From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tamas K Lengyel <tamas.k.lengyel@gmail.com>
Subject: Failed vm entry with heavy use of emulator
Date: Tue, 5 Jan 2016 12:49:33 +0100
Message-ID: <CABfawh=H7WeZE4+Qise16fOM511ikR5KwNizNksk8qwUnVr_NQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8987606239270703347=="
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta5.messagelabs.com ([195.245.231.135])
	by lists.xen.org with esmtp (Exim 4.72)
	(envelope-from <tamas.k.lengyel@gmail.com>) id 1aGQ7M-0006J0-Ad
	for xen-devel@lists.xenproject.org; Tue, 05 Jan 2016 11:49:36 +0000
Received: by mail-yk0-f179.google.com with SMTP id x67so278243260ykd.2
	for <xen-devel@lists.xenproject.org>;
	Tue, 05 Jan 2016 03:49:34 -0800 (PST)
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Xen-devel <xen-devel@lists.xenproject.org>, Razvan Cojocaru <rcojocaru@bitdefender.com>
List-Id: xen-devel@lists.xenproject.org

--===============8987606239270703347==
Content-Type: multipart/alternative; boundary=001a114e406ac9ca25052894d428

--001a114e406ac9ca25052894d428
Content-Type: text/plain; charset=UTF-8

Hi all,
I've been stress-testing the built-in emulator using the vm_event response
VM_EVENT_FLAG_EMULATE feature. In the test I've turned all pages
non-readable by default and all trapped instructions to be emulated. My
test code can be found at
https://github.com/tklengyel/xen/compare/read_emul?expand=1.

The following crash is reproducible and has been verified by Razvan as well.

(XEN) p2m.c:1726:d1v0 calling mem_access_emulate_one, kind 0
(XEN) Failed vm entry (exit reason 0x80000021) caused by invalid guest
state (0).
(XEN) ************* VMCS Area **************
(XEN) *** Guest State ***
(XEN) CR0: actual=0x000000008001003b, shadow=0x000000008001003b,
gh_mask=ffffffffffffffff
(XEN) CR4: actual=0x00000000000426f9, shadow=0x00000000000406f9,
gh_mask=ffffffffffffffff
(XEN) CR3 = 0x0000000000185000
(XEN) PDPTE0 = 0x0000000000186001  PDPTE1 = 0x0000000000187001
(XEN) PDPTE2 = 0x0000000000188001  PDPTE3 = 0x0000000000189001
(XEN) RSP = 0x000000008276dc28 (0x000000008276dc28)  RIP =
0x00000000826bce1c (0x00000000826bce1c)
(XEN) RFLAGS=0x00000002 (0x00000002)  DR7 = 0x0000000000000400
(XEN) Sysenter RSP=000000008078b000 CS:RIP=0008:00000000826830c0
(XEN)        sel  attr  limit   base
(XEN)   CS: 0008 0c09b ffffffff 0000000000000000
(XEN)   DS: 0023 0c0f3 ffffffff 0000000000000000
(XEN)   SS: 0010 0c093 ffffffff 0000000000000000
(XEN)   ES: 0023 0c0f3 ffffffff 0000000000000000
(XEN)   FS: 0030 04093 00003748 0000000082770c00
(XEN)   GS: 0000 1c000 ffffffff 0000000000000000
(XEN) GDTR:            000003ff 0000000080b95000
(XEN) LDTR: 0000 1c000 ffffffff 0000000000000000
(XEN) IDTR:            000007ff 0000000080b95400
(XEN)   TR: 0028 0008b 000020ab 00000000801da000
(XEN) EFER = 0x0000000000000000  PAT = 0x0007010600070106
(XEN) PreemptionTimer = 0x00000000  SM Base = 0x00000000
(XEN) DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
(XEN) Interruptibility = 00000000  ActivityState = 00000000
(XEN) *** Host State ***
(XEN) RIP = 0xffff82d0802075c0 (vmx_asm_vmexit_handler)  RSP =
0xffff830430d97f90
(XEN) CS=e008 SS=0000 DS=0000 ES=0000 FS=0000 GS=0000 TR=e040
(XEN) FSBase=0000000000000000 GSBase=0000000000000000
TRBase=ffff830430d9bc00
(XEN) GDTBase=ffff830430d8c000 IDTBase=ffff830430d98000
(XEN) CR0=000000008005003b CR3=00000004136d0000 CR4=00000000000426e0
(XEN) Sysenter RSP=ffff830430d97fc0 CS:RIP=e008:ffff82d08024db30
(XEN) EFER = 0x0000000000000000  PAT = 0x0000050100070406
(XEN) *** Control State ***
(XEN) PinBased=0000003f CPUBased=b6a075fa SecondaryExec=000000eb
(XEN) EntryControls=000051ff ExitControls=000fefff
(XEN) ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000
(XEN) VMEntry: intr_info=800000d1 errcode=00000000 ilen=00000000
(XEN) VMExit: intr_info=00000000 errcode=00000000 ilen=00000003
(XEN)         reason=80000021 qualification=0000000000000000
(XEN) IDTVectoring: info=800000d1 errcode=00000000
(XEN) TSC Offset = 0x0000004ed9c86354
(XEN) TPR Threshold = 0x00  PostedIntrVec = 0x00
(XEN) EPT pointer = 0x000000041124e01e  EPTP index = 0x0000
(XEN) Virtual processor ID = 0x0011 VMfunc controls = 0000000000000000
(XEN) **************************************
(XEN) domain_crash called from vmx.c:2761

