From mboxrd@z Thu Jan  1 00:00:00 1970
From: Razvan Cojocaru <rcojocaru@bitdefender.com>
Subject: Re: Failed vm entry with heavy use of emulator
Date: Tue, 5 Jan 2016 15:39:46 +0200
Message-ID: <568BC7A2.3020901@bitdefender.com>
References: <CABfawh=H7WeZE4+Qise16fOM511ikR5KwNizNksk8qwUnVr_NQ@mail.gmail.com>
	<568BAF7E.802@citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta14.messagelabs.com ([193.109.254.103])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <rcojocaru@bitdefender.com>) id 1aGRos-0003wb-2V
	for xen-devel@lists.xenproject.org; Tue, 05 Jan 2016 13:38:38 +0000
Received: from smtp02.buh.bitdefender.net (unknown [10.17.80.76])
	by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 989D2800CC
	for <xen-devel@lists.xenproject.org>;
	Tue,  5 Jan 2016 15:38:31 +0200 (EET)
In-Reply-To: <568BAF7E.802@citrix.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Andrew Cooper <andrew.cooper3@citrix.com>, Tamas K Lengyel <tamas.k.lengyel@gmail.com>, Xen-devel <xen-devel@lists.xenproject.org>
List-Id: xen-devel@lists.xenproject.org

On 01/05/2016 01:56 PM, Andrew Cooper wrote:
> On 05/01/16 11:49, Tamas K Lengyel wrote:
>> Hi all,
>> I've been stress-testing the built-in emulator using the vm_event
>> response VM_EVENT_FLAG_EMULATE feature. In the test I've turned all
>> pages non-readable by default and all trapped instructions to be
>> emulated. My test code can be found at
>> <https://github.com/tklengyel/xen/compare/read_emul?expand=1>https://github.com/tklengyel/xen/compare/read_emul?expand=1.
>>
>> The following crash is reproducible and has been verified by Razvan as
>> well.
>>
>> (XEN) p2m.c:1726:d1v0 calling mem_access_emulate_one, kind 0
>> (XEN) Failed vm entry (exit reason 0x80000021) caused by invalid guest
>> state (0).
>> (XEN) ************* VMCS Area **************
>> (XEN) *** Guest State ***
>> (XEN) CR0: actual=0x000000008001003b, shadow=0x000000008001003b,
>> gh_mask=ffffffffffffffff
>> (XEN) CR4: actual=0x00000000000426f9, shadow=0x00000000000406f9,
>> gh_mask=ffffffffffffffff
>> (XEN) CR3 = 0x0000000000185000
>> (XEN) PDPTE0 = 0x0000000000186001  PDPTE1 = 0x0000000000187001
>> (XEN) PDPTE2 = 0x0000000000188001  PDPTE3 = 0x0000000000189001
>> (XEN) RSP = 0x000000008276dc28 (0x000000008276dc28)  RIP =
>> 0x00000000826bce1c (0x00000000826bce1c)
>> (XEN) RFLAGS=0x00000002 (0x00000002)  DR7 = 0x0000000000000400
>> (XEN) Sysenter RSP=000000008078b000 CS:RIP=0008:00000000826830c0
>> (XEN)        sel  attr  limit   base
>> (XEN)   CS: 0008 0c09b ffffffff 0000000000000000
>> (XEN)   DS: 0023 0c0f3 ffffffff 0000000000000000
>> (XEN)   SS: 0010 0c093 ffffffff 0000000000000000
>> (XEN)   ES: 0023 0c0f3 ffffffff 0000000000000000
>> (XEN)   FS: 0030 04093 00003748 0000000082770c00
>> (XEN)   GS: 0000 1c000 ffffffff 0000000000000000
>> (XEN) GDTR:            000003ff 0000000080b95000
>> (XEN) LDTR: 0000 1c000 ffffffff 0000000000000000
>> (XEN) IDTR:            000007ff 0000000080b95400
>> (XEN)   TR: 0028 0008b 000020ab 00000000801da000
>> (XEN) EFER = 0x0000000000000000  PAT = 0x0007010600070106
>> (XEN) PreemptionTimer = 0x00000000  SM Base = 0x00000000
>> (XEN) DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
>> (XEN) Interruptibility = 00000000  ActivityState = 00000000
>> (XEN) *** Host State ***
>> (XEN) RIP = 0xffff82d0802075c0 (vmx_asm_vmexit_handler)  RSP =
>> 0xffff830430d97f90
>> (XEN) CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 GS=0000 TR=e040
>> (XEN) FSBase=0000000000000000 GSBase=0000000000000000
>> TRBase=ffff830430d9bc00
>> (XEN) GDTBase=ffff830430d8c000 IDTBase=ffff830430d98000
>> (XEN) CR0=000000008005003b CR3=00000004136d0000 CR4=00000000000426e0
>> (XEN) Sysenter RSP=ffff830430d97fc0 CS:RIP=e008:ffff82d08024db30
>> (XEN) EFER = 0x0000000000000000  PAT = 0x0000050100070406
>> (XEN) *** Control State ***
>> (XEN) PinBased=0000003f CPUBased=b6a075fa SecondaryExec=000000eb
>> (XEN) EntryControls=000051ff ExitControls=000fefff
>> (XEN) ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
>> (XEN) VMEntry: intr_info=800000d1 errcode=00000000 ilen=00000000
>> (XEN) VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
>> (XEN)         reason=80000021 qualification=0000000000000000
>> (XEN) IDTVectoring: info=800000d1 errcode=00000000
>> (XEN) TSC Offset = 0x0000004ed9c86354
>> (XEN) TPR Threshold = 0x00  PostedIntrVec = 0x00
>> (XEN) EPT pointer = 0x000000041124e01e  EPTP index = 0x0000
>> (XEN) Virtual processor ID = 0x0011 VMfunc controls = 0000000000000000
>> (XEN) **************************************
>> (XEN) domain_crash called from vmx.c:2761
>>
>> Any tips on how to further debug this issue?
> 
> Do you have a log of the instructions emulated?

Here's a quick log of the emulated instructions on my setup:
http://pastebin.com/raw/XXQ0Lnzh

Hope this helps.


Thanks,
Razvan