From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christian Ehrhardt Date: Fri, 14 Mar 2008 12:31:21 +0000 Subject: Re: [kvm-ppc-devel] Guests oops when trying to mount initramfs Message-Id: <47DA7019.9000709@linux.vnet.ibm.com> MIME-Version: 1 Content-Type: multipart/mixed; boundary="------------050507040406090204070307" List-Id: References: <47D7C7FF.2060306@linux.vnet.ibm.com> In-Reply-To: <47D7C7FF.2060306@linux.vnet.ibm.com> To: kvm-ppc@vger.kernel.org This is a multi-part message in MIME format. --------------050507040406090204070307 Content-Type: text/plain; charset="iso-8859-1"; format="flowed" Content-Transfer-Encoding: quoted-printable Hollis Blanchard wrote: > On Thu, 2008-03-13 at 18:53 +0100, Christian Ehrhardt wrote: >> ok for Hollis to continue and anyone else that might have comments >> -> tracking any eviction of the guest kernel mapping (=3D0xC..) did not >> trigger >> -> tracking the delivery of a itlb/dtlb miss with that address did not >> trigger >> -> I inserted a BUG statement in the guests report of "Unable to >> handle kernel paging request ..." >> That triggers a emulation of a trap in the host and there I have a >> dump_vcpu&dump_tlb >> > I think this just means our debug tests in the host kernel aren't > working. The *only* way the guest interrupt vectors are invoked is by > the host kernel... >=20 right - I checked and changed the eaddr matching and now get useful trigger= s. And you now can see the initial programming of the Kernel mapping done by t= he guest (3x tlbwe). I add the output here for reference, but unfortunately= now that I have triggers that are known to work the actual issue does no m= ore occur :-(. I run into some soft lockup all the time now (12/12 tests). Maybe we need to fix that first (if is not related anyway)? I attach an updated version of the debug patch for the host kernel. I only post vcpu (all zero gpr lines removed) and tlb dump, not the stack t= race because this tlb programming is expected: kvmppc_emul_tlbwe - writing or evicting guest kernel mapping 63: tid 00000000 w0 00000000 w1 00000000 w2 00000000, inst: ra 00000000 rs 00000003 ws 00000000 guest address: 0x0 pc: 000000a4 msr: 00000040 lr: 0000003c ctr: 00000000 srr0: 00000000 srr1: 00000000 dear: 00000000 esr: 00000000 exceptions: 00000000 gpr00: 0000003f 00fffff8 00000000 c0000290 gpr04: 00000000 00000107 00000000 00000000 gpr28: 00000000 00000000 00000000 00263100 vcpu 0 TLB dump: | nr | tid | word0 | word1 | word2 | G 0 | 00000000 | 00000270 | 00000000 | 00000007 | S42 | 00000000 | 00000310 | 0E622000 | 0000003F | [...] kvmppc_emul_tlbwe - writing or evicting guest kernel mapping 63: tid 00000000 w0 c0000290 w1 00000000 w2 00000000, inst: ra 00000000 rs 00000004 ws 00000001 pc: 000000a8 msr: 00000040 lr: 0000003c ctr: 00000000 srr0: 00000000 srr1: 00000000 dear: 00000000 esr: 00000000 exceptions: 00000000 gpr00: 0000003f 00fffff8 00000000 c0000290 gpr04: 00000000 00000107 00000000 00000000 gpr28: 00000000 00000000 00000000 00263100 vcpu 0 TLB dump: | nr | tid | word0 | word1 | word2 | G 0 | 00000000 | 00000270 | 00000000 | 00000007 | G63 | 00000000 | C0000290 | 00000000 | 00000000 | S42 | 00000000 | 00000310 | 0E622000 | 0000003F | S43 | 00000000 | C0000310 | 0E622000 | 00000007 | [...] kvmppc_emul_tlbwe - writing or evicting guest kernel mapping 63: tid 00000000 