Any tips on how to further debug this issue?

Thanks,
Tamas

--001a114e406ac9ca25052894d428
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi all,<br>I&#39;ve been stress-testing the built-in emula=
tor using the vm_event response VM_EVENT_FLAG_EMULATE feature. In the test =
I&#39;ve turned all pages non-readable by default and all trapped instructi=
ons to be emulated. My test code can be found at <a href=3D"https://github.=
com/tklengyel/xen/compare/read_emul?expand=3D1">https://github.com/tklengye=
l/xen/compare/read_emul?expand=3D1</a>.<br><br>The following crash is repro=
ducible and has been verified by Razvan as well.<br><br>(XEN) p2m.c:1726:d1=
v0 calling mem_access_emulate_one, kind 0<br>(XEN) Failed vm entry (exit re=
ason 0x80000021) caused by invalid guest state (0).<br>(XEN) ************* =
VMCS Area **************<br>(XEN) *** Guest State ***<br>(XEN) CR0: actual=
=3D0x000000008001003b, shadow=3D0x000000008001003b, gh_mask=3Dfffffffffffff=
fff<br>(XEN) CR4: actual=3D0x00000000000426f9, shadow=3D0x00000000000406f9,=
 gh_mask=3Dffffffffffffffff<br>(XEN) CR3 =3D 0x0000000000185000<br>(XEN) PD=
PTE0 =3D 0x0000000000186001=C2=A0 PDPTE1 =3D 0x0000000000187001<br>(XEN) PD=
PTE2 =3D 0x0000000000188001=C2=A0 PDPTE3 =3D 0x0000000000189001<br>(XEN) RS=
P =3D 0x000000008276dc28 (0x000000008276dc28)=C2=A0 RIP =3D 0x00000000826bc=
e1c (0x00000000826bce1c)<br>(XEN) RFLAGS=3D0x00000002 (0x00000002)=C2=A0 DR=
7 =3D 0x0000000000000400<br>(XEN) Sysenter RSP=3D000000008078b000 CS:RIP=3D=
0008:00000000826830c0<br>(XEN)=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 se=
l=C2=A0 attr=C2=A0 limit=C2=A0=C2=A0 base<br>(XEN)=C2=A0=C2=A0 CS: 0008 0c0=
9b ffffffff 0000000000000000<br>(XEN)=C2=A0=C2=A0 DS: 0023 0c0f3 ffffffff 0=
000000000000000<br>(XEN)=C2=A0=C2=A0 SS: 0010 0c093 ffffffff 00000000000000=
00<br>(XEN)=C2=A0=C2=A0 ES: 0023 0c0f3 ffffffff 0000000000000000<br>(XEN)=
=C2=A0=C2=A0 FS: 0030 04093 00003748 0000000082770c00<br>(XEN)=C2=A0=C2=A0 =
GS: 0000 1c000 ffffffff 0000000000000000<br>(XEN) GDTR:=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 000003ff 0000000080b95000<=
br>(XEN) LDTR: 0000 1c000 ffffffff 0000000000000000<br>(XEN) IDTR:=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 000007ff 00000000=
80b95400<br>(XEN)=C2=A0=C2=A0 TR: 0028 0008b 000020ab 00000000801da000<br>(=
XEN) EFER =3D 0x0000000000000000=C2=A0 PAT =3D 0x0007010600070106<br>(XEN) =
PreemptionTimer =3D 0x00000000=C2=A0 SM Base =3D 0x00000000<br>(XEN) DebugC=
tl =3D 0x0000000000000000=C2=A0 DebugExceptions =3D 0x0000000000000000<br>(=
XEN) Interruptibility =3D 00000000=C2=A0 ActivityState =3D 00000000<br>(XEN=
) *** Host State ***<br>(XEN) RIP =3D 0xffff82d0802075c0 (vmx_asm_vmexit_ha=
ndler)=C2=A0 RSP =3D 0xffff830430d97f90<br>(XEN) CS=3De008 SS=3D0000 DS=3D0=
000 ES=3D0000 FS=3D0000 GS=3D0000 TR=3De040<br>(XEN) FSBase=3D0000000000000=
000 GSBase=3D0000000000000000 TRBase=3Dffff830430d9bc00<br>(XEN) GDTBase=3D=
ffff830430d8c000 IDTBase=3Dffff830430d98000<br>(XEN) CR0=3D000000008005003b=
 CR3=3D00000004136d0000 CR4=3D00000000000426e0<br>(XEN) Sysenter RSP=3Dffff=
830430d97fc0 CS:RIP=3De008:ffff82d08024db30<br>(XEN) EFER =3D 0x00000000000=
00000=C2=A0 PAT =3D 0x0000050100070406<br>(XEN) *** Control State ***<br>(X=
EN) PinBased=3D0000003f CPUBased=3Db6a075fa SecondaryExec=3D000000eb<br>(XE=
N) EntryControls=3D000051ff ExitControls=3D000fefff<br>(XEN) ExceptionBitma=
p=3D00060042 PFECmask=3D00000000 PFECmatch=3D00000000<br>(XEN) VMEntry: int=
r_info=3D800000d1 errcode=3D00000000 ilen=3D00000000<br>(XEN) VMExit: intr_=
info=3D00000000 errcode=3D00000000 ilen=3D00000003<br>(XEN)=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 reason=3D80000021 qualification=3D0000000=
000000000<br>(XEN) IDTVectoring: info=3D800000d1 errcode=3D00000000<br>(XEN=
) TSC Offset =3D 0x0000004ed9c86354<br>(XEN) TPR Threshold =3D 0x00=C2=A0 P=
ostedIntrVec =3D 0x00<br>(XEN) EPT pointer =3D 0x000000041124e01e=C2=A0 EPT=
P index =3D 0x0000<br>(XEN) Virtual processor ID =3D 0x0011 VMfunc controls=
 =3D 0000000000000000<br>(XEN) **************************************<br>(X=
EN) domain_crash called from vmx.c:2761<br><br>Any tips on how to further d=
ebug this issue?<br><br>Thanks,<br>Tamas<br></div>

--001a114e406ac9ca25052894d428--


--===============8987606239270703347==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============8987606239270703347==--