From mboxrd@z Thu Jan  1 00:00:00 1970
From: Razvan Cojocaru <rcojocaru@bitdefender.com>
Subject: Re: Failed vm entry with heavy use of emulator
Date: Tue, 5 Jan 2016 16:37:12 +0200
Message-ID: <568BD518.8080000@bitdefender.com>
References: <CABfawh=H7WeZE4+Qise16fOM511ikR5KwNizNksk8qwUnVr_NQ@mail.gmail.com>
	<568BAF7E.802@citrix.com> <568BC7A2.3020901@bitdefender.com>
	<568BC9D8.8030709@citrix.com> <568BCCD5.1060203@bitdefender.com>
	<CABfawhkFKMu_mcYF9b8=pQ_eSa9WWFraVQoive81oxkYTBigWg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CABfawhkFKMu_mcYF9b8=pQ_eSa9WWFraVQoive81oxkYTBigWg@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Tamas K Lengyel <tamas.k.lengyel@gmail.com>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>, Xen-devel <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 01/05/2016 04:16 PM, Tamas K Lengyel wrote:
> 
> 
> On Tue, Jan 5, 2016 at 3:01 PM, Razvan Cojocaru
> <rcojocaru@bitdefender.com <mailto:rcojocaru@bitdefender.com>> wrote:
> 
>     On 01/05/2016 03:49 PM, Andrew Cooper wrote:
>     > On 05/01/16 13:39, Razvan Cojocaru wrote:
>     >> Here's a quick log of the emulated instructions on my setup:
>     >> http://pastebin.com/raw/XXQ0Lnzh
>     >
>     > Hmm - according to that, the final instruction emulated was
>     >
>     > d1v0 32bit @ 0008:828925db -> fa
>     >
>     > which is the 'cli' instruction.
>     >
>     > I would start there - I doubt it is an instruction which is emulated often.
> 
>     My code (arch/x86/x86_emulate/x86_emulate.c) does have a case label
>     for it:
> 
>     3677     case 0xfa: /* cli */
>     3678         generate_exception_if(!mode_iopl(), EXC_GP, 0);
>     3679         _regs.eflags &= ~EFLG_IF;
>     3680         break;
> 
>     Maybe the IOPL test fails there? Tamas, does your guest die after a CLI
>     as well?
> 
> 
> I've added a gdprintk(XENLOG_DEBUG, "emulate 0xfa cli\n"); into that
> switch case but it wasn't printed before the guest crashed.

It's possible that your guest crashes after emulating a different
instruction. I've added a line to xen/arch/x86/hvm/emulate.c, in
hvm_mem_access_emulate_one():

1790     switch ( kind )
1791     {
1792     case EMUL_KIND_NOWRITE:
1793         rc = hvm_emulate_one_no_write(&ctx);
1794         break;
1795     case EMUL_KIND_SET_CONTEXT:
1796         ctx.set_context = 1;
1797         /* Intentional fall-through. */
1798     default:
1799         rc = hvm_emulate_one(&ctx);
1800         hvm_dump_emulation_state(XENLOG_G_DEBUG, &ctx);
1801     }

so I can then see which instruction was the last before the stack trace
with xl dmesg (or looking at the log file, etc.)

It's possible the problem is not specific to CLI, or maybe it's even
something that happens prior to emulating the last instruction that
leads to a corruption in the guest's state later on.


Cheers,
Razvan