w0 c0000290 w1 00000000 w2 00000000, inst: ra 00000000 rs 00000005 ws 00000002 pc: 000000ac msr: 00000040 lr: 0000003c ctr: 00000000 srr0: 00000000 srr1: 00000000 dear: 00000000 esr: 00000000 exceptions: 00000000 gpr00: 0000003f 00fffff8 00000000 c0000290 gpr04: 00000000 00000107 00000000 00000000 gpr28: 00000000 00000000 00000000 00263100 vcpu 0 TLB dump: | nr | tid | word0 | word1 | word2 | G 0 | 00000000 | 00000270 | 00000000 | 00000007 | G63 | 00000000 | C0000290 | 00000000 | 00000000 | S42 | 00000000 | 00000310 | 0E622000 | 0000003F | S44 | 00000000 | C0000310 | 0E622000 | 00000007 | And later only the soft lockup in 12/12 guest test runs (without that debug= code, even with the non triggering one, at least 1/3 triggered the tlb iss= ue). Heisenberg affects bugs as it does with quantum effects ;-) =20 BUG: soft lockup - CPU#0 stuck for 61s! [modprobe:677] NIP: c0000ac0 LR: 48008904 CTR: 00001fe6 REGS: bf896750 TRAP: 0901 Not tainted (2.6.25-rc3) MSR: 00021000 CR: 44004028 XER: 20000000 TASK =3D c89de000[677] 'modprobe' THREAD: c89b0000 GPR00: 00000003 bf896800 00000000 0feb86a2 0feb5d45 00000073 0000005f feff0= 000 GPR08: 00000000 00000000 00000000 0fea919c 42000024 NIP [c0000ac0] Decrementer+0x0/0xc0 LR [48008904] 0x48008904 Call Trace: Instruction dump: 914b00b0 3d400002 614a1002 512a0420 4800c471 c000ba60 c000d6e0 60000000 60000000 60000000 60000000 60000000 <7d5043a6> 7d7143a6 7c3443a6 7d400026 --=20 Gr=FCsse / regards,=20 Christian Ehrhardt IBM Linux Technology Center, Open Virtualization --------------050507040406090204070307 Content-Type: text/plain; name="debug-tlbwe-kernel-evict" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="debug-tlbwe-kernel-evict" diff --git a/arch/powerpc/kvm/44x_tlb.c b/arch/powerpc/kvm/44x_tlb.c --- a/arch/powerpc/kvm/44x_tlb.c +++ b/arch/powerpc/kvm/44x_tlb.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include "44x_tlb.h" @@ -29,6 +30,36 @@ #define PPC44x_TLB_SUPER_PERM_MASK (PPC44x_TLB_SX|PPC44x_TLB_SR|PPC44x_TLB_SW) static unsigned int kvmppc_tlb_44x_pos; + +void kvmppc_dump_tlb(struct kvm_vcpu *vcpu) +{ + struct tlbe *tlbe; + int i; + + printk("vcpu %d TLB dump:\n", vcpu->vcpu_id); + printk("| %2s | %8s | %8s | %8s | %8s |\n", + "nr", " tid ", "word0", "word1", "word2"); + + for (i = 0; i < PPC44x_TLB_SIZE; i++) + { + tlbe = &vcpu->arch.guest_tlb[i]; + if (tlbe->word0 & PPC44x_TLB_VALID) + printk("G%2d | %08X | %08X | %08X | %08X |\n", + i, tlbe->tid, tlbe->word0, tlbe->word1, tlbe->word2); + } + + msleep(500); + + for (i = 0; i < PPC44x_TLB_SIZE; i++) + { + tlbe = &vcpu->arch.shadow_tlb[i]; + if (tlbe->word0 & PPC44x_TLB_VALID) + printk("S%2d | %08X | %08X | %08X | %08X |\n", + i, tlbe->tid, tlbe->word0, tlbe->word1, tlbe->word2); + } + + msleep(500); +} static u32 kvmppc_44x_tlb_shadow_attrib(u32 attrib, int usermode) { diff --git a/arch/powerpc/kvm/44x_tlb.h b/arch/powerpc/kvm/44x_tlb.h --- a/arch/powerpc/kvm/44x_tlb.h +++ b/arch/powerpc/kvm/44x_tlb.h @@ -27,6 +27,8 @@ extern int kvmppc_44x_tlb_index(struct k unsigned int pid, unsigned int as); extern struct tlbe *kvmppc_44x_dtlb_search(struct kvm_vcpu *vcpu, gva_t eaddr); extern struct tlbe *kvmppc_44x_itlb_search(struct kvm_vcpu *vcpu, gva_t eaddr); + +extern void kvmppc_dump_tlb(struct kvm_vcpu *vcpu); /* TLB helper functions */ static inline unsigned int get_tlb_size(const struct tlbe *tlbe) diff --git a/arch/powerpc/kvm/emulate.c b/arch/powerpc/kvm/emulate.c --- a/arch/powerpc/kvm/emulate.c +++ b/arch/powerpc/kvm/emulate.