Re: [kvm-ppc-devel] Guests oops when trying to mount initramfs

[Christian Ehrhardt <ehrhardt@linux.vnet.ibm.com>]

[-- Attachment #1: Type: text/plain, Size: 4374 bytes --]

Hollis Blanchard wrote:
> On Thu, 2008-03-13 at 18:53 +0100, Christian Ehrhardt wrote:
>> ok for Hollis to continue and anyone else that might have comments
>> -> tracking any eviction of the guest kernel mapping (=0xC..) did not
>> trigger
>> -> tracking the delivery of a itlb/dtlb miss with that address did not
>> trigger
>> -> I inserted a BUG statement in the guests report of "Unable to
>> handle kernel paging request ..."
>>    That triggers a emulation of a trap in the host and there I have a
>> dump_vcpu&dump_tlb
>>
> I think this just means our debug tests in the host kernel aren't
> working. The *only* way the guest interrupt vectors are invoked is by
> the host kernel...
> 
right - I checked and changed the eaddr matching and now get useful triggers.
And you now can see the initial programming of the Kernel mapping done by the guest (3x tlbwe). I add the output here for reference, but unfortunately now that I have triggers that are known to work the actual issue does no more occur :-(. I run into some soft lockup all the time now (12/12 tests).
Maybe we need to fix that first (if is not related anyway)?
I attach an updated version of the debug patch for the host kernel.

I only post vcpu (all zero gpr lines removed) and tlb dump, not the stack trace because this tlb programming is expected:

kvmppc_emul_tlbwe - writing or evicting guest kernel mapping
 63: tid 00000000 w0 00000000 w1 00000000 w2 00000000,
 inst: ra 00000000 rs 00000003 ws 00000000
 guest address: 0x0
pc:   000000a4 msr:  00000040
lr:   0000003c ctr:  00000000
srr0: 00000000 srr1: 00000000
dear: 00000000 esr:  00000000
exceptions: 00000000
gpr00: 0000003f 00fffff8 00000000 c0000290
gpr04: 00000000 00000107 00000000 00000000
gpr28: 00000000 00000000 00000000 00263100
vcpu 0 TLB dump:
| nr |     tid  |    word0 |    word1 |    word2 |
G 0 | 00000000 | 00000270 | 00000000 | 00000007 |
S42 | 00000000 | 00000310 | 0E622000 | 0000003F |
[...]
kvmppc_emul_tlbwe - writing or evicting guest kernel mapping
 63: tid 00000000 w0 c0000290 w1 00000000 w2 00000000,
 inst: ra 00000000 rs 00000004 ws 00000001
pc:   000000a8 msr:  00000040
lr:   0000003c ctr:  00000000
srr0: 00000000 srr1: 00000000
dear: 00000000 esr:  00000000
exceptions: 00000000
gpr00: 0000003f 00fffff8 00000000 c0000290
gpr04: 00000000 00000107 00000000 00000000
gpr28: 00000000 00000000 00000000 00263100
vcpu 0 TLB dump:
| nr |     tid  |    word0 |    word1 |    word2 |
G 0 | 00000000 | 00000270 | 00000000 | 00000007 |
G63 | 00000000 | C0000290 | 00000000 | 00000000 |
S42 | 00000000 | 00000310 | 0E622000 | 0000003F |
S43 | 00000000 | C0000310 | 0E622000 | 00000007 |
[...]
kvmppc_emul_tlbwe - writing or evicting guest kernel mapping
 63: tid 00000000 w0 c0000290 w1 00000000 w2 00000000,
 inst: ra 00000000 rs 00000005 ws 00000002
pc:   000000ac msr:  00000040
lr:   0000003c ctr:  00000000
srr0: 00000000 srr1: 00000000
dear: 00000000 esr:  00000000
exceptions: 00000000
gpr00: 0000003f 00fffff8 00000000 c0000290
gpr04: 00000000 00000107 00000000 00000000
gpr28: 00000000 00000000 00000000 00263100
vcpu 0 TLB dump:
| nr |     tid  |    word0 |    word1 |    word2 |
G 0 | 00000000 | 00000270 | 00000000 | 00000007 |
G63 | 00000000 | C0000290 | 00000000 | 00000000 |
S42 | 00000000 | 00000310 | 0E622000 | 0000003F |
S44 | 00000000 | C0000310 | 0E622000 | 00000007 |


And later only the soft lockup in 12/12 guest test runs (without that debug code, even with the non triggering one, at least 1/3 triggered the tlb issue).
Heisenberg affects bugs as it does with quantum effects ;-)
 
