Re: Single step in HVM domU on Intel machine may see wrong DB6

xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed

From: Juergen Gross <juergen.gross@ts.fujitsu.com>
To: "Zhang, Yang Z" <yang.z.zhang@intel.com>
Cc: xen-devel <xen-devel@lists.xenproject.org>,
	"Dong, Eddie" <eddie.dong@intel.com>,
	Jan Beulich <JBeulich@suse.com>,
	"Nakajima, Jun" <jun.nakajima@intel.com>
Subject: Re: Single step in HVM domU on Intel machine may see wrong DB6
Date: Fri, 21 Feb 2014 06:36:19 +0100	[thread overview]
Message-ID: <5306E5D3.6000302@ts.fujitsu.com> (raw)
In-Reply-To: <A9667DDFB95DB7438FA9D7D576C3D87E0A9F1C91@SHSMSX104.ccr.corp.intel.com>

On 21.02.2014 02:26, Zhang, Yang Z wrote:
> Juergen Gross wrote on 2014-02-20:
>> Hi,
>
> Hi, Juergen
>
>>
>> I think I've found a bug in debug trap handling in the Xen hypervisor
>> in case of a HVM domu using single stepping:
>>
>> Debug registers are restored on vcpu switch only if db7 has any debug
>> events activated or if the debug registers are marked to be used by
>> the domU. This leads to problems if the domU uses single stepping and
>> vcpu switch occurs between the single step trap and reading of db6 in
>> the guest. db6 contents (single step indicator) are lost in this case.
>>
>> Jan suggested to intercept the debug trap in the hypervisor and mark
>> the debug registers to be used by the domU to enable saving and
>> restoring the debug registers in case of a context switch. I used the
>> attached patch (applies to Xen 4.2.3) to verify this solution and it
>> worked (without the patch a test was able to reproduce the bug once in
>> about 3 hours, with the patch the test ran for more than 12 hours without problem).
>>
>> Obviously the patch isn't the final one, as I deactivated the "monitor trap flag"
>> feature to avoid any strange dependencies. Jan wanted someone from the
>> VMX folks to put together a proper fix to avoid overlooking some corner case.
>>
>
> Thanks for reporting this issue.
> Actually, I don't know the scenario that you saw this issue. Are you using single step inside guest? Or running gdb to debug VM remotely?

Single step inside guest:

1. Guest sets TF flag in status loaded by IRET and does IRET
2. Debug trap in guest occurs, physical DB6 holds single step indicator
3. vcpu scheduling event occurs, debug registers are NOT saved as not marked
    being dirty and DB7 has no debug events configured
4. when guest vcpu is scheduled again, DB6 has lost single step indicator


Juergen

-- 
Juergen Gross                 Principal Developer Operating Systems
PBG PDG ES&S SWE OS6                   Telephone: +49 (0) 89 62060 2932
Fujitsu                                   e-mail: juergen.gross@ts.fujitsu.com
Mies-van-der-Rohe-Str. 8                Internet: ts.fujitsu.com
D-80807 Muenchen                 Company details: ts.fujitsu.com/imprint.html

next prev parent reply	other threads:[~2014-02-21  5:36 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-20  8:36 Single step in HVM domU on Intel machine may see wrong DB6 Juergen Gross
2014-02-21  1:26 ` Zhang, Yang Z
2014-02-21  5:36   ` Juergen Gross [this message]
2014-02-26  5:15     ` Zhang, Yang Z
2014-02-26 16:00       ` Jan Beulich
2014-02-27  1:31         ` Zhang, Yang Z
2014-02-27  8:09           ` Jan Beulich
2014-03-05  2:22             ` Zhang, Yang Z
2014-03-05  6:02               ` Juergen Gross
2014-03-05  8:05               ` Jan Beulich
2014-03-07  5:10                 ` Zhang, Yang Z
2014-03-07  9:12                   ` Jan Beulich
2014-03-11  2:10                     ` Zhang, Yang Z
2014-03-11  7:56                       ` Jan Beulich
2014-03-11  8:04                         ` Zhang, Yang Z
2014-03-11  2:40                     ` Zhang, Yang Z
2014-05-06  5:17                   ` Juergen Gross
2014-05-06  6:20                     ` Zhang, Yang Z
2014-03-04 15:06       ` Juergen Gross

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5306E5D3.6000302@ts.fujitsu.com \
    --to=juergen.gross@ts.fujitsu.com \
    --cc=JBeulich@suse.com \
    --cc=eddie.dong@intel.com \
    --cc=jun.nakajima@intel.com \
    --cc=xen-devel@lists.xenproject.org \
    --cc=yang.z.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).