ian Pratt <m+Ian.Pratt@cl.cam.ac.uk>
Cc: xen-devel <xen-devel@lists.xensource.com>
List-Id: xen-devel@lists.xenproject.org

Sticking a printk in the writable page table macros tracked down the
problem immediately. I had gone through pmap.c carefully
differentiating between page table and page directory updates, but I
neglected to do that in machdep.c.

WP PT_SET ../../../i386-xen/i386-xen/machdep.c:1461
(XEN) (file=3Dtraps.c, line=3D343) Page fault: fc550862 -> fc552df4
(XEN) Stack trace from ESP=3Dfc503c04:
...

Easy enough to solve on my end. As of this point I did not have my
trap table setup so I would have thought that xen should've simply
killed the guest rather than retrying indefinitely.

                              -Kip

On 4/19/05, Kip Macy <kip.macy@gmail.com> wrote:
> My guess from this is FreeBSD is DOSing xen by endlessly triggering
> failsafe_callback. Although this is *extremely* likely to be my fault,
> it raises an interesting point about the need for heavily reducing the
> scheduling priority of misbehaved guests.
>=20
> 0xfc550862 <__copy_from_user_ll+53>:    repz movsb %ds:(%esi),%es:(%edi)
> 0xfc552df4 <failsafe_callback+233>:     push   %ecx
> 0xfc54df1e <error_code+94>:     add    $0x4,%esp
> 0xfc550862 <__copy_from_user_ll+53>:    repz movsb %ds:(%esi),%es:(%edi)
> 0xfc5508f4 <copy_from_user+60>: mov    %eax,%ebx
> 0xfc54da4f <x86_emulate_read_std+40>:   test   %eax,%eax
> 0xfc54abfc <x86_emulate_memop+176>:     mov    %eax,0xffffffd4(%ebp)
> 0xfc54dae5 <memcpy+31>: leave
> 0xfc54cdca <x86_emulate_memop+8830>:    cmpl $0x1,0xffffffd4(%ebp)
> 0xfc52ba0f <alloc_l1_table+211>:        movl   $0x1,0xffffffec(%ebp)
> 0xfc52c3a0 <alloc_page_type+72>:        mov    %eax,0xfffffffc(%ebp)
> 0xfc52cab6 <get_page_type+860>: movl   $0x1,0xffffffd8(%ebp)
> 0xfc52e6a6 <do_mmu_update+2826>:        mov    0xffffffd8(%ebp),%eax
> 0xfc5304c1 <ptwr_do_page_fault+1070>:   test   %eax,%eax
> 0xfc5426b3 <debugger_trap_entry+11>:    mov    %eax,0xfffffffc(%ebp)
> 0xfc540100 <do_page_fault+300>: test   %eax,%eax
> 0xfc53ff60 <propagate_page_fault+18>:   mov    %eax,0xfffffff4(%ebp)
> 0xfc540330 <do_page_fault+860>: movl   $0x0,0xffffffe0(%ebp)
> 0xfc54df1e <error_code+94>:     add    $0x4,%esp
> 0xfc54dda3 <FLT14>:     mov    %eax,%gs:(%esi)
> 0xfc54de75 <process_guest_exception_and_events+21>:     jmp
> 0xfc54dcd7 <test_all_events>
>=20
> On 4/18/05, Kip Macy <kip.macy@gmail.com> wrote:
> > > You'll have to give us a bit more to go on. I presume this is in
> > > unstable?
> >
> > Yes this is as of your last pushed checkin from 72hrs ago. LOL. If I
> > had more I'd give it to you. I've just disabled writable pagetables in
> > FreeBSD for the moment.
> >
> >
> > > It's probably worth adding a show_stack and a show_guest_stack to see
> > > how you're getting there.
> >
> > I'll stick that in and let you know.
> >
> >  -Kip
> >
>