BUG: soft lockup - CPU#0 stuck for 61s! [modprobe:677]
NIP: c0000ac0 LR: 48008904 CTR: 00001fe6
REGS: bf896750 TRAP: 0901   Not tainted  (2.6.25-rc3)
MSR: 00021000 <ME>  CR: 44004028  XER: 20000000
TASK = c89de000[677] 'modprobe' THREAD: c89b0000
GPR00: 00000003 bf896800 00000000 0feb86a2 0feb5d45 00000073 0000005f feff0000
GPR08: 00000000 00000000 00000000 0fea919c 42000024
NIP [c0000ac0] Decrementer+0x0/0xc0
LR [48008904] 0x48008904
Call Trace:
Instruction dump:
914b00b0 3d400002 614a1002 512a0420 4800c471 c000ba60 c000d6e0 60000000
60000000 60000000 60000000 60000000 <7d5043a6> 7d7143a6 7c3443a6 7d400026


-- 

Grüsse / regards, 
Christian Ehrhardt
IBM Linux Technology Center, Open Virtualization

[-- Attachment #2: debug-tlbwe-kernel-evict --]
[-- Type: text/plain, Size: 5168 bytes --]

diff --git a/arch/powerpc/kvm/44x_tlb.c b/arch/powerpc/kvm/44x_tlb.c
--- a/arch/powerpc/kvm/44x_tlb.c
+++ b/arch/powerpc/kvm/44x_tlb.c
@@ -21,6 +21,7 @@
 #include <linux/string.h>
 #include <linux/kvm_host.h>
 #include <linux/highmem.h>
+#include <linux/delay.h>
 #include <asm/mmu-44x.h>
 
 #include "44x_tlb.h"
@@ -29,6 +30,36 @@
 #define PPC44x_TLB_SUPER_PERM_MASK (PPC44x_TLB_SX|PPC44x_TLB_SR|PPC44x_TLB_SW)
 
 static unsigned int kvmppc_tlb_44x_pos;
+
+void kvmppc_dump_tlb(struct kvm_vcpu *vcpu)
+{
+	struct tlbe *tlbe;
+	int i;
+
+	printk("vcpu %d TLB dump:\n", vcpu->vcpu_id);
+	printk("| %2s | %8s | %8s | %8s | %8s |\n",
+		"nr", " tid ", "word0", "word1", "word2");
+
+	for (i = 0; i < PPC44x_TLB_SIZE; i++)
+	{
+		tlbe = &vcpu->arch.guest_tlb[i];
+		if (tlbe->word0 & PPC44x_TLB_VALID)
+			printk("G%2d | %08X | %08X | %08X | %08X |\n",
+			i, tlbe->tid, tlbe->word0, tlbe->word1,	tlbe->word2);
+	}
+
+	msleep(500);
+
+	for (i = 0; i < PPC44x_TLB_SIZE; i++)
+	{
+		tlbe = &vcpu->arch.shadow_tlb[i];
+		if (tlbe->word0 & PPC44x_TLB_VALID)
+			printk("S%2d | %08X | %08X | %08X | %08X |\n",
+			i, tlbe->tid, tlbe->word0, tlbe->word1,	tlbe->word2);
+	}
+
+	msleep(500);
+}
 
 static u32 kvmppc_44x_tlb_shadow_attrib(u32 attrib, int usermode)
 {
diff --git a/arch/powerpc/kvm/44x_tlb.h b/arch/powerpc/kvm/44x_tlb.h
--- a/arch/powerpc/kvm/44x_tlb.h
+++ b/arch/powerpc/kvm/44x_tlb.h
@@ -27,6 +27,8 @@ extern int kvmppc_44x_tlb_index(struct k
                                 unsigned int pid, unsigned int as);
 extern struct tlbe *kvmppc_44x_dtlb_search(struct kvm_vcpu *vcpu, gva_t eaddr);
 extern struct tlbe *kvmppc_44x_itlb_search(struct kvm_vcpu *vcpu, gva_t eaddr);
+
+extern void kvmppc_dump_tlb(struct kvm_vcpu *vcpu);
 
 /* TLB helper functions */
 static inline unsigned int get_tlb_size(const struct tlbe *tlbe)
diff --git a/arch/powerpc/kvm/emulate.c b/arch/powerpc/kvm/emulate.c
--- a/arch/powerpc/kvm/emulate.c
+++ b/arch/powerpc/kvm/emulate.c
@@ -21,6 +21,7 @@
 #include <linux/timer.h>
 #include <linux/types.h>
 #include <linux/string.h>
+#include <linux/delay.h>
 #include <linux/kvm_host.h>
 
 #include <asm/dcr.h>
@@ -129,6 +130,7 @@ static int kvmppc_emul_tlbwe(struct kvm_
 	if (index > PPC44x_TLB_SIZE) {
 		printk("%s: index %d\n", __func__, index);
 		kvmppc_dump_vcpu(vcpu);
+		kvmppc_dump_tlb(vcpu);
 		return EMULATE_FAIL;
 	}
 
@@ -138,6 +140,25 @@ static int kvmppc_emul_tlbwe(struct kvm_
 #endif
 
 	tlbe = &vcpu->arch.guest_tlb[index];
+
+	if (	((get_tlb_eaddr(tlbe) & 0xf0000000) == 0xc0000000)
+		 ||
+		((vcpu->arch.gpr[rs] & 0xf0000000) == 0xc0000000) ) {
+		printk("%s - writing or evicting guest kernel mapping"
+			"\n %02d: tid %08x w0 %08x w1 %08x w2 %08x,"
+			"\n inst: ra %08x rs %08x ws %08x \n",
+		__func__, index, 
+		tlbe->tid, tlbe->word0, tlbe->word1, tlbe->word2,
+		ra, rs, ws);
+		msleep(500);
+		kvmppc_dump_vcpu(vcpu);
+		msleep(500);
+		kvmppc_dump_tlb(vcpu);
+		msleep(500);
+		WARN_ON(1);
+		msleep(500);
+	}
+
 
 	/* Invalidate shadow mappings for the about-to-be-clobbered TLBE. */
 	if (tlbe->word0 & PPC44x_TLB_VALID) {
@@ -250,6 +271,8 @@ int kvmppc_emulate_instruction(struct kv
 	switch (get_op(inst)) {
 	case 3:                                                 /* trap */
 		printk("trap!\n");
+		kvmppc_dump_vcpu(vcpu);
+		kvmppc_dump_tlb(vcpu);
 		kvmppc_queue_exception(vcpu, BOOKE_INTERRUPT_PROGRAM);
 		advance = 0;
 		break;
diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c
--- a/arch/powerpc/kvm/powerpc.c
+++ b/arch/powerpc/kvm/powerpc.c
@@ -70,6 +70,7 @@ void kvmppc_dump_vcpu(struct kvm_vcpu *v
 	printk("pc:   %08x msr:  %08x\n", vcpu->arch.pc, vcpu->arch.msr);
 	printk("lr:   %08x ctr:  %08x\n", vcpu->arch.lr, vcpu->arch.ctr);
 	printk("srr0: %08x srr1: %08x\n", vcpu->arch.srr0, vcpu->arch.srr1);
+	printk("dear: %08x esr:  %08x\n", vcpu->arch.dear, vcpu->arch.esr);
 
 	printk("exceptions: %08lx\n", vcpu->arch.pending_exceptions);
 
@@ -218,6 +219,7 @@ int kvmppc_handle_exit(struct kvm_run *r
 	case BOOKE_INTERRUPT_MACHINE_CHECK:
 		printk("MACHINE CHECK: %lx\n", mfspr(SPRN_MCSR));
 		kvmppc_dump_vcpu(vcpu);
+		kvmppc_dump_tlb(vcpu);
 		r = RESUME_HOST;
 		break;
 
@@ -309,7 +311,13 @@ int kvmppc_handle_exit(struct kvm_run *r
 		/* Check the guest TLB. */
 		gtlbe = kvmppc_44x_dtlb_search(vcpu, eaddr);
 		if (!gtlbe) {
-			/* The guest didn't have a mapping for it. */
+		/* The guest didn't have a mapping for it. */
+			if ((eaddr & 0xf0000000) == 0xc0000000) {
+				printk("DTLBMiss - Guest mapping f0r 0xc not found!\n");
+				kvmppc_dump_vcpu(vcpu);
+				kvmppc_dump_tlb(vcpu);
+			}
+
 			kvmppc_queue_exception(vcpu, exit_nr);
 			vcpu->arch.dear = vcpu->arch.fault_dear;
 			vcpu->arch.esr = vcpu->arch.fault_esr;
@@ -354,6 +362,12 @@ int kvmppc_handle_exit(struct kvm_run *r
 		gtlbe = kvmppc_44x_itlb_search(vcpu, eaddr);
 		if (!gtlbe) {
 			/* The guest didn't have a mapping for it. */
+			if ((eaddr & 0xf0000000) == 0xc0000000) {
+				printk("ITLBMiss - Guest mapping f0r 0xc not found!\n");
+				kvmppc_dump_vcpu(vcpu);
+				kvmppc_dump_tlb(vcpu);
+			}
+
 			kvmppc_queue_exception(vcpu, exit_nr);
 			r = RESUME_GUEST;
 			break;

[-- Attachment #3: Type: text/plain, Size: 228 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/

[-- Attachment #4: Type: text/plain, Size: 170 bytes --]

_______________________________________________
kvm-ppc-devel mailing list
kvm-ppc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/kvm-ppc-devel