From: Roman Bolshakov <1818937@bugs.launchpad.net>
To: qemu-devel@nongnu.org
Subject: [Qemu-devel] [Bug 1818937] Re: Crash with HV_ERROR on macOS host
Date: Tue, 30 Jul 2019 09:36:03 -0000 [thread overview]
Message-ID: <156447936384.17753.12319986519288026631.malone@gac.canonical.com> (raw)
In-Reply-To: 155192472106.28960.15645485731508389788.malonedeb@chaenomeles.canonical.com
It's not possible to allocate MSR bitmap in userspace because it
requires a physical address to be stored in the VMCS field. However, the
bitmap page is already allocated inside kernel part of
Hypervisor.framework. The 4k bitmap region is aligned to page boundary.
It's worth to continue inspection of the checks (26.2 CHECKS ON VMX
CONTROLS AND HOST-STATE AREA).
The reason why MSR Bitmap Address has weird value is because it's not
necessarily the value of the VMCS field (albeit VMCS_CTRL_MSR_BITMAPS is
defined in hv_arch_vmx.h). HVF uses an internal lookup table that has a
limited set of VMCS fields exposed by Apple. The list is documented at
the reference page:
https://developer.apple.com/documentation/hypervisor/1469436-virtual_machine_control_structur
It's likely that 0x3f is a field from the VMCS lookup table. Given the
signature of hv_vmx_vcpu_read_vmcs, I would expect an error (e.g.
HV_BAD_ARGUMENT) to be returned instead of the silent failure. I have
submitted FB6858948 to Apple to correct the behaviour.
So, Apple doesn't provide an explicit access to MSR Bitmap Address field
but allows to control the bitmap via hv_vcpu_enable_native_msr.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1818937
Title:
Crash with HV_ERROR on macOS host
Status in QEMU:
New
Bug description:
On macOS host running Windows 10 guest, qemu crashed with error
message: Error: HV_ERROR.
Host: macOS Mojave 10.14.3 (18D109) Late 2014 Mac mini presumably Core i5 4278U.
QEMU: git commit a3e3b0a7bd5de211a62cdf2d6c12b96d3c403560
QEMU parameter: qemu-system-x86_64 -m 3000 -drive file=disk.img,if=virtio,discard=unmap -accel hvf -soundhw hda -smp 3
thread list
Process 56054 stopped
thread #1: tid = 0x2ffec8, 0x00007fff48d0805a vImage`vLookupTable_Planar16 + 970, queue = 'com.apple.main-thread'
thread #2: tid = 0x2ffecc, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10
thread #3: tid = 0x2ffecd, 0x00007fff79d715aa libsystem_kernel.dylib`__select + 10
thread #4: tid = 0x2ffece, 0x00007fff79d71d9a libsystem_kernel.dylib`__sigwait + 10
* thread #6: tid = 0x2ffed0, 0x00007fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10, stop reason = signal SIGABRT
thread #7: tid = 0x2ffed1, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10
thread #8: tid = 0x2ffed2, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10
thread #11: tid = 0x2fff34, 0x00007fff79d6a17a libsystem_kernel.dylib`mach_msg_trap + 10, name = 'com.apple.NSEventThread'
thread #30: tid = 0x300c04, 0x00007fff79e233f8 libsystem_pthread.dylib`start_wqthread
thread #31: tid = 0x300c16, 0x00007fff79e233f8 libsystem_pthread.dylib`start_wqthread
thread #32: tid = 0x300c17, 0x0000000000000000
thread #33: tid = 0x300c93, 0x00007fff79d6d7de libsystem_kernel.dylib`__psynch_cvwait + 10
Crashed thread:
* thread #6, stop reason = signal SIGABRT
* frame #0: 0x00007fff79d7023e libsystem_kernel.dylib`__pthread_kill + 10
frame #1: 0x00007fff79e26c1c libsystem_pthread.dylib`pthread_kill + 285
frame #2: 0x00007fff79cd91c9 libsystem_c.dylib`abort + 127
frame #3: 0x000000010baa476d qemu-system-x86_64`assert_hvf_ok(ret=<unavailable>) at hvf.c:106 [opt]
frame #4: 0x000000010baa4c8f qemu-system-x86_64`hvf_vcpu_exec(cpu=0x00007f8e5283de00) at hvf.c:681 [opt]
frame #5: 0x000000010b988423 qemu-system-x86_64`qemu_hvf_cpu_thread_fn(arg=0x00007f8e5283de00) at cpus.c:1636 [opt]
frame #6: 0x000000010bd9dfce qemu-system-x86_64`qemu_thread_start(args=<unavailable>) at qemu-thread-posix.c:502 [opt]
frame #7: 0x00007fff79e24305 libsystem_pthread.dylib`_pthread_body + 126
frame #8: 0x00007fff79e2726f libsystem_pthread.dylib`_pthread_start + 70
frame #9: 0x00007fff79e23415 libsystem_pthread.dylib`thread_start + 13
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1818937/+subscriptions
next prev parent reply other threads:[~2019-07-30 9:51 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-07 2:12 [Qemu-devel] [Bug 1818937] [NEW] Crash with HV_ERROR on macOS host Chen Zhang
2019-04-29 17:38 ` [Qemu-devel] [Bug 1818937] " Ben Wibking
2019-04-29 17:38 ` Ben Wibking
2019-04-29 17:40 ` Ben Wibking
2019-04-29 17:40 ` Ben Wibking
2019-07-19 18:30 ` Roman Bolshakov
2019-07-21 22:25 ` Gergely Kis
2019-07-23 0:54 ` Roman Bolshakov
2019-07-23 1:03 ` Roman Bolshakov
2019-07-23 12:01 ` Gergely Kis
2019-07-28 0:02 ` Roman Bolshakov
2019-07-30 9:36 ` Roman Bolshakov [this message]
2019-07-30 10:05 ` Roman Bolshakov
2019-12-30 16:41 ` Alex Fliker
2019-12-31 4:58 ` [Bug 1818937] " Cameron Esfahani via
2020-06-24 23:59 ` [Bug 1818937] " Roman Bolshakov
2020-06-25 0:03 ` Roman Bolshakov
2020-12-09 19:35 ` Brad Koehn
2020-12-09 21:16 ` Mathieu Boisvert
2020-12-15 6:25 ` Tianyun Zhang
2020-12-16 13:25 ` Tung Chieh Lee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=156447936384.17753.12319986519288026631.malone@gac.canonical.com \
--to=1818937@bugs.launchpad.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).