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include @@ -129,6 +130,7 @@ static int kvmppc_emul_tlbwe(struct kvm_ if (index > PPC44x_TLB_SIZE) { printk("%s: index %d\n", __func__, index); kvmppc_dump_vcpu(vcpu); + kvmppc_dump_tlb(vcpu); return EMULATE_FAIL; } @@ -138,6 +140,25 @@ static int kvmppc_emul_tlbwe(struct kvm_ #endif tlbe = &vcpu->arch.guest_tlb[index]; + + if ( ((get_tlb_eaddr(tlbe) & 0xf0000000) == 0xc0000000) + || + ((vcpu->arch.gpr[rs] & 0xf0000000) == 0xc0000000) ) { + printk("%s - writing or evicting guest kernel mapping" + "\n %02d: tid %08x w0 %08x w1 %08x w2 %08x," + "\n inst: ra %08x rs %08x ws %08x \n", + __func__, index, + tlbe->tid, tlbe->word0, tlbe->word1, tlbe->word2, + ra, rs, ws); + msleep(500); + kvmppc_dump_vcpu(vcpu); + msleep(500); + kvmppc_dump_tlb(vcpu); + msleep(500); + WARN_ON(1); + msleep(500); + } + /* Invalidate shadow mappings for the about-to-be-clobbered TLBE. */ if (tlbe->word0 & PPC44x_TLB_VALID) { @@ -250,6 +271,8 @@ int kvmppc_emulate_instruction(struct kv switch (get_op(inst)) { case 3: /* trap */ printk("trap!\n"); + kvmppc_dump_vcpu(vcpu); + kvmppc_dump_tlb(vcpu); kvmppc_queue_exception(vcpu, BOOKE_INTERRUPT_PROGRAM); advance = 0; break; diff --git a/arch/powerpc/kvm/powerpc.c b/arch/powerpc/kvm/powerpc.c --- a/arch/powerpc/kvm/powerpc.c +++ b/arch/powerpc/kvm/powerpc.c @@ -70,6 +70,7 @@ void kvmppc_dump_vcpu(struct kvm_vcpu *v printk("pc: %08x msr: %08x\n", vcpu->arch.pc, vcpu->arch.msr); printk("lr: %08x ctr: %08x\n", vcpu->arch.lr, vcpu->arch.ctr); printk("srr0: %08x srr1: %08x\n", vcpu->arch.srr0, vcpu->arch.srr1); + printk("dear: %08x esr: %08x\n", vcpu->arch.dear, vcpu->arch.esr); printk("exceptions: %08lx\n", vcpu->arch.pending_exceptions); @@ -218,6 +219,7 @@ int kvmppc_handle_exit(struct kvm_run *r case BOOKE_INTERRUPT_MACHINE_CHECK: printk("MACHINE CHECK: %lx\n", mfspr(SPRN_MCSR)); kvmppc_dump_vcpu(vcpu); + kvmppc_dump_tlb(vcpu); r = RESUME_HOST; break; @@ -309,7 +311,13 @@ int kvmppc_handle_exit(struct kvm_run *r /* Check the guest TLB. */ gtlbe = kvmppc_44x_dtlb_search(vcpu, eaddr); if (!gtlbe) { - /* The guest didn't have a mapping for it. */ + /* The guest didn't have a mapping for it. */ + if ((eaddr & 0xf0000000) == 0xc0000000) { + printk("DTLBMiss - Guest mapping f0r 0xc not found!\n"); + kvmppc_dump_vcpu(vcpu); + kvmppc_dump_tlb(vcpu); + } + kvmppc_queue_exception(vcpu, exit_nr); vcpu->arch.dear = vcpu->arch.fault_dear; vcpu->arch.esr = vcpu->arch.fault_esr; @@ -354,6 +362,12 @@ int kvmppc_handle_exit(struct kvm_run *r gtlbe = kvmppc_44x_itlb_search(vcpu, eaddr); if (!gtlbe) { /* The guest didn't have a mapping for it. */ + if ((eaddr & 0xf0000000) == 0xc0000000) { + printk("ITLBMiss - Guest mapping f0r 0xc not found!\n"); + kvmppc_dump_vcpu(vcpu); + kvmppc_dump_tlb(vcpu); + } + kvmppc_queue_exception(vcpu, exit_nr); r = RESUME_GUEST; break; --------------050507040406090204070307 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ --------------050507040406090204070307 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ kvm-ppc-devel mailing list kvm-ppc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/kvm-ppc-devel --------------050507040406090204070307--