WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] Re: [Xen-users] svm.c:83:d917 Bad instruction length 0

To: "Russ Blaine" <russell.blaine@xxxxxxx>
Subject: Re: [Xen-devel] Re: [Xen-users] svm.c:83:d917 Bad instruction length 0
From: "Jan Beulich" <jbeulich@xxxxxxxxxx>
Date: Mon, 11 Aug 2008 08:10:16 +0100
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx, James Harper <james.harper@xxxxxxxxxxxxxxxx>, Trolle Selander <trolle.selander@xxxxxxxxx>, Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Delivery-date: Mon, 11 Aug 2008 00:09:57 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <489C9FEE.3010803@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
References: <C4C25B79.1C0C3%keir.fraser@xxxxxxxxxxxxx> <489C9FEE.3010803@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
We had reports on this (against 3.2.0) too, and this ought to be fixed in
3.2.2 (with c/s 16898, closely after 3.2.1 released) - the decoding of
instructions starting close to a page boundary was broken. Jan

>>> Russ Blaine <russell.blaine@xxxxxxx> 08.08.08 21:35 >>>
The original poster sees the issues on 3.2.1-2 / Debian Lenny. I'm talking with 
some folks at AMD to see if they can help investigate. In the meantime, I'll be 
trying to gather some more useful data about the crashing insn.

- Russ

Keir Fraser wrote:
> Realistically you're not likely to get much help with this type of issue on
> 3.1 branch since it is no longer being maintained. Reproducing it on tip of
> 3.2-testing would be more interesting since will be doing another release
> from that branch in the next few weeks. We'd also need more details on the
> repro scenario.
> 
>  -- Keir
> 
> On 8/8/08 20:14, "Russ Blaine" <russell.blaine@xxxxxxx> wrote:
> 
>> [moving this thread over to xen-devel]
>>
>> Debug keys output on the crashed domain is:
>>
>> (xVM) svm.c:77:d3 Bad instruction length 0
>> (xVM) domain_crash called from svm.c:78
>> (xVM) Domain 3 (vcpu#0) crashed on cpu#1:
>> (xVM) ----[ Xen-3.1.4-xvm  x86_64  debug=n  Not tainted ]----
>> (xVM) CPU:    1
>> (xVM) RIP:    001b:[<0000000072bcaffa>]
>> (xVM) RFLAGS: 0000000000000246   CONTEXT: hvm
>> (xVM) rax: 0000000000040f12   rbx: 0000000001010800   rcx: 0000000000002001
>> (xVM) rdx: 00000000078bfbff   rsi: 0000000072bcaf84   rdi: 0000000000000002
>> (xVM) rbp: 000000000075f1b0   rsp: 000000000075f190   r8:  0000000000000000
>> (xVM) r9:  0000000000000000   r10: 0000000000000000   r11: 0000000000000000
>> (xVM) r12: 0000000000000000   r13: 0000000000000000   r14: 0000000000000000
>> (xVM) r15: 0000000000000000   cr0: 000000008001003b   cr4: 00000000000006b9
>> (xVM) cr3: 000000007fab7280   cr2: 0000000072c353bc
>> (xVM) ds: 732f   es: ffff   fs: ffff   gs: bbff   ss: 0023   cs: 001b
>> (xVM) Guest stack trace from rbp=000000000075f1b0:
>> (xVM)  72c333d472bcac5f ????????????????
>> (xVM) Xen stack trace from rsp=0000000089b8cb48:
>> (xVM)    9090f460841b6124 000004a080000000 0000000084e2b1f8
>> (xVM)    0000000000000005 89b8cbbc00000001 00000000816a1632
>> (xVM)    72c353bc84ab51f0 000000006b12f225 c03961a800000000
>> (xVM)    0000000089b8cd64 841b613089b8cbc8 00000000845bf368
>> (xVM)    0000000000000000 800000006b12f225 89b8cc08841b3fe4
>> (xVM)    00000000816a250d 9090f46072c353bc 0000000084ab51f0
>> (xVM)    89b8cc6089b8cd64 c03961a884ab9a90 000000019090f460
>> (xVM)    0000000500000000 000007d06b12f8a4 9090f46000000800
>> (xVM)    8169f99f89b8ccd0 72c353bc00000000 84ab51f0c03961a8
>> (xVM)    9090f46000000000 89b8cc6089b8cd64 0000010000000000
>> (xVM)    00000110c03961a8 9090f46000000000 81713802c0484878
>> (xVM)    9090f4606b12f8a4 0000000089b8cd4c c03961a880354000
>> (xVM)    0000000000000000 8443ee008166e9be 89b8cd4c000000b2
>> (xVM)    badb0d00816c12c9 8f27d19000000000 8f27d17884ab9a90
>> (xVM)    000201e08f280418 0000000084ab9a90 8183873f00000000
>> (xVM)    89b8ccc80000020c 84ab523000000000 84e2d3186a7fd867
>> (xVM)    0000001889b8cce0 816c1fff89b8cd4c 9090f46072c353bc
>> (xVM)    84ab51f000000000 84e2d31889b8cd64 0000000072c353bc
>> (xVM)    89b8ccfc0075f23c 0000000000000110 84ab5020c03961a8
>> (xVM)    0000010084e2d318 000000209090f460 84ab9a9084ab5230
>> (xVM) Xen call trace:
>> (xVM)    [<00000000816a272d>] ???
>> (xVM)
>>
>>
>> Trolle Selander wrote:
>>> The easiest (*cough*) way is usually to put in some code before the
>>> domain_crash(curr->domain) that dumps the bytes around the eip, but of
>>> course that requires that you rebuild xen from source. One fairly
>>> painless thing that you could do to at least get a hint of what might be
>>> going on is to set on_crash = 'preserve' in the VM configuration file.
>>> That way, after it's crashed, you can do an "xm debug-key v" and get
>>> some information about the last vmexit, which will at least tell us what
>>> type of instruction it was that caused the vmexit.
>>>
>>> On Tue, Aug 5, 2008 at 1:39 AM, James Harper
>>> <james.harper@xxxxxxxxxxxxxxxx <mailto:james.harper@xxxxxxxxxxxxxxxx>>
>>> wrote:
>>>
>>>> In 3.2.2-rc2-pre, an instruction length of 0 doesn't cause a guest
>>>     crash,
>>>> but rather a retry of the instruction. This was introduced in cs
>>>     16898.
>>>> That said,  in 3.2 and older svm.c has a bunch of special case
>>>     emulation
>>>> code for system instructions, some of which is quite
>>>     incomplete/incorrect.
>>>> 3.3 will be much improved in this regard. In any case, a dump of the
>>>> instruction bytes surrounding the eip would be necessary to determine
>>>     what
>>>> the cause was in this particular case.
>>>>
>>>     How easy is it to get that information?
>>>
>>>     The annoying thing in this case is that it worked under 3.1.[12].
>>>
>>>     Thanks
>>>
>>>     James
>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Xen-users mailing list
>>> Xen-users@xxxxxxxxxxxxxxxxxxx 
>>> http://lists.xensource.com/xen-users 
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx 
> http://lists.xensource.com/xen-users 

-- 

-----------------------------------------------------
Russ Blaine | Solaris Kernel | russell.blaine@xxxxxxx 

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx 
http://lists.xensource.com/xen-devel

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel