WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

Re: [Xen-devel] fxsave, fnsave, ltr hang for guest OS.

To: <alarson@xxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] fxsave, fnsave, ltr hang for guest OS.
From: Keir Fraser <keir@xxxxxxx>
Date: Fri, 12 Nov 2010 22:34:05 +0000
Cc:
Delivery-date: Fri, 12 Nov 2010 14:34:46 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:user-agent:date :subject:from:to:message-id:thread-topic:thread-index:in-reply-to :mime-version:content-type:content-transfer-encoding; bh=ksS8XKix82rywhjPEEHkiEpMuwX4QYh8dOG0n9vRcbY=; b=ZGQL1GAIgOYHIoviSao4gsncYQmw3GuZ02THbi2M08KGMvDe5BqApPSjP9BbyGQ96Q dy+YHeM5w3gdxQB+j3AmkIyHM+LYzblA4OXMyxoKa59ueY/EA6L3jUyB0C6O69F/QxPk xdJk4U0/1V0mWkLq3ZNT/NjQUhMPnjtKBGYX8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=mhItQW8mgo2nd5Zj87Bk2uIDF/WfArRqPfBzN9NmzHPyVjQ86dbXtjpNkquU4fwRdW TnOHr6cP07gL4YSjkob5JrnZkUklj1KWNckuumKcMDEOFEcKLL1Qr5X+pp5M2wgBJKpr tBG5nPE3hIHfZ1rE6172yhhmRZ8XDl7xqNOAk=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <OF54A4A032.FC63EB2C-ON862577D9.00734170-862577D9.0075DAB0@xxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcuCubZYJM5PWPMbJEGM1eamoCS+cg==
Thread-topic: [Xen-devel] fxsave, fnsave, ltr hang for guest OS.
User-agent: Microsoft-Entourage/12.27.0.100910
On 12/11/2010 21:27, "alarson@xxxxxxxx" <alarson@xxxxxxxx> wrote:

> You advice was most helpful once again.  However, I'm now even more
> confused than I was before.  I downloaded the OpenSuse source RPM for
> xen (xen-4.0.0_21091_06-0.1.1.src.rpm) and added printk debugging
> statements as suggested.  The following are the outputs I eventually
> found most useful.  All expressions denote existing source code
> variables:
> 
> (XEN) sh_page_fault va=303b90, regs->error_code=3
> (XEN) x86_emulate: b=dd, modrm=31, modrm_reg=6

So you took a vmexit on a page fault while trying to execute fnsave. The
shadow fault handler then tries to emulate the faulting instruction (fnsave)
presumably because it thinks the instruction is attempting to write to a
page that is read-only in the shadow page tables (generally that would be
because Xen thinks the instruction is trying to write to a page-table page).

> (XEN) sh_page_fault called x86_emulate va=303b90,result=1

Emulation failed, because the emulator does not support fnsave. The shadow
fault handler will take this as a hint that the instrction is not writing to
a page table page, and hence flushes some shadow page table state which is
possibly out of date. This makes the previously read-lonely page writable,
and we expect that on return to guest context the CPU will execute the
previously-faulting instruction without problem.

Since you end up in a loop not progressing past the fnsave instruction, it
seems quite likely that you have a bug and are writing to a pagetable page.
In fact a pagetable page that maps something that is needed to execute the
fnsave instruction. You need that page to both be writable (so that fnsave
can write its data) and read-only (because it is a pagetable page that maps
something that is used by the fnsave instruction) and so I'm guessing you
end up in an endless loop with that page flipping between being read-only
and read-write in the shadow page table.

Hope that makes sense. :-)

> I haven't looked at why load task register (ltr) and
> accesses to the APIC behave similarly.  Does Xen assume
> fnsave, ltr, etc. happen with paging turned off?

In general those instructions would not even vmexit. The CPU would just
execute them directly. The reason you are having problems when you turn
paging on is probably because of some guest bug where data structures
written yo by FNSAVE, LTR, etc are overlapping with your page tables.

 -- Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel